tv George Washington University Discussion on Encryption Technology and... CSPAN June 13, 2019 8:03am-9:05am EDT
morning and thank you all for coming on behalf of the director i would like to welcome you to george washington university. today we want to launch a reported two years in the making titled extremism inside the english-speaking islamic state because chamber. in many ways like i said at the culmination of two years of research with a cooperation with the library and the technology group researchers to my left have been collecting and coding more than 600-kilogram channels for about a year so today we are
going to dive into those findings which are available on the website. we have three panelists here a research fellow with the program who will talk about the first half of the report and follow closely by the presidential followed the program to talk about the remaining parts of the report and to the director at the mccain institute at the counterterrorism. we will do about 30 minutes presentation and then move to the question and answer. please feel free to reach out some things are in order and to
start off, staff starting from the top down to support the project from the first day of its inception and help us out through the various components thereafter. the rest of the program especially but was instrumental in helping us design the report and collect the data from the report and helping out the finished product as well as other colleagues who gave their insights and for the rest of the report which we are grateful for the scholarly technology group at the library as well as
helping out with the tool used for this report and without further ado a background behind this report and the project behind it as was the major findings and then i will turn to for over to my wonderful co-author to start off with folks that are less familiar it is an online instant messenger if you've used other platforms it's very similar there were three major differences that are important looking at white groups and specific make use of this and first there are a variety of communication options between a handful of accounts as well as groups that include as many as 200,000 members additionally there are channels
that broadcast an unlimited number of followers and in addition to the communications of others also internal filesharing. you can post an unlimited number of photos, videos, documents, audio files and voice recordings of the 1.5 gigabytes of memory which is twice that offered by some major social media companies as well as other application companies and third that is most commonly brought up each of those levels of communications each have a different level of encryption to them but potentially more importantly each channel or group can have a private auction being it can only be accessed and public auction that means it is searchable in telegram but not on the public web. also it offers a pledge to not share any information related to the data including government. the current assessment is for
the supporters and a lot of this came in the wake of the policies employed by social media companies and twitter, facebook, google and the like to sort of push islamic state supporters and their accounts and content off of platforms it's a question of the degree to the efforts which are concentrated on telegram. most famously it's been used in the guidance but most famously in brussels in 2016. it's a kilogram responded to
these efforts come as i said before, they have a pledge to not share any user information with third parties including governments. additionally, the decisions regarding content regulation are a little different than the providers. they will regulate any public content that they will not regulate in a private content including private channel groups or voice chats and secret calls. in august decision in response to the regulations we may disclose your address although they also note they've not taken that enforcement action.
between june of 2017 in october of 2018 date of a team of program research assistance we classify content using a number of quantitative and qualitative variables working with the tool developed by the scholarly technology group they are used to access channels and groups and external links to the telegram. how do they view telegrams features to build online
networks to the propaganda and guide authorization second, in which way do they balance the need for the broadest messaging and recruitment in the online and off-line space spaces as a following section of the presentation to present the findings. at the firsthe first question wt is the basic essentially how and why our analysis finds generally speaking they can be classified into five major categories and throughout the sample a major tactics are used. the most important by far for
distribution channels and groups. these represent a majority of the sample and these are used to distribute there is the distinctioadistinction made bete official and unofficial media directed by the central leadership in the distribution channels there's usually those type of sources it distributed only islamic state media propaganda and excluded any propaganda that wasn't produced by the media division. as while there is well there ie category that is instructional material across agrees with the
three major tactics in here illustrated days internal filesharing features. in addition to internal filesharing on the bottom left we have a joint link. the ones in blue are in between channels and groups and the ones leading to the sample demonstrates and maintains the degree of connection to which the groups and channels are all connected.
on the bottom right and i know it is difficult to read this is the third major tactic that we see which is distributing a lot of information pertaining to operational cybersecurity and the links used to access them. moving onto the next finding and this is sort of what we have termed the online extremist using digital communication technology. islamic state supporters must vote and make sure they are reaching out to the public at bt at the same time they are trying to protect their network so everybody is using encryption and maximizing services in order to protect their network from infiltration and takedown.
