image

Cybersecurity

Why Theresa May’s call to arms on terrorism via social media could be blocked by reality

Daniel Wagner says cyberterrorists are shape-shifting entities in an anonymous, borderless world where they change tactics at will, putting them virtually out of reach of any law enforcement or intelligence net

PUBLISHED : Tuesday, 06 June, 2017, 12:38pm
UPDATED : Tuesday, 06 June, 2017, 7:19pm

Prime Minister Theresa May has called for international agreements to regulate the internet, after a spate of terrorist attacks in Britain. This is long overdue, and May is right to push the world on this. But whatever form such agreements may take, they will be insufficient to address the spread of cyberterrorism.

The fundamental problem is that cyberterrorists operate anonymously and in a borderless world. For laws to work, those they seek to apprehend must first be identified, but the perpetrators of cyberterrorism are as adept at hiding behind the internet as their cybercriminal counterparts.

This is Islamic State’s instant messaging app of choice

Individuals, groups or governments responsible for cybercrime and cyberterrorism are rarely apprehended. Just as quickly as a method of identifying them is deployed, the parties adapt, change identity, adopt new modus operandi, and continue as before.

Watch: May calls for international agreements to regulate the internet

May recognises the importance of addressing the role of social media in how cyberterrorists communicate. Social media companies have also now come to realise this and many are devoting greater resources to combating it. But among the challenges they face is the sheer volume of messages and videos generated – hundreds of millions each day. There are no algorithms currently available that can identify every potential terrorist post, and social media firms are often reliant on users to report problem messaging. But by the time they are able to respond, the messages have been disseminated and consumed.

Islamic State fighters offer sex slaves for sale on Facebook

Even if such algorithms did exist, there is no realistic way for law enforcement and intelligence agencies to act on all of them in a timely and effective manner. And even if they could, cyberterrorists change IP addresses, locations, identities and personas with such regularity, and so quickly, that they can basically act at will.

There are good reasons why no meaningful laws exist to govern the internet. If there were an easy way to do this, such laws would perhaps have been implemented years ago. Cyberspace is a fast-moving, ever-changing landscape that caters to criminality, and illegal and outrageous behaviour.

China’s tough cybersecurity law to come into force this week

No set of laws is going to change that, but it would be wrong not to devote greater resources to strengthen the international legal regime in an attempt to do so.

It is ironic that this call should come from the UK, which has come to epitomise the surveillance state. The British have made a tacit agreement with their government: to accept an intrusive surveillance regime in return for being kept safe. But the chips are stacked against both the government and its people, for their enemy is as cunning, creative, adaptive and persistent as any enemy ever was.

Daniel Wagner is managing director of Risk Solutions at Risk Cooperative. He is writing a new book on cyberterrorism