Can Facebook Catch Terrorists?
A report published yesterday by the Intelligence and Security Committee of the U.K. Parliament prompted Prime Minister David Cameron to accuse social networks of harboring terrorists. It was the latest contribution to a high-profile campaign by the U.S. and its closest European ally aimed at getting tech companies to cooperate more closely with intelligence services. As the campaign progresses, however, it is increasingly clear the idea may be misguided.
“Their networks are being used to plot murder and mayhem; it is their social responsibility to act on this and we expect them to live up to that responsibility,” Cameron said. The report alleged that Michael Adebowale, an Islamic radical convicted last year for the murder of a U.K. soldier, Lee Rigby, announced his intention to commit the crime in an online exchange on an unnamed social network. The network failed to alert the authorities, though it had closed Adebowale's accounts in the past because its automatic system had tied them to terrorist activity.
According to the BBC, the network was Facebook. The authors of the Intelligence Committee's report asked the social network , and other major Internet companies, about communication monitoring practices. Here is Facebook's reply, as published:
– Facebook did not refer to an automated monitoring system in their response to the Committee, ***.
– Facebook told the Committee that they enable users to report “offensive or threatening content” and they prioritise the “most serious reports”, which may then be escalated to law enforcement as appropriate. They therefore rely on users proactively notifying Facebook of their concerns for any content to be reviewed.
My first guess was that Facebook told the U.K. something the company didn't want the public to know, which explains the asterisks. Facebook spokesperson Tina Kulow denied that, saying "the decisions on redacting were made by the government." She wouldn't share the original wording, though, saying that because the report hadn't been published by Facebook, it couldn't comment on the redacted parts.
So Facebook treats the content of our posts in some way that is known to U.K. intelligence agencies. I'm sure this is covered somewhere in Facebook's terms or policies -- but the asterisks are enough to tell me I should keep anything even mildly private out of my posts and messages.
It doesn't have to be a murder plot, either. Uber, the cab company, recently removed a three-year-old post that linked ride data with prostitution. Facebook Data Science Team's blog provides enough clues to see that Facebook has the capacity to track and analyze our activity, only, unlike Uber, it's too smart to brag about it.
The problem is that there's just too much information out there. The social networks complain they cannot analyze it all. "With so much content on our sites, it would be impossible for Google to manually review even a small percentage of it," Google wrote in its reply to the U.K. government's inquiry. "For example, users upload over 100 hours of video to our YouTube services every minute."
It's not that the social networks are unwilling to share all that content with intelligence services. The security services get access, only they also lack the resources to do much with the vast amount of data they gather. Here's how the U.K. report puts it:
The internet is vast – there are 204 million email messages sent every minute, 100,000 tweets and a million Facebook posts. GCHQ only has the capability to access a tiny fraction of this information, and resource constraints mean that only a very small fraction of that can ever be stored or processed.
The government agencies, as ever, feel uncomfortable without total control. They are trying to find a solution. Here's how, according to the report:
Attempts to solve the problem: ***
That should reassure users about the security of the data we post online, and the recent discovery of a sophisticated, probably government-designed spyware platform called Regin should help us feel even safer.
So what are Cameron and ranking Western security officials complaining about? The world is always going to contain a certain number of people with murderous inclinations. And there's no sure way to prevent a certain number of these people from acquiring the kind of experience and beliefs that make terrorists. Governments have never been able to do this because there is no way to plant a cop at every door. Even the most totalitarian of societies have repeatedly failed at detecting threats.
The social networks certainly have the capacity to see everything a specific individual is doing online, and so do governments through their ties with communication providers and those social networks, as well as through the use of spying software. An individual's only hope in this glass house is that no one will ever be interested enough to single her out.
The recent Global Survey on Internet Security and Trust, in which 23,000 people from 24 countries participated, showed that only 39 percent had taken steps to protect their privacy, such as using encryption, even though 64 percent said they were more concerned about their online security than a year ago. Given that attitude, and the questionable usefulness of encryption when you're under a government's magnifying glass, intelligence agencies and the ever-helpful Internet companies have excellent access to our private data -- but only when they know where to look.
This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.
To contact the author on this story:
Leonid Bershidsky at firstname.lastname@example.org
To contact the editor on this story:
Max Berley at email@example.com