DIGIT: Telegram has been used by IS both for encrypted messaging and its broadcast functionality, which allows it to stream propaganda (before the channel is inevitably removed by moderators) – would you call this a social media ‘operation’? Is the digital world part of the new face of terrorism?
Dr Tine Munk: Terrorist organisations, such as so-called Islamic State (IS) are using all online tools and services available to spread their ideology, manipulate, recruit and train fighters, raise funds, gather information and communicate internally. This means that social media and other online tools are included in the new form of terrorism on the tactical and operational level. Social media and messenger services like Telegram and WhatsApp are free tools available for everyone and can be used remotely and anonymously and more importantly, the data is encrypted.
This makes it difficult for the Internet businesses and law enforcement to control the information flow, investigate and prosecute terrorists. Both WhatsApp and Telegram offer a high degree of secrecy which is beneficial for a terrorist organisation for communication between their members. Telegram’s messenger service is based on MTProto and the app ensures a ‘secret chat’ using end-to-end encryption. The main feature of the app is that chats are stored on the actual device and not on the cloud. More importantly, the chats self-destruct after a specified amount of time. The Telegram app has also an inbuilt lock that can be activated by the users which ensure that content is not available to law enforcement or other security actors. If terrorist organisations are using WhatsApp, on key feature is that it is impossible for law enforcement or internet services providers/ Internet businesses to retrieve old chats on a new device.
Twitter has for a long time been instrumental for IS and it is embedded in their strategies. However, due to a collective effort worldwide, Twitter is now inconsistent with IS’ distribution of propaganda and this has changed IS distribution methods to include Telegram’s broadcasting and streaming service. This is very concerning because the app creates a new unlimited and unmanageable forum for free distribution of extremist material. Yet, the operational nature of Telegram creates obstacles for monitoring of the material broadcast and streamed as the company does not allow for comprehensive searches of public content. Therefore, it is impossible to evaluate the level of IS material and how content is being spread.
Unfortunately, security actors are constantly one step behind IS and their use of digital technologies. Although, several initiatives have been launched to remove online extremist content, IS are flexible and ready to adopt new measures to spread their propaganda online. Nevertheless, law enforcement and businesses are working hard to manage online content but their efforts appear fragmented and incoherent without a common standard of what to do and how to do it.
Public and private security actors need to work closer together to find the gaps in the systems, monitor content, investigate and prosecute online terrorists. They also need to develop better lines of communication – transnational and cross-sectoral where they can exchange best practice and findings. The digital world is difficult to control, even on the ordinary internet and social media, which are closely monitored. Public and private security actors struggle to identify and remove material as information is broadcast and circulated quickly worldwide. When one site is taken down and a new one appears.
Cyberspace is included in terrorist organisations’ strategies and the ‘success’ of IS are based on their opportunities to speed their ideology online (Europol 2017) has highlighted this problem in their Internet Organised Crime Threat Assessment (IOCTA 2016). Europol claims that social media are essential to spreading some terrorist groups’ propaganda; such as to broadcast their aims and their achievements. Moreover, social media and cyberspace are key elements to radicalisation and self-radicalisation (Europol, 2017).
Terrorist organisations have adopted different online communication platforms. It is no longer possible to differentiate between offline and online activities as these are entwined. IS are spreading their ideology and encouraging followers to carry out attacks through their online activities. However, the terrorists on the ground carry out ‘lone wolf’ attacks independent of the organisation. As a result, the digital world has a major role to play in the strategies of this terrorist organisation. Law enforcement and Internet businesses are trying hard to manage online extremist material. Initiatives are adopted and resources distributed to manage the online material. Yet, the problem is that terrorist organisations, such as IS, adjust easily to the changing security environment.
Terrorists have, so far, not used the internet to actively launch large-scale attacks. Yet, it is just a matter of time before this becomes a reality. The technology is available, such as the Mirai botnet, and the Hacktivist Group Anonymous has shown the way forward with their DDoS DYN attack in 2016, which brought down a number of companies and governmental webpages. This attack was directed towards DYN’s servers which controls much of the internet’s domain name system (DNS) infrastructure. This attack brought down sites, such as Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US (Woolf, 2016). It is easy to imagine that IS could be involved in similar attacks in the future directed to valuable information infrastructure and internet communication technologies.
DIGIT: Is there scope, instead of closing IS’ Telegram terror channels, to monitor them instead? Does this then create an imbalance between the positive effects of surveillance versus negative moral implications? Egypt successfully arrested 150 back in 2015 by monitoring and exploiting Telegram for the moral good.
