Extremists are using the internet to proselytise and organise

How can we stop terrorists while maintaining everyone’s right to digital privacy?

February 2016:  a man holds up an iPhone displaying a “No Entry” image as part of a rally in front of an Apple store in New York in support of the company’s privacy policy. Photograph: Justin Lane/EPA
February 2016: a man holds up an iPhone displaying a “No Entry” image as part of a rally in front of an Apple store in New York in support of the company’s privacy policy. Photograph: Justin Lane/EPA

At first, the attack on a Christmas party in San Bernardino, California, in December 2015 seemed like a "conventional" mass shooting – a disgruntled former worker taking out his frustrations on colleagues, killing 14. But this wasn't just another appalling act of gun violence: it was an act of terrorism. The attacker, Syed Farook, and his wife, Tashfeen Malik, had become radicalised, initially online, and had pledged allegiance to Islamic State, or Isis.

The FBI found one of Farook's phones, an encrypted iPhone, and attempted to force Apple to help them unlock the device in an attempt to ascertain the couple's links to extremists. Apple refused, arguing that creating any such "backdoor" in to the iPhone would be an intolerable risk, either in the hands of law enforcement agencies or, if it leaked, in the hands of bad actors. Chief executive Tim Cook went so far as to describe what the FBI was asking it to do as creating a "cancer", and the leaking of NSA hacking tools, leading to the recent ransomware WannaCry attack, certainly vindicated his position. The dispute ended in a sort of stalemate when a small technology company devised a way to allow the FBI to access to the device.

However, the San Bernardino case was a microcosm of the larger debate about technology’s role in modern terrorism – Farook and Malik showed the risks of online radicalisation and the danger of extremists using encrypted communications to plan their attacks.

Terror attacks

If anything, that debate has only grown in intensity with the recent spate of terror attacks, reaching a fever pitch in the aftermath of the attacks in Manchester and London.

READ MORE

The morning after the attack on London Bridge and Borough Market last weekend, UK prime minister Theresa May explicitly accused technology companies of not doing enough to counter the threat from extremists.

“We cannot allow this ideology the safe space it needs to breed. Yet that is precisely what the internet, and the big companies that provide internet-based services, provide,” she said. “We need to work with allied democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremism and terrorism planning.”

May is of course right that extremists are using the internet to proselytise and organise.

Sophisticated tools

A central tactic employed by al-Qaeda was ghazwa ma'lumatiyya ("information operations") and harb electroniyya ("electronic warfare") to recruit extremists and spread its message through the use of videos and online magazines. Isis expanded that approach, developing sophisticated tools to amplify its propaganda material across social media, from Twitter accounts to YouTube videos, going so far as to develop an app called the Dawn of Glad Tidings to retweet its messages from the accounts of its followers. Meanwhile, encrypted communication apps such as WhatsApp, Apple's iMessage and, increasingly, Telegram have allowed for secret conversations beyond the spying capabilities of intelligence agencies.

Whether it is fair for May to call these a safe space is another matter – in March, Twitter said it had suspended more than 375,000 accounts for promoting terrorism during the last six months of 2016, while Google and Facebook both cite their extensive efforts to monitor and remove terrorist content from their various platforms. There is, however, considerable dissatisfaction with their success in that regard – Germany's justice minister Heiko Maas has been so frustrated by the lack of action he has proposed penalties of up to €50 million on social networks for failing to remove illegal hate speech.

For his part, Apple's Cook told Bloomberg: "We have been co-operating with the UK government not only in law enforcement kind of matters but on some of the attacks… in cases when we have information and they have gone through the lawful process we don't just give it but we do it very promptly."

Furthermore, it should be pointed out that the UK has some of the most extensive surveillance legislation anywhere in Europe, thanks to the Investigatory Powers Act that May introduced as home secretary. The Snoopers' Charter, as it became known, allows UK government agencies to access a vast trove of data about people, including a record of websites you have visited over the past year.

The process by which already alienated, angry young men become radicalised is a complex one, but there are parallels with viral illnesses. No more than tackling any virus, identifying and disrupting the transmission vectors is key, and in the case of extremist radicalisation, online material is just one transmission vector among many.

Becoming radicalised

Extensive research into how people become radicalised has shown that viewing online materials alone rarely leads to terrorism.

Prof Peter Neumann & Dr Shiraz Maher at the International Centre for the Study of Radicalisation (ICSR) at King's College London are two of the leading experts in the field, and highlight the role of real-life influences. "Over the past five years, we have tracked the flow of foreign fighters into Syria and Iraq, collecting information on nearly 800 Western recruits – often including their social media footprints…The internet plays an important role in terms of disseminating information and building the brand of organisations such as IS, but it is rarely sufficient in replacing the potency and charm of a real-world recruiter."

Echoing those findings, a 2013 Rand research paper exploring the radicalisation process in 15 cases of extremism found that “the evidence … does not support the suggestion that the internet has contributed to the development of self-radicalisation. In all the cases that we reviewed during our research, subjects had contact with other individuals, whether virtually or physically.”

Limiting that virtual contact, however, has become immeasurably more complicated by what former FBI director James Comey in 2014 described as internet chatter "going dark" due to the use of encrypted messaging apps.

In that regard, the Telegram app is now cited as the biggest concern. Developed by a Berlin-based software company it allows for encrypted communications with private groups or on public channels to an unlimited audience. Islamic State is increasingly using the app instead of Twitter as its principal broadcast channel, though the app has blocked hundreds of Isis-related channels. Its Russian-born founder, Pavel Durov, appears unconcerned about its use by terrorists, pointing out they would just use another encrypted messaging service in any case. "The right for privacy is more important than our fear of bad things happening, like terrorism," he said in 2015.

Legitimate

That might sound flippant, but Durov has an important point – in what cases are encrypted, secure communication channels legitimate for citizens to use? If they are they legitimate for dissident activists in oppressive regimes, say, then how can we limit their use in other circumstances?

This week, May followed up her criticism of technology companies by pledging to overhaul human rights legislation in order to crack down on extremists. Given the determination to limit freedoms in the face of a terror threat, it seems unlikely that digital privacy will be spared. In such febrile times, perhaps people could be convinced to subject themselves to government surveillance for the illusion of safety. But it’s worth bearing in mind that it is notoriously difficult to prevent viruses from spreading, no matter how extensive the efforts to disrupt transmission.