In the wake of last week's tragedy in Paris, the online presence of ISIS has come under serious scrutiny. And now the accusation usually leveled at the government – that it sacrifices privacy for security – is being aimed at Western tech companies.
ISIS has debunked our notion of the cave-dwelling, technologically deficient terrorist. The terror organization recruits, propagandizes and communicates via sophisticated online channels - taunting the West on the infuriatingly public, yet encrypted, Web. Not only does the organization carry out extensive Twitter campaigns, but active members post to forums, Facebook (News - Alert), and the Deep web with alarming regularity. ISIS members garner support from Western sympathizers, recruit international youth to join militia forces, and even operate a full-time call center for members.
Western tech companies are often the medium through which ISIS channels their data. And with such high stakes, those companies face increasing pressure from the public, from intelligence agencies, and even from hacktivist groups to join the war against ISIS.
There’s a problem, though: the banning of ISIS would drudge up ethical, practical, and logistical problems that many tech companies are unprepared to solve. Tech companies have very little practical incentive or ability to silence users. In fact, they may even benefit from leaving them alone.
The kinds of services that ISIS naturally seeks out prize privacy, free speech, and user autonomy over censorship. And in order to screen for ISIS, many companies would need to sacrifice the privacy of all users.
Furthermore, few companies have the time or manpower to actively monitor for terrorists, even if they wanted to.
The Case of Twitter (News - Alert)
ISIS is the most publically visible insurgent group on the planet. They famously use Twitter to disseminate tightly edited, well-produced videos of their atrocities. Their acts of terror are broadcast and circulated across the world, promoted from thousands of puppet accounts and invariably end up in Western news. Because Twitter is the most prescient crossroads of ISIS and Silicon Valley, let’s take a look at its precedent and its future.
Twitter has pledged to take down ISIS-related accounts, but the company faces problems. The Brookings Institute recently addressed those problems with, “The ISIS Twitter Census,” which attempted to survey the ISIS Twitter landscape, diagnose its complexities and, “better understand the impact of Twitter’s suspension of ISIS supporter accounts on the performance and coherence of the overall network.”
The Census focuses on the practicalities, rather than the ethics, of silencing users. It found that valuable counterterrorism intelligence comes from only a small minority of ISIS Twitter users, meaning that the majority of ISIS accounts could be effectively silenced.
It also concluded that the “whack-a-mole” criticism of account suspensions, which argues that account suspensions are ineffective because new accounts are easily created, is unfounded. Suspending accounts can certainly cripple the social network that ISIS has worked so hard to cultivate.
However, the Census also laid out the potential benefits to leaving ISIS on Twitter: Not only do some members reveal valuable intelligence, but an open social media channel between ISIS and the West may contribute to the de-radicalization of ISIS members. Making the ISIS community more insular, less accessible to contrary points of view, and could foster more extremism.
Furthermore, Twitter would need to work out a methodology to closing accounts. The methodology would entail a lengthy, messy implementation process, and it’s almost guaranteed to shut down genuine accounts. And once the technology for thematic censorship is available, does Twitter face an obligation to level it at other insurgent groups? What pressure could governments – or Twitter’s own beliefs and interests – put on Twitter to censor international dissidence?
Ultimately, the Brookings Institute recommends that social media companies confer with governmental authority to design regulatory policies for its content. That regulation, the Census suggests, should be careful not to dismantle the entire ISIS social network, but to “stomp out fires” of individual, inflammatory users. Twitter should also, according to the study, create a policy that balances civil liberty concerns with censorship initiatives. And while that may seem like a measured, rational response, doing so would just mean more work, liability, and potential headaches for Twitter.
So if such a public, massive tech company can’t figure out an effective solution to the problem, what happens when smaller, encrypted internet services get picked up by ISIS?
Al Jazeera’s Jacob Ward broke down the logistical nightmare of monitoring WhatsApp, just one of the channels the French attackers used to communicate. WhatsApp is the world’s most popular Wi-Fi texting service, with 800 million monthly users sending 30 billion messages a day. Ward explains that those messages are secured through WhatsApp’s phone-to-phone encryption services, which even the company can’t crack.
“Basically, when I send a message on WhatsApp, my phone does the encrypting and the phone on the other end does the decrypting. As a result, WhatsApp does not have access to my message. It cannot decrypt it, even if it wanted to. That also means there is no backdoor or master key that it can offer to the intelligence community.”
While WhatsApp and services like it have faced scrutiny and condemnation from intelligence communities for their encryption practices, the companies’ main responsibility is to users. Forcing open users’ communications could create a backlash, alienate consumers and prompt a migration to other, more secure messaging platforms.
Ward’s reporting only covered WhatsApp. Even if WhatsApp agreed to comply with governmental oversight at the expense of its users’ privacy, and even if intelligence agencies could parse through the enormous amounts of data, ISIS could still move to another encrypted communication system. Experts are already suggesting that Playstation 4 gaming channels, which are as unmonitored as WhatsApp, could have facilitated the Paris attacks (though, as of now, there is no hard evidence of that).
Even some lesser-known tech companies are in hot water over ISIS. CloudFare, a Silicon Valley startup planning to go public in the next few years, has been attacked by the hacking group Anonymous for their relationship with ISIS. CloudFare protects its users’ websites from DDoS attacks, and Anonymous learned that ISIS-affiliated websites are among its clients. CloudFare responded by pointing out the main hypocrisy of this entire argument: Anonymous also uses CloudFare to protect itself, even against the wishes of governmental authority.
So, with companies unwilling or unable to monitor their clients, vigilante groups have taken up virtual arms. Hacktivist coalitions, most notably Anonymous, have been DDoSing, Doxxing, and identifying ISIS presences all over the Web. But as the Brookings Institute pointed out, without a long-term intelligence plan, this is largely ineffective and may even silence important sources of intel.
We’re at a crossroads between tech, government, censorship, and Internet regulation. The future is uncertain, but we know one thing: either government will have to cede to the technology sector, or the tech sector is going to have to cede to intelligence. Both have different interests – tech to its consumers, government to intelligence agencies – and we’ll soon know the extent to which those interests conflict.