Europol has set up a Europe-wide unit to search and remove social media accounts run by or linked to the terrorist group Islamic State (IS) in an effort to tackle the growing threat of unopposed jihadi propaganda online.
The specialist team will be modelled on the UK’s Counter-Terrorism Internet Referral Unit, (CTIRU), a joint Scotland Yard and Home Office unit, and will aim to take down IS-affiliated sites within two hours while providing information to other counter-terrorist investigators.
IS has so far demonstrated its effective use of social media for propaganda. IS members living across northern Syria and north-western Iraq use their personal social media accounts to spread their message worldwide, and this decentralised approach has proven hard to tackle.
It is estimated that more than 25,000 foreign fighters have joined the group in this region, their daily messages reaching a global audience in various languages. These social media accounts have been used to recruit foreign fighters, encourage women to travel to the region to become jihadi brides and to encourage families from around the world to join IS.
It’s this growing number of citizens flowing into Syria and Iraq that has led Europol’s Director, Rob Wainwright, to warn of the problems faced by European police forces trying to monitor terrorists’ online communications. Tackling the propaganda is made more difficult by the fact that suspects in Syria and Iraq are effectively out of reach.
Use of the more hidden, harder-to-reach areas of the web – the dark web – and encrypted communications make it harder still. Wainwright has added his voice to others in law enforcement that have warned tech firms to consider the impact of sophisticated encryption on law enforcement.
On Twitter alone, Wainwright believes IS has up to 50,000 accounts, tweeting up to 100,000 messages a day. A study by Brookings University researchers claimed the number of accounts as high as 90,000.
Rita Katz of the SITE Intelligence Group has also highlighted the difficulty intelligence agencies and police face monitoring social media and encrypted electronic communications. IS circumvents the blocking of their accounts through using multiple back-up accounts, urging followers to follow up to six accounts tweeting the same message. Katz believes that IS on Twitter is a real threat, a launch pad for recruitment or encouragement for lone wolf attacks, and to send dangerous messages to every corner of the world.
This issue of the use of the internet to facilitate radicalisation and terrorism was recognised by the Council of the European Union in March 2015, from which has emerged the Europol Internet Referral Unit, tasked with co-ordinating and sharing information about terrorist and extremist online content.
This builds on Europol’s Check the Web initiative from 2007. But while this had success in child abuse and human trafficking investigations early on its existence, it has had limited success tackling terrorism, especially since the Snowden revelations in 2013 – so has struggled to counter IS. This may reflect the difficulty investigators face in securing co-operation from telecoms providers and ISPs in order to access details of suspected terrorists. Telecoms firms adopt attitudes that often reflect the concerns of their customers over privacy.
Such concerns about the growth of a surveillance society and the need to protect individual’s right to privacy grown since the revelations from documents released by former US National Security Agency (NSA) contractor Edward Snowden, which have revealed that the NSA and its UK counterpart GCHQ conducted surveillance beyond their lawful powers.
An advantage of Europol taking the lead in monitoring IS is that privacy and data protection rights are deeply embedded in EU law. This will apply to Europol too since it became a legal EU body under the Treaty of Lisbon in 2009. This provides an important chain of accountability with direct scrutiny by the European Court of Justice (ECJ) possible.
Only recently the ECJ has shown how it is prepared to be ruthless in protecting privacy and data protection rights, in a case in which it found the 2006 EU Directive on data protection itself invalid. The ECJ held that legislation must lay down clear and precise rules governing the scope and application of surveillance as well as imposing minimum safeguards to prevent misuse of data.
This would also apply to the Europol’s terrorist monitoring unit, and with the right safeguards in place Europol is likely to find it easier to win the co-operation of telecoms firms and ISPs, which in turn will make it a more effective unit. Of course this is still a difficult task, but it’s a step in the right direction.