Skip to main content

JSIS Cybersecurity Report: How Should the Tech Industry Address Terrorist Use of Its Products?

August 8, 2016

Authors:

Stacia Lee, Jessica L. Beyer, Natasha Karmali, Cherryl Isberto, Hyeong Oh

Extremist use of information and communication technology (ICT) has resulted in tension between the government, industry actors, and ICT users. In their response to extremist use of ICT, industry actors have faced a serious dilemma over how to respond to bad actors in a way that promotes security but does not infringe upon users’ rights to privacy and freedom of speech. Navigating the balance between privacy and security is especially difficult because many extremists use ICT products in the same way as ordinary users – to recruit, communicate, and fundraise. There are common practices within the industry, but companies have had to respond primarily on an ad-hoc basis to extremist ICT use due to the lack of established norms and frameworks within industry for responding to extremists’ use of ICT products.

While there is a lack of norms at the industry level, a framework has emerged within the telecommunications sector to guide industry response to government requests for user information, which can help address the threat of extremist use of ICT products and services. This emerging framework could serve as a model for the rest of the ICT sector as it works to create norms for industry interactions with governments. The ICT sector could benefit from consistently engaging in dialogue with one another and establishing guiding principles for behavior when it comes to extremist use of their products and services. However, there are limitations to the extent that the telecommunications framework can be applied to the ICT industry, due to the fact that ICT companies deal with a multitude of sensitive data whereas telecommunications companies work with less data—namely, text messages and phone calls.

Because of the variety of data held on ICT servers, specifically encrypted communications data and data stored on the cloud, it will be more challenging for ICT companies to develop a consistent regulatory framework. Existing laws regarding the United States government’s access to telecommunications data, specifically the Communications Assistance for Law Enforcement Act (CALEA), guided the creation of a telecommunications industry framework. However, the rest of the ICT sector has no existing law upon which to base its potential industry norms, making it more difficult to create a regulatory framework. In spite of these limitations, the ICT industry can still gain valuable lessons from the telecommunications sector’s framework as it builds its toolkit to combat extremist use of ICT products and services.

Extremist ICT Use: Recruitment, Communication, and Fundraising

The central dilemma ICT companies face is how to tackle extremist use of their products while protecting the rights of everyday users—something made difficult due to the fact that extremist use of ICT products is functionally the same as ordinary user use, what differs is the intention underlying that use. Extremists are savvy consumers, using ICT products and services to recruit new members, communicate amongst members, and fundraise. The intentions underlying this use is to further extremist agendas, which often means violence against innocents.

To recruit new members, extremists publish propaganda on heavily trafficked social media platforms to attract an audience across the world and guide vulnerable ICT users towards extremism. For example, the Islamic State of Iraq and the Levant (ISIL) uses Twitter and YouTube effectively to find recruits.[i] Recruiters use hashtags, bots, and post content in a variety of languages to reach a large audience while targeting individuals with a sense of alienation around the world. Youth from socially marginalized populations tend to be the most sympathetic to extremist causes.[ii] After extremist groups have disseminated propaganda on social media platforms, they analyze user interactions with their content to identify potential recruits before switching to direct communication applications such as Kik or Skype to continue recruitment in a more personal and private manner.[iii]

Extremists also use ICT products and services for sensitive operational communications, which are member-to-member conversations that include, but are not limited to, how to reach terrorist safe havens, contact information for smugglers, and logistics regarding the organization of attacks.[iv] Extremists use both encrypted and non-encrypted messaging tools for these purposes. However, extremists have shown a preference for encrypted messaging applications, encrypted email, encrypted phones, and homegrown encrypted applications.[v] This preference is in part due to Edward Snowden’s leak of US National Security Agency (NSA) documents that revealed the extent of US government surveillance of ICT users’ communications.[vi] Extremists are aware that their conversations on non-encrypted messaging services can be tracked or collected by governments and companies, unlike encrypted tools, which are theoretically impossible for third parties to intercept, making them ideal for avoiding internal monitoring by companies and government surveillance.

In addition, the success of extremist organizations requires a large amount of capital. Therefore, extremist supporters and sympathizers are encouraged to support extremist organizations through donations. Fundraising has been made easier by the proliferation of online payment systems such as digital wallets, virtual currencies, and mobile banking services, all which have provided efficient methods of moving money across the globe.[vii] US federal law enforcement agencies have found that some online payment systems such as PayPal are ill-equipped to verify customer identification and limit extremist usage, while other companies openly allow anonymous payments.[viii] The resulting anonymity makes it more challenging for governments to detect extremist organization’s activities in order to prevent dangerous attacks.

