Access to this full-text is provided by Taylor & Francis.
Content available from Cogent Social Sciences
This content is subject to copyright. Terms and conditions apply.
LAW, CRIMINOLOGY & CRIMINAL JUSTICE | RESEARCH ARTICLE
COGENT SOCIAL SCIENCES
2025, VOL. 11, NO. 1, 2479654
Exploring the role of encryption and the dark web in cyber
terrorism: legal challenges and countermeasures in India
Hifajatali Sayyed and Sanu Rani Paul
Symbiosis Law School Hyderabad, Symbiosis International Deemed University Pune, Pune, India
ABSTRACT
The rapid growth of digital technologies has provided new opportunities for cyber
criminals, including terrorist organizations, to exploit encrypted communications and
the Dark Web for illicit activities. Cyber terrorism, characterized by the use of
cyber-attacks to cause fear, disrupt societies, or damage national security, has become
a significant threat in the modern world. Encryption technology ensures privacy and
security for legitimate users, but it is also increasingly used by terrorists to coordinate
attacks and evade detection. Simultaneously, the Dark Web offers anonymity, facilitating
illegal activities such as recruitment, fundraising, and the planning of cyber-attacks. This
research explores the intersection of encryption, the Dark Web, and cyber terrorism,
examining the Indian legal implications of these technologies in facilitating terrorist
activities. Using a doctrinal research methodology, this study analyzes existing Indian
legal frameworks such as the Unlawful Activities (Prevention) Act and the Information
Technology Act along with international conventions addressing encryption and the
Dark Web. It evaluates the challenges posed by these technologies to law enforcement
and the balance between national security and individual privacy rights. It evaluates
potential countermeasures, including international cooperation, advanced decryption
techniques, and policy reforms aimed at striking a balance between privacy and
national security. This study provides insights into the growing threat posed by cyber
terrorism in India and the urgent need for comprehensive legal and technological
responses.
1. Introduction
In the twenty-first century, as the world becomes more digitally interconnected, cyber terrorism has
emerged as one of the most insidious threats to global security. Unlike conventional forms of terrorism
that rely on physical violence, cyber terrorism leverages the power of technology to disrupt critical infra-
structure, steal sensitive information, and instigate fear through digital channels (Choraś et al., 2016). Two
key technological developments namely encryption and the dark web, have significantly contributed to
the rise of cyber terrorism, providing terrorists with tools to carry out attacks with greater anonymity and
sophistication. Encryption, a method of securing information to protect privacy and data integrity, has
been increasingly used by cyber terrorists to evade detection and hide their tracks (Li, 2009). Meanwhile,
the dark web, a concealed part of the internet not accessible through standard search engines, has
become a refuge for illegal activities, including the planning and execution of cyber-attacks (Kaur &
Randhawa, 2020). These technologies complicate the detection, prevention, and prosecution of cyber
terrorism, especially in rapidly digitizing countries like India, where encryption, vital for security, can
obstruct law enforcement’s access to key evidence in terrorism investigations. In India, where digital
adoption is growing, encryption protects privacy while also enabling illegal activities, blurring the line
between national security and individual rights. The dark web, on the other hand, provides cyber
© 2025 The Author(s). Published by Informa UK Limited, trading as Taylor & Francis Group
CONTACT Hifajatali Sayyed hifajatali@slsh.edu.in Symbiosis Law School Hyderabad, Symbiosis International Deemed University Pune,
Pune, Maharashtra, India
https://doi.org/10.1080/23311886.2025.2479654
This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/), which
permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. The terms on which this article has been
published allow the posting of the Accepted Manuscript in a repository by the author(s) or with their consent.
ARTICLE HISTORY
Received 25 November 2024
Revised 17 February 2025
Accepted 10 March 2025
KEYWORDS
Encryption; dark web;
cyber terrorism; legal
implications;
countermeasures
SUBJECTS
Criminal Law & Practice;
Data Protection;
Computer Science
(General); Information &
Communication
Technology (ICT); Legal,
Ethical & Social Aspects
of IT; Computing & IT
Security
2 H. SAYYED AND S. R. PAUL
terrorists with an anonymous platform to operate, trade illicit goods, and organize attacks without fear
of detection (Liggett et al., 2019). Its decentralized nature and the use of encrypted communications
make it particularly difficult for authorities to track criminal activity, creating a significant gap in law
enforcement’s ability to enforce the law. In this context, India faces unique legal challenges as it tries to
navigate the intersection of cyber security, privacy rights, and counterterrorism efforts.
As India moves towards becoming a digital economy, its growing vulnerability to cyber-attacks, includ-
ing those originating from within and outside its borders, necessitates a strong legal framework to
address emerging cyber threats (Maiti et al., 2019). The Indian government has taken various steps to
strengthen its cyber security apparatus, such as the enactment of the Information Technology Act, 2000
(IT Act), and the development of the National Cyber Security Policy. However, these measures often fall
short when addressing the specific challenges posed by encryption and the dark web, which enable
cyber terrorists to operate with near-total anonymity. One of the major legal dilemmas that arise from
encryption is the balance between protecting individual privacy and safeguarding national security
(Miller & Bossomaier, 2021). India’s Supreme Court, in its landmark K.S. Puttaswamy v. Union of India
ruling, recognized the right to privacy as a fundamental right under the Indian Constitution. This deci-
sion has had profound implications on the country’s approach to data protection and surveillance. The
introduction of technologies such as end-to-end encryption, which ensures that only the intended recip-
ient can decrypt and read messages, complicates efforts to monitor communications that may be linked
to cyber terrorism (Macnish, 2021). Encryption is crucial for privacy and security but complicates law
enforcement efforts to intercept terrorist communications, raising ethical concerns about balancing
national security with individual privacy in counterterrorism efforts.