the problem we saw in the sample is they are a conflict with one another. on the one hand, the state supporters had a strong emphasis on privacy which the majority of the sample was comprised of climate channels as well as if you have the group features to that that is an additional 10% that comprises about 70% that isn't going to be regulated under its current policy. state supporters are deliberately choosing the groups to ensure the content and networks protect the viewers and using these groups hamstring is the ability to recruit. our mls is over on the right is over 40,000 badly fixed destinations out of the telegram and these are sort of the efforts of islamic state
supporters are using to ensure that the message is broadcast to the mainstream social media but also a range of the filesharing platforms that are included as well. when supporters do that they release information the telegram accounts and online such as an ip address. using some of this information is to be investigation to the state supporters this is how they are reacting to degree that was incurred in the time for code of the sample it covers the
time. so in which they lost the major stronghold. we found that they are focusing on the islamic states military activities and assure the resilience of the networks, supplementing the islamic states official propaganda with the media that follows the branding guidelines and makeup without being directly produced by the apparatus. then last developing new measures for the guidance of operations. we as a couple metrics to determine this first is the qualitative analysis content we found the topics within the same over the islamic states military activities and battles as well
as the affiliates on some occasions ended in the second one was the hash tag that you can see on the right. it's shared within the sample and we found as you can see that most of them with the geographic marker are centered and all of these are registering as top 25 as well as others that are outside from the islamic state affiliates. from the sample however any discussion of terrorist attacks on the west mirrors other studies have english-speaking supporters that are fundamentally engaged i do have
a couple of things to say for taking me on as a presidential followed in the fellowship program for the past few years i've been able to work as a program research for mobile doing my mastera whileduring myd it's been a great opportunity. one of the things i think is most interesting about the project is wh while we do have n and observations while we are collecting data.
they help us make a better picture of what's going on behind the screen looking at the criminal complaints to see how they did use telegrams first is the rising grassroots actors and second is a proliferation of unofficial or grade media and there is a distribution of operational structural material. first is the study representing the rise of grassroots actors arrested in the philippines the media kind of knows her as recruiting primarily books from india to come to battle to fight with the islamic state but it's talked about in a very different
light. a lot of people with and i will get back into that. karen was able to build a large international network but i'm going to highlight a few. on the top left he successfully traveled and if you read the criminal complaint is connected to 17 individuals so these criminal complaints are quite interesting and so she built this network and was pretty aggressive in her tactics for the central node in the ecosystem and has a public authority and got careless. she wasn't following the typical norms that you would see in the
space and people didn't always like that. they started a feud with her because she was within cybersecurity measures people began calling her a spy or trying to push her out of the space. it goes to show the second case study he embodied a proliferation of the media and was arrested in october and is known for are going to be on trial and the program would be best connected to the part of the anonymous media foundation
which is a great media group. we observed quite a few of these but we could only make our best assessment of what's going on behind the scenes. it's one of the ones we did observe but fortunately the complaints were detailed in how the media foundation worked providing a vital window into how one specific example of the media group updated. the criminal complaint details how the intentionally replicated and duplicated content takes videos to make new videos and this is something we often see kind of replicating the previous content. having had a whole structure of the hierarchy was different with test products through the different divisions before being published and translated into other more public spaces. it also shows how they use them to their advantage. where they would plan on twitter
to inject into the public discourse with decisions would be made without letting others groups know about things. the complaint shows that the media had a medium of connection this is demonstrated when the media tried to start a merger with another group and then they rescinded it when the we know hs
so another interesting thing about this case was the fact that the moniker continued to post after his arrest. so, this may have indicated that there were other co-conspirators working wit with him under that before or that other individuals pick up the moniker and began posting under that name after his arrest. that's one of the main challenges we face trying to do research here is the anonymity that it provides is very strong so it is difficult to know if people are acting behind one user name or if one can have many more people taking up. so it can be a bit of a challenge when it comes to combating exploitation of programs with moving towards pat, what do we do about this? we have the critical considerations coming from the report in the past two years of research. first is a large-scale shift
