In the hours after 14 people were killed in San Bernardino, Calif., a familiar voice celebrated the attacks on Twitter: “California, we have already arrived with our soldiers. Decide how to be your end, with knife or bomb.”That comment was posted from the 335th Twitter account of a pro-Islamic State group that calls itself Asawitiri Media. Twitter has repeatedly tried to cut off the authors of the account, most recently known to its thousands of followers as @TurMedia335, @TurMedia334 and @TurMedia333.
As soon as Twitter suspends one account, a new one is created. After the group’s 99th account was suspended, it taunted Twitter by creating @IslamicState100, posting images of birthday candles, cake, trophies and fireworks.Politicians and even some technologists say that account, and hundreds just like it, show how Silicon Valley’s efforts to crack down on the use by terrorists of social media have been toothless. And Washington is using the latest terrorist attacks to renew its calls for Silicon Valley to roll back the encryption in their products. On Sunday, Hillary Clinton, the Democratic presidential front-runner, called on tech companies to become more aggressive.“Resolve means depriving jihadists of virtual territory, just as we work to deprive them of actual territory,” she told an audience at the Brookings Institution in Washington. “They are using websites, social media, chat rooms and other platforms to celebrate beheadings, recruit future terrorists and call for attacks. We should work with host companies to shut them down.”But as the 335 versions of the pro-Islamic State Twitter account demonstrate, technology companies are dealing with a tenacious adversary. Also, when it comes to terrorists using encryption technologies to hide their communications — a frequent complaint of law enforcement — technology companies are quick to point out that of the top five encryption apps recommended by the Islamic State, none are American-made.Indeed, members of the Islamic State used technology created by a company in Germany to claim credit for last month’s attacks in Paris, and text messages discovered on one of the attackers’ phones suggested that the attackers were not even using encryption.Still, while the tech industry cannot block all terror content on the web, people who have battled other online threats say it could be doing more. They point to technology that has successfully eradicated large swaths of child pornography on the web, or even older tools for spotting computer viruses, as potential guideposts for blocking terror-related content.“When Twitter says, ‘We can’t do this,’ I don’t believe that,” said Hany Farid, chairman of the computer science department at Dartmouth College, who co-developed the child pornography tracking system with Microsoft. The actual task of identifying child pornography is managed by the National Center for Missing & Exploited Children.Mr. Farid said the same technology could be applied to terror content, so long as companies were motivated to do so. “There’s no fundamental technology or engineering limitation,” he said. “This is a business or policy decision. Unless the companies have decided that they just can’t be bothered.”The 335 pro-Islamic State accounts certainly did not escape the notice of executives at Twitter after it carried simultaneous death threats against Jack Dorsey and Dick Costolo, Twitter’s current and former chief executives. And its recent naming convention — adding one digit to a new account after the last one is suspended — does not seem as if it would require artificial intelligence to spot.Asawitiri Media also uses the same photo of a bearded man’s face over and over again, said Rita Katz, the director of SITE Intelligence Group, which tracks terrorists’ communications.“The bottom line is that Twitter is not doing enough,” Ms. Katz said. “With the technology Twitter has, they can immediately stop these accounts, but they have done nothing to stop the dissemination and recruitment of lone wolf terrorists.”In response, Twitter said it actively investigated potential terrorist threats. “Violent threats and the promotion of terrorism deserve no place on Twitter, and our rules make that clear,” a Twitter spokesman said. “We have teams around the world actively investigating reports of rule violations, and they work with law enforcement entities around the world when appropriate.”The White House on Monday also urged the technology industry to do more. “There should be common ground the government and tech can find to address this concern and make sure the American people are safe,” said Josh Earnest, the White House press secretary, echoing comments made earlier by President Obama.Conversations between government officials and tech companies have been going on for more than a year, but since the mass shootings in San Bernardino and Paris, “there has been a reintensified or reinvigorated engagement,” according to a senior administration official who spoke on the condition of anonymity.But some who advocate free speech argue that relying on companies like Twitter and Facebook to be more aggressive arbiters of what constitutes free speech puts those companies in a difficult spot.“We don’t believe that law enforcement should delegate their responsibilities to private enterprise,” said David Greene, director for civil liberties at the Electronic Frontier Foundation. “Especially ones that haven’t sought out that role.”In some cases, Internet companies have been criticized for not taking down websites that belong to the Islamic State, only to have it discovered later that the sites were critical of it. Matthew Prince, chief executive of CloudFlare, a San Francisco company, said that in one case Internet activists criticized his company for keeping several Islamic State websites online when, in fact, the sites in question were pro-Kurdish.
“It’s particularly risky to take a bunch of tech companies that are not certified policy experts and insert them into Middle East politics,” Mr. Prince said.Pulling all terror-related content is not always preferred by law enforcement. In several cases, tech executives say, they have been asked to keep terror-related content online so that law enforcement agents can monitor terrorist networks or because the content was created by law enforcement agents to lure terrorists into divulging information.The issue is thornier for companies like Facebook, in which the bulk of posts are meant to be private. “Do you want Facebook looking at over 1.5 billion people’s posts?” said Zeynep Tufekci, an assistant professor in technology policy at the University of North Carolina at Chapel Hill. “And if so, then for what?”Facebook primarily relies on user reports to ferret out terrorist accounts, but recently it has gone further. If the company is informed of specific terrorist activity, Facebook will take down the account as well as others similar to the one reported.Last week, it went a step further. Tashfeen Malik, one of two terrorists involved in the San Bernardino attacks, posted her public allegiance to ISISon Facebook just minutes before the shootings occurred on Wednesday. The post did not initiate any user reports to Facebook, and until now it had been unclear how the authorities were able to tie Ms. Malik to the post.According to law enforcement officials, the Facebook account that Ms. Malik used was linked to an email account she had used for many years. Facebook found the posting, reported it to the F.B.I., and removed it on Thursday.“We work aggressively to ensure that we do not have terrorists or terror groups using the site, and we also remove any content that praises or supports terrorism,” said Monika Bickert, head of global product policy at Facebook.A spokeswoman for YouTube said that it had policies prohibiting terrorist recruitment and content meant to incite violence and that it quickly removed those videos when flagged by users.A trickier issue is presented by the encryption deployed by Apple, Facebook, Google and a range of smaller services that thwart law enforcement’s ability to access a target’s communications, even with a court order.Companies say that weakening the encryption in their products would only make regular users more vulnerable to cybertheft and set a bad precedent for other countries to follow. What’s more, they note, there are plenty of encryption options not made by American companies and many of them are free.Addressing the topic on Monday, the White House urged Silicon Valley to find a compromise.“We are going to resist the urge to trample a bunch of civil liberties,” Mr. Earnest said in the White House briefing. But he added, “We don’t want terrorists to have a safe haven in cyberspace.”