In spite of the very real problem of extremist use of ICT to recruit, communicate, and fundraise–and ultimately spread harm around the world–governments give little guidance to ICT companies about how to respond. ICT companies are aware that extremists are using their products and services, but there are no agreed upon definitions of extremism within the industry, clear industry-wide rules or laws over when information should be shared with the government, nor standard internal monitoring procedures. The absence of industry norms, either facilitated by governments or the industry itself, makes it increasingly difficult to mitigate the effects of extremist use of ICT.

The Telecommunications Industry Framework: A Possible Model?

Since there are no existing guidelines for combating extremist use of ICT on an industry or government level, when ICT companies have shared user data with governments, companies have often received scrutiny from users who value personal privacy. Additionally, sharing information with governments can also put activists at risk. The backlash against ICT companies, in general, is similar to the consumer backlash telecommunications companies have faced over giving user information to the US government.

Consumer backlash has been largely due to the fact that there has been little guidance about how telecommunications companies should handle government requests to shut down service to users or share user information. Discontent among users and within the telecommunications industry resulted in greater guidance on how companies should respond to government requests. Steps towards greater guidance and transparency has led to an emerging framework which has allowed telecommunications companies to mitigate tensions between their legal obligation to share information with the government and promises to protect user privacy.

The telecommunications framework emerged out of a debate over whether telecommunications companies were upholding the international human rights of privacy and freedom of speech by cooperating with oppressive regimes.[ix] This debate gained the most public interest during the 2011 Arab Spring in Egypt when President Mubarak forced Egypt’s biggest mobile phone service providers Vodafone, Mobinil, and Etisalat to shut down service for domestic users and send out a pro-government text message to subscribers.[x] The Egyptian government made these requests to prevent protestors from communicating, organizing, and publicizing the protests.[xi] The Egyptian government put telecommunications companies in a position where they had to comply with the demands of an undemocratic state so as to not risk the safety of their offices and employees located in the country. However, international critics have argued that by obliging such government requests, telecommunications companies in Egypt violated the right to freedom of speech—a fundamental human right.[xii] Similar instances of government requests to control telecommunications companies occur frequently in other restrictive regimes. As a result, some telecommunications companies, including companies uninvolved in the 2011 events in Egypt, have prompted dialogue within the industry to form guidelines and best practices that protect human rights but also uphold legal obligations to comply with government requests.[xiii]

In order to form industry-wide guidelines, telecommunications companies collaborated internally and worked with governments and human rights stakeholders. The Telecommunications Industry Dialogue (ID) is an example of this collaboration. The ID is an organization made of up eight telecommunications operators and vendors from several different countries (AT&T, Nokia, Milicom, Orange, Telefonica, Telenor Group, Telia Company, and Vodafone) that use the United Nations (UN) Guiding Principles on Business and Human Rights to address privacy and human rights concerns.[xiv] In 2013, the organization released the document “Telecommunications Industry Dialogue on Freedom of Expression and Privacy Guiding Principles,” which outlines an operational process on how to evaluate and handle government requests and incidences where governments are believed to be misusing technology for illegitimate purposes.[xv] Strategies include seeking judicial review and alternative measures that would minimize infringement on freedom of expression and privacy, and engaging other stakeholders, such as the UN or civil society organizations in the process.[xvi]

In March 2012, Access Now, an advocacy organization that promotes open and secure Internet access, also released similar guidelines to be used by telecommunications companies to uphold user privacy and freedom of speech in a document titled “Teleco Action Plan Respecting Human Rights: Ten Steps and Implementation Objectives for Telecommunications Companies.”[xvii] Both the ID and Access Now documents show an attempt to establish norms within the industry through internal collaboration and stakeholder consultation to address human rights concerns and government requests for data. The “Teleco Action Plan” specifically uses telecommunications companies’ decision to comply with President Mubarak’s requests as a case study to examine how to reduce infringement on human rights in such situations.[xviii] Access Now provides several recommendations for the industry to improve in future incidents, including notifying users ahead of time if they suspect networks will be shut down.[xix] The same recommendation was proposed in the “Telecommunications Industry Dialogue on Freedom of Expression and Privacy Guiding Principles.” Both Vodafone and Orange, who cooperated with President Mubarak’s shutdown in 2011, agreed to follow this recommendation in the future.[xx]

