Archive for category: Cybersecurity

As far as we know, the perpetrators of the November attack on Paris were radicalized by each other, in specific neighborhoods in Europe.

According to the complaint filed against his Enrique Marquez, the friend who got him guns, Syed Rizwan Farook, adopted radical beliefs after consuming the lectures, videos, and magazine of Anwar al-Awlaki. In fact, Farook and Marquez moved towards planning an attack in 2011, in the immediate wake of the drone killing of Awlaki and his son. As to Tashfeen Malik, Farook’s wife, while she did some searches on ISIS just before Farook started an attack on his workplace, public reporting suggests that like the French terrorists, she adopted extreme beliefs through relationships formed in brick and mortar life.

Nevertheless, in response to the anxiety produced by these attacks, the Obama Administration is rolling out yet another propaganda campaign against ISIS. As part of it, it shifts the approach to funding NGOs to do the propaganda work, something I argued any such efforts should be doing in a piece for Vice this week. Though as I noted, any such effort needs to stop countering ISIS propaganda and offering a positive vision that will be meaningful to those with grievances. That was one of the things included in a briefing to Silicon Valley today.

There is also a need for more credible positive messaging and content that provides alternatives to young people concerned about many of the grievances ISIL highlights

The other part of the campaign is a bit sillier. The Administration asked for tech companies to do things like measuring resonance of ISIL messages.

Some have suggested that a measurement of level of radicalization could provide insights to measure levels of radicalization to violence. While it is unclear whether radicalization is measureable or could be measured, such a measurement would be extremely useful to help shape and target counter-messaging and efforts focused on countering violent extremism. This type of approach requires consideration of First Amendment protections and privacy and civil liberties concerns, additional front-end research on specific drivers of radicalization and themes among violent extremist populations, careful design of intervention tools, dedicated technical expertise, and the ability to iteratively improve the tools based on experience in deploying them. Industry certainly has a lot of expertise in measuring resonance in order to see how effective and broad a messaging campaign reaches an audience. A partnership to determine if resonance can be measured for both ISIL and counter-ISIL content in order to guide and improve and more effectively counter the ISIL narrative could be beneficial.

This seems to be a problematic approach both because this should be the intelligence community’s job and because they’re supposed to be pretending this isn’t about focusing on Muslims. Plus, as I noted, the recent big attacks weren’t primarily about social media. More importantly, Jim Comey has testified that the social media companies already are helpful.

Comey, apparently, only went along to demand encryption — and it showed up in the briefing document shared at the meeting.

In addition to using technology to recruit and radicalize, terrorists are using technology to mobilize supporters to attack and to plan, move money for, coordinate, and execute attacks. The roles played by terrorist leaders and attack plotters in this activity vary, ranging from providing general direction to small groups to undertake attacks of their own design wherever they are located to offering repeated and specific guidance on how to execute attacks. To avoid law enforcement and the intelligence community detecting their activities, terrorists are using encrypted forms of communications at various stages of attack plotting and execution. We expect terrorists will continue to use technology to mobilize, facilitate, and operationalize attacks, including using encrypted communications where law enforcement cannot obtain the content of the communication even with court authorization. We would be happy to provide classified briefings in which we could share additional information.

While Apple was at this meeting, some of the other key players the government would have to address about encryption were not, making this appeal rather silly.

And note the seduction here: the government wants to tell the tech companies how extremists (they really mean only ISIS) are using encryption, but they’re only willing to do so in a classified setting. That would make it harder to counter the bogus claims the government has repeatedly been caught making.

Ultimately, the Administration seems to have no awareness of another of the key problems. They recognize that ISIS’ propaganda is splashy. But they accord no responsibility for mainstream media for magnifying it.

[T]here is a shortage of compelling credible alternative content; and this content is often not as effectively produced or distributed as pro-ISIL content and lacks the sensational quality that can capture the media’s attention.

If the government is going to ask the private sector to do their part, why aren’t they on a plane demanding that CNN stop fear-mongering all the time, both magnifying the effect of ISIS’ propaganda and increasing the polarization between Muslims and right wingers? If CNN can’t be asked to adjust its business model to stop empowering terrorists, why is Silicon Valley being asked to, when the latter are more central to baselines security?

Update: Here’s a list of participants.

Denis McDonough,White House Chief of Staff,

Lisa Monaco, Assistant to the President for Homeland Security & Counter Terrorism

Todd Park, White House Advisor for Technology

Megan Smith, White House Chief Technology Officer

Loretta Lynch, Attorney General

James Clapper, Director, National Intelligence

James Comey, Director, FBI

Tony Blinken, Deputy Secretary, Department of State

Mike Rogers, Director of the National Security Agency

Jeh Johnson, Secretary of Homeland Security