The dark web poses a significant challenge to India’s legal system, serving as a hub for illicit activities
like trading stolen data, weapons, drugs, and planning cyber-attacks. Terrorist groups can easily establish
anonymous communication channels on the dark web, allowing them to coordinate attacks without
being detected (Ródenas et al., 2023). The anonymous nature of the dark web, combined with the use
of encryption, makes it an almost impenetrable space for investigators. Unlike the surface web, which is
indexed by traditional search engines, the dark web is not easily accessible and requires specialized tools
and knowledge to navigate. Combating cyber terrorism on the dark web in India demands specialized
training, resources, international cooperation, and a multifaceted approach, as the Information Technology
Act, 2000 lacks a comprehensive mechanism to address the complexities of encryption and the dark
web. In response, there is an increasing call for reforms in Indian cyber laws, including provisions that
would enable greater cooperation with international law enforcement agencies, the creation of special-
ized cybercrime units, and the development of legal instruments that balance privacy concerns with
national security imperatives (Dar & Wani, 2023). At the same time, there is a pressing need to develop
technological solutions that can assist law enforcement in combating cyber terrorism, such as advanced
encryption-breaking tools, real-time monitoring systems, and better intelligence-sharing platforms. While
encryption and the dark web offer vital privacy protections and freedom for legitimate users, they also
create significant barriers to detecting and preventing cyber terrorism. As India becomes an increasingly
digital nation, its legal and law enforcement agencies must evolve to tackle the emerging threat of cyber
terrorism. This includes not only strengthening legal frameworks and countermeasures but also fostering
international collaboration to address the transnational nature of cybercrime. Only through a balanced,
comprehensive, and technologically advanced approach can India hope to mitigate the dangers posed
by cyber terrorism and protect its citizens from this growing menace.
2. Methodology
This research adopts a doctrinal research methodology. Doctrinal research is primarily concerned with
analyzing existing legal principles, statutes, case law, and legal frameworks to interpret, understand, and
critique the current legal landscape surrounding a particular issue. In this study, doctrinal research
focuses on analyzing the Indian legal implications of encryption and the Dark Web in facilitating cyber
terrorism, specifically within the context of cyber security, privacy, and national security laws. The research
process begins with a comprehensive review of relevant legal documents, such as Indian Information
Technology Act, judicial decisions, and government policies pertaining to encryption, the Dark Web, and
COGENT SOCIAL SCIENCES 3
cyber terrorism. Legal texts, academic articles, and government reports from the primary sources of data,
supplemented by examples of legal challenges related to encryption and online anonymity. By reviewing
legal texts and judicial interpretations, the research can provide a comprehensive understanding of the
legal framework surrounding cyber terrorism in India and suggest effective countermeasures while bal-
ancing national security with individual freedoms. By examining a few key cases, this approach helps
clarify the application of law, providing a theoretical foundation to understand how legal norms evolve
and are applied in practice.
3. The role of encryption in cyber terrorism
Encryption, a crucial component of modern cyber security, has become an essential tool in protecting
the confidentiality and integrity of digital communications (Martin, 2022). Encryption is a process of con-
verting plain text or data into a coded format using an algorithm and an encryption key, making it
unreadable to unauthorized users. This is typically achieved through symmetric encryption i.e. where the
same key is used for encryption and decryption or asymmetric encryption i.e. which uses a pair of public
and private keys. The encrypted data, known as ciphertext, can only be decrypted back into its original
form by someone with the correct decryption key. Encryption ensures confidentiality, integrity, and secu-
rity of data during storage or transmission. Encryption transforms ‘plaintext’ into ‘ciphertext’ using cryp-
tographic algorithms, which are mathematical models. To revert the data to plaintext, a decryption
key—often a string of numbers or a password—generated by the same algorithm is required. Secure
encryption methods use an immense number of cryptographic keys, making it nearly impossible for
unauthorized individuals to guess or compute the correct key through trial and error. While encryption
serves to protect sensitive data from unauthorized access, it has been exploited by cyber terrorists to
shield their activities from detection, complicating counterterrorism efforts. This dual-use nature of
encryption presents unique challenges for law enforcement and national security agencies worldwide, as
they attempt to balance the need for privacy with the imperative to thwart terrorism. At its core, encryp-
tion involves encoding information in such a way that only authorized parties, possessing the decryption
key, can access the original data (Francati et al., 2024). This process is used in various aspects of digital
life, including secure messaging apps, online banking, e-commerce, and communication between busi-
nesses and governments. However, its utility in protecting privacy also means that it can be leveraged
by malicious actors to evade detection. In the case of cyber terrorism, encryption allows terrorist orga-
nizations to communicate covertly, organize operations, and plan attacks without fear of interception.
Encrypted communication channels, such as encrypted emails, instant messaging, and Voice over Internet
Protocol (VoIP) services, provide these groups with a high degree of operational security.
