Published by The Lawfare Institute
in Cooperation With
Editor’s Note: Terrorists' use of the Internet in all its forms remains an important source of their power and influence. Michael Smith, an analyst focusing on jihadist influence operations, calls for a much more aggressive set of government policies and laws to push technology companies to do more for counterterrorism. Although many analysts contend technology companies have upped their game, Smith argues that there is far, far more to be done.
Dithering. Inaction. These are words Republicans used for nearly a decade to describe President Barack Obama’s management of threats posed by Salafi-Jihadist groups like al-Qaeda and the Islamic State. So it is not without much irony these same words can be used to characterize his Republican successor’s response to one of the most lethal features of the threat environment today: The persistent use of American companies’ social media and file-sharing platforms by terrorist groups like the Islamic State to build and reinforce support here in the West—including support in the form of terrorist attacks like the two perpetrated in New York during the past three months.
That situation was highlighted by the large collection of Islamic State digital propaganda found on a cell phone belonging to Sayfullo Saipov, the terrorist responsible for the attack in New York on October 31, 2017, which Department of Justice officials described as being tailored to incite violence here. Further, in the indictment of Saipov, DOJ noted a document recovered from the scene of the attack echoed a prominent narrative concerning the Islamic State’s durability—thus worthiness of support, despite setbacks encountered in Iraq in Syria—contained in the torrent of online propaganda. More recently, in the complaint against the terrorist responsible for the botched suicide bombing in New York on December 11, 2017, DOJ argued Akayed Ullah was attempting to provide material support to the Islamic State by fulfilling calls contained in Islamic State propaganda for group supporters to execute attacks in their homelands if they are unable to emigrate into the “caliphate.”
While Telegram has been a preferred space for the Islamic State’s operations in the cyber domain since 2016, those of us who have tracked its exploitations of Telegram’s platform since 2015 have observed the group’s recruiters and propagandists consistently promoting links to copies of Islamic State propaganda posted to easier-to-access file-sharing sites like YouTube and Google Drive, as well as the U.S.-based nonprofit site Archive.org, which has been a clearinghouse for terrorist propaganda for more than a decade. Also in these channels and chatrooms, the group’s members and supporters have initiated a steady stream of hashtag campaigns on open source social media platforms like Twitter and Facebook, where—despite these companies’ ever-expanding efforts to disrupt such activities—Islamic State recruiters can continue to rapidly identify both acquired and prospective group supporters when they tweet, retweet, favorite, and like pro-Islamic State postings. Ultimately, continuing the group’s recruitment-cum-incitement program on highly-visible platforms like Twitter, Facebook, and YouTube helps the Islamic State preserve and perhaps even grow the audience for its incitement-focused propaganda, such as a single copy of a video released on New Year’s Eve to push for attacks in the United States and Europe that was viewed more than 4,700 times within a few hours of being posted to YouTube. Moreover, sustaining operations on popular social media platforms can help Islamic State recruiters situated far from the group’s original primary areas of operation in Iraq and Syria to locate group supporters who may be persuaded to execute attacks here in the United States, Canada, Europe, and Australia. Indeed, the Islamic State has mobilized attacks over the Internet in all of these places since 2014.
That the Islamic State has continued encouraging its supporters to help the group by proliferating incitement-focused propaganda on social media and file-sharing platforms highlights the fact that American companies’ efforts to disrupt these activities have not deterred terrorists and their supporters from harnessing these companies’ powerful technologies. This strategy by terrorists and the insufficient countermeasures taken by technology companies undermine the national security of the United States and many of our allies. Given the serious implications of his administration’s inaction in response to this issue, it is possible President Donald Trump could be branded by America’s allies as a witting enabler of the terrorist group.
What the Trump Administration Should Do
Ideally, the president would issue an executive order—followed by legislation developed by Congress—that would entail a mix of new regulations imposed on the social media industry and new forms of federal resource sharing to help the industry to more effectively counter this phenomenon. The following are among the items President Trump’s national security team would be wise to consider should the administration elect to tackle this issue.
