Combatting ISIS online can’t be summarized in a Trump or Clinton sound bite. Here are some of the nuanced strategies that might get us there
The first presidential debate in the U.S. 2016 elections between Donald Trump and Hillary Clinton briefly touched on the intersection of cyber security and terrorism, with both candidates emphasizing the need for more online measures against the Islamic State (ISIS) in particular. Yet the comments were rather broad, and did not make clear the different threats and responses needed to confront the group’s three-pronged approach to the digital world.
The Islamic State uses the internet in three distinct ways: for hacking, propagandizing, and operations. And its supporters have made far more use of the internet than any other terrorist organization to date, and this will herald a change in how other extremists operate online.
Trump, as part of his wider criticism of the Obama Administration’s current policies, argued that “when you look at what ISIS is doing with the internet, they’re beating us at our own game.” Trump was referring to the propaganda battle, and the group’s ability to coordinate attacks – both by “lone wolves” and organized combat cells – through the internet despite efforts to shut down these communications both overseas and in the U.S.
Clinton offered a slightly more detailed plan than Trump, stating, “I have put forth a plan to defeat ISIS. It does involve going after them online,” including disrupting their propaganda operations. She added, “We need do much more with our tech companies to prevent ISIS and their operatives from being able to use the internet, to radicalize, even direct people.”
While ISIS supporters have coordinated some hacks against Western targets, as a whole the group is incapable of launching major cyber attacks, like going after infrastructure to cause mass power outages or force a shutdown of other key infrastructure. So on the one hand, there is not much of a cyber security threat in that regard. But for operational and propaganda purposes, ISIS does have a lot of options available.
Distribution channels, mobile devices, quality video services, and high-speed internet that did not exist a decade ago are now commonplace, and make it possible for the group to organize its agents and mobilize fellow travelers with haste and anonymity. As Thomas Hegghammer wrote in the New York Times last year, “The internet is a potentially formidable tool of rebellion, for it can greatly improve propaganda distribution, fundraising, recruitment and operational coordination.”
Learning curve for terrorists
The privacy versus security angle of the counterterrorism response to ISIS largely falls on the operations end of the spectrum, whereas the propaganda controversies are more often than not matters affecting the limits of free speech. Its online presence is indeed significant in the form of media outlets, private chat channels like Telegram; public platforms such as justpaste.it, YouTube, and Twitter; dissemination of questionably accurate “security guides” for supporters; and use of messaging tools to communicate with some expectation of privacy.
Much has been made of how ISIS operatives use Telegram, WhatsApp, and other such tools to communicate. These possess varying levels of encryption, not all of which are truly “end-to-end” and can be stored and read by providers and, with warrants, the security services. ISIS has been tardy in developing a workable in-house app for operations, despite the risks of using commercial services. But terrorists are still more than capable of learning how to adapt. As the Wall Street Journal has reported, Islamic State operatives entering Europe have learned to “switch mobile phones frequently; sign up for online accounts using temporary phone numbers; hopscotch frequently between chat apps, making any intercepted conversations difficult to follow.” The learning curve has been steep for the group, but ISIS was able to adapt enough to successfully carry out its first large-scale attacks in Europe in 2015 and 2016.
The combat cell that carried out these actions was particularly dangerous because it was able to operate independently after its members went into Syria, received training, and returned to Europe to coordinate their actions further. Information was shared out on a need-to-know basis, and communications were tightly controlled, whether within Europe or back to their Syrian HQ. Now, with travel to the region more difficult, recruiters for the group are appealing online (and in-person) to a much wider assortment of individuals. Some are friends and family of those who have gone abroad and not returned. Others have no such connections whatsoever: a prior police record might just consist of traffic violations, for example, or are in fact mentally ill.
Increasingly, such instruction and recruitment takes place on the internet. Encouraging words, reading lists, and instructional media are emailed over. But such methods do not often produce the same sort of operative as actual training on the ground. These recruits’ amateurishness can lead to relatively easily coups by physical or internet surveillance, and those snared by entrapment often prove to be very easily manipulated into giving their “handlers” everything they need to make an arrest later.
