Terror groups have always demonstrated the ability to quickly and effectively adapt new technologies for their activities. New communication technologies have played a central role in this regard, used by them to propagate, recruit, organize, arrange financing and transfer knowledge and skills. For example, already in the late 1990s and despite being headquartered in Afghanistan, Al-Qaida members began using shared email accounts, a relatively new technology at the time, to communicate. In order to increase communications security and to avoid electronic detection of their communication, Al-Qaida fighters shared the login data of free email accounts and exchanged messages via the draft folders to avoid electronic detection [1].

Extremists’ use of IT

In July 2010, Al-Qaida in the Arabian Peninsula (AQAP) started publishing the first global Al-Qaida internet magazine, called Inspire. Inspire magazine is not only a propaganda tool for AQAP, but also from the outset aimed at motivating terror attacks on a global scale, including dangerous practical advice. Already in its first edition, Inspire Magazine published the now famous “Make a bomb in the Kitchen of Your Mom” article [2] which subsequently was used by the Boston Marathon bombers for the design of their bombs in 2013 [3]. The magazine also provided suggestions for targets, such as airlines and airports and gave advice on how to defeat security measures in place [4].

With the rise of the Islamic State in Iraq and the Levant (ISIL) from 2014 onwards, the issue of the misuse of modern communication technology via the internet and social media came to the forefront of the public mind. While in general, the activities of ISIL members online where only a continuation of the technological adaptation already started by the global Al-Qaida network, ISIL’s propaganda and communications skills took this adaptation to new heights, in part reflecting the tech-savvy skills of the younger generation of radicals that joined the terror group. ISIL professionalized not only its online propaganda but also its recruitment activities [5] and used the global reach of social media tools to inspire attacks outside Iraq and the Syrian Arab Republic [6] and to raise funds [7].

The recent terror attack in Christchurch, New Zealand makes it clear that the misuse of internet and social media services is not limited to organisations such as Al-Qaida or ISIL but extremist right-wing terrorists have “discovered” the opportunities of such services for their activities to share information and connect on an international scale [8]. The Counter Extremism Project (CEP) has been monitoring and documenting the increasing online activities of right-wing extremist groups around the globe for a number of years already [9].

Counter Extremism Project

CEP is a not-for-profit, non-partisan, international policy organization formed to combat the growing threat from extremist ideologies. Its work spans various forms of extremist behavior from religiously-based terrorism to right wing extremist groups around the world focusing on combating extremism by pressuring financial and material support networks; countering the narrative of extremists and their online recruitment; and advocating for smart laws, policies, and regulations. CEP maintains a series of partnerships and a network of representatives in Washington, New York, London. Brussels, Paris, Rome and is in the process of establishing a new representation in Berlin.

In Europe and the United States, CEP has acted as specialist advisory body for political decision makers in parliaments and government departments on the question of the threat posed by the misuse of internet and social media activities by terrorist and extremist organizations, the use of new technology to counter this threat as well as the design of effective and smart regulations of cyber space. CEP, in cooperation with Prof. Dr. Hany Farid [10], developed eGLYPH, a smart hashing technology that allows the identification of previously defined terrorism related content on any platform. CEP released eGLYPH in 2016 [11] to demonstrate that efficient and cost-effective technological solutions exist that would allow internet and social media service providers to monitor and police their platforms in a more diligent and effective manner as is currently the case. In order to increase its global reach, CEP recently established a formal partnership with the United Nations Office of Counter Terrorism, centered on raising awareness of new technological solutions to counter the threat of terrorism in cyber space [12].