Prioritize disruption over monitoring of terrorists’ online activities
Known as the Open Source Center (OSC) when it was directly managed by the Office of the Director of National Intelligence, the Open Source Enterprise’s vast compilation of data documenting ways terrorist groups have leveraged American social media and file-sharing platforms to build and reinforce support demonstrates that disruption of such activities in the cyber-domain has not been the U.S. Intelligence Community’s (USIC) chief priority. Rather, for nearly a decade, monitoring has been the priority of most federal agencies tasked with managing terroristic threats emanating from the cyber-domain. Indeed, in OSE’s database policymakers can find an abundance of reports in which intelligence officials have often chosen to track postings on terrorists’ social media accounts for weeks, sometimes even months, rather than request the accounts be suspended.
Today, changing circumstance demand a shift in counterterrorism posture.
When al-Qaeda was the primary source of foreign terrorist threats within America’s homeland, monitoring the online activities of al-Qaeda members and their sympathizers was a useful way of identifying, among other sources of threats, efforts to cultivate would-be terrorists far from al-Qaeda’s primary areas of operation. As many counterterrorism practitioners are aware, back then, the process of grooming terrorists over the Internet to perpetrate violent crimes here in the West generally entailed considerably more interaction between a recruit and handlers located in, for example, Yemen. At the same time, al-Qaeda members demonstrated a much lower tolerance for risks encountered when active online than has been evinced by Islamic State members’ activities in the cyber-domain since 2014. For intelligence officials, this amounted to a more manageable situation than what emerged following the Islamic State’s public declaration of its “caliphate,” followed by its senior-most leaders calling for attacks in the West in addresses posted online soon thereafter.
Since 2014, Islamic State supporters who never set foot in the “caliphate” have perpetrated more than a dozen acts of terrorism in the United States, Canada, Europe, and Australia. These events indicate the Islamic State has achieved a capacity to remotely accelerate the radicalization process, culminating in a resort to violence like the two attacks executed in New York in October and December 2017.
Since 2014, the surge in Islamic State-focused counterterrorism casework in the West has resulted in more than 150 people being charged with terrorism-related crimes in the United States alone. This success is evidence of the need for a more robust effort to disrupt terrorists’ activities in the cyber-domain. Given that the Islamic State was not an independent enterprise until 2014, much of this casework points to reduced timelines in the process of grooming would-be terrorists over the Internet to perpetrate violent crimes. That situation meanwhile highlights the perils of simply watching terrorists network with acquired and prospective supporters online, versus denying them capabilities to distribute propaganda while tracking prospective recruits’ postings on social media. Indeed, by not doing more to reduce the maneuverability of illicit actors on social media platforms, both public and private sectors have empowered groups like the Islamic State to achieve influence in the West that has undermined America’s national security.
For policymakers and national security managers tasked with managing terrorist threats against Americans, the recent attacks in New York demonstrate an inconvenient truth: Despite having been denied capabilities to “govern” major population centers in Iraq and Syria, with lethal success, the Islamic State’s leader and his proxies have continued issuing directives on how to perpetrate terrorist attacks far from their primary areas of operation. Indeed, much as with the death of Osama bin Laden, the dissolution of the “caliphate” has not rendered the ideology which informs the agendas of Salafi-Jihadist groups any less of a threat to Americans and our closest allies here in the West.
Furthermore, by harnessing social media and file-sharing companies’ technologies to wage the most aggressive and effective global recruitment-cum-incitement campaign of any terrorist group in history, the Islamic State has modeled the way for other terrorists to exploit the absence of legal frameworks that would otherwise obligate companies like Twitter, Facebook, and Alphabet to do anything to help disrupt this phenomenon.
The surest way to prevent the proliferation of the Islamic State’s online strategy to other terrorist groups is for the federal government to provide stronger oversight of the social media industry. This could be done in a manner similar to oversight of other industries which have become so vastly integrated with our society, such as the commercial airlines industry, and whose resources may be converted into tools used to damage America’s national security. When one considers the American-born al-Qaeda cleric Anwar al-Awlaki began using platforms like YouTube and Facebook to grow al-Qaeda’s reach into the United States a decade ago—manifesting in, among other plots, the attack at Fort Hood in 2009—behaviors of American giants of social media and file-sharing industries highlight a trend of reactive versus proactive measures taken to mitigate similar threats. Meanwhile, an absence of laws which allow the federal government to require these and other companies to implement potentially more effective policies to help combat threats emanating from their platforms than even the measures they are now taking has rendered Americans and many of our allies vulnerable to the online recruitment and incitement campaigns waged by the Islamic State, al-Qaeda, and a wide range of other violent extremist elements.
