Last week, the UN Security Council’s Counter-Terrorism Committee held meetings on preventing the exploitation of information and communication technologies (ICTs) for terrorist purposes. These meetings, like similar ones in December 2015, focused on the self-declared Islamic State’s use of the internet and social media and highlighted increased activities during 2016 against ICT terrorism by international organizations, governments, civil society, and tech companies. However, problems exposed in 2015 appeared again in these meetings, raising questions about what impact the increased actions have had.
This year’s meetings also did not grapple with how terrorist exploitation of ICT is changing in light of the territorial losses the Islamic State has suffered, the killing of leaders of its online activities, and American, British, and Australian offensive cyber operations against it. The impact of the military campaign against the Islamic State means, in the future, terrorist activity in cyberspace might not resemble the threat the Counter-Terrorism Committee’s meetings addressed.
Highlights from the 2016 Meetings
The 2016 meetings covered many issues combating ICT terrorism raises, including technical challenges, law enforcement cooperation, human rights, company self-regulation, public-private partnerships, counter-content strategies, and counter-messaging approaches. Presentations discussed efforts to counter online terrorism and highlighted developments in 2016 involving, among others, the Security Council, U.S. Global Engagement Center, EU Internet Referral Unit, ICT4Peace’s partnership with the Counter-Terrorism Committee’s Executive Directorate, Global Network Initiative, Access Now, VOX-Pol Network, Al-Azhar University’s Observatory, and Twitter.
Intensified efforts have not, however, overcome problems previously identified with measures against ICT terrorism. Skepticism about the effectiveness of counter-content and counter-messaging activities, and whether effectiveness can be measured, was prominent, as it was during the 2015 meetings. While increased action corresponded with a decrease in Islamic State online activity, speakers acknowledged that correlation was not causation, and other factors, such as the military campaign against the Islamic State, played a bigger role.
The impact of military attacks helps explain why the foreign terrorist fighter (FTF) threat was less prominent than during the 2015 meetings. In 2016, the flow of FTFs to areas controlled by the Islamic State decreased. The lack of attention on FTFs this year means few think ICT terrorism countermeasures deserve credit for this outcome.
The scale of the challenge facing strategies against ICT terrorism was frequently mentioned, especially the volume of terrorist social media use, the multiple platforms exploited, the different languages employed, and the diversity of communications. The scale problem prompted discussion about whether automation is needed in combating ICT terrorism, an issue on policymakers’ minds in 2016.
As happened last year, experts identified problems, and frustration, with law enforcement capabilities and mutual legal assistance concerning ICT terrorism and cybercrime. One speaker claimed cybercriminals enjoy “virtual immunity” despite years of effort. Unlike 2015, this year’s meetings did not involve much consternation about the threat encryption presents to fighting crime and terrorism.
Diplomatic statements often emphasize the need for ICT terrorism countermeasures to respect international law, including human rights law. Here, tensions were again palpable. Despite tech companies explaining their policies, delegates from some UN member states expressed irritation with what they believe is corporate failure to act responsibly against online terrorism. Informing this frustration was a sense that foreign tech company behavior undermines national values, domestic law, and sovereignty protected by international law.
The session on privacy and freedom of expression involved criticisms that states are violating human rights in countering ICT terrorism. These criticisms echo findings that, in 2016, internet freedom declined for the sixth consecutive year. Representatives of some UN member states pushed back, but the discussion highlighted the gap between rhetoric about the importance of human rights online and realities about privacy and freedom of expression under threat in cyberspace.
The Future of ICT Terrorism
The 2016 meetings did not discuss how the military campaign against the Islamic State is transforming ICT terrorism. As the “caliphate” shrinks under military pressure, the Islamic State is shifting to encrypted and dark web communications through its external operations network to guide extremists in, among other things, attacking adversaries at home. None of the strategies discussed at last week’s meetings address this type of ICT terrorism. Nor are they designed to counter cyberattacks launched by terrorists, a threat the meetings highlighted despite the lack of such attacks to date. Those warning about this threat identified the vulnerabilities the “Internet of Things” creates, as seen in recent Mirai malware botnet attacks on internet service providers accomplished by hacking insecure IoT devices.
Efforts against ICT terrorism will continue. On December 5, Facebook, Microsoft, Twitter, and YouTube announced a new partnership to curb the spread of terrorist content online. The Counter-Terrorism Committee will submit a comprehensive framework for counter-messaging to the Security Council in April 2017. However, after the 2016 meetings, questions about the effectiveness and legitimacy of existing strategies and doubts about their relevance to the changing nature of ICT terrorism will be increasingly difficult to avoid in the coming year.