The internet has for too long been a “safe space” for terrorists to communicate and spread propaganda, say politicians. That is about to change. Simon Wilson reports.
What has happened?
Following the terrorist atrocity at London Bridge last Saturday, Theresa May beefed up her manifesto promise to introduce greater government controls over the internet and how people use it. “We cannot allow this [jihadist] ideology the safe space it needs to breed,” she said. “Yet that is precisely what the internet, and the big companies that provide internet-based services, provide.” She then called on “allied democratic governments” to join together to regulate cyberspace and “prevent the spread of extremism and terrorist planning”.
It remains to be seen to what extent the London Bridge attackers were radicalised via the internet, or used online communications to plan their rampage. But her call should nonetheless be seen as part of wider shift in the approach of Western governments to controlling the internet with a view to dealing with everything from hate speech and extremist recruitment to online bullying.
How can the UK regulate cyberspace?
“Some people say that it is not for government to regulate when it comes to technology and the internet,” said May last month. “We disagree.” Her starting point is to introduce a law that all internet firms will be required to pay for advertising that tells people about “the dangers of the internet”. There will be a shift in the responsibility of policing content on the internet – particularly on social media – from the police force and from users to the platform providers themselves (the likes of Facebook and YouTube). The idea would be to introduce huge fines for firms that did not remove illegal material fast.
Are other states trying this?
The UK government will be closely watching the German government. There, new legislation will compel social-media sites to delete offensive material – hate speech, illegal content such as terrorist propaganda, and fake news – within seven days. They must also run 24-hour helplines for concerned users. Failure to remove posts would result in fines of up to €50m, if plans proposed by justice minister Heiko Maas are approved.
Will firms co-operate?
In the UK the Conservative manifesto made it clear that “it is for government, not private companies, to protect the security of people and ensure the fairness of the rules by which people and businesses abide”. Big tech isn’t going to get a choice. Social-media firms operating in Germany clearly get it: Facebook has already introduced a tool that lets users flag suspicious content, and the company is employing an extra 700 staff in Berlin to monitor flagged material.
And amid a spate of nasty videos of gruesome events posted on the site, chief executive Mark Zuckerberg announced last month that he wants Facebook to be a “hostile” environment for terrorists and that he is hiring an extra 3,000 people to monitor videos. Google (owner of YouTube) says it has already spent millions of pounds tackling the issues involved, and is working on an “international forum to accelerate and strengthen our existing work”. Both are likely to need to use their formidable financial and technological resources to do more, but it is clear that a significant shift in responsibilities is underway.
Job done then?
Not quite. This isn’t just about controlling publicly available content online. In the case of terrorism and all other criminal activity, it is also about accessing communications. Following the Westminster Bridge attack in March, Home Secretary Amber Rudd said that it is “completely unacceptable” that the police and counter-terrorist agencies were unable to access people’s messages on WhatsApp and other encrypted messaging services. “We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate.”
How can governments control that?
With great difficulty. WhatsApp, which is the world’s most popular messaging app (with more than a billion users), uses “end-to-end encryption” for all devices. Only the sender and recipient of a message can access the content, whether that is text, photos, videos or audio recordings. WhatsApp can’t read users’ messages, and end-to-end encryption means there’s no “back door” for eavesdroppers (be they MI5 spies or cybercriminals) to do so either.
Is there an easy solution?
No. To give governments access, WhatsApp would have to de-encrypt the service, thus making it insecure for everybody (and to many minds, pointless). That makes this issue far more complex than it looks. And even if WhatsApp (or Apple, or anybody else) removes encryption, criminals can simply move to a similar platform. In recent years the messaging service of choice for Isis has been Telegram (which it used to claim responsibility for last weekend’s attack), despite persistent attempts by Telegram (it says) to suspend jihadist accounts.
What does this mean for investors?
One reason social-media giants enjoy such bumper profits and free cash flows is that (unlike traditional media companies) their users create the content and there’s no need to employ a small army of editors to check it, says Lex in the FT. As political pressure increases, that competitive advantage will be diminished. There will either be greater regulatory oversight and sanctions, and/or the companies will be obliged to take much more responsibility for what is published. Either will mean increased costs – and lower returns.
“Political frustration has yet to manifest itself on the statute book. Even so, social-media companies should guard against complacency. Network effects protect them from competition. But a growing perception that they are better at paying lip service than taxes could create ‘safe space’ for governments to transfer the costs of policing cyberspace on to those who have profited most from it.” This is a – potentially very high – cost that few investors will have factored into their stock-picking decisions.