Reactionary measures by technology companies and law enforcement agencies to tackle online extremist content will set a dangerous precedent in the future. A bill introduced earlier this month by Sen. Dianne Feinstein (D-Calif.) requires for the reporting of terrorist content related to the “distribution of information relating to explosives, destructive devices, and weapons of mass destruction.” The measure, in addition to a proposed congressional commission on encryption, is yet another attempt by Congress to bridge a thorny gap between the technology sector and the federal government following the attacks in San Bernardino, Calif. and Paris.
{mosads}This same debate over installing back doors for encryption occurred in the 1990s and extremists’ use of encrypted communications is not a new trend. Both technology companies and law enforcement agencies will experience repercussions if more pressure is put on social media companies to take down extremist material. For the former, they will set an uncomfortable precedent when tasked to more overtly censor label content at the behest of the federal government, which social media companies are reluctant to do. Yet federal law enforcement agents, through some sort of counterterrorism liaison, should be the ones to identify what constitutes “terrorist-related content,” as opposed to the social media companies themselves. Simultaneously, law enforcement agencies will face more challenges to intercept and request encrypted data stored on devices, as FBI Director James Comey continuously warns.
More pressure on social media companies will accelerate the migration of extremists from open-network platforms such as Twitter into the depths of encrypted applications and the “dark web.” Just as the Islamic State in Iraq and Syria (ISIS) adapts to defend against airstrikes through underground tunnels, its adherents adapt in cyberspace for operational security as well. Earlier this month, however, ISIS supporters were directed to return to Twitter from Telegram, an encrypted messaging service, to increase its presence with the general public as opposed to only speaking with one another.
Social media companies should continue removing extremist content per their terms of service, as continues to be the case. However, if a database of extremist content is created to identify and remove such material, as Feinstein recommends, this same technique could be used by oppressive regimes to filter out material contrary to their viewpoints.
Twitter’s robust suspension campaign has already led ISIS sympathizers to focus more on repopulating its networks more than recruitment, while ISIS propaganda accounts have figured out a simple way of battling suspensions. Any more pressure on open-network companies such as Twitter will only put a small dent in publicly visible extremist propaganda at the expense of driving extremists underground in cyberspace. Additionally, eradicating networks limits intelligence and law enforcement agencies from mapping out their social networks to tracking extremists’ blunders, such as fighters leaving their geolocation services enabled or taking selfies in front of ISIS headquarters. Thus, there is an acceptable amount of digital extremist content to be kept online.
Additionally, law enforcement agencies asking for back doors to encryption will make cyberspace increasingly more vulnerable. Contrary to popular belief, encryption is not entirely a cyber safe haven for extremists, as users themselves may compromise their own security, according to a study by University of Alabama at Birmingham.
Moreover, while the encryption debate is a timely debate to be had, its effects on intelligence and law enforcement are still ambiguous and without substantial evidence. Encryption hindered the FBI’s progress of only four out of 3,554, or 0.11 percent, of authorized wiretaps in 2014. While this debunks the myth that encryption is law enforcement’s Achilles heel, it is worth noting that the gunman in the Garland, Texas attack messaged an individual overseas via encrypted communications, the first time — especially in the U.S. — where encryption has appeared in an ISIS-related case.
The argument federal law enforcement agencies present to technology companies is valid, but providing back doors to encryption programs will have significant ramifications that far surpass ISIS sympathizers going dark. Weakening encryption keys will offer lower security for other bad actors to exploit, hack and steal data. If a back door is created for the government, those seeking malice and destruction will threaten the privacy of the millions that encryption is designed to protect.
Instead of giving the federal government a golden key to encryption, as is the case already in Kazakhstan, intelligence and law enforcement agencies should continue exploiting open-source intelligence and the dark web. The Royal Canadian Mounted Police, for example, is using a customized version of a dark web crawling software originally intended to track child pornography to “trace patterns and discern trends” in extremist websites. The U.S. intelligence community is already investing in digital forensics for “predicting terrorism or cyberattacks.” Of course, dark web sweeps aren’t without controversy, as the FBI was accused of paying $1 million to identify users of the dark web.
The cyber domain is as, if not more, important than the physical battlefield in today’s irregular wars. The threats from bad actors online are metastasizing and both Congress and law enforcement must adapt to ensure the U.S. harnesses technology in the most proactive — as opposed to reactive — ways possible.
Glavin is a senior research associate at the U.S. Naval War College’s Center on Irregular Warfare and Armed Groups. The views expressed here are the author’s own and do not necessarily represent those of his employers or the U.S. government.