The issue of government requests for user data was brought to the public eye again in 2013, following the Edward Snowden leaks. The leaks revealed that the US government was using telecommunications companies to collect data on citizens for national security surveillance through the US Patriot Act. Telecommunications companies were again accused of infringing on user’s human rights by complying with government requests.[xxi] Pressure from the public, advocacy organizations, and telecommunications companies themselves following the leaks led the US government to pass the USA Freedom Act, which provided more specific guidance for telecommunications companies about sharing user information with the government.[xxii] The Act also allowed for greater transparency on how user information is shared by allowing companies to publicly disclose how many government requests are received on an annual basis.[xxiii]

Both the 2011 Arab Spring and the 2013 Snowden leaks brought to light a reoccurring conflict between the government, users, and telecommunications companies: how to balance privacy and security concerns. Through public pressure, dialogue, and collaboration, a framework has emerged within the telecommunications industry addressing how to reconcile these sometimes-competing interests. This framework will become increasingly important as telecommunications companies respond to extremist use of their products and services to recruit, communicate, and fundraise. With this emerging framework, telecommunications companies will have a basis for determining when user information should be handed over to the government for security reasons, without infringing upon the human rights of ordinary users as well as an established mechanism with which to consult one another. The framework is not perfect or legally binding, and will need to be adapted and updated to respond as threats evolve, but it nonetheless provides telecoms with something to work off of so that they do not have to respond to government requests for data on an ad-hoc basis.

The Telecommunications Framework: Applications and Limitations

The rest of the ICT industry would greatly benefit from a framework similar to the one emerging within the telecommunications sector and can emulate the work of the Telecommunications Industry Dialogue. While there are limitations to the use of the telecommunications industry as a model framework for ICT companies to follow, ICT companies already have several common responses to extremist use of their products and services. These commonalities can lay the groundwork for the creation of an industry-wide framework to combat extremist use of ICT products and services.

Companies that process government requests for user data have certain systems in place for law enforcement to request data and often report to the public how many requests they receive on an annual basis. For example, Facebook has a system set up for processing government requests where information is shared in accordance with Facebook’s terms and conditions and US law, including the Stored Communications Act.[xxiv] Facebook releases reports to the public about how many government requests it receives and how many times Facebook handed over information, pushes back against the request if there are legal issues or if the request is too broad or vague, and shares the least amount of information as possible.[xxv] Other ICT companies that follow the same procedures of adhering to US law regarding information sharing and publicly publishing government request data include Apple, Google, and Microsoft.[xxvi]

In addition to making government requests for user data public, many ICT companies use internal monitoring and public reporting mechanisms to combat extremist use of ICT. For example, Twitter suspended 125,000 ISIL accounts between mid-2015 and February 2016 in order to prevent their owners from disseminating propaganda on the Internet.[xxvii] In addition, public reporting mechanisms allow ICT users to report content that promotes terrorism. YouTube has a flagging system that is used to mark questionable content for removal.[xxviii] Once the user flags the video, the company’s enforcement team receives the request from the user, reviews the video, and deletes the video if it promotes terrorism and any activities that would be regarded as an incitement to violence.[xxix]

As seen in the case of public disclosures of government requests for data and internal monitoring and public reporting mechanisms, common responses to extremist use of ICT exist within the ICT industry, but they are not formalized as they are in the telecommunications sector. Without formalization, companies are free to respond to extremist use of ICT as they see fit, resulting in tensions between the government, ICT industry actors, and users. These tensions have increased due to recent terrorist attacks that have put even greater pressure on ICT companies to follow domestic laws that may be at odds with freedom of expression and privacy.[xxx] Therefore, it is crucial that these common practices are formalized at an industry wide level to provide a framework for mitigating tensions between privacy and security.

Potential Application:Formalizing Common Practices at an Industry Level

Creating norms at an industry level can be difficult due to competition within the industry and variation in how companies govern their relationships with law enforcement. However, consensus within an industry is possible, as illustrated by the Telecommunications Industry Dialogue. The Telecommunications Industry Dialogue serves as a platform for telecommunications companies and stakeholders to coordinate and exchange best practices for the benefit of the whole industry. The ICT sector would greatly benefit from a similar model in which ICT companies can cooperate with each other as well as groups from other sectors that have a stake in the matter. Consistently engaging in dialogue leads to a framework that incorporates the perspective and concerns of diverse stakeholders. Therefore, common practices within the ICT industry should formalized as norms to achieve the common goals of protecting user privacy and ensuring national security while still being adaptable across business entities.