One of the most significant challenges posed by encryption in the context of cyber terrorism is the
difficulty it creates for intelligence agencies. Terrorist groups frequently rely on encryption to obscure
their online presence, preventing authorities from identifying key players or monitoring their activities
(Liang, 2022). This is particularly problematic when terrorist organizations use end-to-end encrypted plat-
forms, which ensure that only the sender and receiver have access to the message content, leaving law
enforcement with few options for monitoring such communications. For example, encrypted messaging
services like WhatsApp, Signal, and Telegram have been utilized by various terrorist factions to facilitate
planning, recruitment, and fundraising activities without leaving traceable data for law enforcement to
analyze. The widespread use of these platforms highlights how encryption is integral to the operational
success of cyber terrorism. Encryption also plays a vital role in the execution of cyber-attacks, including
attacks on critical infrastructure, financial systems, and government databases. Cyber terrorists may use
encryption to conceal malicious software, such as ransomware, that targets key infrastructure. This kind
of attack can be used to disrupt operations, extort ransom payments, or even cause long-term damage
to a nation’s economy or security apparatus. In some cases, encrypted malware is designed to ensure
that the malicious code cannot be easily detected or reversed, complicating efforts to recover from the
attack. Additionally, cyber terrorists may exploit encryption to hide their true identities and geographical
location, making attribution of cyber-attacks more difficult and enabling them to operate from virtually
anywhere in the world (Yaacoub etal., 2022).
4 H. SAYYED AND S. R. PAUL
Another aspect of the encryption-cyber terrorism nexus is its role in the recruitment and radicaliza-
tion of individuals (Moncrieff & Lienard, 2024). Online platforms that offer encrypted communications
provide a means for terrorist recruiters to engage with vulnerable individuals without fear of intercep-
tion. Encryption ensures that the process of radicalization, often facilitated through online forums,
videos, and social media accounts, remains shielded from government scrutiny. These encrypted plat-
forms can also facilitate the dissemination of propaganda, thereby amplifying the reach of extremist
ideologies. In this context, encryption does not just protect the terrorist organization’s operational
security but actively aids in expanding its influence and recruiting new members. The rise of encryp-
tion has led to ongoing debates over how to balance the right to privacy with the need for national
security. Governments, particularly in Western democracies, have faced increasing pressure to mandate
backdoors into encrypted communications, which would allow law enforcement agencies to decrypt
data when necessary (Vidal & Moreno, 2018). However, such proposals have sparked significant oppo-
sition from privacy advocates, who argue that weakening encryption or creating backdoors could cre-
ate vulnerabilities that are ultimately exploited by malicious actors, including cyber terrorists. Law
enforcement and intelligence agencies continue to seek a middle ground that allows them to access
critical information while safeguarding the security of digital systems. Some experts argue for the
development of more sophisticated decryption tools or enhanced international cooperation, rather
than dismantling encryption altogether. Encryption serves as both a protector of privacy and a facili-
tator of cyber terrorism. While it provides legitimate security benefits for individuals and organizations,
it also enables terrorists to operate under the radar, complicating counterterrorism efforts. As technol-
ogy evolves, so too does the challenge of ensuring that encryption is used responsibly while still
allowing governments to effectively combat cyber terrorism. Striking the right balance between pri-
vacy and security will continue to be a defining issue in the fight against cyber terrorism in the dig-
ital age.
4. The role of the dark web in facilitating cyber terrorism
The dark web, a hidden and often anonymized part of the internet, plays a significant role in facilitating
various illegal activities, including cyber terrorism (Chen, 2012). Unlike the surface web, which is publicly
accessible and indexed by search engines, the dark web requires special software like Tor to access it,
allowing users to browse anonymously. This anonymity and lack of regulation make the dark web an
ideal platform for individuals and groups engaged in cyber terrorism to operate under the radar of law
enforcement and intelligence agencies. Cyber terrorism refers to the use of digital tools and cyber-attacks
to cause disruption, fear, or harm, often with political, ideological, or religious motives. The dark web
provides an encrypted and often untraceable space where cyber terrorists can plan, communicate, recruit,
and launch attacks (Denker et al., 2019). By taking advantage of its privacy and decentralized nature,
terrorist organizations can effectively evade detection while conducting harmful activities that pose a
significant threat to national security and critical infrastructure.
One of the key ways the dark web facilitates cyber terrorism is by enabling encrypted communication
channels. Terrorist groups can use the dark web’s encrypted messaging platforms, forums, and chat
rooms to communicate securely without the risk of interception by authorities. This ensures that their
planning and operational strategies remain hidden. Unlike traditional communication methods, which are
often easier to trace and monitor, the dark web offers the ability to exchange information anonymously,
allowing terrorist groups to coordinate attacks, discuss tactics, and share resources in a way that is
extremely difficult for law enforcement to track. For example, encrypted messaging platforms on the
dark web allow for real-time communication among members, including the sharing of sensitive infor-
mation such as attack plans, financing schemes, and recruitment tactics. Moreover, the dark web serves
as a marketplace for illegal goods and services that are essential for carrying out cyber terrorism. These
include tools for cyber-attacks, such as malware, ransomware, and exploits, which are sold or traded in
online forums and marketplaces. Cyber terrorists can acquire software and tools designed to attack crit-
ical infrastructure, disrupt government operations, or inflict financial damage (Viganò et al., 2020). In
some instances, hackers with specialized skills may also offer their services on the dark web to assist in
the execution of attacks. This commercialization of hacking tools not only lowers the barrier to entry for
COGENT SOCIAL SCIENCES 5
cyber terrorists but also allows them to access resources that might otherwise be beyond their
capabilities.
The dark web also functions as a platform for recruiting new members and radicalizing individuals.
Extremist groups can use the anonymity provided by the dark web to disseminate propaganda, recruit
followers, and incite violence. The lack of oversight allows these groups to spread their ideologies with-
out fear of censorship, targeting vulnerable individuals who may be inclined to join their cause. Online
communities, forums, and encrypted messaging boards provide a space for like-minded individuals to
connect, share extremist views, and escalate from online discussions to offline violence, including cyber
terrorism. Furthermore, the dark web offers a space for financing terrorism. Crypto currency platforms,
often used for illegal transactions, are widely available on the dark web (Hamilton & Leuprecht, 2024).
