In episode 60 of The Cyber5, we are joined by Tom Thorley, the Director of Technology at the Global Internet Forum to Counter Terrorism (GIF-CT).

We discuss the mission of GIF-CT and how it's evolved over the last five years, with particular interest on violent terrorist messaging across different social media platforms. We also discuss the technical approaches to countering terrorism between platforms and how their organization accounts for human rights while conducting their mission.

Four Key Takeaways:

1) The Evolving Mission of GIF-CT

GIF-CT combats terrorist messaging on digital platforms and is particularly focused on removing live streaming of violence. They were founded in 2017 by Microsoft, Facebook, YouTube, and Twitter to mostly combat advanced ISIS messaging efforts across their platforms, particularly after several high profile terrorist attacks were live streamed.

GIF-CT has grown to include 17 different technology companies that participate in the mission of combating terrorist exploitation of their platforms. Since ISIS has been degraded over the last three years, GIF-CT has expanded their mission to include supporting the United Nations Security Council’s Consolidated Sanctions List.

2) Behavioral Models as Opposed to Group Affiliation

Due to the fast adaptation and evolution of terrorism, GIF-CT has moved to track behavioral models of violence rather than attempt to focus on known terrorist groups. They built out an incident response framework to review emergency crisis situations using technology called “hash sharing.” Now, they are looking at expanding into:

• Manifestations of terrorist attacks just carried out
• Terrorist publications (Inspire Magazine by al-Qaeda) with specific branding
• URLs, videos, and images where specific terrorist content exists across platforms

3) Hash Sharing Across Social Media Platforms with Content

User created content is not associated with an identifiable individual, like an IP address generally tied to a device. When GIF-CT hashes videos, they not only use traditional MD5 hashes, but also use perceptual hashes, which are locality sensitive. These hashing techniques and different algorithms provided by the technology companies, allow images, videos, and URLs to be flagged and potentially removed from the platform in close to real time.

There is some new hash sharing technology that is being explored around PDFs. The need has been driven in part because malware is exploited because the backend code of the PDF is manipulated whereas terrorist manifestos are not, they are just content. Technology is being explored by GIF-CT where they can hash certain content strings in PDFs for alert.

4) Optimizing for Human Rights

GIF-CT hashing algorithms minimizes impact to human rights during emergency situations and differentiates between legitimate journalism and normal discord between people on the platform. GIF-CT goes through tremendous transparency initiatives that focus their algorithms on violence extremism.