As mentioned previously, the Telecommunications Industry Dialogue is founded upon the “Telecommunications Industry Dialogue on Freedom of Expression and Privacy Guiding Principles,” which is based on the UN Guiding Principles on Businesses and Human Rights. The guiding principles inform policy within the telecommunications sector by proposing a process to handle government requests, mitigating risks of these demands, and creating standards for external reporting of companies’ progress in implementing the principles.[xxxi] Several of these guiding principles have the potential for application to the entire ICT industry. For example, guiding principle number three requires that ID members to “create operational processes and routines to evaluate and handle government requests that may have an impact on freedom of expression and privacy.”[xxxii]

In a report about how the principles were being implemented, the ID explained that participating companies should only disclose communication data if government requests meet the following requirements established in international human rights law: legality, necessity, and proportionality.[xxxiii] The ID’s guiding principles also express the view that government surveillance programs should be subject to ongoing review by an independent authority and that governments should not conduct mass surveillance by using telecommunication companies’ infrastructure without the company controlling the actual scope of data collection.[xxxiv] These guidelines have served as a core standard for telecommunications companies and their interaction with government authorities. In contrast, the ICT sector lacks such specific guidelines over what constitutes as a legal government request for data or whether law enforcement should be given direct access to user data for government surveillance.

In addition, guiding principle number eight requires ID members to report on their progress in implementing the principles.[xxxv] In 2014, all eight participating companies published reports on their progress in implementing the guiding principles in their business operations.[xxxvi] These reports outlined company policies and procedures for responding to law enforcement demands for access to communications data as well as the legal basis for the demands.[xxxvii] The reports foster transparency and allow stakeholders to understand the policies and practices of both companies and governments as well as hold them accountable for making progress on human rights.[xxxviii] The transparency reports have also helped companies not only to define but also strengthen their standards on responding to government requests. Transparency is important as it educates users on government’s exchanges in relation to their communication data. Understanding these processes and the industry’s efforts to protect user privacy only leads to greater consumer trust.

As indicated above, common practices exist at the ICT industry level, but they are not as formalized as they are within the telecommunications sector. The telecommunications sector has greatly benefited from the framework created by the ID guiding principles. Through the existence of industry guidelines, telecommunications companies avoid the tensions created due to acting on an ad-hoc basis. Using the UN Guiding Principles on Businesses and Human Rights and the “Telecommunications Industry Dialogue on Freedom of Expression and Privacy Guiding Principles” as a model, the ICT industry should formalize common practices to create industry standards, which would lead to more efficient and effective processes to both protect user privacy and ensure compliance with the law. It is clear that commonalities already exist in ICT industry response to extremist use of ICT, and now is the time for companies to work together to create meaningful norms.

Limits to Application: Data Variety and Lack of Legal Guidance

The emerging framework within the telecommunications industry can serve as a foundation for the creation of an ICT industry framework, but because many ICT products and services involve a far greater variety of data, it will be harder to create a framework that mitigates security and privacy concerns.

Government surveillance of telecommunications data primarily involves phone calls and text messages, which may or may not be sensitive information. When law enforcement officials gain access to other ICT products, such as a cell phone or an email account, they gain access to much more information, which is often sensitive but unrelated to the crime under investigation. An email account can contain bank information, personal contacts, and messages. Therefore, handling government requests for data is more complicated. The decision for ICT companies is not only over whether to hand over information, but also how much information and for how long. This decision is further complicated by the fact that the laws used by law enforcement to request user data are often vague and predate the creation of the Internet, which allows for broad interpretation of laws that could lead to possible government overstep.

The increasing amount of sensitive information and public pressure after the 2013 Snowden leaks has led to a push towards greater user privacy, usually in the form of encryption or cloud computing. The move toward encryption also poses a challenge to creating an industry framework for responding to government requests for data. The transition to cloud computing has made it more difficult for governments to access user data. The transition created a backlash from members of the US government, who accused industry actors of making the government’s counter-terrorism efforts more difficult and encouraged companies to weaken their security and avoid encryption.[xxxix]

However, several companies including Microsoft, Google, Twitter, and Apple have claimed that weakened security would undermine human rights and information security globally and that giving the government access to customers’ data would mean that companies would be required to provide the same tools to foreign governments, not just the US government, which could potentially include repressive and dangerous regimes.[xl] There is a fundamental difference in the way the government and industry actors view encryption technology. Thus, if the telecommunication framework were to serve as a model to improve ICT response to government request of data, encrypted data and cloud computing would need to be a category of data that would require its own set of rules.

