Searching Places Unknown: Law Enforcement Jurisdiction on the Dark Web

The use of hacking tools by law enforcement to pursue criminal suspects who have anonymized their communications on the dark web presents a looming flashpoint between criminal procedure and international law. Criminal actors who use the dark web (e.g. in the commission of a crime or in order to evade authorities) obscure digital footprints left behind with third parties, rendering existing surveillance methods obsolete. In response, law enforcement has implemented hacking techniques that deploy surveillance software over the Internet in order to directly access and control criminals’ devices. The practical reality of the underlying technologies makes it inevitable that foreign-located computers are subject to the remote “searches” and “seizures” that take place. The result may well be the greatest extraterritorial expansion of enforcement jurisdiction in U.S. law enforcement history. This article examines how the use of hacking tools on the dark web profoundly disrupts the legal architecture upon which cross-border criminal investigations rest. The overseas cyber operations that result raise increasingly difficult questions regarding just whom may authorize these activities, where they may be deployed, and whom they may lawfully be executed against. The rules of criminal procedure fail to regulate law enforcement hacking because they allow these critical decisions to be made by rank-and-file investigators, despite potentially disruptive foreign relations implications. This article outlines a regulatory framework that reallocates decision-making to institutional actors best suited to determine U.S. foreign policy, without sacrificing law enforcement’s ability to identify and locate criminal suspects that have taken cover on the dark web.