Terrorist organizations can use crypto currencies like Bitcoin to raise funds for their activities, including
the development and execution of cyber-attacks. These transactions are difficult to trace, providing a
level of financial anonymity that is crucial for funding terrorist activities. The dark web plays a critical role
in facilitating cyber terrorism by providing a secure, anonymous environment for communication, recruit-
ment, and the exchange of illegal tools and resources. Its lack of regulation and ease of access make it
a preferred platform for terrorist organizations seeking to operate covertly and evade detection. As cyber
terrorism becomes an increasingly prominent threat, countering the role of the dark web in these activ-
ities will require enhanced law enforcement capabilities, international cooperation, and more effective
methods for monitoring and disrupting dark web operations.
In India, A man was arrested in Lucknow by the NCB’s Delhi zonal unit for allegedly sending hundreds
of psychotropic drug parcels overseas disguised as sex stimulation medicine (News18, 2020). Although
there have been no reported incidents of firearms being sold on the dark web in India, some reports
suggest that firearms may be imported through dark web sellers operating from outside the country
(Mehta, 2016). These instances in India help us understand how the dark web can be used to raise funds
for terrorism.
5. Legal framework and challenges
The legal frameworks surrounding encryption and the dark web are complex and evolving, as they inter-
sect with privacy rights, national security, and criminal law. Section 66F of the Information Technology
Act, 2000, specifically addresses the offense of cyber terrorism in India (Misra & Chacko, 2021). The pro-
vision was introduced through an amendment to the Information Technology Act in 2008, in response
to the growing concerns over cyber threats and the increasing use of the internet by terrorists for illicit
activities. The scope of Section 66F is broad and encompasses a variety of cyber activities that could be
classified as cyber terrorism. This includes the use of cyber tools for attacks against critical infrastructure
like power grids, transportation systems, or communication networks, which are often prime targets for
cyber terrorists. Despite the strong legal framework provided by Section 66F, enforcement of the provi-
sion presents a number of challenges. One of the primary issues is the anonymity that the internet
provides. Cyber terrorists often exploit technologies like encryption, the dark web, and anonymizing to
conceal their identities and locations. This makes it difficult for law enforcement agencies to trace the
perpetrators and gather evidence for prosecution. Another challenge is the jurisdictional complexity that
comes with cyber terrorism. Cyber crimes often transcend national borders, as attacks launched from one
country can target systems located in another. While Section 66F applies to acts committed within India
or affecting Indian systems, it can be difficult to prosecute international actors or groups based in for-
eign countries. The lack of international coordination and cooperation between cyber security agencies
complicates investigations, especially when cyber terrorists use overseas servers or networks to carry out
their attacks (Xu & Lu, 2021). There have been concerns regarding the broadness of the language used
in Section 66F, which can lead to ambiguity in interpretation. For example, the term "cyber terrorism"
itself is not defined in precise terms, and courts may need to consider a range of factors to determine
whether an offense qualifies under this section. This interpretational challenge could lead to differing
opinions on what constitutes a "terrorist" act in the digital realm, leading to inconsistencies in application.
The Unlawful Activities (Prevention) Act (UAPA), enacted in 1967, is a vital piece of legislation in India
aimed at combating terrorism and secessionist activities that threaten the sovereignty, integrity, and
6 H. SAYYED AND S. R. PAUL
security of the nation (Subrahmanian et al., 2012). The Act provides a legal framework for the identifica-
tion, prosecution, and punishment of individuals and organizations involved in terrorist activities. Under
the UAPA, cyber terrorism is addressed through its broad definition of "terrorist acts" and "unlawful
activities." Section 15 of the Act defines a "terrorist act" as any act that causes or is likely to cause dam-
age to the sovereignty, integrity, or security of India, among other criteria. Cyber-attacks, particularly
those targeting critical infrastructure, government databases, or public safety systems, fit within this defi-
nition, and individuals involved in such activities can be prosecuted under the UAPA. Additionally, the
law allows the central government to designate organizations or individuals involved in cyber terrorism
as "terrorist organizations," making it a criminal offense to support or be associated with such entities.
One major challenge is the technical complexity involved in cyber terrorism. Law enforcement agencies
may lack the expertise or resources to investigate sophisticated cyber-attacks that involve advanced tools
like encryption, anonymizing networks and the dark web. Cyber terrorism can be facilitated by encrypted
communication channels that make it difficult to intercept and decode messages. This issue directly con-
flicts with the need for surveillance in counterterrorism efforts, raising questions about the balance
between privacy rights and national security. Another challenge is the jurisdictional issues involved in
cyber terrorism (Maillart, 2019). Cyber terrorism can have global dimensions, with attacks being launched
from outside India’s borders. The ability of foreign actors to engage in cyber terrorism against Indian
targets complicates the application of UAPA, as coordination with international authorities is required to
address cross-border cyber threats effectively. However, legal frameworks for transnational cybercrime
and terrorism remain fragmented, and international cooperation often lacks the necessary coordination.
Also India is still not a party to the Budapest Convention on Cybercrime, also known as the Convention
on Cybercrime of the Council of Europe. The Budapest Convention on Cybercrime is an international
treaty aimed at combating cybercrime, including offences related to computer systems, data, and con-
tent (Wicki-Birchler, 2020). While the convention does not directly address encryption or the dark web in
a comprehensive way, it includes provisions that can impact these areas, particularly in the context of
law enforcement and the investigation of cybercrime. On encryption, the Budapest Convention calls for
cooperation between countries to ensure that law enforcement can access data stored on encrypted
systems during criminal investigations. Specifically, Article 32 of the convention deals with the ‘expedited
preservation of stored computer data’, allowing authorities to preserve data before it is lost or altered.