Another challenge to using the telecommunications framework as a model is that the ICT industry does not have laws in place that clearly define when companies need to hand over user data to the government, making it hard to create standards. The telecommunications industry, on the other hand, does have laws that govern telecom companies’ relationship with the government. For example, the US Communications Assistance for Law Enforcement Act (CALEA) was passed in 1994 to address concerns that the advancement of technology would make it more difficult for law enforcement agencies to conduct surveillance.[xli] CALEA requires telecommunications companies and equipment manufactures to design their products and services so that law enforcement can continue to conduct surveillance as technology evolves.[xlii] Telecommunications industry actors are expected to create standards within the sector to meet the demands of CALEA.[xliii]

The Telecommunications Industry Association and the Alliance for Telecommunications Industry Solutions have created standards that outline how companies are expected to assist with lawful electronic surveillance and the interfaces needed to provide “intercepted communications and call-identifying information.”[xliv] CALEA and the resulting standards have been controversial and have resulted in tensions between the government, users, and industry.[xlv] However, CALEA and the standards have also given telecommunications companies legal guidance as it develops a framework to govern its relationship with the government.

The ICT industry lacks the same sort of legal guidance provided by CALEA, as illustrated by cases between the US government and ICT companies. One notable case is that of the FBI and Apple. After the 2015 San Bernardino shootings, the FBI requested Apple’s help in accessing the contents of one of the shooter’s iPhone.[xlvi] The iPhone in question was locked and encrypted per Apple’s standard security policies and Apple refused to create a backdoor into their product due to concerns about potential abuses that such a backdoor might create.[xlvii] The demands made by the US government in this case could be seen as similar to the demands CALEA made of telecommunications companies in 1994–except that there was no proper legal precedent or guidelines upon which Apple could base its response. Once again, there are concerns that new technologies such as encryption and cloud computing will make it harder for law enforcement to conduct investigations. The difference is that since there is a lack of laws guiding what level of access governments should have to the data of ICT products and services, companies and users are left to navigate an unclear environment.

The absence of laws is a hindrance to forming a framework at the industry level, but ICT industry actors cannot wait until laws are passed to address the issue of extremist use of ICT. Progress must also not be stalled by questions about new technologies such as encryption and cloud computing. By using the telecommunications framework as model, working off of common practices, and keeping potential challenges in mind, ICT industry actors can collaborate to form a framework at an industry level to better respond to the issue of extremist use of ICT.

Conclusion

The ICT industry faces an increasingly important challenge as extremist groups become better at using ICT products and services for recruitment, communication and fundraising. There are currently no explicit guidelines–legal or industry-led–governing how companies should respond to extremist groups’ use of their products and services, so industry actors have had to create their own policy and strategy to address this issue on an ad-hoc basis. Both ICT industry and the US government recognize that something must be done about extremist use of ICT, but progress has been stalled due to the paralyzing privacy vs. security debate.

However, as indicated by the telecommunications industry, it is possible to create a framework that balances international human rights law and common practices within the sector. To create a similar framework at the ICT industry level, the government, industry actors, and human rights stakeholders will have to work together to create a framework that protects the rights of ordinary users and prevents extremists’ use of ICT products to conduct violent activities. Creating an industry wide framework will be challenging because of the various types of data involved and the lack of laws outlining government access to user data. Additionally, the framework will not be a cure-all as new challenges are bound to present themselves. However, with working guidelines the ICT industry will be better equip to address extremist use of ICT, and privacy and security concerns more generally.

This publication was made possible in part by a grant from Carnegie Corporation of New York. The statements made and views expressed are solely the responsibility of the author.

Endnotes

[i] Berger, J.M. and Jonathon Morgan. “The ISIS Twitter Census: Defining and Describing the Population of ISIS Supporters on Twitter.” The Brookings Institution, March 2015.; Klausen, Jytte, Eliane Tschaen Barbieri, Aaron Reichlin-Melnick, and Aaron Y. Zelin. “The YouTube Jihadists: A Social Network Analysis of Al-Muhajiroun’s Propaganda Campaign.” Perspectives on Terrorism 6, no. 1 (August 3, 2012).