away from the program at the moment we assessed it is unlikely. it's a great combined with unique elements of social media where they can have a public broadcasting element as well as encrypted messenger so this unique feature is useful for the states. they also tried to jump to other platforms but maybe more secure, but until there is a viable replacement that has a lot of these combinations of encryption with a lot of user friendliness, it is unlikely. second is that the paradigm should shape our approach when dealing with extremist exploitation as telegram and online. so, the people that we have been observing our fast and adapting. so, instead of trying to take them from platform to platform, we think we should think a little smarter about how to limit and confine extremism. they should follow the
marginalization paradigm which is set up in a paper by two other researchers in the field which comes to confine extremism where number one they can't inject into the public discourse and law enforcement can still monitor them which brings us to the third consideration, which supporters are currently marginalized so this is the current assessment. it is publicly accessible that it is still separated from the mainstream social media so you can't get to the program by google or facebook. there will always be a window in because it is continuously trying to conduct outreach so because of that window as well come on enforcement are able to monitor and if we can get them there pushing them off the platform may not be the best plan of action so instead of the
consideration is that the government should encourage the programs to participate in the industry forms. they do monitor and take down content on the public channel and then they do this they see a lot of stuff going on so it would be great to have them share their insight to help other companies to their own moderation. for example if it identifies a new media group, they could alert other companies like facebook and twitter so they could identify on their own site. another area of cooperation is alerting smaller companies when they try to exploit or jump through their platforms so if we are able to see where they are linking to they could give a heads-up to other companies and say we are seeing a lot of supporters linked to your website and i would be another area of cooperation.
these wouldn't force them to change their stance on privacy or even get the governments involved in the profit moderation that enhance the processes that are already in place by industry leaders. the last line is the heavy-handed approaches are effective and consequential so while it may be tempting to say why don't we shut down or ban encryption, there are two examples of when countries have tried to do this. .. . >> and here are some takeaways
from my perspective go but in the academic works to be academically rigorous. >> this is a select few institutions this is happening so i consider to work at tw in this area as a go to destination for road scholars of their field so kudos for creating that architecture over the last several years. and then to thank you for this
study they have genuine policy relevance and in that vein to shape that informed policy and i don't say this lately and the national security realm there are plenty of areas where the comparative advantage that government has the available information is simply too great and the work done on the outside is interesting and informative but thinking of those fish shoes on - - officials but in my mind to hit that mark and it does so of the comparative
advantage in the direction of scholars because they have the time and the wherewithal in the resources to study the phenomenon and that delta between government in terms of data is nonexistent because they are looking at the same data of my colleagues would be looking at. this just underscores the degree of the genuine policy relevance because poe can do just as good of a job as anybody in government. the key tech away over that one - - take away is a continued operational
significance this isn't a platform used to recruit or spread the word or perpetuate the narrative i would take it as a given but what struck me was that i continued operational relevance that they could be engaged in activity leading to operational outcomes with those case studies and to underscore that is in pretty stark detail. there are any number more that are buried so you can assume that scope and scale beyond the case studies. those are important because it covers significant theaters with the united states and united kingdom and southeast asia in that first case study
but then isis continues to carry out or continues to represent global enterprise. most scholars would understand the physical defeat from iraq and syria does not change that reality. most scholars recognize that but it's important to bring that home to the public and broader policy even in the midst of the success against isis. so the last tech away one - - take away is that the roadmap provides for government with private sector engagement. and working with the technology sector and that comes with mixed 661 - -
success across the industry. so studies like this one will arm like companies like telegram we don't have to deal with the questions what can we release from the government what is classified and what is not this is publicly available data that it is in operational ways by terrorist organizations this is from the study authors thank you for the kind words they can also be shared from the team that you build there. so with that moderator prerogative i will ask a few questions.