However, it also underscores the challenge encryption poses in ensuring access to digital evidence while
respecting privacy rights. While the convention promotes the need for international cooperation in
accessing encrypted communications, it does not mandate the weakening of encryption or the creation
of backdoors, leaving a balance between privacy and security largely in the hands of individual signa-
tory states.
6. Ethical and privacy considerations
In the modern era, encryption and the dark web serve as double-edged swords. While they offer critical
tools for securing online communications and protecting privacy, they also provide platforms for illicit
activities, including cyber terrorism. The rise of encryption technologies and the proliferation of the dark
web present significant ethical and privacy challenges in the context of national security and law enforce-
ment, particularly in India, where the digital landscape is rapidly evolving (Thomaz et al., 2020). As the
country grapples with the growing threat of cyber terrorism, there is a need to balance the fundamental
rights to privacy and freedom of expression with the imperative to safeguard national security and pro-
tect citizens from harm. This delicate balance forms the core of the ethical and privacy concerns that
surround encryption and the dark web.
One of the most significant ethical considerations surrounding encryption is its direct impact on the
right to privacy. In India, the right to privacy was recognized as a fundamental right by the Supreme
Court in the landmark K.S. Puttaswamy v. Union of India case, emphasizing that privacy is essential to
the exercise of individual autonomy and dignity (Bentotahewa et al., 2022). The decision reflects the
broader global consensus that privacy is a basic human right, and any infringement of this right must
be justified on legitimate grounds, such as national security. However, encryption poses a challenge to
privacy rights when it is used by cyber terrorists to conceal their activities. Terrorist groups, criminals,
COGENT SOCIAL SCIENCES 7
and other malicious actors often exploit encryption technologies to plan, coordinate, and execute attacks
while evading detection by law enforcement agencies. The ethical dilemma arises when authorities, in
their efforts to combat cyber terrorism, seek to access encrypted communications (Kozhuharova et al.,
2022). While it is crucial to prevent harm to national security and public safety, it is also vital not to
infringe upon individuals’ right to privacy without a justifiable cause. The question, therefore, becomes:
how can law enforcement agencies effectively counter cyber terrorism while respecting the privacy rights
of individuals who are not engaged in illegal activities? One of the proposed solutions to the challenge
posed by encryption in countering cyber terrorism is the introduction of backdoors in encryption tech-
nologies. A backdoor is essentially a secret method that allows law enforcement agencies to bypass
encryption and access encrypted data without the user’s knowledge (Wilson, 2023). While proponents
argue that backdoors would enable authorities to monitor and prevent cyber terrorism more effectively,
critics contend that they represent a serious privacy violation.
From an ethical standpoint, the dark web raises the issue of anonymity. On the one hand, anonymity
on the dark web can be a tool for individuals to protect themselves from government surveillance,
escape political oppression, or communicate securely in oppressive regimes (Mirea etal., 2019). In India,
where freedom of speech and expression is constitutionally protected, anonymity on the internet can be
seen as a safeguard against potential violations of privacy or freedom by the state. The ethical argument
here revolves around whether anonymity should be allowed at all costs or if it should be restricted in
cases where it facilitates terrorism and criminal activity. On the other hand, the dark web’s role in
enabling cyber terrorism presents a severe ethical challenge (Humphreys et al., 2024). Terrorist groups
use the dark web to plan and execute attacks, spread extremist ideologies, and recruit individuals into
their networks. Law enforcement agencies in India and around the world face difficulties in infiltrating
the dark web due to its encrypted and anonymous nature. In this context, the ethical issue is whether
the privacy of individuals who use the dark web for legitimate purposes should be compromised to
prevent criminal activities. While monitoring the dark web can aid in countering cyber terrorism, there is
a risk of violating the privacy rights of innocent users who have no connection to illegal activities.
7. Countermeasures to deal with encryption and the dark web in relation to cyber
terrorism
The advent of encryption technologies and the proliferation of the dark web have fundamentally trans-
formed how digital communications are secured and how anonymity is preserved online (Lim et al.,
2011). These advancements, while beneficial for privacy and security, also pose significant challenges in
combating cyber terrorism. One of the primary countermeasures in the legal arsenal against cyber ter-
rorism involving encryption is the establishment of robust frameworks for lawful interception and sur-
veillance. Under India’s Information Technology Act, 2000, authorities are empowered to intercept,
monitor, and decrypt information if they suspect the involvement of an individual in cyber terrorism.
Section 69 of the Information Technology Act allows the government to issue directions for the intercep-
tion of communications, which could include encrypted messages, if they are believed to be related to
national security or public safety.
However, the application of Section 69 in the context of encrypted communications presents chal-
lenges. Since encryption ensures data privacy, law enforcement agencies often require special decryption
keys or access to the platforms hosting encrypted data (Timan & Mann, 2021). This has led to calls for
the introduction of mandatory decryption or the creation of backdoors in encryption technologies. A
backdoor is a secret method that allows law enforcement to bypass encryption and access secure com-
munications. However, the ethical and practical concerns surrounding backdoors especially their poten-
tial for misuse by hackers make this a contentious issue. Advanced encryption-breaking tools can also
be used which are sophisticated technologies designed to decrypt or bypass encrypted data, enabling
law enforcement agencies to access information that is otherwise protected (Alagheband & Mashatan,
2022). Advanced encryption-breaking tools work by exploiting vulnerabilities in encryption algorithms or
using computational power to crack the encryption keys. These tools are crucial in combating cyber
terrorism, as they allow authorities to intercept and analyze communications from terrorist groups plan-
ning attacks. With terrorists increasingly relying on encrypted platforms to coordinate and execute their
8 H. SAYYED AND S. R. PAUL
plans, these tools help ensure that crucial intelligence is not hidden behind encryption. The feasibility of
advanced decryption tools in India depends on several factors. Technically, Indian law enforcement agen-
cies face challenges in acquiring and deploying such tools due to resource limitations and the rapid
evolution of encryption technologies. While India has made progress in digital forensics, the widespread
use of encryption by terrorists and criminals complicates investigations. Legally, the use of decryption
tools must balance national security needs with privacy rights, requiring careful regulation. International
cooperation is also vital, as data may be stored abroad. Overall, advanced decryption tools are feasible
but need robust infrastructure, legal frameworks, and global collaboration to be effective.