[ii] Liang, Christina Schori. “Cyber Jihad: Understanding and Countering Islamic State Propaganda.” Geneva Centre for Security Policy, February 2015.; Berger, J. M. “The Evolution of Terrorist Propaganda: The Paris Attack and Social Media.” The Brookings Institution. Accessed May 29, 2016.

[iii] Bardin, Jeff. “What It’s like to Be Recruited by ISIS Online.” Business Insider, May 22, 2015; Masi, Alessandria. “ISIS Recruiting Westerners: How The ‘Islamic State’ Goes After Non-Muslims And Recent Converts In The West.” International Business Times, September 8, 2014.

[iv] Stalinsky, Steven, and R Sosnow. “Encryption Technology Embraced By ISIS, Al-Qaeda, Other Jihadis Reaches New Level With Increased Dependence On Apps, Software – Kik, Surespot, Telegram, Wickr, Detekt, TOR: Part IV – February-June 2015.” Inquiry & Analysis Series No. 1168. Middle East Media Research Institute, June 15, 2015.

[v] Ibid.; “Dark Motives Online: An Analysis of Overlapping Technologies Used by Cybercriminals and Terrorist Organizations.” Trend Micro, May 3, 2016; Zetter, Kim. “Security Manual Reveals the OPSEC Advice ISIS Gives Recruits.” WIRED, November 19, 2015.

[vi] “Dark Motives Online: An Analysis of Overlapping Technologies Used by Cybercriminals and Terrorist Organizations.”; Stalinsky and Sosnow.

[vii] Ehrenfeld, Rachel. “Funding Terror.” The Washington Times, March 14, 2007.; Levitt, Matthew. “How Do ISIS Terrorists Finance Their Attacks?” The Hill, November 18, 2015.; Levitt, Matthew. “The Islamic State’s Backdoor Banking.” The Washington Institute for Near East Policy, March 2015.; Maras, Elliot. “Reality Check: Bitcoin Plays A Bit Role In Terror Financing.” Crypto Coins News. Accessed May 21, 2016.

[viii] “U.S. Money Laundering Threat Assessment.” US Government, December 2005.

[ix] “Enhancing Internet Freedom and Human Rights through Responsible Business Practices.” Swedish Ministry of Foreign Affairs, April 2012.

[x]Teleco Action Plan Respecting Human Rights: Ten Steps and Implementation Objectives for Telecommunications Companies.” Access, March 2012.

[xi] Ibid.

[xii] Roggensack, Meg, and Betsy Walters. “Excuses, Excuses: Surveillance Technology and Oppressive Regimes.” Human Rights First, November 18, 2011.

[xiii] Altschuller.

[xiv] “About.” Telecommunications Industry Dialogue. Accessed May 20, 2016.

[xv] “Telecommunications Industry Dialogue on Freedom of Expression and Privacy Guiding Principles.” Telecommunications Industry Dialogue, March 6, 2013.

[xvi] Ibid.

[xvii] “Teleco Action Plan Respecting Human Rights: Ten Steps and Implementation Objectives for Telecommunications Companies.”

[xviii] Ibid.

[xix] Ibid.

[xx] “Telecommunications Industry Dialogue on Freedom of Expression and Privacy Guiding Principles.”

[xxi] Bae, SeoHyun, David Bornstein, Kai Brunson, Patrick Harrid, Auric Kaur, Alexander Kegel, Angela Kim, et al. “Evolving US Cybersecurity Policy: A Multi-Stakeholder Approach.” Academic. Seattle, Washington: University of Washington, 2016.

[xxii] Siddiqui, Sabrina. “Congress Passes NSA Surveillance Reform in Vindication for Snowden.” The Guardian, June 3, 2015.

[xxiii] “USA Freedom Act Archives.” House Judiciary Committee. Accessed May 20, 2016.

[xxiv] “Information for Law Enforcement Authorities.” Facebook. Accessed May 12, 2016.

[xxv] “About the Reports.” Facebook. Accessed May 10, 2016.

[xxvi] “Google Transparency Report.” Google. Accessed May 11, 2016.; Microsoft Corporation. “Law Enforcement Requests Report.” Microsoft Corporation. Accessed May 11, 2016.; “Update on National Security and Law Enforcement Orders.” Apple, January 27, 2014.

[xxvii] “Combating Violent Extremism.” Twitter Blogs. Accessed June 1, 2016.

[xxviii] “Flagging Content,” n.d.

[xxix] “Violent or Graphic Content.” YouTube. Accessed May 12, 2016.

