Can AI help us identify and stop terrorist attacks?

Posted on

This is an abridged version of a presentation I delivered at the World Counter Terror Congress in London on 4 May 2017.


Since leaving the intelligence world in late 2014, I’ve researched and written about counter-terrorism. My primary focus has been a controversial and misunderstood area of modern day intelligence practice – how big data and counter-terrorism inter-relate. Today I’m going to be looking at one specific element of this subject – how intelligence agencies might use artificial intelligence to help navigate the ever-growing data pool they’re faced with.

It has the potential to be a complex subject matter. I’m going to try to keep it as simple as possible, and focus on the implications for practitioners, not the technical ins and outs.

I want to briefly answer three quite big questions:

  • Firstly, why? What elements within the current counter-terrorism climate point towards the need for AI?
  • Secondly, how this might work in practice? I’m going to focus specifically on one element of counter-terrorism, covert online interaction with extremists.
  • And finally, I’ll look at the advantages but just as importantly, disadvantages associated with this approach.

Current CT climate

We all know that that the current size and scale of the Islamist terrorist threat is unprecedented. And that the events of the past 5 years in Iraq and Syria will resonate for decades to come.

Most importantly in the context of today however, the past 5 years have seen a fundamental shift in the way terrorists communicate with each other. And how they communicate with the rest of the world.

Slide 3 Read the rest of this entry »


Why Australia might be on the right encryption-cracking track

Posted on

This was originally published on 18th July 2017 by the Lowy Institute for International Affairs, Australia’s leading foreign policy think tank.

Much of the reaction to Malcolm Turnbull’s press conference last Friday has cast his comments as the latest, and possibly worst example of political technological illiteracy. And just another instance of anti-technology bluster and rhetoric without any firm policy foundation.

Based on the level of detail and technical understanding the Australian Government has revealed so far, this is an understandable assessment. But reading between the (admittedly very blurred) lines, I would suggest that an eventual policy destination is slowly emerging.

Before assessing this policy proposal, there are three broad questions that need to be answered: What problem is the current policy approach not solving? Is what is being suggested feasible? And if so, will it address the problem?

The status quo

Firstly then, why all the rhetoric? Because, despite significant investment and a series of legislative changes, Australian law enforcement agencies are unable to access communications content, and increasingly, communications metadata in a timely manner.

The former challenge, particularly in relation to encryption, is not new. What is new is the combination of ubiquitous end-to-end encryption, and easy to use, free communication apps, that are typically hosted and headquartered outside of the reach of domestic law enforcement agencies. Read the rest of this entry »

Life after ISIS: how jihadis struggle to find work

Posted on

This article was originally published on 30 June 2017 by UK online newspaper iNews.

Earlier this week, Swedish daily newspaper Expressen published a series of interviews with former jihadis, focusing on their struggle to find work on their return to Sweden. Particular challenges included explaining long gaps on their CVs, and the ease with which potential employers could find undesirable photos of them online.

As was quickly pointed out, they are not the first group of 20-somethings to wrestle with these challenges, even if explaining away a photo with an AK-47 and dead Syrian soldier is slightly trickier than most ‘gap year’ returnees.

Unsurprisingly, they have attracted little sympathy. Youth unemployment in Sweden (as in much of the rest of Europe) is high; surely individuals who provided military support to a barbaric terrorist organisation should be at the bottom of the list? And more obviously, why aren’t they in jail, rather than complaining about their employment prospects?

Unfortunately, the reality of prosecuting returning foreign fighters is far from straightforward.

Firstly, there is often a significant gap between what intelligence agencies know about an individual, and what they can prove in court – reports from human intelligence assets or technical intercept are typically inadmissible as evidence. Secondly, foreign fighters have become savvier about what they share online, and about ensuring they leave behind electronic devices before returning to the West. And finally, even where a returnee slips up, it often only provides evidence of travel to Syria or Iraq, not involvement in terrorist activity.

As a result, Sweden, like the UK and much of the rest of Europe, is faced with a large number of returned foreign fighters but somewhat limited options when it comes to immediate prosecution. In the UK for example, approximately 400 foreign fighters have returned, each of which potentially has the skills and battlefield experience to pose a significant terrorist threat.

In parallel to attempting to build a prosecution case, authorities have two options, monitoring and rehabilitation.

As we’ve so painfully discovered since March 2017, there are limits to the number of individuals that law enforcement and intelligence agencies can monitor at any one time. Due to the inflated threat they pose, returnees will typically be near the top of that target list. But with new leads or threats emerging on a daily basis, monitoring is a resource-intensive threat management tool, not a solution.

Which is why countries across Europe – notably Denmark, Sweden and Germany – are combining prosecution and monitoring with returnee rehabilitation programs, offering returnees an exit strategy from violent extremism. Central to which, are employment opportunities.

The logic behind these programs is clear – reintegrating foreign fighters into society is cheaper than the alternatives of ongoing monitoring or a costly prosecution. And if done well, they theoretically provide a long-term solution, not a temporary band aid.

It is still too early to assess the success of most of these programs, but that remains a very big ‘if’. And despite the potential benefits from both a resources and risk perspective, this story illustrates that any attempt to operate them at scale is likely to face significant (and understandable) opposition.