But this is not a given. As former Secretary of Homeland Security Michael Chertoff has noted when it comes to domestic terrorists, “The perennial problem we deal with is when there’s one or two people planning something in the privacy of their home and not a lot of interaction overseas and exchanging large sums of money. They’re not tripping a lot of wires.” These people do not need to worry about money transfers or secret communications overseas; they just need to obtain firearms, bomb-making materials, or melee weapons by legal means and go out in public. Detecting this activity online in advance is difficult without existing profiles and enough resources to follow-up on tips and warnings.
In this respect, aside from the most obvious efforts – shutting down websites and profiles pro-ISIS figures use to promote their agenda – prevention includes designing new tools and programs in cyber space to counter pro-Islamic State messaging from appealing to would-be attackers. But, as Kieron O’Hara writes in “The Limits of Redirection,” these tools also have to address the sense of belonging (or, perhaps, oppositional solidarity) and meaning that extremist messaging gives, whether it is based on religious puritanism, ethnic supremacism, or conspiracy theorizing. And that is a lot to ask of an app without also addressing larger social norms.
Where internet meets real life
“Successfully anticipating jihad’s divergence will require tens or even hundreds of analysts equipped with advanced degrees, language skills, and field experience tapped into a blend of human and technical sources,” Clint Watts writes for the Foreign Policy Research Institute. These capable individuals do exist, but there is a pressing need to better integrate them to the online end of things, especially in the realm of operations. For instance, a lack of translators has been repeatedly cited as a hindrance to near real-time tracking by police and intelligence services. Brussels police have told BuzzFeed that while tracking two suspects, it took them three days to get a French-to-Arabic translation of a bugged conversation. Serious work needs to be done to cut across language and cultural barriers to develop targeted applications that can catch warning signs online, such as particularly-worded messages that might hint the sender is planning a suicide mission, and to match this against traditional police work that identifies high-risk individuals, work that often relies on suspects’ family and friends coming to the authorities rather than social media portals and telecom providers acting as the informants.
This returns to one of the core dilemmas of dealing with ISIS’s online presence in a free society. In the U.S. after 9/11, the PATRIOT Act updated the 1978 Foreign Intelligence Surveillance Act with respect to new technologies and reduced barriers for sharing intelligence. In many ways, the PATRIOT Act lowered the threshold for counterterrorism surveillance to that of “normal” crimes where evidence is collected with the end goal of securing a conviction. By 2015, legal pushback and questions about the efficacy of bulk metadata collection mean that these programs were partially scaled back. This then led to complaints the scaling back had made the San Bernardino husband-and-wife shooter team harder to track, and from their case arose a publicly embarrassing fight between U.S. officials and IT companies over breaking into suspects’ devices.
This affair has now led to a spate of freedom of information lawsuits against the FBI, and while these will not be resolved before the November election, the precedent that the resolution of this dispute sets will be a significant feature of the privacy versus security debates under the new administration. And even with increasing fears of terrorism, public opinion about governmental access to private data is not overwhelmingly in favor of greater surveillance. A 2016 PEW survey roundup of Americans’ online privacy attitudes found that “57% said it was unacceptable for the government to monitor the communications of U.S. citizens” while it was the job of the government to monitor such traffic if the users were not U.S. citizens. A plurality also agreed that the government should prioritize online surveillance of people based on web histories that show extremist leanings or a desire to procure multiple weapons. Yet other surveys cited by PEW here have found a plurality of Americans do want to secure their data better, but are unsure how to do so, and that a majority of U.S. citizens do not believe their data is secure, even in government hands, so privacy laws need to be made stronger.
All of this said, an overwhelming number of respondents (over 90%) have said that they feel like they have no control over how their data is collected and used. As Geektime reported in 2015 in an interview with Prof. Yair Neuman of Ben Gurion University, “One of the biggest hurdles for the security establishment in identifying real threats is cutting through the cacophony of background noise on social media.” It is impossible to shut down every channel of communication, and unless arrests are made, promoters and recruiters can return under different names. While “bulk collection” may have “allowed intelligence analysts to ask smarter questions” in the words of former GCHQ analyst David Wells, targeted measures that combine real-world police work are still vital to disrupt and degrade terrorist actors making use of the internet.