[xxx] “Global Network Initiative.” Accessed June 1, 2016.

[xxxi] “Guiding Principles.” Telecommunications Industry Dialogue. Accessed June 1, 2016.

[xxxii] “AT&T Transparency Report.” AT&T Inc., 2016.

[xxxiii] “The Telecommunications Industry Dialogue at Two Years: Advances in Respecting Freedom of Expression and Privacy in 2014,” n.d.

[xxxiv] Ibid.

[xxxv] “AT&T Transparency Report.”

[xxxvi] “The Telecommunications Industry Dialogue at Two Years: Advances in Respecting Freedom of Expression and Privacy in 2014.”

[xxxvii] Ibid.

[xxxviii] Ibid.

[xxxix] Uchill, Joe. “Both Sides of Data Encryption Debate Face off in Congress.” Christian Science Monitor, April 30, 2015.

[xl] “Encryption Letter to Obama.” Electronic Privacy Information Center, May 19, 2015.

[xli]Communications Assistance for Law Enforcement Act.” Federal Communications Commission, February 10, 2011.

[xlii] Ibid.

[xliii] “FAQ on the CALEA Expansion by the FCC.” Electronic Frontier Foundation. Accessed July 5, 2016.

[xliv] Ibid.

[xlv] Ibid.

[xlvi] Nakashima, Ellen. “Apple Vows to Resist FBI Demand to Crack iPhone Linked to San Bernardino Attacks.” The Washington Post. Accessed June 22, 2016.

[xlvii] Ibid.

Bibliography

“About.” Telecommunications Industry Dialogue. Accessed May 20, 2016.

“About the Reports.” Facebook. Accessed May 10, 2016.

Altschuller, Sarah. “Advocates Seek Human Rights Commitments from Telecommunications Companies.” Corporate Social Responsibility and the Law, May 16, 2012.

“AT&T Transparency Report.” AT&T Inc., 2016.

Bae, SeoHyun, David Bornstein, Kai Brunson, Patrick Harrid, Auric Kaur, Alexander Kegel, Angela Kim, et al. “Evolving US Cybersecurity Policy: A Multi-Stakeholder Approach.” Academic. Seattle, Washington: University of Washington, 2016.

Bardin, Jeff. “What It’s like to Be Recruited by ISIS Online.” Business Insider, May 22, 2015.

Berger, J. M. “The Evolution of Terrorist Propaganda: The Paris Attack and Social Media.” The Brookings Institution. Accessed May 29, 2016.

Berger, J.M., and Jonathon Morgan. “The ISIS Twitter Census: Defining and Describing the Population of ISIS Supporters on Twitter.” The Brookings Institution, March 2015.

“CALEA.” Electronic Frontier Foundation. Accessed June 1, 2016.

“Combating Violent Extremism.” Twitter Blogs. Accessed June 1, 2016.

“Communications Assistance for Law Enforcement Act.” Federal Communications Commission, February 10, 2011.

“Dark Motives Online: An Analysis of Overlapping Technologies Used by Cybercriminals and Terrorist Organizations.” Trend Micro, May 3, 2016.

Ehrenfeld, Rachel. “Funding Terror.” The Washington Times, March 14, 2007.

“Encryption Letter to Obama.” Electronic Privacy Information Center, May 19, 2015.

“Enhancing Internet Freedom and Human Rights through Responsible Business Practices.” Swedish Ministry of Foreign Affairs, April 2012.

Falch, Morten, Günter Knieps, Stanisław Kubielas, and Paul J. J. Welfens. “Regulatory Issues in Telecommunications and ICT-Based Dynamics in Open Economies: Introduction.” International Economics and Economic Policy 11, no. 1–2 (January 19, 2014): 1–3. doi:10.1007/s10368-013-0265-4.

“FAQ on the CALEA Expansion by the FCC.” Electronic Frontier Foundation. Accessed July 5, 2016.

“Flagging Content,” n.d.

Gentzoglanis, Anastassios. “International Competitiveness in the Telecommunications and ICT Sectors: A Cross-Country Comparison.” Université de Sherbrooke, February 2007.

“Global Network Initiative.” Accessed June 1, 2016.

“Google Transparency Report.” Google. Accessed May 11, 2016.

“Guiding Principles.” Telecommunications Industry Dialogue. Accessed June 1, 2016.