New regulatory developments

The first attempt of a European country to require platform providers to remove illegal content including terrorism related content was the Netzwerkdurchsetzungsgesetz (NetzDG) in Germany, which came into force in 2018 and was [13]. Germany decided to opt for a regulatory approach after self-regulatory attempts did not result in satisfactory results [14]. In a first of its kind study, CEP in cooperation with the Center for European Policy Studies (CEPS) released a study analyzing the effects of the NetzDG in December 2018 [15]. The study, based on extensive data collection and interviews with representatives from the tech-industry demonstrated that the concerns raisedbefore NetzDG was passed, did not materialize. NetzDG did not provoke mass take-downs and therefore clearly did not limit freedom of expression in Germany. Furthermore, the new law did not impose significant costs for platforms. Even small companies were able to implement the provisions of the law at a cost of 1% of their annual revenue. Efforts to develop similar regulation in this regard are currently undertaken in the United Kingdom [16]. The recent initiative of France and New Zealand, which convened a meeting between governments and major tech companies in Paris on 15 May 2019 calling for the elimination of extremist content online, emphasized again the importance of regulatory approaches and the increasing willingness of governments to work toward this goal [17].

EU regulation under way

In September 2018, the European Commission initiated a proposal for a regulation on “preventing the dissemination of terrorist content online” (European regulations apply directly and uniformly to all EU countries if adopted). Different from the German NetzDG, the proposed regulation is focused solely on terrorism related content [18]. The proposal required platform providers to remove notified content within one hour [19] and to take measures to prevent the re-upload of removed content [20]. These two provisions would have put effective barriers in the way of terrorists attempting to misuse internet and social media services.

On the 17^th of April 2019, the European Parliament, in its final session before the European elections approved a position on the proposed regulation in the first reading with some amendments [21]. While the one-hour deadline for removal was maintained, the obligation of platform providers to take measures to prevent the re-upload of removed terrorist content is no longer obligatory. This change reflected intense lobby efforts by tech companies. The industry seems still hesitant to accept anything akin to compliance standards, something that has been employed for decades to prevent the misuse of services by terrorist organisations in other sectors, such as for example the financial industry. This means that each re-upload of the same terror related content may have to be notified to the platform providers again, because measures by platform providers against the re-uploading of terrorist content are merely voluntary.

Despite this weakness, the parliamentary vote was a significant step to tackle the misuse of internet and social media services by terrorist groups within the European Union. This vote ensured that the legislative process can continue seamlessly following the upcoming European elections with the approval process in the European Council. Following the elections to the European Parliament 23-26 May 2019, the proposed regulation may then enter further negotiations within the co-decision procedure between the European Commission, the Parliament and the Council. Given that the tech industry will likely seek to further watering down the provisions of the regulation, stakeholders across the European Union should engage to ensure that the new measures remain an effective counter-terrorism tool.

Terrorist financing within cyber space

The financing of terrorism within cyber space and through the use of new technologies, including crypto-currencies, are a growing concern. Significant amounts of money, obtained by ISIL in Iraq and Syria over the last few years remain missing, and according to estimates by the United Nations, ISIL retains access to between 50 and 300 million US-Dollars [22]. ISIL needs to safeguard these funds in the current situation after it lost control over physical territory and consequently the ability to generate significant amounts of income, in Iraq and Syria [23], but also in 2016 in Libya with its defeat in the city of Sirte [24] and the Philippines with its ouster from the city of Marawi in 2017 [25].

The recent attacks in Sri Lanka demonstrated the new paradigm of ISIL’s global network in which local groups, with the support of the wider ISIL network, will conduct and attempt to conduct international terror operations [26]. Continued and secured access to funds and the ability to disseminate them will remain an essential element for ISIL’s global strategy [27]. First arrests and convictions in the United States demonstrate a sustained interest of ISIL supporters to use crypto-currencies [28]. Currently, the threat is in its initial development [29]. Mainly due to the difficulties to convert crypto-currencies into fiat currency in conflict zones, terror groups may choose not to use crypto currencies as a finance mechanism in these areas. However, they can be attractive as a value storage structure, in particular for larger amounts. Crypto-currencies due to their global accessibility, their enhanced privacy measures [30] and lack of transparency, combined with a general lack of counter terrorism financing regulations for this technology [31] offer the opportunity for the group to store and retain value of significant amounts of funds in an environment that remains fairly removed from the ability of regulators to threaten these funds and disrupt access to them with counter measures.

