Opinion | Thursday, 19th October 2017
'Law should force tech firms to invest in terrorism monitoring' says cyber security expert
Dr Mohammad Hammoudeh considers the comments of MI5's Director General
By Dr Mohammad Hammoudeh, Senior Lecturer in Computer Networks and Security, at Manchester Metropolitan University
In his talk on Tuesday, the head of MI5, Director General Andrew Parker, pictured below, was referring to Amazon selling bomb materials to terrorists.
Amazon was found linking potential bomb-making chemicals used in food production under the “frequently bought together” tab.
In my opinion, the indirect media-led accusation that Amazon is aiding terrorists by selling bomb making kits has some basis in truth.
Even though the products that Amazon sold are widely available in shops and other online store, Amazon’s algorithm that recommends product combinations should recognise dangers.
Moderating and tracking terrorists
On the opposite side, some experts argue that this logic dictates that Amazon and other sellers should employ bomb-making and chemical experts, which is an unrealistic expectation.
Instead, government’s security agencies should provide this information to, particularly, online sellers to integrate in their search pattern algorithms.
Online sellers are also expected to report such suspicious transactions to the authorities through clearly defined channels.
Moreover, experts argue that terrorists do not need Amazon’s algorithm to learn about the ingredients of a bomb in the presence of the ‘safe spaces on the Internet’.
Safe spaces on the Internet does not always refer to the darknet or applications that provide end-to-end encrypted communications.
For instance, Facebook is reportedly one of the favourite terrorist and criminals communication channels.
It is being used for spreading jihadist propaganda, exchange paedophile content and run scams and so on.
Under pressure from governments and media, in May 2017, Facebook announced that they will employ extra 3,000 content moderators - this is 1 moderator for every 666,666,667 users.
To put this further in context, every 60 seconds on Facebook: 510,000 comments are posted, 293,000 statuses are updated, and 136,000 photos are uploaded.
Huge technical and finance challenges
Clearly, the size of information being exchanged on web-based channels presents huge technical and financial challenges to technology companies such as Facebook and WhatsApp.
It also raises questions on the feasibility and effectiveness of automated- and human-‘surveillance’ activities. In Facebook case, there has been media report on the very poor work conditions of content moderators, for instance, they work long hours and underpaid, and outsourcing moderation to agencies.
I agree with that technology companies must have an ethical responsibility to stop terrorists and criminal groups. Moreover, I believe they must be obliged by law to invest in preventive and monitoring mechanisms an agreed percentage of their profits.
Tech companies must be obliged by law to invest in preventive and monitoring mechanisms an agreed percentage of their profits
However, the mechanisms of implementing these measures will pose critical challenges and questions that needs to be addressed:
1. How would security agencies measure the level of trust in technology companies and the rigorousness of their security mechanisms? How the relationship between governments and technology companies will be defined? Is outsourcing our security to technology companies the way forward? How to stop technology companies abusing surveillance rights? Most importantly, how can we draw a line between mass surveillance and preserving citizen’s privacy, freedom of speech and human rights? Is it feasible to monitor the ‘Internet’? How do we rethink key escrow encryption models in the era of end-to-end encryption and zero trust security models? How company surveillance would reflect on the competitiveness of technology companies? Who is ethically responsible to stop crime on the darknet?
All the above questions require governments and their security agencies to rethink their cyber-crime defence strategies.
Solution is to seamlessly share information
I believe the way forward to streamline the fight against cybercrime is to develop cross-domain security solutions (intelligence agencies, military, law enforcement, private sector, Internet service providers, academia, and so on) that allows seamless sharing and access of information/expertise between countries and various governmental/international stakeholders.
This necessitates more centralised cooperation at the regional and international levels to respond to threats in an effective and timely manner.
It is critical that technology companies are assured of a confidential relationship where suspicious activities is exchanged for intelligence and investigative goals.
Therefore, governments must work closer with technology companies who influence the future of cyber criminality to anticipate changes in technology misuse and criminal behaviours.