UK Labels Facebook A Terrorist 'Haven'

Critics Slam U.K. Government for "Posturing," Under-spending
UK Labels Facebook A Terrorist 'Haven'

A new U.K. government report has accused social networks of serving as a "safe haven for terrorists," inflaming what some observers see as already tense relations between the British government and Silicon Valley.

See Also: Top Trends in Cybercrime; 411 Million Attacks Detected in Q1 2016

The report, issued by Parliament's Intelligence and Security Committee, comes in response to the murder of British solider Lee Rigby in 2013 by British citizens Michael Adebolajo and Michael Adebowale. The two men attacked Rigby on the streets of Woolrich - a district in southeast London - as he was returning to his Army barracks, first running into him from behind with their car, and then attacking him with knives.

Parliament's report says an unnamed social network - later revealed in multiple press reports to be Facebook - "could have made a difference" in preventing the attack, if only it had flagged a December 2012 discussion, conducted using the social network, in which Adebowale told an extremist overseas codenamed "Foxtrot" that he wanted to kill a soldier "in the most graphic and emotive manner - because of U.K. military action in Iraq and Afghanistan."

A variety of U.K. government officials have blamed Facebook for not preventing the attack. "This company does not appear to regard itself as under any obligation to ensure that its systems identify such exchanges, or to take action or notify the authorities when its communications services appear to be used by terrorists," says MP Malcolm Rifkind, who chairs the Intelligence and Security Committee. "There is therefore a risk that, however unintentionally, it provides a safe haven for terrorists to communicate within."

But the committee doesn't hold the intelligence services responsible for failing to prevent Rigby's murder, despite cataloging a string of investigatory errors. "We do not consider that any of these errors, taken individually, were significant enough to have made a difference," Rifkind says.

Prime Minister David Cameron, who issued a statement in response to the report, says Internet firms must devote more resources to combating terrorism. "Terrorists are using the Internet to communicate with each other. We must not accept that these communications are beyond the reach of the companies," Cameron says. "We expect the Internet companies to do all they can ... It is their social responsibility to act on this." Cameron also announced that the U.K. government would spend an additional £130 million ($200 million) over the next two years to combat "lone wolf" terrorists.

Reached for comment, Facebook declined to discuss the report's conclusions or Cameron's comments. "Like everyone else, we were horrified by the vicious murder of Fusilier Lee Rigby," a Facebook spokesman tells Information Security Media Group. "We don't comment on individual cases, but Facebook's policies are clear. We do not allow terrorist content on the site and take steps to prevent people from using our service for these purposes."

Google and Twitter, whose monitoring practices were also discussed in the committee's report, didn't respond to a similar request for comment.

Silicon Valley Outrage

But the blame game has reportedly incensed many Silicon Valley executives. Furthermore, the report comes when relationships between U.S. technology firms and the British government are already strained, after Edward Snowden's leaks revealed that the National Security Agency and GCHQ - respectively U.S. and U.K. intelligence agencies - were hacking directly into the systems of Internet giants such as Facebook as part of a mass surveillance campaign. Earlier this month, meanwhile, the new director of GCHQ blasted social networks for facilitating crime, terrorism and child abuse.

"Given all the information they have, with and without our permission, it is outrageous that they should try and blame Facebook," one Silicon Valley executive tells the Guardian, speaking on condition of anonymity. "The conclusion of the report was: if only Facebook had been doing our job here."

Define Social Responsibility

Richard Barrett, a former counter-terrorism chief at MI5 and MI6 - which respectively focus on domestic and foreign intelligence - disagrees with the committee's finding that Facebook should have done more, noting that the social network's systems had automatically deleted eight accounts used by Adebowale, after flagging them as being used to "promote terrorism."

"I think it's very hard to talk about the social responsibility of a multinational company," he tells the Guardian. "I mean Facebook is operating in probably almost all countries in the world, so will that social responsibility vary do you think from the United Kingdom to, I don't know, Russia or Myanmar or countries like that? I think it's quite a burden to put on Facebook to decide where their social responsibility lies in all different circumstances."

Furthermore, should the U.K. government compel Facebook to give it direct access user data, Barrett says it's likely that terrorists would easily sidestep that monitoring by using encryption.

U.K. Seeks Direct Access

The committee's report notes that U.K. law enforcement and intelligence agencies say they have difficulty obtaining all of the data they want from U.S. social networks in relation to investigations. But Ross Anderson, professor of security engineering at Cambridge University, says the U.K. government's decision to blame Facebook for Rigby's murder may kill the government's chance of fostering a better working relationship, and finding ways to work around the logjam of requests for mutual legal assistance that are now sitting with the U.S. Department of Justice, owing to lack of funding from Congress.

"The spooks' approach reminds me of how Pfizer dealt with Viagra spam, which was to hire lawyers to write angry letters to Google," Anderson says. "If they'd hired a geek who could have talked to the abuse teams constructively, they'd have achieved an awful lot more."

Anderson says Parliament's report also conveniently ignores the fact that Facebook's investment in fighting crime trumps what the U.K. government spends, while Google and Microsoft outspend the U.K. government by a factor of five. "If GCHQ really cares, then it could always pay the Department of Justice to clear the backlog," he says. "The fact that all the affected government departments and agencies use this issue for posturing, rather than tackling the real problems, should tell you something."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network