CEP has recognized the challenge posed by crypto-currencies, is engaged in researching and analyzing this threat and aims to develop effective and efficient regulatory proposals for consideration by political decision makers.

Dr. Hans-Jakob Schindler, Senior Director, Counter Extremism Project

[1] https://www.cfr.org/backgrounder/terrorists-and-internet
[2] https://www.telegraph.co.uk/news/worldnews/7865978/Al-Qaeda-newspaper-Make-a-bomb-in-the-kitchen-of-your-mom.html
[3] https://slate.com/news-and-politics/2016/09/chelsea-was-the-latest-bombing-to-use-a-design-from-al-qaidas-english-language-magazine.html
[4] https://www.cnn.com/2015/01/14/us/airport-security-aqap/index.html
[5] https://www.wired.com/2016/03/isis-winning-social-media-war-heres-beat/
[6] https://www.washingtonpost.com/world/national-security/we-are-in-your-home-after-losses-isis-steps-up-campaign-to-inspire-attacks/2018/01/22/421678a4-f7d6-11e7-a9e3-ab18ce41436a_story.html?utm_term=.ba40f8c8d1e3
[7] http://www.fatf-gafi.org/media/fatf/documents/reports/Financing-of-the-terrorist-organisation-ISIL.pdf
[8] https://www.vox.com/identities/2019/3/15/18267163/new-zealand-shooting-christchurch-white-nationalism-racism-language
[9] See for example: https://www.counterextremism.com/content/guide-white-supremacy-groups https://www.counterextremism.com/global_extremist_groups
[10] https://www.ischool.berkeley.edu/people/hany-farid
[11] https://www.bloomberg.com/news/articles/2016-06-17/microsoft-funded-professor-builds-software-to-fight-terrorism
[12] https://www.counterextremism.com/press/smart-regulation-and-smart-technology-0
[13 ] https://germanlawarchive.iuscomp.org/?p=1245
[14] https://www.bmjv.de/SharedDocs/Artikel/DE/2016/09262016_Gemeinsam_gegen_Hasskriminalitaet.html
[15] https://www.counterextremism.com/sites/default/files/CEP-CEPS_Germany%27s%20NetzDG_020119.pdf
[16] https://www.counterextremism.com/office-uk
[17] https://www.nytimes.com/2019/04/24/world/asia/ardern-social-media-content.html
[18] https://eur-lex.europa.eu/resource.html?uri=cellar:dc0b5b0f-b65f-11e8-99ee-01aa75ed71a1.0001.02/DOC_1&format=PDF
[19] Commission Draft Article 4, 2.
[20] Commission Draft Article 6, 2.
[21] http://www.europarl.europa.eu/doceo/document/TA-8-2019-0421_EN.pdf?redirect
[22] https://undocs.org/S/2019/50, para 75
[23] https://www.cnn.com/2019/03/23/middleeast/isis-caliphate-end-intl/index.html
[24] https://www.reuters.com/article/us-libya-security-islamicstate/islamic-state-shifts-to-libyas-desert-valleys-after-sirte-defeat-idUSKBN15P1GX
[25] https://www.cbsnews.com/news/philippines-battle-of-marawi-isis-maute-group-militants-finished/
[26] https://www.nytimes.com/2019/04/25/world/asia/isis-sri-lanka.html
[27] https://www.un.org/press/en/2019/sc13697.doc.htm
[28] https://www.cnbc.com/2018/11/26/new-york-woman-pleads-guilty-to-using-bitcoin-to-launder-money-for-isis.html, https://www.justice.gov/opa/pr/virginia-man-sentenced-more-11-years-providing-material-support-isil
[29] https://www.rand.org/pubs/research_reports/RR3026.html#download
[30] https://thecontrol.co/an-overview-of-privacy-in-cryptocurrencies-893dc078d0d7
[31] https://www.loc.gov/law/help/cryptocurrency/map2.pdf, https://www.loc.gov/law/help/cryptocurrency/map1.pdf