As a legal countermeasure, the Indian government could consider strengthening judicial oversight for
surveillance operations. Requiring warrants and ensuring transparency in the use of surveillance technol-
ogies would mitigate concerns regarding privacy violations (Power et al., 2021). Moreover, a clear legal
framework outlining the criteria under which data can be intercepted or decrypted would provide both
citizens and law enforcement agencies with more clarity and protection.
Cyber terrorism, by its very nature, is often transnational, with perpetrators operating across borders
(Henschke, 2021). The dark web, in particular, allows individuals and organizations to conceal their iden-
tities and operate from virtually any location, making jurisdiction a major challenge in investigations.
India’s legal response to cyber terrorism must include robust mechanisms for international cooperation
and coordination in countering cyber threats. Moreover, extradition treaties and cooperation on issues of
digital evidence gathering should be strengthened. Cyber terrorists operating from other countries pose
significant challenges to domestic law enforcement (Radoniewicz, 2021). India’s ability to request assis-
tance in tracing and prosecuting individuals from foreign jurisdictions will be crucial in curbing the
global nature of cyber terrorism. India’s legal framework must empower agencies to monitor and infil-
trate dark web forums and marketplaces where illegal activities are carried out. This can be done through
intelligence gathering and cooperation with cyber security firms that specialize in tracking dark web
activity. Moreover, Section 69 of the Information Technology Act could be expanded to include measures
targeting the dark web, particularly where terrorist activity is involved. However, such measures should
be carefully designed to avoid overreach, as the dark web also hosts content related to freedom of
expression and the protection of privacy. Blocking access to certain dark web platforms that are known
to host terrorist content is another potential countermeasure. However, blocking the entire dark web is
impractical due to its decentralized nature. Therefore, the focus should be on identifying and shutting
down specific platforms used by terrorist organizations. The challenge here is the legal and ethical
dilemma of balancing freedom of expression with national security concerns. The government must
ensure that measures targeting the dark web do not unduly infringe on the privacy rights of innocent
users who may be using these platforms for lawful purposes.
As cyber terrorism continues to evolve with advancements in encryption and the dark web, India’s
legal system must adapt to address these emerging threats. Legal countermeasures should focus on
enhancing surveillance capabilities, improving international cooperation, regulating the dark web, prose-
cuting terrorist activities, and promoting public awareness. However, these efforts must be balanced with
a strong commitment to protecting privacy rights and upholding constitutional freedoms. The challenge
for India lies in crafting a legal framework that is flexible enough to address the dynamic nature of cyber
terrorism while safeguarding the fundamental rights of its citizens.
8. Conclusion
The emergence of encryption and the dark web as tools for both securing digital communications
and enabling illicit activities has posed new and complex challenges to law enforcement agencies
worldwide, particularly in India. Legal countermeasures, such as enhancing surveillance capabilities,
improving international cooperation, and developing robust cyber security laws, are essential in
addressing these evolving threats. Strengthening judicial oversight in surveillance processes, including
encryption decryption and monitoring dark web activities, ensures that privacy rights are not unduly
infringed upon (Stahl et al., 2022). Moreover, international collaboration is crucial for tackling cyber
terrorism, given the borderless nature of the internet and the dark web. India’s active participation in
international agreements and partnerships can aid in effective cross-border law enforcement and the
COGENT SOCIAL SCIENCES 9
sharing of intelligence to thwart cyber terrorist networks. The legal challenge extends beyond the
scope of traditional law enforcement techniques. It involves striking a balance between protecting
civil liberties, including the right to privacy, and ensuring public safety. The debate over backdoors
and mandatory decryption of communications presents a critical legal dilemma. The risk of backdoors
being exploited by hackers or unauthorized actors highlights the need for careful, targeted legal
approaches. There is a need for greater transparency and accountability in surveillance activities, with
proper safeguards to prevent abuse (Königs, 2022). India’s approach to combating cyber terrorism,
particularly in relation to encryption and the dark web requires a multi-faceted and dynamic legal
response. The country must adopt legal countermeasures that not only curb terrorist activities but
also protect fundamental human rights. As cyber terrorism continues to evolve, India must remain
adaptable, ensuring that its legal framework is sufficiently robust to address the challenges posed by
new technologies, while upholding its democratic values. By balancing national security with individ-
ual rights, India can effectively mitigate the threats of cyber terrorism and maintain the integrity of
its digital ecosystem. Given the impact of the Dark Web on Indian society, it is crucial for policymak-
ers, law enforcement agencies, and other stakeholders to work together on comprehensive strategies
to tackle the issue. This could include improving legal frameworks and regulatory measures to address
cybercrimes, enhancing cybersecurity infrastructure, and promoting digital literacy and awareness
among citizens.
Acknowledgments
Hifajatali Sayyed contributed to the conception and design, drafting of the paper, critically revising for intellectual
content. Dr. Sanu Rani Paul contributed to the conception and design, drafting of the paper. All authors have read
and approved the final work of the manuscript.
