Some Recent Trends in the Use of the Internet/ICT for Terrorist Purposes – Part III

The following is the third of three blog posts reporting on discussions at a workshop held in the Swiss Federal Institute of Technology, ETH Zurich, Switzerland on 25 August 2016 under the auspices of the UN Counter Terrorism Committee Executive Directorate (UNCTED) and the Swiss-based ICT4Peace Foundation and their joint project on ‘Private Sector Engagement in Responding to the Use of the Internet and ICT for Terrorist Purposes.’ Supported by Microsoft, Facebook, Kaspersky Lab, and the governments of Spain and Switzerland, the project seeks to deepen understanding of the private sector—notably technology and social media companies—response to how terrorist groups  are using the internet and ICT for terrorist purposes in the context of a number of UN Security Council Resolutions and reports.

The final part of the workshop focused on potentially overlooked or unintended consequences of efforts to regulate terrorist content. Participants addressed the risks of over regulation and discussed the challenge of effective counter narratives before collectively formulating recommendations about sharing knowledge, building capacity, and exchanging practices.  

Unintended Consequences of Content Removal

As some of the larger companies become more adept at identifying and blocking terrorist use of their products and services, there is a tendency for some terrorist users to migrate to smaller technology platforms. Islamic State (IS), however, has reportedly urged its members to continue using mainstream social networks as it understands the advantage of having a popular platform for disseminating propaganda.

As noted above, questions abound relating to the intelligence consequences of removing terrorist-related content or accounts. This issue was raised by numerous participants during the workshop, and the question remains unresolved in most jurisdictions.

The Risks of Over-Regulation

One of the workshop panels focused in part on the use of existing and emerging technology to finance terrorist activity. A representative from one of the encryption companies explained the complex identity authentication requirements it has adopted, which it believes, serves as a form of soft deterrence. Its system architecture also provides two technical options in connection with legally authorized, official investigations: (i) provision of metadata on the communication activity of a client’s users; and (ii) shutting down the service for some or all of the users of the client who is under the terrorist investigation.

Workshop participants also discussed the downside of “over-regulation”. In this regard, a representative from one trade body representing electronic money transfers stressed that regulations designed to increase the Know Your Customer (“KYC”) threshold could have significant impact on legitimate users who could ultimately end up “unbanked”. The effect of this could lead to an increase in the so-called “shadow economy” by promoting cash transactions as well as an increase in transaction costs for the remaining financial transactions users. It was suggested that more onerous KYC authentication processes could cost as much as €5-10 per new customer.

Counter Narrative Challenges

While the meeting did not specifically focus on the topic of strategic communications and countering the narratives of groups such as IS, one civil society representative discussed new research that demonstrates the limited impact of many of the largest publically funded counter-narrative initiatives in the Middle East and North Africa region. In many cases the general population had not heard of them and whenever such initiatives are associated with CVE, they then develop a negative reputation. Acknowledging some of these challenges in policy and practice is all the more important given a number of organisations including the UN and the Global Counter Terrorism Forum (GCTF) are launching a number of initiatives in this area. Separately, the European Commission stated that an important objective of the EU Internet Forum was to empower civil society partners within the EU to provide positive alternative narratives online. These credible voices often lacked the necessary technical support or expertise to be able to produce effective narratives online. The Commission had therefore committed €10 million to support civil society partners in this way.

RECOMMENDATIONS

Recommendations for next steps focused on a number of mechanisms and platforms for sharing knowledge, information, exchange of practices and capacity building. These could possibly be combined under one comprehensive initiative.

i) Knowledge Sharing Platform for Content Management-related Initiatives

Participants stressed the need for a curated public-private platform that could help a range of stakeholders keep abreast of ongoing initiatives (such as the Global Network Initiative) and the numerous research programmes currently underway in this area. In more concrete terms, such a resource could also provide a detailed list of relevant contacts at technology and social media companies and help governments navigate technology and social media company’s content management policies, processes, and expectations. It would provide a “one-stop shop” for learning about the principles, norms and practices underpinning both the government and company response to terrorist content online, with samples of good practice regarding Terms of Service, legislation and related information. The challenge with such a platform would be to ensure that the information was regularly updated as both Terms of Service and government practice change frequently.

Others suggested that as a means to deepen understanding and assess the effectiveness of current company practices, a number of indicators could be assessed across a sample of companies. These could include:

– The average time lapse between the moment terrorist-related content is published and subsequently removed.

– The average reach of the material (in terms of views/users).

– The average time it takes to review the material.

– The rate at which the same material is published (e.g. propagation of the same video).

– Most common methods employed to search for terrorist-related content (trusted flaggers, users etc.).

– The technological solutions currently being used to support ICT companies identify terrorist content.

– Whether companies report terrorists content directly to law enforcement – and how often the same report is repeated.

One global company representative suggested the possibility of accelerating work on a concept they are currently discussing with other industry actors involving the creation of a back-office “clearing house” for terrorist content. Such an initiative would help facilitate knowledge-sharing between different technology and social media companies and avoid duplication of effort by users/IRUs reporting content, and companies removing it.

ii) Capacity Building for the Tech Sector

Related to the point, significant emphasis was placed on the importance of capacity building efforts in this area, ultimately supported by a curated global knowledge-sharing platform. Complementing existing initiatives such as the GNI, the platform could include a “Startup Toolbox” that includes pragmatic advice and detailed information on existing good practices, international principles and norms, and additional resources. In this regard, participants emphasised the usefulness of a knowledge-sharing platform that could provide guidance to private sector startups and small Internet intermediaries to develop their Terms of Service and user policies, particularly in the context of addressing content removal requests and effectively monitoring and responding to potential use of their products and services by terrorists in a manner consistent with international human rights law and standards, including the United Nations Guiding Principles on Business and Human Rights.

As part of building this platform, participants highlighted the need to engage directly with small companies, including startups, for instance through holding a series of small workshops at tech hubs and incubators around the world. They also stressed the importance of learning how to engage with small companies and startups and not just developing material to support their efforts against terrorist use of their technologies. This would require much more in-depth work with a number of sectors, including trade associations, business and law schools as well as new and emerging businesses. Furthermore, given low levels of awareness of the issues, many new companies may require more information on the potential risks of terrorist exploitation of the Internet and ICT. Several suggestions were put forward on how to leverage existing cyber security capacity building tools and platforms to such ends, the importance of engaging universities across a range of disciplines (technology, business, law).

iii) Make it easier for the public to report harmful terrorist material

While there are some strong approaches to crowdsourcing reporting of terrorist material in some countries, participants felt that practice is uneven and that this group should determine ways to develop a more unified approach to encouraging the public to report content to ICT via a single reporting platform. Furthermore, a number of participants mentioned the possibility of helping inform users on expectations of take-down turnaround times or delving deeper into the due process challenges relating to legitimising content removal requests.

iv) Research future risk of terrorist use of internet technologies

Workshop participants suggested that a separate research programme was required to investigate future potential uses of Internet / ICT technologies for terrorist purposes.

v) Promote understanding of requirements for effective public-private partnerships

Participants spoke of the need help governments and technology and social media companies develop two-way partnerships and called for new research into the role of public-private partnerships in this area. Contributors also pointed out that non-Western governments often found it more difficult to engage with Western technology companies, suggesting that this should be one area of focus of the workshop organisers. Civil society groups reiterated the need to ensure that all governments are aware of their obligations to safeguard human rights when engaging in PPPs.

vi) Develop a knowledge-sharing platform of global counter-narrative programmes

Participants suggested the need for an international organisation such as the UN to host (and regularly update) information on global counter-narrative programmes, including research into their effectiveness.