>> i was struck the front page of "the new york post" at christmas so how important is the mix as ices loses territory with the propaganda is that the new normal for a little bit quick. >>. >> we started to look at the pell grant was the vast amount of grade media where you can see a pretty big spectrum from individuals where they have taken images and alternate in some small way to larger mashup videos to combine from other pieces for those outlets
and creations. so to conduct a study but it proves to be very difficult where that is built into the application. and then trace that back so the to figure out who is producing that and what impact it has. was also very difficult to tell one isis supporters differentiating between media outlets and content that is a trend we are seeing with the whole spectrum of the grade media outlet that does provide an interesting window to what
can be an example within the organization and that's something to look forward to and i hope other researcher on - - researchers will continue to study the impact. >> i will add that because you can imagine inside government that is devoted to the task of mapping formal isis structures of who what when where why for the purposes of understanding to enable disruptive operations that was incredibly hard and important work but also the tip of an iceberg. and to see what is happening
below that waterline and the operational significance. >>. >> can we talk about why they decide to go and what level of encryption? is it the right level and how does law-enforcement work its way around that quick. >> so the important thing here is to offer different communication options have different levels of encryption some of them are end to end encryption and actually i'm not cryptographer myself but the protocol that the telegram uses has been lambasted by
experts they call that homebrewing encryption i don't know about those assessments independently but what i will say there are certain portions and i remember this being a major concern that police and the e.u. cannot access the message the various attackers were using but there are also other hearts that could not facilitate and in some cases this desire to reach out to those platforms of internal communication is a benefit for those to infiltrate their operations at some point you
have to outreach that your parents tell you to never do that person could be a recruit or a detractor so there are advantages there to get a window into that. the other downside is one company has 1 foot inside the general ecosystem to access others. test test test test test. test test test test test. test test test test test. otherwise. >> i will open it to questions please raise your hand. don't be shy. . >> thank you for your research. >> i am a specialist that international consulting there is a lot of other intelligence you can gather from these
messages was there any common demographic information whether what you showed earlier with the national breach or age or how much can be trusted or not trusted one of the interesting things into it on - - on twitter you would see reporters posting pictures of themselves their bios or where they were from or their hometown. now we are seeing much more security where that information is protected so that is the trouble she was passing around personally identifiable information so we really don't see as much of that passed around because they are so concerned with operational security i'm sure
if you could talk to them you may be able to get some of that that we do not communicate with anyone so on that state level we are not seeing that information shared. >> thank you for the talk. i am a recent graduate from michigan state. so regarding how karen was outcast because of the misuse of operational norms what about sowing the distrust or using people not following those be leaked into the networks quick. >> yes. so your point of other examples the main example is the sharing of phone numbers
coming from the indian criminal complaint so that is the one verifiable fact we have on the backend people were accusing her of many other things to be connected to the arrest of other supporters. as far as having dad analysis or not coming from those primary sources that mean example is the sharing of phone numbers. >> my question is about the recent legislation proposed in the uk and australia having a more heavy-handed approach to content on the internet do you think policies like that will further marginalization paradigm and restrict
terrorist content sharing and recruitment? or do you think they will be ostracized and making them not use telegram or how that will be influenced quick. >> you can go first. >> one of the difficulties there is a very careful balance in one of the reasons we caution against these approaches like fight against social media providers it is very difficult to target them to a specific platform. one of the things is very hard to do is to be applied throughout any website that
doesn't follow those guidelines that have been reported in the uk or australia subject to the regulation. it's a good strategy if you try to implement the goal to get all terrorist off the internet altogether but that's not necessarily an achievable goal and why we deal with this them being on telegram in the first place is where the regulations were put into place against twitter and facebook, it's very difficult to just impact only those platforms so what ends up happening is those more skilled migrations that is an indication like the hot air and cold air in a room if there's more pressure than that migration will go to a platform that is not covered by whatever regulations are put into place. >> of course, they are feeling genuine public pressure in the
direction of the technology sector to have that ability is our government does tuesday first amendment can be used as a shield. i take the point that is made that in some ways pushes the users and places where we have more difficulty learning and getting value from what they do online. so if you are directing them to those platforms and working to exploit those platforms obviously there is a cap that work in places that they can spend and they spent on 15 platforms as opposed to five that makes the job harder that is not quantifiable.