Authors’ contributions
CRediT: Hifajatali Sayyed: Conceptualization, Methodology, Supervision, Writing – original draft, Writing – review &
editing; Sanu Rani Paul: Conceptualization, Writing – original draft.
Disclosure statement
No potential conict of interest was reported by the author(s).
About the authors
Mr. Hifajatali Sayyed is currently working as Assistant Professor at Symbiosis Law School Hyderabad, A Constituent
of Symbiosis International Deemed University Pune. He is the In-charge of Centre for Criminology and Criminal
Justice (CCCJ) of SLSH. He is also the Co-Head (Student Research) of Research and Publication Cell of SLSH. He is
the Examination In-charge and also the In-charge of Admission Committee.
Dr. Sanu Rani Paul is currently working as Assistant Professor at Symbiosis Law School Hyderabad, A Constituent of
Symbiosis International Deemed University Pune. She is the In-charge of Environmental Law Cell of SLSH. Her area
of interests is criminal law, environmental law, jurisprudence etc.
ORCID
Hifajatali Sayyed http://orcid.org/0000-0001-9472-6950
Sanu Rani Paul http://orcid.org/0000-0003-4944-4238
Data availability statement
The data that support the ndings of this study are available from the corresponding author, Sayyed. H, upon rea-
sonable request.
10 H. SAYYED AND S. R. PAUL
References
Alagheband, M. R., & Mashatan, A. (2022). Advanced encryption schemes in multi-tier heterogeneous internet of
things: Taxonomy, capabilities, and objectives. The Journal of Supercomputing, 78(17), 18777–18824. https://doi.
org/10.1007/s11227-022-04586-1
Bentotahewa, V., Hewage, C., & Williams, J. (2022). The normative power of the GDPR: A case study of data protection
laws of South Asian countries. SN Computer Science, 3(3), 1–18. https://doi.org/10.1007/s42979-022-01079-z
Chen, H. (2012). Dark web: Exploring and mining the dark side of the web. Lecture Notes in Computer Science, 7278,
1–1. https://doi.org/10.1007/978-3-642-29892-9_1
Choraś, M., Kozik, R., Flizikowski, A., Hołubowicz, W., & Renk, R. (2016). Cyber threats impacting critical infrastructures.
Studies in Systems, Decision and Control, 90, 139–161. https://doi.org/10.1007/978-3-319-51043-9_7
Dar, M. A., & Wani, S. A. (2023). COVID-19, personal data protection and privacy in India. Asian Bioethics Review, 15(2),
125–140. https://doi.org/10.1007/s41649-022-00227-0
Denker, K., Schäfer, M., & Steinebach, M. (2019). Darknets as tools for cyber warfare. In Springer eBooks (pp. 107–135).
Springer. https://doi.org/10.1007/978-3-658-25652-4_6
Francati, D., Friolo, D., Malavolta, G., & Venturi, D. (2024). Multi-key and multi-input predicate encryption (for conjunc-
tions) from learning with errors. Journal of Cryptology, 37(3). https://doi.org/10.1007/s00145-024-09504-7
Hamilton, R., Leuprecht, C. (2024). The crime-crypto nexus: Nuancing risk across crypto-crime transactions. In: D.
Goldbarsht, L. de Koker (Eds.), Financial crime and the law. Ius Gentium: Comparative perspectives on law and justice
(vol 115). Springer.https://doi.org/10.1007/978-3-031-59543-1_2
Henschke, A. (2021). Terrorism and the Internet of Things: Cyber-terrorism as an emergent threat. In Advanced
Sciences and Technologies for Security Applications, (1st ed., pp. 71–87). https://doi.org/10.1007/978-3-030-90221-6_5
Humphreys, D., Koay, A., Desmond, D., & Mealy, E. (2024). AI hype as a cyber security risk: The moral responsibili-
ty of implementing generative AI in business. AI and Ethics, 4(3), 791–804. https://doi.org/10.1007/
s43681-024-00443-4
Kaur, S., & Randhawa, S. (2020). Dark web: A web of crimes. Wireless Personal Communications, 112(4), 2131–2158.
https://doi.org/10.1007/s11277-020-07143-2
Königs, P. (2022). Government surveillance, privacy, and legitimacy. Philosophy & Technology, 35(1), 1–22. https://doi.
org/10.1007/s13347-022-00503-9
Kozhuharova, D., Kirov, A., & Al-Shargabi, Z. (2022). Ethics in cybersecurity. What are the challenges we need to be
aware of and how to handle them? Lecture Notes in Computer Science, 13300, 202–221. https://doi.
org/10.1007/978-3-031-04036-8_9
Li, N. (2009). Data encryption. In Springer eBooks (p. 574). Springer. https://doi.org/10.1007/978-0-387-39940-9_98
Liang, C. S. (2022). Technology and terror: The new arsenal of anarchy. In Springer eBooks (pp. 1–24). Springer. https://
doi.org/10.1007/978-3-319-51761-2_70-1
Liggett, R., Lee, J. R., Roddy, A. L., & Wallin, M. A. (2019). The dark web as a platform for crime: An exploration of
illicit drug, rearm, CSAM, and cybercrime markets. In Springer eBooks (pp. 1–27). Springer. https://doi.