Increase risks encountered by terrorists when active on social media platforms
As I noted during the Senate Judiciary Committee, Subcommittee on Crime and Terrorism’s October hearing focused on terrorists’ and Russia’s online influence operations, allowing only social media and file-sharing account mangers whose identities are known to platform managers to simultaneously use technologies which mask their physical locations would serve to increase risks terrorist groups like the Islamic State and their enablers encounter when converting popular spaces of the cyber-domain into tools used to threaten Americans and our closest allies.
The Islamic State has rigorously encouraged its supporters to use virtual private networks (VPNs) to mask their physical locations when active online. A notable example of the group’s promotion of such technologies to enhance group supporters’ online operational security is an article on the subject published in August 2016 in the tenth issue of the group’s flagship French-language ezine, Dar al-Islam. Months prior, just after the attacks in Brussels, I observed managers of pro-Islamic State Telegram channels created to provide guidance on the best technologies that could be used to help thwart investigators’ abilities to track Islamic State supporters’ online activities. In these posts, Islamic State moderators advised the “brothers in Belgium” they should be mindful of the organization’s online opsec protocols, such as using VPNs and specialized browsers like Tor to mask their physical locations. If they are using the right VPNs, they advised, it can be impossible for investigators to identify and locate them once suspicious or illegal activities are detected.
To deter violations of its policies, Wikipedia denies editorial controls to parties who use VPNs while accessing its popular site. Twitter, Facebook, and YouTube can surely do the same for managers of accounts whose identities are unknown to them. That would increase the risks Islamic State propagandists, recruiters, and supporters encounter when, in the very least, converting these companies’ social media and file-sharing sites into tools used to promote incitement-focused propaganda.
During a closed briefing focused on terrorists’ activities on American social media platforms that was organized by Sen. Lindsey Graham’s office last September, a representative of one aforementioned company stated that allowing only account managers whose identities are known to the company to simultaneously use VPNs could hamper anti-governmental activism in various countries where the United States wishes to see regime change occur. In response, one Democrat senator quickly pointed out the company could simply verify the identities of the activists without providing the information to foreign governments. Indeed, arguments against this policy prescription have mostly entailed conflating freedom of speech and Internet privacy concerns. Meanwhile, as noted First Amendment lawyer Floyd Abrams observed in a recent interview with New York Times columnist Jim Rutenberg, reducing the amount of anonymity afforded to social media users may not conflict with the Constitution.
Deny terrorists capabilities to broadcast all content used to cultivate recruits
YouTube’s recent decision to remove material featuring guidance from Anwar al-Awlaki should be a first step in a wider effort. There exists an abundance of material online from which groups like al-Qaeda and the Islamic State derive similar utility. American companies and the nonprofit site Archive.org can engage in similar takedowns to prevent their use for radicalization.
Many materials used by Salafi-Jihadist recruiters to build support for their cause over the Internet do not contain messaging and imagery which violate most social media and file-sharing platforms’ policies. Discerning the intended effects of such media on certain audiences is not an area of work in which most tech companies’ employees possess substantial experience. Nor, for that matter, do most tech companies’ employees have access to additional resources, such as information from ongoing terrorist recruitment-focused investigations, which may be needed to understand motives of some individuals who promote mainstream Islamic educational materials while concomitantly proffering analyses of these materials for the purposes of helping to cultivate support for terrorist elements.
Ultimately, disrupting terrorists’ exploitation of platforms like YouTube will take more than just hiring more low-paid content reviewers to search out the Islamic State’s subtle-as-a-hand grenade headline-grabbing content. Further, while my contacts in Europe’s intelligence community all view the new collaboration between major social media companies as another important step in the right direction, very few have confidence that the new forum established to foster this collaboration will yield significant progress towards disrupting the Islamic State’s ongoing exploitations of participating companies’ technologies to recruit and incite violence here in the West.