Dr Munk: The digital world is resilient to national and international policing and control forms. The practices developed over the years to manage online actives are not sufficient to control social networking, communication and micro-blogging. Encrypted messages are just one communication tool among a large number used by IS. When the control improves in other areas, cyber-terrorists use new platforms such as the Darknet/Deep Web and encrypted services, such as WhatsApp and Telegram. The Darknet/Deep Web and encrypting services and apps provide an important tool for terrorists as they are easy to access and the terrorists do not need to have special IT knowledge to use them.
Closing down Telegram’s broadcasting service is not an easy option as it sounds like state censorship, which we all should be very cautious about. Censorship is not compatible with democracy and the idea of free communication. It also raises a question of what content should be allowed and for what reason should it be banned – and who to decide what is acceptable in society. There is a tendency for overeager authorities to ban more material and platforms, than needed – and to introduce filtering and blocking software that censors non-terrorism related material. Moreover, censoring or banning material or services will only have an effect in the jurisdiction where the legislation is introduced; it does not remove the problem worldwide unless it is introduced worldwide.
Removing Telegram’s broadcasting and streaming service would not change IS strategies. IS and other Internet users will just swap to another app. This was the outcome in 2015, where Brazil banned WhatsApp. This ban did not stop people from using encrypting messages apps, they just swapped to Telegram (Griffin, 2016). Turkey has been severely criticised every time they have banned various parts of social media. Usually, it has been possible to circumvent these bans by using virtual private networks (VPNs), which gives online anonymity by making it appear that the users are elsewhere.
Yet, in 2016, Turkey also blocked VPNs and the Tor network as well as social media (Bulman, 2016). Before introducing such harsh measures, online users need to have a debate about how far authorities can go, the reach of such bans and the limitations to the powers. I am not sure UK citizens wants to have their online freedoms restricted in this way – and it is unlikely that online users would accept public authorities’ supremacy on deciding what computer technologies and online platforms they can use.
A ban on encrypting data will make our data and communication unsafe. Moreover, I cannot see that it is possible to introduce a ban worldwide. So far it has been impossible to reach an international Cybercrime Convention beyond the Council of Europe’s Convention on Cybercrime (2001). An international ban on encryption would require an international agreement including public and private security actors as well as international and national internet businesses and internet service providers.
Moreover, if an international ban is being introduced, encryption will be replaced by something else which has the same effect. Monitoring the digital world is a better solution as long as public and private security actors are working together and share information and practices on a level that is acceptable for online users. Closer International Cooperation is also a part of Prime Minister Theresa May’s election manifesto. Yet, it will be a challenge to establish this on a global scale there are so many conflicting interests involved by a variety of security actors.
It is important to strike a balance for online surveillance and the privacy of the Internet users. It has proven very difficult to manage these two competing elements. More surveillance does not necessarily remove the problem – it is not possible to see the benefits of enhanced metadata collection which have been introduced. It is also impossible to predict how far security actors are willing to go to gain more access to online users’ private data and how much privacy internet users are willing to give up in the name of terrorism. We are living in challenging times and many people are willing to give up their privacy to feel safe. Yet, it is just a false safety as no system is 100% secure.
Internet service providers and businesses have shown resistance towards law enforcement in order to avoid passing over encryption keys. In 2014, Apple introduced new encryption into its iPhone operating system that would make it mathematically impossible to unlock them for investigators. Apple refused to pass on information to the FBI, or create backdoors into the system so the agency couldn’t access material.
Apple’s argument was that backdoors would weaken their security system and compromise the privacy of its users. The US government dropped its court fight against Apple after the FBI was able to unlock the phone and gain access to data from San Bernardino gunman Syed Farook’s iPhone (Yadron, 2016). One of Apple’s argument against building in backdoors after the San Bernardino case was that, “if a judge validates the FBI’s use of the All Writs Act in this case, it will give the government sweeping authority to dictate how Silicon Valley builds products in the future”.
Encryption tools have frustrated governments who want full access to their citizens’ messages. Authorities in the UK have repeatedly threatened to ban or weaken encryption as a way of getting more data for law enforcement (Griffin, 2016). So far, law enforcement has only had limited success in arresting and prosecuting terrorists who are using encryption tools. It is true, that Egypt managed to arrest 150 people in 2015. Other security actors worldwide have also managed to break encryption codes. For example, the FBI managed to break the encryption in an iPhone after the San Bernardino attack.
Law enforcement agencies worldwide are dealing with these issues and they are trying to get access to encrypted material – yet, it is a challenge for them. The Egyptian arrests illustrate only that it is possible to investigate and arrest online terrorists. But this is only the tip of the iceberg in terms of the number of people who are actually involved in terrorism online.
Moreover, the Egyptian action did not remove the problem and long-term strategies are needed. Therefore, there is a call for international cooperation if law enforcement is to succeed in investigating and prosecuting online terrorists. It is not clear if the Egyptian authorities broke the encryption codes or the terrorist made mistakes which enabled the police to follow their online footprints – or if the judiciary forced Telegram to handle over information.
