10 March 2021

Online Extremism and Terrorism Researcher Security and Privacy: Some Practical Advice

By Dr. Maura Conway

Fortunately for Western scholars, as pointed out by Berger, “[t]o date, jihadist extremists have not systematically targeted researchers for potential violence outside of conflict zones. Indeed, groups such as al Qaeda have often sought to benefit from adversary research.” But as also pointed out in the same report, “[a]s research increases on right-wing movements with a larger and more diffuse presence, researchers may need to be more conscious of potential threats closer to home.” Aside from posing physical dangers to researchers, both jihadist and right-wing extremists have been known to engage in networked forms of abuse, some of which also have the potential to spill over into ‘real world’ settings.

Researcher online harassment and other forms of networked abuse can take a variety of forms, including ‘doxxing’ (i.e. posting individuals’ private information online oftentimes accompanied by implicit or explicit requests to use it for online and/or ‘real world’ harassment), ‘brigading’ (i.e. a group of users coordinating to ‘pile on’ another user for harassment purposes), and ‘swatting’ (i.e. making a hoax telephone call to emergency services in an attempt to have them dispatch heavily armed police—in the US, a ‘SWAT team’—to a particular address), which may also be used in combination. In fact, the extreme right have a long history of this type of behaviour, having carried out “perhaps the world’s first instance of doxxing” in the 1980s and employing swatting in their much more recent online harassment campaign against women in computer gaming known as ‘Gamergate.’

Suffice it to say, there is no way, if researching extremism and terrorism, to definitively avoid becoming the subject of such harassment and abuse, but there are ways to seek to get out ahead of it.

The most important first step, in terms of ensuring your own safety, that of your PhD students,’ and/or your team, is preparation. The following remarks by Mertus are in the context of ‘real world’ field research in conflict settings, but apply equally well to online research:

…academic researchers should remain cognizant of their mission—as defined by their own research plan—and become knowledgeable of how their research intervention is likely to be perceived. In addition, regardless of the scope of their mission, they should have a foundation of knowledge of the conflict (actors, history, patrons, etc.) and endeavour to understand the most likely threats to be encountered on the ground. The process of gaining and weighting this kind of information is known as a ‘situational analysis’ and ‘risk assessment.’

In addition to gaining knowledge of the “actors, history, patrons” of whatever type of online space(s) and extremism(s) you are planning on researching, familiarising yourself with, among other things, the functions and affordances of those platforms and the sub-cultural language and symbolism employed by users in those spaces is also advisable. This should allow for informed decision-making on the most appropriate and safe means of data gathering. The utilisation of security-enhancing technologies may also be necessary (e.g., VPN, encryption, pre-paid mobile telephone/SIM).

A useful example of such a situational and risk analysis is provided in Barratt and Maddox’s detailed accounting of their “preparation for entering the field” in their article on their ethnographic research on a ‘Dark Web’ drug use cryptomarket. In the event Barratt and Maddox decided to identify themselves as researchers from the outset and gained support from a forum administrator for their recruitment of research participants. On the other hand, the utility of continual monitoring and awareness of security risks and the inability to ever wholly rule these out is evidenced by “graphic death threats” being directed at Alexia Maddox in the course of the same research.

Detailed information on protecting your online security and privacy is available from a variety of sources, including particular guidance prepared for and by activists and journalists as they experience many of the same issues faced by researchers in our sub-field. See, for example, Berlin-based Tactical Tech’s ‘Data Detox Kit’ and PEN America’s ‘Online Harassment Field Manual.’

Having said this, there are a small number of resources targeted directly at researchers; Data & Society’s best practice guide for those likely to be subjected to online harassment is chief amongst these. The brief text’s researcher-focus means that it includes sections containing specific recommendations for departments and institutions, advisors and senior faculty, supervisors, and individual researchers. One of the document’s main takeaways is not to ‘go it alone,’ but to reach out for support from colleagues, supervisors, your institution, and potentially professionals.

Data & Society’s Marwick, Blackwell and Lo also provide a list of basic cybersecurity measures that researchers should take to shore-up their online defences, including Googling yourself, setting-up two factor authentication on your various email and social media accounts, utilising a password manager, and the like. A more individually tailored cybersecurity offering is provided by the University of Toronto’s Citizen Lab’s regularly updated Security Planner tool, which allows users to get personalised online safety recommendations through answering a series of questions about their devices and related.

In the event that, all preparations notwithstanding, you are subject to a campaign of online hate and harassment and/or doxxing, there are also well thought through online guides on how to navigate these situations. See, for example, the Finnish Union of Journalists’ printable one-page primer on ‘Hate Campaigns: What You Should Do,’ and Crash Override’s ‘So You’ve been Doxed: A Guide on What To Do Next.’

Finally, online extremism and terrorism research may—in still relatively rare cases—unfortunately result in actual physical security concerns, which can call for a wide-ranging response, including high-ranking institution-level and law enforcement involvement. For individuals or, more likely, research teams or centres seeking to get out in front of that scenario, FrontLine Defenders’ Workbook on Security (2016) may prove useful for thinking through relevant issues.

Maura Conway is Moriarty Professor of Government and International Studies in the School of Law and Government, Dublin City University; Visiting Professor of Cyber Threats at CYTREC, Swansea University; and Coordinator of VOX-Pol, where she curated their Researcher Resources, including the section titled ‘Researcher Welfare 1: Privacy and Security.’

No comments: