Terrorist Activities On Social Media

Uploaded on 2017-07-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-Financial, TECHNOLOGY-Key Areas-Social Media

For nearly 20 years, the financial sector has been required to report suspicions of terrorist-related transactions. Should similar requirements apply to suspicious communications on social media?

In response to the increased use of social media by extremist groups, the G7 called in May ‘for Communication Service Providers and social media companies to substantially increase their efforts to address terrorist content’. Prime Minister Theresa May had previously expressed the view that companies should ‘report this vile content to the authorities and block the users who spread it’.

Expecting private companies to report terrorist-related activities is not unprecedented: consistent with the recommendations of the Financial Action Task Force (FATF), the global standard-setter in the areas of anti-money laundering and counterterrorist financing, financial institutions are required to file a suspicious transaction report if they suspect any funds to be related to terrorist financing.

Accordingly, transaction reports may provide a useful point of reference when considering recent proposals to introduce reporting requirements for certain types of social media content.

For someone on the outside, it might seem odd that, under current rules, transactions suspected of funding terrorist acts have to be reported to authorities, whereas public communications promoting the same acts generally do not. 
After all, the people that propaganda is meant to attract are as critical to terrorist networks as financial resources. Instead of reporting requirements, the communications monitoring regime relies primarily on the authorities’ ability to intercept data, including through bulk powers.

The reasons for the differences between the monitoring regimes for communications and financial transactions go back to their origins.

Current counterterrorist financing regulations have to a large extent been shaped by the pre-existing anti-money laundering framework. The design of anti-money laundering rules had been influenced by the earlier principle of bank secrecy, namely the notion that banks (in certain jurisdictions) are contractually prevented from disclosing information about their customers.
As a result, the monitoring regime for financial transactions has traditionally placed a primary responsibility on financial institutions to act as gatekeepers and decide on a case-by-case basis which transactions need to be reported to the public authorities.

The monitoring regime for communications has also had to be reconciled with privacy concerns, in particular secrecy of correspondence and freedom of speech. Yet, unlike for the financial sector, the infrastructure for communications (for example, postal services and telecommunications networks) has historically fallen within the purview of governments rather than private actors.

Accordingly, the monitoring regime was predicated on the assumption that law enforcement authorities have the ability to intercept most communications and obtain information without private sector involvement. The monitoring regime for communications has therefore focused on defining the circumstances in which authorities are allowed to make use of their ability to intercept communications, rather than on introducing mechanisms for private entities to share information with public authorities.

However, are such traditional distinctions still relevant? Or should monitoring regimes be more closely aligned?
Unlike traditional communications infrastructure, social media networks have largely been developed without government involvement. Rather, they are run by private actors who have the technical ability to limit external access to the content of communications, such as through encryption.

Technological progress has therefore created the room (and possibly the need) for stronger private sector involvement in the monitoring of communications. Conversely, new technologies may in the future reduce the role of traditional financial institutions in transaction monitoring: virtual currencies, such as Bitcoin, allow users to conduct transactions outside the established financial system, without the involvement of any entity subject to reporting requirements.

Social media companies have not only reshaped the structure of communications networks. By offering payment services, such as money transfers among users, they have also blurred the lines between sectors.

In other words, social media companies are now subject to reporting requirements for some of their activities, such as transactions intended to fund terrorist groups, but not for others, including communications promoting a terrorist group.
In addition, from a criminological point of view, the traditional difference between terrorist propaganda and financing has become more difficult to draw as the definition of the latter has been broadened beyond the specific act of funding a terrorist act or organisation.

For example, according to FATF Recommendation 5, terrorist financing offences should also include attempts to collect funds with the intent that these should be used by an individual terrorist or a terrorist organisation.
This suggests that a public fundraising campaign on a social media platform, which could be considered as a form of communication, would need to be reported as a potential terrorist financing offence.

At a time when security authorities are grappling with the technical innovations available to terrorists and are relying increasingly on private sector actors to assist with their identification and disruption efforts, access to information held by these actors is critical. 

In order to ensure that information is shared effectively, the nature of the relationship between the public and private sectors in each of the financial and communications areas needs to be updated to reflect the evolution of their respective roles since regulations were first conceived.

In this context, any discussions on new reporting requirements for social media companies may benefit from the lessons learnt from the regime for suspicious financial transaction reporting.

RUSI:

You Might Also Read:

Scenarios For Predicting Terrorist Attacks:

Facebook, Twitter and Google Are A 'recruiting platform for terrorism':

Facebook Deploys AI To Block Terror Propaganda:

 

 

« Cyber Caliphate's Scorecard
Cybersecurity: The Cold War Online »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

Australian Cyber Security Growth Network (AustCyber)

Australian Cyber Security Growth Network (AustCyber)

AustCyber brings together businesses and researchers to develop the next generation of cyber security products and services.

Proficio

Proficio

Proficio is a world-class Managed Security Service Provider providing managed detection and response solutions, 24×7 security monitoring and advanced data breach prevention services worldwide.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

BetaDen

BetaDen

BetaDen provides a revolutionary platform for businesses to develop next-generation technology, such as the internet of things and industry 4.0.

CyberNews

CyberNews

Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

Saporo

Saporo

Saporo helps organizations increase their cyber-resistance. Continuously map your attack surface and get the recommendations you need to make your organization more resistant to attacks.

ECS Ethiopia

ECS Ethiopia

ECS Ethiopia provides Ethiopia’s leading institutions with top cyber-security expertise and technology to enable them to overcome risks and market barriers enabling them to grow their business.

Fulcrum IT Partners

Fulcrum IT Partners

Fulcrum IT Partners is the parent company of an expanding portfolio of established IT solution companies around the world with proven expertise in cyber security, cloud, and managed services.

PixelQA

PixelQA

Are you looking for a security testing company to cross-check whether your software or mobile app has a possible security threat or not?

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.

Sprocket Security

Sprocket Security

Sprocket Security protects your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.