During the recent Commander-in-Chief Forum, presidential candidate Hillary Clinton stated that we need to wage a war against ISIS “online, in cyberspace.” Defeating ISIS’s cyber power, she continued, required the government to “work with Silicon Valley.” Earlier this year, Clinton also stated that if elected president, she would work with social media companies to “step up” their counterterrorism efforts. To what extent can or should the U.S. government rely on a strategy of engaging with Silicon Valley to defeat terrorist organizations via cyberspace?
Terrorists are increasingly using social media to spread propaganda, plan attacks, raise funds and boast about their deeds. Investigators believe ISIS terrorists used encrypted apps, including WhatsApp to plan the November 2015 Paris and March 2016 Brussels attacks. Earlier this year, for months on end ISIS fighters in the Middle East used Facebook group pages as “weapons bazaars” to sell heavy machine guns, grenade launchers, rockets and heat-seeking missiles. In France, an ISIS-inspired terrorist streamed a part of his gruesome attack on a police officer using Facebook Live. Social media companies have tried to counter such efforts: in May 2016, Facebook quickly suspended an attempt by ISIS to sell sex slaves on its platform, and last month Twitter announced that it had closed hundreds of thousands of terrorism-associated accounts. But terrorists continue to exploit loopholes in such platforms to wreak havoc: in 2016 alone, through mid-September, there have been over 1,200 terrorist attacks—many ISIS-related, many involving some use of social media—claiming over eleven thousand lives on almost every continent.
While terrorists are using cyberspace, the limits of U.S. government efforts to engage with Silicon Valley remain narrow. Despite the White House’s dialogue with Silicon Valley on cyberterrorism this past February, there are few laws that give clear authority to the government to compel companies to combat online radicalization or share encrypted data used by terrorists. Notably absent from the dialogue was Apple, and other Silicon Valley companies may similarly push back on government-led initiatives in the future. Congress has been unable to pass proper legislation to tackle terrorists’ use of cyberspace. The few bills currently in Congress tackling terrorism on social media provide scant guidance on what legal responsibility Silicon Valley firms have in cases when terrorists use their platforms. There are also no legal penalties on individuals using social-media platforms to spread radical propaganda. Lawsuits brought by families of victims of terrorism, alleging that Facebook, Twitter and Google are partially responsible for ISIS and Hamas attacks, will most likely be dismissed given present U.S. laws.
The challenge is made more complex by the global nature of social media and international terrorism. The vast majority of Facebook, Twitter, WhatsApp and Instagram users are located outside of the United States. Does U.S. government “engagement” with Silicon Valley also entail holding social media companies responsible for suspending terrorist activities geared towards non-U.S. citizens (for example, in cases where ISIS terrorists use Arabic-language Facebook pages to sell weapons in Iraq, Syria or Libya)? Perhaps, but if the U.S. government takes such a strategy, Silicon Valley companies will protest the government’s intrusion on their global operations. Meanwhile, some presidential candidates have suggested giving “local [U.S.] authorities the ability to penetrate” encrypted data, but opening digital backdoors would weaken encryption for all Americans. Upping the tempo on Washington’s engagement with Silicon Valley to weaken, for example, WhatsApp’s encryption will lead to conflicts similar to the government’s dispute with Apple. Social-media companies are also rightfully wary about cooperating with U.S. officials on issues that may infringe on privacy or freedom of expression. And, even if the government succeeds in forcing Silicon Valley to go one way or another, it have no impact on ISIS’s extensive use of apps developed abroad, such as Telegram.
Ironically, the one proposal that actually makes so far—even if it sounds, in theory, implausible—is presidential candidate Donald Trump’s statement that he is open to “closing” parts of the Internet. Outwardly, this strategy sounds Orwellian, but that may have not been the intention behind Trump’s idea. In fact, his strategy may be the right one if “closing parts of the Internet” actually entails conducting military strikes on physical infrastructure used by ISIS to wage cyberterrorism (e.g., knocking out satellite dishes or cellular towers), as well as engaging in diplomacy with Turkey to disrupt the delivery of digital equipment to Raqqa. Physically disrupting ISIS’s ability to produce content can significantly degrade the group’s ability to radicalize, recruit and plan attacks.
Meanwhile, this strategy would avoid the track of creating uncomfortable situations for or causing conflicts with Silicon Valley, which “engagement” efforts do by making social media companies look like instruments of the U.S. government. The physical realm is the center of gravity for ISIS’s digital operations, and as such, government efforts to counter ISIS should focus on degrading ISIS’s physical access to the web. Content produced outside of ISIS-controlled areas may still result in lone terror attacks in the West, but a combination of military strikes and diplomacy aimed at disrupting the group’s physical access to the web may be Washington’s best strategy for defeating ISIS in cyberspace.
Oleg Svet advised the spokesman of the American military in Iraq from 2010 to 2011. He has published widely on countering extremism and holds a PhD from the War Studies Department at King’s College London.
Image: President Barack Obama participates in a live Twitter question and answer session in the Roosevelt Room of the White House. Flickr/The White House