Increase integration of federal resources within teams working to disrupt terrorists’ activities
Evidence used to support a large body of terrorism-related cases here in the United States demonstrates that social media and file sharing platforms have become crucial points of transfer of ideological indoctrination-oriented materials and other “soft” tools. The transnational mediation enables terrorists located overseas in places like Yemen and Syria to groom sympathizers to perpetrate attacks here. Clearly, most employees of American Internet technology companies do not possess expertise sufficient to identify much of the activity on their platforms whose illicit characters can be more easily discernible among USIC professionals.
Certainly, efforts aiming to grow subject matter expertise among these companies’ employees is a welcome change. However, even the best subject matter experts will have a difficult time identifying a terrorist recruiter who is of interest to federal authorities and allied governments if the recruiter is taking care to conceal his or her affinities for a terrorist group or extremist ideology. The fact is, intelligence agencies have a much larger set of resources which may be used to identify members of foreign terrorist organizations than, for example, Twitter personnel who are able to monitor even the contents of direct messages exchanged between account managers.
One possible way to address this deficiency in a manner that could simultaneously help to more effectively disrupt and deter terrorists’ exploitations of these companies’ technologies is to organize units of federal agents to work alongside employees of companies like Twitter, Facebook, and Alphabet who are tasked with monitoring activities on their respective platforms in real time to identify violations of their policies, including criminal activities.
In the post-9/11 era, the federal government has oriented previously-unimaginable resources to safeguard against terrorists accessing America’s homeland through our nation’s airports and seaports. The absence of similar security postures for spaces of the Internet commonly used by terrorist elements to achieve influence within the United States from abroad is indeed remarkable. While the costs incurred by airlines who have foregone opportunities to sell seats occupied by sky marshals since 2001 have been significant, the burden on American giants of the social media industry has been relatively minor.
Inaction: Implications for the Trump Administration
Currently, the security implications of the Islamic State’s ongoing online recruitment and incitement campaign are greatest for the civilian populaces of Europe. In effect, the absence of executive and legislative actions taken to address this issue in Washington has continued to render not only Americans, but also our allies vulnerable to the Islamic State’s aspirations to mobilize attacks. While it will take months, at best, for Congress to do something to meaningfully address this set of problems, President Trump could help disrupt much of the threat the Islamic State poses to Americans and our allies in the West today.
Increasingly, however, his unwillingness to address the issue of terrorists’ activities in the cyber-domain governed by American companies resembles certain features of “passive sponsorship” of terrorism. Passive sponsorship is the “knowing toleration” of terrorists’ activities in spaces they control. Although it is almost certainly not President Trump’s intention for the Islamic State to succeed with its efforts inciting violence in the West over the Internet, an absence of executive action taken to disrupt its activities in popular spaces of the cyber-domain managed by American companies that could be made subject to more regulatory oversight is effectively accommodating the Islamic State. Indeed, the Trump administration’s unwillingness to pursue more effective measures that can rapidly disrupt the Islamic State’s online activities is tantamount to “knowing toleration.”
By refusing to take action to address this set of problems, the president is not setting an example for our allies to follow. Other countries should also be developing similar regulations to help safeguard against terrorists’ exploitations of European social media companies’ technologies. The administration could direct Congress to craft legislation that would require not only American companies to implement new policies to help mitigate threats posed by terrorists’ activities on their platforms, but would also require foreign social media companies doing business with account holders and advertisers based in the United States to implement uniform sets of policies. But this has not happened, and as an assistant to National Security Advisor General H.R. McMaster put it in a conference call with me last September, legislation calling for new regulations to be imposed on the social media industry is likely to be viewed within the administration as being anathema to President Trump’s regulation-cutting agenda.
The absence of executive actions and legislation developed to address these problems is translating to failure on the part of the United States to demonstrate leadership on this issue. It enables terrorist groups like the Islamic state to continue to exploit the Internet to mobilize attacks on the United States and our allies. Given Mr. Trump’s tough talk about his plans for combating the Islamic State while campaigning for the presidency, the world should be surprised by his administration’s unwillingness to do more to disrupt the group’s reach over the Internet into not only America, but also our closest allies’ homelands.