Trump and the Russians: Why the ‘leak of the leak’ is so damaging

Posted on

This was originally published on 18 May 2017 by the Lowy Institute for International Policy, Australia’s leading think tank.

As more details emerge about Donald Trump’s meeting with a Russian delegation last week, it appears that the worst fears of Israel’s intelligence agencies have been realised. While discussing the ISIS threat to aviation, Trump reportedly shared information identifying the source of recent reporting – an Israeli human intelligence asset.

Media reporting suggests that this intelligence had previously been tightly held within US Government circles. And that the full extent of the reporting had been withheld, even from the rest of the Five Eyes partnership.

On the face of it then, blurting out critical details in an attempt to impress Russia, a close ally of Iran, is about as bad as it gets. A former head of the Mossad has already suggested that Israel would think twice before sharing sensitive intelligence with the US in future.

As with all things Trump-related, it can be difficult to cut through the hyperbole. So just how big an issue is this? Read the rest of this entry »

What’s App, encryption and intelligence agency access – quick comment

Posted on Updated on

The weekend before last, UK Home Secretary Amber Rudd did the rounds on the Sunday morning political chat shows, in the wake of the Westminster terrorist attack. Her comments around encryption, tech companies and their role in the fight against extremism and terrorism have (as she no doubt intended) dominated the news cycle and shaped the public post-mortem into the attack.

In response, I tweeted some initial thoughts, which I’ve included below in a slightly less condensed format:

As many have observed, Rudd’s comments appear opportunistic at best, given what we know about London attacker so far. Most obviously, as he wasn’t under active investigation, access to What’s App or other encrypted services would have been irrelevant in his specific case.

Her comments and the reaction to them are however, yet another example of the simplistic debate that surrounds the encryption issue, and help to conflate different aspects of the problem.

Access to encrypted communications differs pre, during & post investigation. In the context of the Westminster attack, only the latter appears to apply. The battle between the FBI and Apple over the iphone of the San Bernadino attacker also falls under this category. However, Rudd’s reference to ‘terrorist communications’, presumably therefore refers to  those under investigation.

Few would argue that the UK authorities should be able to access these communications. But in terms of approach, accessing the communications of known terrorists is very different to making an assessment of potential leads. In the former example, the authorities have options beyond direct warranted access; these aren’t easy, they require significant resource, and most importantly, they are not available to all agencies, most notably law enforcement bodies.

But given the range of powers in the IP Act, and how recently it was passed, it is hard for Rudd to argue that the UK is ill-equipped to counter the threat of known terrorists.  Read the rest of this entry »

London attack: Tragic and widely predicted

Posted on

This was originally published on 24 March 2017 by the Lowy Institute for International Policy, Australia’s leading think tank.

Yesterday’s tragic attack in London was both predictable and widely predicted.

Since August 2014, the UK terror threat level has been ‘severe’, meaning that an attack is highly likely. The UK Government had repeatedly and very publicly warned of the likelihood of a terror attack, while preventing at least a dozen attacks over the last year alone. And a series of similarly low tech attacks across Europe over the past 12 months highlighted the deadliness of this attack methodology. This attack had been imminent for quite some time, postponed by the best efforts of the UK authorities.

And yet, the target and timing of the attack resonated. This was an attack in the heart of London at the home of British politics. With much of the UK media in attendance, news coverage was instantaneous and comprehensive.

What was immediately evident was that while the attack came as a surprise, UK authorities and emergency services were well-drilled and well-prepared. Carefully worded statements were quickly released to the media. Transport plans kicked in, minimising disruption across the capital. And most obviously, the attacker was swiftly incapacitated. By early evening, a visitor would have found little out of the ordinary beyond an increased police presence, frequent sirens and temporary cordons around Westminster.

This return to normality is a reminder that for all of the shock of yesterday’s attack, London (and parliament) has been here before. Read the rest of this entry »

Taking the terror out of terrorism

Posted on Updated on

This was originally published in 3 parts between 17 and 19 January 2017 by the Lowy Institute for International Policy, Australia’s leading foreign policy think tank.

The current terrorist problem is, by most metrics, larger than ever.

There have been four successful terrorist attacks in Australia since September 2014. Outside of Australia, terrorist attacks are occurring more frequently and killing greater numbers. While the large majority of these have taken place in just a handful of countries, in 2015 and 2016 there were multiple attacks in Europe; South and Southeast Asia; North, West and East Africa; and North America.

Yet the terrorist threat is more than just the attacks that actually transpire. The actions of counter-terrorism authorities have thwarted planned attacks and prevented other terrorist offences from taking place. As a result, arrests associated with disrupted attacks, attempted travel to terrorist hotspots and other terrorist offences have become a frequent occurrence.

Thousands of individuals are currently under investigation for potential terrorist activity. In Australia, ASIO estimates indicate that almost 200 Australians are actively supporting Islamic State, with a further 110 overseas fighting in the Middle East.

The escalation in terrorism-related activity means that counter-terrorism is both a higher priority for governments, and of greater concern to the general public. As a result, governments across the world are communicating more frequently about terrorism and counter-terrorism. Read the rest of this entry »