Theresa May's Plan To Regulate The Internet Won't Stop Terrorism; It Might Make Things Worse
from the counterproductive-not-counterterrorism dept
In the wake of Saturday’s horrific attack on London—the third high-profile terrorist incident in the United Kingdom in the past three months—British policymakers were left scrambling for better ways to combat violent extremism. Prime Minister Theresa May called for new global efforts to “regulate cyberspace to prevent the spread of extremism and terrorist planning,” charging that the internet cannot be allowed to be a “safe space” for terrorists.
While May’s desire for a strong response is easy to understand, her call for more expansive internet regulation and censorship is wrongheaded and will make it harder to win the war against violent extremism.
May didn’t specify the details of her proposal, but to many observers it was clear that she’s asking for sweeping new powers to compel tech companies to help spy on citizens and censor online content. Unfortunately, this isn’t simply a knee-jerk response to horrible circumstances, but reflects a longstanding ambition of May’s Conservative Party to impose draconian controls on cyberspace.
As home secretary, May introduced and oversaw passage of the Investigatory Powers Act, legislation that civil-liberties advocates have called the worst surveillance bill of any western democracy. Following last month’s attack in Manchester, May’s government purportedly briefed newspapers of its intent to invoke the law to compel internet companies to “break their own security so that messages can be read by intelligence agencies.” David Cameron, May’s predecessor, argued for internet companies to be compelled to create backdoors in their software so that there would be no digital communications “we cannot read.”
Even if the U.K. government got the expansive new powers it seems to want, there’s no reason to think it would stop terrorism in its tracks. Researchers have found that suicide attacks are a social phenomenon involving support networks that radicalize the perpetrators. Most people in these networks aren’t themselves terrorists. Allowing them to operate openly makes it easier both for moderating voices to intervene and for intelligence agencies to track. If the communities are forced underground and offline, they’ll be harder to infiltrate and monitor.
Moreover, there’s no way to create communications backdoors that only apply to bad guys. While committed terrorists could easily adapt to open source or analog means of communication in response to a government-mandated backdoor, law-abiding civilians would be exposed to new cybersecurity risks and have their economic and civil liberties compromised. Experience has shown that backdoors inevitably will be hacked, making everyone less safe. As the U.S. House Homeland Security Committee noted in its report on the topic, all of the proposed solutions to access encrypted information “come with significant trade-offs, and provide little guarantee of successfully addressing the issue.”
The policy also would have serious consequences for the United Kingdom’s global competitiveness. As the MIT report “Keys Under Doormats” notes, mandating architectures that allow access to encrypted communications “risks the real economic, geopolitical, and strategic benefits of an open and secure internet for law enforcement gains that are at best minor and tactical.” One of the factors behind the West’s dominance in technology and innovation is that its apps are not government-sanctioned, as they are in China or Russia. After all, what consumer would want to buy an app or device that had a built-in backdoor?
All this isn’t to say that governments should stand back and do nothing to stop terrorist activity online. It’s illegal almost everywhere in the world to provide material support to terrorist activities, not to mention the obvious crimes of murder and conspiracy. But terrorists don’t have free reign in cyberspace. In addition to the United Kingdom’s comparatively robust domestic snooping powers, the nation’s Counter Terrorism Internet Referral Unit (CTIRU) already coordinates flagging and removing unlawful terrorist-related content. Since its launch in 2010, it has worked with online service providers to remove a quarter million pieces of terrorist material.
There also are already international agreements to help authorities uncover and track people engaged in these activities and to exchange intelligence about them across borders. For instance, Mutual Legal Assistance Treaties (MLATs) allow the cross-border flow of data about criminal matters between investigative bodies. While the current MLAT agreements can be slow and cumbersome, efforts are underway to create a new process and allow U.K. authorities to go directly to U.S.-based online service providers, upon meeting certain conditions.
The United Kingdom also is already a key part of the national security data-sharing arrangements between the “Five Eyes,” under which intelligence from Canada, Australia, New Zealand and, of course, the United States is shared almost in real time. While the details are classified, there is evidence that this intelligence sharing has prevented numerous attacks.
To her credit, May emphasized the importance of improving these sorts of international agreements in her speech about fighting terrorism. This is an area where we can and should make positive steps toward reform, increasing the capacity for intelligence sharing in real time and improving cooperation, while ensuring that the right checks and balances are in place.
Combating violent extremism online doesn’t have to be a Pyrrhic victory for democratic societies. Certain risks are unavoidable, and no level of internet regulation will stop the most determined attackers. But there are real steps policymakers can take now to enhance our tools without sacrificing our security, liberty or global competitiveness in the process.
Zach Graves is tech policy director and Arthur Rizer is national security and justice policy director for the R Street Institut