Crackdown on WhatsApp is not the main message in terror fight
One of the prickliest debates after the March 22 attack in Westminster, London, was over the encryption of messages. The British government was publicly seething that the security services were not able to access the last WhatsApp messages of the attacker, Khalid Masood, as they were protected by end-to-end encryption.
British Home Secretary Amber Rudd demanded such access: “We need to make sure that organizations like WhatsApp — and there are plenty of others like that — don’t provide a secret place for terrorists to communicate with each other.” She had a meeting with major tech companies to address this, but human rights campaigners queried the lack of transparency about the meetings’ agenda.
Once again in the wake of an attack, a government has immediately gone on the offensive to procure further additional security powers. It begs several questions. Can and should encrypted messages be opened up to security services? Do security services in Britain and elsewhere have enough powers? Should encryption be the focus? Are there not other, more effective means to thwart extremist use of the Internet in inciting and planning attacks?
But communications cannot be half-encrypted. They either are or are not. Encryption is also what keeps our online transactions safe, including banking. The terrorists and criminals would just use other platforms and workarounds. For some time, Daesh and Al-Qaeda operatives have favored a German encrypted messaging app call Telegram. No doubt Telegram’s non-US base was an attraction.
The record of major powers on speaking truth about data and privacy is poor, not least in the US. Four years ago, Edward Snowden blew the whistle on the massive data collection carried out by the US National Security Agency (NSA). Even Angela Merkel’s phone was being tapped. Much of what is happening has little or nothing to do with terrorism, and even includes economic espionage.
Yet this was in partnership with the other members of the “Five Eyes” intelligence alliance, namely Britain, Canada, Australia and New Zealand. Unbeknown to their citizens, the security services gathered metadata on phone calls and had access to data from social networks.
On the offensive, not defensive
By creating the backdoors to these programs, the authorities compromised our security making it easier for other governments to steal data, as well as criminal networks and hackers. One major source of Daesh funding is of course the proceeds of criminal acts, such as credit card fraud. Moreover, as Cisco discovered via WikiLeaks in March, the NSA and CIA were more interested in exploiting weaknesses in its systems than improving cyber-defense by helping to address these security flaws. It is estimated that the US spends 90 percent of its cyber funding on offensive efforts not cyber-defense. Is it any wonder that Russia and China have operated with such success?
Security agencies have yet to demonstrate that this stockpiling of metadata has ever led to the thwarting of terrorist operations. The FBI admitted that the tripling of bulk data collection under the Patriot act from 2005 to 2009 did not led to any anti-terrorism success.
Tech giants can certainly do more — but what truly needs to be addressed is the strategic failure of major governments to tackle extremism.
Is it a choice between the surveillance state or terrorism? Compromises have already been made in this balance. What is lacking is more independent legal scrutiny and oversight. In the US and UK, the bodies tasked with doing this have an atrocious record in challenging the security services. The US foreign intelligence surveillance court approved every single one of the 1,457 requests for foreign surveillance in 2015. The British Parliament has a select committee on intelligence and security but it lacks the resources, expertise, clout and willingness to carry out the sort of oversight the restoration of public trust requires.
Are there other avenues to tackle extremism on the Internet? The British government is pressing Google to take extremist videos off YouTube. Google is already paying a significant price, estimated at up to $750 million in lost advertising, for failing to police its YouTube content. That is because around 250 major companies withdrew advertising, fearing their brands would be contaminated by appearing side-by-side with extremist content, including both neo-Nazi and violent Islamist videos. What constitutes terrorist propaganda is, as ever, a subjective call. Some is blatant but some occupies a grey zone. Nevertheless, the inadequacy of computer algorithms to automatically place adverts is clear.
A persuasive argument can also be made that rather than collect gazillions of exabytes of metadata on jungles of servers, the intelligence services would be better served by targeting their activities more judiciously, which would be effective as well as more likely to be within the bounds of the law.
Above all, ever since Al-Qaeda and Daesh bombed their way to global headlines, the US and its allies still favor the military and technological approach over tackling the ideology and underlying causes. Just as you kill 10 fighters and more pop up, the same goes with Twitter accounts and YouTube channels. It is an endless futile game of whack-a-mole.
Short of killing the Internet as an open communications tool, we have to accept that extremists and criminals will abuse it. For sure these tech giants can do more, but what truly needs to be addressed is the strategic failure of major governments to tackle extremism.
• Chris Doyle is the director of the London-based Council for Arab-British Understanding (CAABU). He has worked with the council since 1993 after graduating with a first class honors degree in Arabic and Islamic studies at Exeter University. He has organized and accompanied numerous British parliamentary delegations to Arab countries. He tweets @Doylech.