Iran’s Crisis of Legitimacy
An Embattled Regime Faces Mass Protests—and an Ailing Supreme Leader
The suicide attack at a Manchester teen pop concert on Monday, which killed nearly two dozen people and injured many more, was the latest reminder that the Islamic State (also known as ISIS) is waging the most aggressive and effective worldwide recruitment and incitement campaign of any terrorist group in history. Although it remains unclear whether the bomber, Salman Abedi, a British-born 22-year-old of Libyan descent, was groomed by ISIS, many who have executed attacks in the West have been—often through the Internet. At the very least, Abedi was likely influenced by the contents of ISIS online propaganda, which has during the past year increasingly incorporated images of children killed or wounded in Turkish, Russian, and U.S. air strikes targeting the group in Iraq and Syria. Such images resurfaced only hours after ISIS claimed responsibility for this attack, in a photo packet produced by the media office of ISIS’ Furat “province,” and was distributed on Telegram Messenger channels managed by Nashir News, a group that has become the initial point of distribution for official ISIS propaganda.
Since mid-2014, ISIS has promoted a narrative, particularly in the propaganda tailored for their audiences in the West, that the group’s leader and self-declared caliph, Abu Bakr al-Baghdadi, considers allegiance to the group to be demonstrated not only in words but by action. This can take the form of either hijrah (emigration) to the “caliphate” in Iraq and Syria, to help defend and expand territorial holdings, or jihad, to be waged at home. In late 2015, ISIS shifted its efforts from recruiting Western fighters to petitioning them to launch attacks in the West. Months later, the group’s original spokesman, Abu Muhammad al-Adnani, who died in 2016, acknowledged during his Ramadan address just months before he was killed by a U.S. air strike that the barriers to making hijrah had grown too high for many in the West, insisting that targeting civilians in the United States and Europe was now “more beloved.” A spate of attacks ensued. ISIS has now claimed responsibility for more than a dozen of them in the West, perpetrated by both the group’s operatives and its supporters, many of whom were trained not formally in conflict zones but online.
For nearly three years, most ISIS propaganda has been distributed through popular file-sharing sites such as YouTube and Google Drive and then rigorously promoted on social media by accounts affiliated with the group. The usual line of attack by the U.S. government and American tech companies is to shut down such accounts. But simply suspending them is not an effective deterrent. In my exchange with ISIS members on Twitter, some considered an account suspension as a badge of honor that demonstrated their allegiance to ISIS. In April 2017, Nashir posted a flow chart to its Telegram channels, highlighting how ISIS encourages its support base to spread official propaganda pieces on easier-to-access spaces of the Internet rather than through the invitation-only Telegram channels and chat rooms. Specifically, the chart encourages distribution of this material using Twitter, Facebook, and YouTube.
Not only is taking down pro-ISIS social media accounts an ineffective strategy and an impossible battle to win, but since 2015, ISIS has also encouraged its supporters to use a variety of tools, including virtual private networks (VPNs) and specialized browsers such as Tor, to mask their physical locations when online. The pro-ISIS Electronic Horizon Foundation regularly provides updates on the best VPNs to use via its Telegram channels, and ISIS encouraged the use of these technologies in the tenth issue of its original French-language publication, Dar al-Islam, which was produced by al-Hayat, the media brand also responsible for the group’s flagship English-language magazine Dabiq. By using VPNs, ISIS recruiters and supporters can make it impossible for authorities to locate them while harnessing social media and file-sharing sites both to groom and mobilize would-be terrorists and to help the group broadcast incitement-focused propaganda materials. Aside from using such sites to broadcast propaganda and identify supporters, ISIS recruiters such as the British couple Junaid Hussain, who died in 2015, and his widow, Sally Jones, have used Twitter to circulate hit lists containing the names, home addresses, and other identifying information for more than 1,000 U.S. national security personnel. They have also tweeted home addresses for current and former directors of the Central Intelligence Agency, National Security Agency, and Defense Intelligence Agency. ISIS members have even crowdsourced threat campaigns against Americans. One targeted me the day before the shooting at Pulse, a gay night club in Orlando, Florida.
It need not be this way. There is a fairly simple solution that could severely cripple ISIS’ online recruitment and incitement operations. Social media and file-sharing companies could block much of ISIS’ passive and active engagements with would-be terrorists here in the West by allowing only verified account users to access their sites when using VPNs or Tor. Of course, this would elicit a loud outcry among many users—such as activists who depend on VPNs or Tor to shield them from authoritarian governments—but Alphabet, Facebook, and Twitter could easily address this issue by requiring nonverified users who insist upon or need to use a VPN to pay a nominal fee, such as $1.00 per month, through traditional payment methods. This recurring transaction would create a record that authorities could then use to more easily identify and locate those who are planning to commit or have committed attacks.
Such policies are not impossible to implement on Twitter, Facebook, YouTube, and Google Drive—or, for that matter, on Archive.org, which became a primary point of publication for terrorist groups’ propaganda long before ISIS split with al Qaeda. Wikipedia, which is hardly a tech innovator when compared with Google, Twitter, and Facebook, deters illicit activity by blocking people from editing entries if they use a VPN. Indeed, if an ISIS member or supporter wished to deface the Wikipedia page of U.S. President Donald Trump, just as Hussain and his associates in the ISIS hacking division did in 2015 to the U.S. Central Command's Twitter account, his or her IP address, and thus offline location, would be at risk of identification by the authorities.
If these companies and nonprofit file-hosting sites such as Archive.org are unwilling to take such measures voluntarily, intelligence officials could insist that policymakers call on the Federal Communications Commission (FCC) to require the social media and file-sharing industry to do so by invoking national security concerns. Last March in London, I mentioned such a solution at a conference on countering ISIS, hosted by the British Foreign Office. British officials and many others from U.S.-allied countries expressed their desire to see the FCC develop a simple set of regulations like the one I had suggested. They rely on the United States to set such policies since European nations, of course, do not have the jurisdiction to do so. Both private and public sectors, unfortunately, continue to demonstrate a penchant for deficient strategic analysis against Salafi-jihadist groups’ online activity.
This is a terrible oversight. As long as we continue to allow ISIS and other terrorist groups to hide out not just in the dark spaces of the Internet but also in easy-to-access social media and file-sharing sites, we are helping them to enhance their capabilities to influence the vulnerable, while ensuring that these groups will continue to pose durable threats to global security in the years to come.