Heeks, Richard. “Do Information and Communication Technologies (ICTs) Contribute to Development?” Journal of International Development 22, no. 5 (July 1, 2010): 625–40. doi:10.1002/jid.1716

“Information for Law Enforcement Authorities.” Facebook. Accessed May 12, 2016. 

“ITU Telecom.” ITU Telecom World. Accessed May 31, 2016.

Klausen, Jytte, Eliane Tschaen Barbieri, Aaron Reichlin-Melnick, and Aaron Y. Zelin. “The YouTube Jihadists: A Social Network Analysis of Al-Muhajiroun’s Propaganda Campaign.” Perspectives on Terrorism 6, no. 1 (August 3, 2012). 

Koops, Bert-Jaap. “Should ICT Regulation Be Technology-Neutral?” SSRN Scholarly Paper. Rochester, NY: Social Science Research Network, July 25, 2006.

“Law Enforcement Program: The Standards | CALEA®.” Accessed June 1, 2016.

Levitt, Matthew. “How Do ISIS Terrorists Finance Their Attacks?” The Hill, November 18, 2015. 

———. “The Islamic State’s Backdoor Banking.” The Washington Institute for Near East Policy, March 2015. 

Liang, Christina Schori. “Cyber Jihad: Understanding and Countering Islamic State Propaganda.” Geneva Centre for Security Policy, February 2015.

Mansell, Robin. “Information and Communication Technologies for Development: Assessing the Potential and the Risks.” Telecommunications Policy 23, no. 1 (February 1999): 35–50. doi:10.1016/S0308-5961(98)00074-3.

Maras, Elliot. “Reality Check: Bitcoin Plays A Bit Role In Terror Financing.” Crypto Coins News. Accessed May 21, 2016. 

Masi, Alessandria. “ISIS Recruiting Westerners: How The ‘Islamic State’ Goes After Non-Muslims And Recent Converts In The West.” International Business Times, September 8, 2014.

Microsoft Corporation. “Law Enforcement Requests Report.” Microsoft Corporation. Accessed May 11, 2016.

Nakashima, Ellen. “Apple Vows to Resist FBI Demand to Crack iPhone Linked to San Bernardino Attacks.” The Washington Post. Accessed June 22, 2016. 

“Number of Internet Users (2016) – Internet Live Stats.” Accessed May 30, 2016.

OECD. “Telecommunications Regulations.” OECD Digital Economy Papers, May 25, 2000.

“Report on the Activities of the International Telecommunications Union in 1968.” International Telecommunication Union, 1968.

Roggensack, Meg, and Betsy Walters. “Excuses, Excuses: Surveillance Technology and Oppressive Regimes.” Human Rights First, November 18, 2011. 

Siddiqui, Sabrina. “Congress Passes NSA Surveillance Reform in Vindication for Snowden.” The Guardian, June 3, 2015. 

Stalinsky, Steven, and R Sosnow. “Encryption Technology Embraced By ISIS, Al-Qaeda, Other Jihadis Reaches New Level With Increased Dependence On Apps, Software – Kik, Surespot, Telegram, Wickr, Detekt, TOR: Part IV – February-June 2015.” Inquiry & Analysis Series No. 1168. Middle East Media Research Institute, June 15, 2015. 

“Teleco Action Plan Respecting Human Rights: Ten Steps and Implementation Objectives for Telecommunications Companies.” Access, March 2012.

“Telecommunications Industry Dialogue on Freedom of Expression and Privacy Guiding Principles.” Telecommunications Industry Dialogue, March 6, 2013. 

“The Global Network Initiative and the Telecommunications Industry Dialogue Join Forces to Advance Freedom of Expression and Privacy | Global Network Initiative.” Accessed June 1, 2016.

“The Telecommunications Industry Dialogue at Two Years: Advances in Respecting Freedom of Expression and Privacy in 2014,” n.d.

Uchill, Joe. “Both Sides of Data Encryption Debate Face off in Congress.” Christian Science Monitor, April 30, 2015.

“Update on National Security and Law Enforcement Orders.” Apple, January 27, 2014.

“USA Freedom Act Archives.” House Judiciary Committee. Accessed May 20, 2016.

“U.S. Money Laundering Threat Assessment.” US Government, December 2005.

“Violent or Graphic Content.” YouTube. Accessed May 12, 2016.

Zetter, Kim. “Security Manual Reveals the OPSEC Advice ISIS Gives Recruits.” WIRED, November 19, 2015.

 

This publication was made possible in part by a grant from Carnegie Corporation of New York. The statements made and views expressed are solely the responsibility of the author.