from the not-that-kind-of-disruption... dept
You will, of course, note the bit on encryption. According to some of the reports, while the meeting was really supposed to be more about anything but encryption (i.e. about figuring out ways to "counter" ISIS's supposed social media success, which likely has been overblown anyway), Comey said that he would only participate if encryption was on the agenda.
U.S. Government Meeting with Technology Executives on Counterterrorism
II. Setting the stage
a. Purpose of Meeting
b. Unclassified background on terrorist use of technology, including encryption
III. Core Discussion Areas
a. How can we make it harder for terrorists to leveraging the internet to recruit, radicalize, and mobilize followers to violence?
b. How can we help others to create, publish, and amplify alternative content that would undercut ISIL?
c. In what ways can we use technology to help disrupt paths to radicalization to violence, identify recruitment patterns, and provide metrics to help measure our efforts to counter radicalization to violence?
d. How can we make it harder for terrorists to use the internet to mobilize, facilitate, and operationalize attacks, and make it easier for law enforcement and the intelligence community to identify terrorist operatives and prevent attacks?
IV. Questions or other issues raised by Technology Companies
V. Next Steps
The Intercept got its hands on the more detailed briefing and revealed the part about encryption:
For what it's worth, it appears (thankfully) that the majority of the meeting did not focus on the issue of encryption and (somewhat importantly) it was made clear to government officials that they're doing a hell of a lot more harm than good in continuing to suggest that undermining encryption is a reasonable approach. Tim Cook apparently said that the government needs to come out publicly in favor of strong encryption, rather than its silly statements that suggest a desire to undermine it.
In addition to using technology to recruit and radicalize, terrorists are using technology to mobilize supporters to attack and to plan, move money for, coordinate, and execute attacks. The roles played by terrorist leaders and attack plotters in this activity vary, ranging from providing general direction to small groups to undertake attacks of their own design wherever they are located to offering repeated and specific guidance on how to execute attacks. To avoid law enforcement and the intelligence community detecting their activities, terrorists are using encrypted forms of communications at various stages of attack plotting and execution. We expect terrorists will continue to use technology to mobilize, facilitate, and operationalize attacks, including using encrypted communications where law enforcement cannot obtain the content of the communication even with court authorization. We would be happy to provide classified briefings in which we could share additional information.
Key Questions: We are interested in exploring all options with you for how to deal with the growing threat of terrorists and other malicious actors using technology, including encrypted technology, to threaten our national security and public safety. We understand that there is no one-size-fits-all solution to address this problem and that each of you has very different products and services that work in different ways. Are there high-level principles we could agree on for working through these problems together? And are there technologies that could make it harder for terrorists to use the internet to mobilize, facilitate, and operationalize? Or easier for us to find them when they do? What are the potential downsides or unintended consequences we should be aware of when considering these kinds of technology-based approaches to counter terrorism?
A number of organizations in the government, as well as some in private industry and academia, have researched techniques to detect and measure radicalization. Some have suggested that a measurement of level of radicalization could provide insights to measure levels of radicalization to violence. While it is unclear whether radicalization is measureable or could be measured, such a measurement would be extremely useful to help shape and target counter-messaging and efforts focused on countering violent extremism. This type of approach requires consideration of First Amendment protections and privacy and civil liberties concerns, additional front-end research on specific drivers of radicalization and themes among violent extremist populations, careful design of intervention tools, dedicated technical expertise, and the ability to iteratively improve the tools based on experience in deploying them. Industry certainly has a lot of expertise in measuring resonance in order to see how effective and broad a messaging campaign reaches an audience. A partnership to determine if resonance can be measured for both ISIL and counter-ISIL content in order to guide and improve and more effectively counter the ISIL narrative could be beneficial.
The United States recognizes the need to empower credible non-governmental voices that would speak out against ISIL and terrorism more broadly both overseas and at home. However, there is a shortage of compelling credible alternative content; and this content is often not as effectively produced or distributed as pro-ISIL content and lacks the sensational quality that can capture the media’s attention. Content creation is made difficult by ISIL’s brutal rule and near total control of communications infrastructure in its territory in Iraq and Syria, which can make it dangerous for citizens to speak out or provide video or images. Further, many of the leading and credible voices that might counter ISIL lack the content-generation and social media prowess that would be required to counter ISIL online. There is also a need for more credible positive messaging and content that provides alternatives to young people concerned about many of the grievances ISIL highlights.
In parallel with ongoing U.S. Government efforts, we invite the private sector to consider ways to increase the availability alternative content. Beyond the tech sector, we have heard from other private sector actors, including advertising executives, who are interested in helping develop and amplify compelling counter-ISIL content; and we hope there are opportunities to bring together the best in tech, media, and marketing to work with credible non-government voices to address this shared challenge.
The real crux of the meeting, though, was looking at if there was "some other thing" that the tech industry could do to help in the fight against terrorism. This actually seems like a perfectly reasonable question to ask. But there are still reasonable concerns. First, pretty much all of these companies already have terms of service that forbid their use in the furtherance of criminal or terrorist activities. Second, they tend to already work with the government when such activity is discovered on the service. Third, in many cases, letting terrorist organizations use these platforms freely is one of the most effective ways to enable intelligence officials to find out what they're doing.
If you look at the agenda above, it really feels as if the meeting was built on the wrong premise. It's basically all about how do we stop bad people from using technology effectively. But that's a fool's errand, because technology doesn't distinguish between good people and bad people.
Technology, for the most part, is about helping people do things better and more efficiently, not about stopping people from doing things. It's too bad there wasn't a focus on using today's technology tools to enable more people to help out in the fight against terrorism and extremism. Instead, much of the focus is on "how do we make it harder for someone to do [x]."
From the reports that came out, the discussion was pretty high level, with ideas like "could Facebook adjust its algorithm that spots potentially suicidal users to also detect potentially radicalized members." Having such discussions is fine, in theory. In fact, if anything, the oddest thing about this little "summit" is that it demonstrates just how wide the gulf has become between Silicon Valley and DC. In the past, discussions like this weren't so crazy -- and didn't need press coverage.
But here's the thing: the intelligence community totally poisoned the well here with its actions over the past decade and a half. For the past few months DC folks have been whining about how Silicon Valley is seeing this as an "us v. them" situation, but that's only true because the NSA blew everything up, hacking into systems, lying to the public, abusing the secretive powers of National Security Letters, the FISA Court and Executive Order 12333. The government treated Silicon Valley as an adversary, and is now whining that Silicon Valley doesn't want to help.
I'm quite certain that everyone in the room wants to do what they can to "stop ISIS" ("disrupt" is totally the wrong word here). And it would be great if there were ways to actually do that. But it can't involve the usual way that the intelligence and law enforcement communities have focused on in the past decade and a half: violating privacy, exploiting systems and generally treating the public's rights as collateral damage. And it can't involve stomping on freedom of expression.
It's fine if the two sides want to talk and see if they can come up with something useful, but as long as DC keeps thinking of Silicon Valley as creating "magic pixie dust" instead of innovation, it's not going to be that useful.