>> it may shrink but mobilization is more concerning also. . >> i know this was a report on the english-speaking telegram but are there any insight you thought you could gather from your research or pontificate on the bigger arabic pitcher or french or german or other language official media? . >> the degree of interconnectedness of the languages is important and the great media picture as well these media outlets are changing original content and producing their own that is an artificial translation that is important for a couple of reasons because first it picks up the gap where previously
you have a media center or official outlets doing the bulk of the work to translate into different languages now it's outsourced to supporters the downside is translation but the upside is that it can reach into areas where the islamic state may not have that capacity before. the other thing we see in our sample even though english language we see intersections with the other languages but english is important as well in this context because that digital arena is one of the few it's also a jihadist lingo and an isis supporter in the philippines in nigeria or south america and washington d.c. may not be able to speak to each other fluently and arabic but likely they could
in english and that's what our sample gets to the english language is not geographically restrained. >> i have a quick question beyond the isis problems did you pick up anything anecdotally of the way other organizations are using telegram? . >> at the places we could get some insight was in dispute so they would foreword something else from al qaeda and then forward it into their channel and issue a critique so we could get some window of insight but also other detractors and the number of the shia militia groups iraq
and elsewhere are active on telegram with active reports that is beyond the scope of the report but they are migrating to telegram very similar with increased pressure from facebook and twitter and google to push them off their platforms that is something to consider even though it's not within the scope of our study. >> i am from the australian embassy i would like to commend you for the work you have undertaken and with it comes to legislating the material on the internet and
to relate to the christchurch some months ago. and for live streaming you have any reflections on how live streaming is used on telegram? . >> and then with that instantaneous reaction among supporters on telegram and not getting to in the presentation and the territory does not register either the content category because that type of
topic with the isis telegram groups to have supporters engaged with 24 or 96 hour time window with the news media is released but it doesn't do anything much like a major battle over the course over a longer period of time in terms of instantaneous reactions. >> we have time for one more question. >> that media was concerned with the centralization with the content produced so can you do research do you have insights on the relationship between those organizations
and those media accounts quick. >> and in the case study to show those rules and the writers group and that media foundation so i'm paraphrasing these rules to always follow those official announcements only published content and there were four of them so these rules allow a few guidelines to help the media foundation produce the propaganda and to stay within a couple of guidelines. that demonstrated the attempt to try to centralize or keep
them in line with the direct oversight or approval with publication was not there so to be free and able those mash up videos and we did see more of a connection but they had already begun the merger and told to rescind. so there are attempts with centralization within the foundation with those other groups and the criminal complaint does show. >> adding one more comment to that when central media releases a statement that it
is safe to assume at the grassroots level that is especially true of the centralization question and in response to the decentralization and from central media. and i can see a general the ctc study along with these regulations to come around that there were disputes at the grassroots level. >> one last question. >> thank you for their fascinating research and how
isis maintains our national security online. and then to be released 2018 by the foundation and then for the fact to be infiltrated online by security agencies for the group's reaction to that and that will be 30 more literally sending the pledge of allegiance online through text without online extension i was curious of how to maintain operational securities. >> and those categories of app
one - - operational security in the online arena but it is still security. don't talk to people don't directly message other people. don't to other people about making -- trying to conduct an attack. be careful of other people in groups. actually, one of our instructional material channel distributed a manual for basic operational security about how to avoid a tail, like someone driving behind you in a car or how to not drive through major roads that have cctv cameras on them when you're going -- operational security, things like that. the more important category is cyber security. that's -- use privacy maximizing services. we're not safe on telegram. agents are in here.
we've been infiltrated. not only use telegram, its encryption, but here's instructions how to download a vpn. here's how to use a secure email service. here's how to make sure you're not sharing other information you would be sharing on your telegram account somewhere else online. measures like that. >> we're going to leave the last few minutes of this program. you can watch it at c-span.org. going live to the house intelligence committee holding a hearing to examine the national security risks posed by artificial intelligence, also manipulated media and deepfake videos. this is the first meeting to examine deepfakes and ai developed synthetic data.