Main content

The day the war on terror became a war on Facebook

Stuart Lauchlan Profile picture for user slauchlan November 25, 2014
As the UK government prepares to push through new online snooping powers, Facebook finds itself accused of providing safe haven for terrorists. What chance considered debate?

The Sun Front Page 26/11/2014 Blood On Their Hands - Lee Rigby
Facebook accused - blood on their hands.

So screams the lurid headline on today’s The Sun newspaper in the UK. It’s not alone as the print media works itself up into a frenzy over internet firms such as Facebook, Google et al allegedly helping terrorists.

Meanwhile the UK government joins the lynch-mob and demands a change of policy and slips draconian new snooping laws into the mix with Prime Minister David Cameron insisting that President Obama is with him on this one!

The trigger for yesterday’s frenzy and today’s headlines was an inquiry report from the UK government into the circumstances leading up to the horrific murder of soldier Lee Rigby on a London street last year. Michael Adebolajo and Michael Adebowale drove into Fusilier Rigby before hacking him to death.

The report, by the government Intelligence and Security Committee (ISC), concluded Rigby's death could not have been prevented, but cited a number of failures by the UK security and intelligence forces. It also sparked a ferocious attack on US internet firms after revealing that Adebowale had expressed his intent to murder a soldier in a "graphic and emotive" manner during a social network exchange with an overseas extremist in December 2012.

The report does not name Facebook, but says:

This company does not regard themselves as under any obligation to ensure that they identify such threats, or to report them to the authorities. We find this unacceptable: however unintentionally, they are providing a safe haven for terrorists.

Committee chairman Sir Malcolm Rifkind said the firm had closed several accounts owned by Adebowale because of their terror links, but failed to inform the UK intelligence services:

Internet companies such as Apple, Facebook, Google, Microsoft, Twitter and Yahoo need to play their part in alerting authorities to people who may be terrorists.

Sir Malcolm Rifkind

He added the speculative claim that had the UK security services had access to the exchange:

This could have been decisive if it had been known to MI5. This might have enabled them to prevent the attack.

Prime Minister Cameron, whose government is currently pushing for heavily-beefed up snooping powers, joined in with this meme, telling legislators in Parliament:

Terrorists are using the internet to communicate with each other and we must not accept that these communications are beyond the reach of the authorities or the internet companies themselves. Their networks are being used to plot murder and mayhem. It is their social responsibility to act on this.

Opposition legislators joined in with the criticism. The former foreign minister Jack Straw said there is:

a cultural problem among the leadership of some of these companies which have a distorted “libertarian” ideology and believe that somehow that allows them to be wholly detached from responsibility to Governments and to the peoples whom we democratically represent in this country and abroad.

Of course the anonymity afforded to Facebook by the Committee lasted only hours after the company was named as the social network in question. A Facebook statement read:

Like everyone else, we were horrified by the vicious murder of Fusilier Lee Rigby. We don’t comment on individual cases but Facebook’s policies are clear, we do not allow terrorist content on the site and take steps to prevent people from using our service for these purposes.

Voices were raised in opposition to the blame being passed on to Facebook. Isabella Sankey, director of policy for Liberty, said:

This report catalogues staggering Security Service failures in dealing with the men responsible for this horrific crime – countless missed surveillance opportunities, delayed investigations, dumping dangerous citizens abroad and ignoring allegations of MI5 mistreatment. The ISC shamefully spins the facts seeking to blame the communications companies for not doing the agencies’ work for them.

Meanwhile the Internet Services Providers’ Association said:

It is for the intelligence agencies and not service providers to identify potential subjects, and when identified by the authorities [companies] can and do assist in providing communications data under a clear legal process.

What now?

The committee’s criticism comes just weeks after Robert Hannigan, the new head of Britain’s electronic spying agency GCHQ, accused US tech firms of becoming the “command and control” centres of violent jihadism.

The ISC report concludes:

Companies should accept they have a responsibility to notify the relevant authorities when an automatic trigger indicating terrorism is activated and allow the authorities, whether US or UK, to take the next step.

We further note that several of the companies attributed the lack of monitoring to the need to protect their users' privacy. However, where there is a possibility that a terrorist atrocity is being planned, that argument should not be allowed to prevail.

So what is the current obligation on US internet firms?

Under existing legislation, UK companies are obliged to provide the intelligence and law enforcement agencies with access to communications, if agencies suspect an individual is involved in terrorism, but this requirement does not extend to US-headquartered companies. That means the likes of Facebook, Google, Yahoo! etc are not covered.

PM Cameron and Home Secretary May

To complicate the situation further, complying with Regulation of Investigatory Powers Act – the main piece of legislation used to access communications in the UK – would actually leave US companies in breach of their own domestic laws.

The report also said Adebowale had eight other social media accounts shut down for posting terrorist content - using automated systems that look for such content - but this information was not passed to authorities and no person at the company ever manually reviewed the contents of the accounts or passed on the material for the authorities to check.

Antony Walker, Deputy CEO at industry lobby group techUK, argues that tech firms do take security responsibilities very seriously, but adds:

There are real legal challenges of jurisdiction where companies operate outside the UK jurisdiction and complying with UK law could put companies at risk of contravening their own domestic law. The only way to address these issues is by brokering diplomatic agreements and processes between governments.

The report rightly focuses on the importance of the Mutual Legal Assistance Treaty (MLAT) process for providing a legal framework that enables companies based outside the UK to respond to access to data from UK agencies without the risk of contravening their own domestic law. This is best achieved through diplomatic negotiation between national governments and in consultation with companies and other stakeholders.

Walker cautions against the government trying to push through additional security powers:

If the government believes that it needs additional powers to be able to access communication data it must be clear about exactly what those powers are and consult widely on them before putting proposals before Parliament. techUK has argued consistently that there is a need for an open and informed debate and prior consultation with all stakeholders.

My take

The ISC warns in its report that until US communications providers are obliged to co-operate then UK lives will be in danger:

Whilst we note that progress has started to be made on this issue, with the Data Retention and Investigatory Powers Act 2014 (Drip) and the appointment of the special envoy on intelligence and law-enforcement data-sharing, the problem is acute. The Prime Minister, with the National Security Council, should prioritise this issue.

The UK government plans to introduce anti-terrorism legislation this week requiring Internet service providers to retain information on Internet protocol addresses and supply it to security services on request to help them track users’ activities.

Yesterday’s witchhunt against Facebook by senior politicians does not encourage expectations for the level of debate that may ensue. It really isn’t that simple, but sadly I think a lot of our legislators think that it is.

There are exceptions of course and the ISC itself has tried to distance itself from linking its conclusions to planned legislation. ISC member and Liberal Democrat MP Sir Ming Campbell said:

It is a remarkable coincidence, some might say, that the home secretary should have chosen to make public her further proposals on the eve of the publication of the ISC report. No doubt the purpose of doing so was to link her proposals to the committee’s conclusions. The committee never considered those proposals.

Clearly the use of social media and social networks as a communications and collaboration channel for terrorists and criminals is a 21st century issue that needs to be addressed. But there are decisions to be taken that have enormous and far-reaching civil rights implications for everyone and these need to be debated with cool and rational heads.

Unfortunately on a day when the right-wing Daily Mail screams “Facebook could have halted murders”, that horse may well have bolted. Difficult times, difficult decisions.

A grey colored placeholder image