DIGIT: After so many atrocities, can message encryption be justified? Should it be changed by blanket legislation as May and Rudd propose or should it be approached case-by-case?
Dr Munk: We need to remember why we have encryption. Encryption protects data and there are a high number of governments, businesses and individuals, who are using this tool to keep data secure. This protection should not be jeopardised in the fight against terrorism. Internet users, public or private, have the right to privacy and to ensure that their data and communication remain private. Exceptions should only be made when there is a reason for public authorities to look into it. But law enforcement would require a warrant from a judge to do so. Online terrorism and offline attacks cannot justify all democratic tools be removed and the right to privacy undermined. The enhanced surveillance powers to collect metadata introduced by The Investigatory Powers Act 2016 (the Snooper’s Charter) has not solved the problem – the legislation might have been instrumental in curbing some attacks but still, three attacks have been carried out in the UK so far in 2017 alone.
There needs to be checks and balance systems in place to protect data and users’ privacy – and at the same time, it is also important to give law enforcement tools to access material if there is reasonable belief that this data contains extremist material. We all have a duty to report online abuse and extremist material. It is not only for businesses to monitor the internet. But ISPs are indeed in a better position to actually monitor content. As a result, they should improve their monitoring systems and cooperate more intimately with law enforcement agencies. If there are suspicions of misuse, it should not only be filtered or blocked. All extremist material should be reported to the relevant authorities who can investigate the case.
In the aftermath of several terrorist attacks in Europe, we can now observe that governments are playing on people’s fear of terrorism in order to get more powers. This is a concerning development as fear can lead to powers which, otherwise, would have been rejected as being too harsh and undemocratic. It is also concerning that the activities of a very little group of people can decide the online experience of the majority. This happens even though the internet is a secondary source for attacks.
It is difficult to introduce blanket legislation as well as closing parts of the internet, as proposed by Prime Minister Theresa May during the UK election 2017. Primarily, there are concerns surrounding privacy. Using encryption creates a dilemma between security and privacy. Although, I condemn all terrorist activities at any time; it is a fact that terrorists are able to circumvent a ban or use other more secure forms to communicate or broadcast their propaganda. Every move that removes online privacy will not change terrorists’ behaviour; it only makes it a bit more difficult as they need to find other methods. Instead, intrusive legislations against the use of encryption will have consequences for the majority of online users and compromises their right to privacy and security. We must ask: if certain social media, communication platforms or encryption was removed, would terrorist attacks really stop? No – it is not likely that a ban on encryption would have had any real impact on the actual events as encrypted messages are not a driving factor. Terrorists would still carry out attacks regardless of a ban, but the communication would be a bit more difficult as terrorists would be forced to use other channels – just as they did before the invention of the internet.
The UK Home Secretary Amber Rudd proposed after the Westminster attack, on Sky’s Sophy Ridge on Sunday that technology companies should create backdoors for the government to access communications data whenever they wanted to (Sulleyman, 2017). This proposal will not ensure better security – instead, it will weaken the entire system and data is more likely to be less secure. Creating backdoors in systems will not only enable law enforcement to get access to data, it will also allow hackers access to the system through these exploits. Backdoor systems also raise another problem, Internet users should also be able to trust their Internet service providers and this would damage this relationship if law enforcement and security actors gain free access to data. Finally, giving free access to the encrypted material could potentially be seen as a legitimate argument for some users. However, there is a tendency for mission creep of these exceptional measures and it is likely over time that they are used in areas beyond the original justification. Then, the information flow of confidential information would undermine the privacy of the users.
Amber Rudd put forward a proposal that is more likely to have an effect. After the Westminster attack in March, the Home Secretary said that: “We also need to have a system whereby when the police have an investigation, where the security services have put forward a warrant signed off by the Home Secretary, we can get that information when a terrorist is involved” (Sulleyman, 2017). This is a better solution – to investigate and decrypt online material on a case by case basis. Better monitoring practices would make it possible for online businesses to flag up concerns and pass on the information to law enforcement. This information could then enable the police to get a warrant. A warrant-system would provide the safeguards needed to protect the majority of online users as it will only be invoked towards users who have triggered the alarm system by their online conduct. This is probably the most acceptable solution for businesses and individual users which can be introduced in combination with better monitoring systems. To get a warrant, the police need to prove that they have a suspicion of terrorism and they need to have an independent review of the proof they have so far. It can be discussed, it should be the Home Secretary who signs the warrant or an independent judge, to ensure that the proposal will not infringe the rights of citizens more than the warrant system which is in place in the offline world.
You can also read more of Tine’s research on the university website.