org/10.1007/978-3-319-90307-1_17-1
Lim, D., Zo, H., & Lee, D. (2011). The value of anonymity on the internet. Lecture Notes in Computer Science, 6629,
452–464. https://doi.org/10.1007/978-3-642-20633-7_33
Macnish, K. (2021). An end to encryption? surveillance and proportionality in the crypto-wars. In: Henschke, A., Reed,
A., Robbins, S., Miller, S. (Eds.), Counter-terrorism, ethics and technology. Advanced sciences and technologies for secu-
rity applications. Springer. https://doi.org/10.1007/978-3-030-90221-6_10
Maillart, J. (2019). The limits of subjective territorial jurisdiction in the context of cybercrime. ERA Forum, 19(3), 375–
390. https://doi.org/10.1007/s12027-018-0527-2
Maiti, D., Castellacci, F., & Melchior, A. (2019). Digitalisation and development: Issues for India and beyond. In Springer
eBooks (pp. 3–29). Springer. https://doi.org/10.1007/978-981-13-9996-1_1
Martin, K. M. (2022). Cryptographic controls: The heart of cybersecurity. In Springer eBooks (pp. 1167–1173). Springer.
https://doi.org/10.1007/978-3-319-91875-4_62
Mehta, A. (2016, September 15). Heroin, pills and weapons on sale: Discovering the dark side of the web. Hindustan
Times. https://www.hindustantimes.com/india-news/heroin-pills-and-weapons-on-sale-discovering-the-dark-side-of-
the-web/story-oekXdbr6RPblBI1pzBcoHJ.html
Miller, S., & Bossomaier, T. (2021). Privacy, encryption and counter-terrorism. In Advanced sciences and technologies for
security applications (pp. 139–154). https://doi.org/10.1007/978-3-030-90221-6_9
Mirea, M., Wang, V., & Jung, J. (2019). The not so dark side of the darknet: A qualitative study. Security Journal, 32(2),
102–118. https://doi.org/10.1057/s41284-018-0150-5
Misra, A., & Chacko, M. (2021). Square pegs, round holes, and Indian cybersecurity laws. International Cybersecurity
Law Review, 2(1), 57–64. https://doi.org/10.1365/s43439-021-00026-7
Moncrie, M., & Lienard, P. (2024). From envy to radicalization. Evolutionary Psychological Science, 10(1), 70–86. https://
doi.org/10.1007/s40806-023-00380-1
News18. (2020, February 9). In a rst, Indian drug vendor operating on dark web arrested; 55,000 tablets seized. https://
www.news18.com/news/india/in-a-first-indian-drug-vendor-operating-on-dark-web-arrested-55000-ta
blets-seized-2493635.html
COGENT SOCIAL SCIENCES 11
Power, D. J., Heavin, C., & O’Connor, Y. (2021). Balancing privacy rights and surveillance analytics: A decision process
guide. Journal of Business Analytics, 4(2), 155–170. https://doi.org/10.1080/2573234X.2021.1920856
Radoniewicz, F. (2021). International regulations of cybersecurity. In Springer eBooks (pp. 53–71). https://doi.
org/10.1007/978-3-030-78551-2_5
Ródenas, J. M. R., Pastor-Galindo, J., & Mármol, F. G. (2023). A general and modular framework for dark web analysis.
Cluster Computing, 27, 4687–4703. https://doi.org/10.1007/s10586-023-04189-2
Stahl, B. C., Schroeder, D., Rodrigues, R., Stahl, B. C., Schroeder, D., & Rodrigues, R. (2022). Surveillance capitalism. In
Springer briefs in research and innovation governance (pp. 39–52). Springer. https://doi.org/10.1007/978-3-031-17040-9_4
Subrahmanian, V. S., Mannes, A., Sliva, A., Shakarian, J., & Dickerson, J. P. (2012). Introduction. In Springer eBooks (pp.
1–21). Springer. https://doi.org/10.1007/978-1-4614-4769-6_1
Thomaz, F., Salge, C., Karahanna, E., & Hulland, J. (2020). Learning from the Dark Web: Leveraging conversational
agents in the era of hyper-privacy to enhance marketing. Journal of the Academy of Marketing Science, 48(1), 43–63.
https://doi.org/10.1007/s11747-019-00704-3
Timan, T., & Mann, Z. (2021). Data protection in the era of articial intelligence: Trends, existing solutions and rec-
ommendations for privacy-preserving technologies. In Springer eBooks (pp. 153–175). Springer. https://doi.
org/10.1007/978-3-030-68176-0_7
Vidal, G., & Moreno, J. L. (2018). Cryptography and communications privacy: An introduction. In Springer eBooks (pp.
513–533). Springer. https://doi.org/10.1007/978-1-4939-7131-2_110179
Viganò, E., Loi, M., Yaghmaei, E. (2020). Cybersecurity of Critical Infrastructure. In: Christen, M., Gordijn, B., Loi, M.
(Eds.), The ethics of cybersecurity. The international library of ethics, law and technology (vol 21). Springer.https://
doi.org/10.1007/978-3-030-29053-5_8
Wicki-Birchler, D. (2020). The Budapest Convention and the General Data Protection Regulation: Acting in concert to
curb cybercrime? International Cybersecurity Law Review, 1(1-2), 63–72. https://doi.org/10.1365/s43439-020-00012-5
Wilson, M. (2023). Specifying a principle of cryptographic justice as a response to the problem of going dark. Ethics
and Information Technology, 25(3), 1–15. https://doi.org/10.1007/s10676-023-09707-9
Xu, M., & Lu, C. (2021). China–U.S. cyber-crisis management. China International Strategy Review, 3(1), 97–114. https://
doi.org/10.1007/s42533-021-00079-7
Yaacoub, J. A., Noura, H. N., Salman, O., & Chehab, A. (2022). Robotics cyber security: Vulnerabilities, attacks, counter-
measures, and recommendations. International Journal of Information Security, 21(1), 115–158. https://doi.
org/10.1007/s10207-021-00545-8
