THREE jihadist attacks in Britain in as many months have led to a flood of suggestions about how to fight terrorism, from more police and harsher jail sentences to new legal powers. But one idea has gained momentum in both Europe and America—that internet firms are doing the jihadists’ work for them. Technology giants, such as Google and Facebook, are accused of turning a blind eye to violent online propaganda and other platforms of allowing terrorists to communicate with each other out of reach of the intelligence services.
It is only the latest such charge. The technology firms have also been condemned for allowing the spread of fake news and harbouring bullies, bigots and trolls in the pursuit of profit. In the past they were accused of enabling people to evade copyright and of hosting child pornography.
Shooting the messenger app?
For as long as there have been data networks, people have exploited them to cause harm. The French mechanical telegraph system was subverted in 1834 in a bond-trading scam that went undetected for two years. Cold-callers run cons by telephone. The internet, with billions of users and unlimited processing power, is the most powerful network of all. It was bound to become the focus of wrongdoers.
That does not mean it should be wrapped in red tape. Openness online is especially valuable because it allows “permissionless” innovation. Anyone can publish an article, upload a video or distribute a piece of software to a global audience. Freedom from the responsibilities that burden other media companies has served as a boost for a nascent industry.
But the days when the technology firms needed nurturing are long gone. In the past decade they have become the world’s most valuable companies. As their services have reached deeper into every aspect of everyday life, online activity has gained more potential to cause offline harm. For every Spotify there is a WannaCry.
Technology firms complain that this combination of novelty and commercial success makes them a convenient target for politicians, some of whom seem to regard regulating the internet as a shortcut to solving complex social problems such as hate speech. Eager to protect their special status, technology firms have emphasised that online recruitment is only part of the terrorist threat. Besides, they say, they are platforms, not publishers, and that they cannot possibly monitor everything.
Yet the firms can act when they want to. Before Edward Snowden exposed them in a huge leak in 2013, they quietly helped American and British intelligence monitor jihadists. Whenever advertisers withdraw business after their brands ended up alongside pornographic, violent or extremist material, they respond remarkably quickly.
As with car accidents or cyber-attacks, perfect security is unattainable. But an approach based on “defence in depth”, combining technology, policy, education and human oversight, can minimise risk and harm.
Often, commercial self-interest gives an incentive for the technology companies to act. Although fake news is popular and engaging, and provides opportunities to fill advertising slots, it is bad for the technology giants’ reputations. Accordingly, Google and Facebook are doing more to cut off fake-news sites from their advertising networks, build new tools to flag dubious stories and warn readers of them, and establish links with fact-checking organisations.
When self-interest is not enough, governments can prod the firms to tighten up—as German lawmakers have, threatening huge fines. Under a voluntary agreement with European regulators, the big firms have set a target of reviewing (and, when appropriate, removing) within a day at least 50% of content flagged by users as hateful or xenophobic. The latest figures show that Facebook reviewed 58% of flagged items within a day, up from 50% in December. For Twitter, the figure was 39%, up from 24%. (YouTube’s score fell from 61% to 43%.)
The strongest measure is new laws. In 2002, for example, Britain made internet service providers (ISPs) liable for child pornography if they did not take it down “expeditiously”. The ISPs used a charity to compile a list of blocked URLs that it updated twice daily. The charity works closely with law-enforcement agencies in Britain and abroad. Similarly, American lawmakers have clamped down on copyright infringement.
It’s no longer 2005
As in the offline world, legislators must strike a balance between security and liberty. Especially after attacks, when governments want to be seen to act, they may be tempted to impose blanket bans on speech. Instead, they should set out to be clear and narrow about what is illegal—which will also help platforms deal with posts quickly and consistently. Even then, the threshold between free speech and incitement will be hard to define. The aim should be to translate offline legal norms into the cyber domain.
Before legislators rush in, they also need to think about unintended consequences. If internet firms are threatened with fines, they may simply remove all flagged content, just in case. Regulation that requires lots of staff to take down offensive posts will most hurt small startups, which can least afford it. Laws mandating cryptographic “back doors” in popular messaging apps would weaken security for innocent users. Bad actors would switch to unregulated alternatives in countries that are unlikely to help Western governments. They would thus become harder for the intelligence services to watch.
In the past, internet firms have tended to “build it first, figure out the rules later”. However, the arguments about terrorism and extremist content are a stark reminder that the lawless, freewheeling era of the early internet is over. Technology firms may find that difficult to accept. But accept it they must, as part of the responsibility that comes with their new-found power and as part of the price of their success.