Ethical and Legal Issues Surrounding AcademicResearch

Of Online Terrorist Radicalization: A UKExperience

Ted W Reynolds *

*PhD Candidate, Department of International Relations, Universityof St. Andrews Tr235@st-andrews.ac.ukAbstract

There is a growing body of evidence that terrorists/terrorist groups have increased their use of the internet to include a move into online social network environments in their efforts to radicalize and potentially recruit and mobilize new members. Both the United States and United Kingdom governments acknowledge not enough is known about this phenomenon and there is an urgent need for more substantive research in the area of terrorist’s use of computer mediated communication. However, research in this area carries with it some serious ethical and legal concerns that cannot and should not be ignored. UK law makes it difficult for terrorism studies researchers and other academics to conduct this online research without potentially violating the law. Fortunately, with careful consideration of the ethical concerns surrounding the methods of data collection, and knowledge of and adherence to Data Protection laws, along with notification of proposed research to the proper law enforcement office to insure compliance with UK Terrorism Acts, it is possible to move forward with academic integrity and a reasonable assurance that you will not be charged and prosecuted for violations of the Terrorism Act.

Keywordsterrorist radicalization, internet terrorism, internet ethics, passive covert observation, UK Data Protection Act, UK Terrorism Act.

IntroductionAs western counter-terrorism efforts have limited the various

person to person avenues for the spread of extremist ideology by outlawing ‘hate-speech’ in public forums, mosques, and in print, as well as identifying and arresting known terrorist recruiters, these communications have been driven underground and the investment by extremist groups in on-line forums and websites, and the level of participation within these websites, has grown substantially (Weimann 2006; Amichai-Hamburger 2005). Increasingly, those arrested on suspicion of terrorism or those actually engaging in terrorist acts indicate they began their ‘journey’ by visiting extremist websites, participating in chat rooms, and watching extremist and/or jihadi videos. In the United Kingdom, Mohammed Irfan Raja and four accomplices were arrested in 2006 for downloading and sharing extremist material. It was found that the five young men had spent hours online in extremist chat rooms talking to other radicalized youths, and downloading jihadi material including an Al-Qaeda training manual(Casciani 2007). While some may claim that on-line activity cannot, on its own, radicalize someone toward engaging in jihad (Sageman 2004), others would argue that when an individual purposely seeks out and visits an extremist site he/she is on theroad to becoming radicalized (Jenkins 2007). The record of arrests and prosecutions in the UK provides further evidence of this phenomenon. In 2006 Aabid Khan was arrested and found in possession of material on computer drives that indicated he was engaged in promoting violent jihad in the UK and in the broader English speaking world via the internet and was convicted of three counts of possession of an article for a purpose connected with terrorism (Counter-Terrorism Division of the Crown Prosecution Service (CPS) 2008). In August 2008 Ishaq Kanmi was arrested and pled guilty to belonging to a proscribed organization, inviting support for a proscribed organization (viahis online activities), one count of collection and four counts of dissemination of terrorist material (CPS2009).

It is important to note, particularly given the focus of this research, that the practice of promoting violent extremism onlineis not unique to pro-Islamist/jihadi groups. In June 2009 Policearrested Ian and Nicky Davidson, members of the Aryan Strike

Force (ASF). According to the 2010 Counter-Terrorism Division ofthe Crown Prosecution Service report the ASF was “a neo-Nazi organization that promoted violence against Jews, Muslims, black people, Asians, and anyone associated with the British Government.” The ASF operated a website and it was through the online forum within this site where they offered various ideological and terrorist material for download. Following their June 2009 arrest, police discovered computer files with bomb making instruction and recovered a jar containing a quantityof ricin large enough to kill nine people. Another ASF case resulted in the arrest and conviction of Michael Heaton and Trevor Hannington who were found to be posting comments on the forum that promoted hatred of ethnic minorities and solicited murder. Hannington was also found to be in possession of and having had distributed online instructional videos for the makingof an improvised flamethrower which he suggested could be used toburn black people (CSP2010).

More recently, arrests have been made in connection with individual’s participation in more traditional social networking fora. In 2011 Phillip Burgess pled guilty to promoting violence on Facebook during the August 2011 riots. He was found to have made posts calling for riots in King Street, Manchester which happened later that day and posted offensive racial comments where he suggested “bring in the kkk”, in an effort to incite racial hatred. Similarly Martin Hortshorn was arrested and pleadguilty during this same time period of the riots for posting on Facebook his calls for the burning of “paki shops, takeaways, andIslamic Centers” (CPS2011).

In the UK, several extremist blogs and social network sites have come under scrutiny by the government and some have been shut down for their extremist activity. The English Defence League page has been closely monitored and sometimes interrupted because of the violent messages it contains, and some groups likeIslam4UK and most recently Muslims Against Crusades have had their groups and their internet sites proscribed by the UK government for their pro-jihadi messages. The potential danger of online radicalization is highlighted in the United Kingdom’s Strategy for Countering International Terrorism (March 2009). Noted within this document is the threat posed by “self-starting

networks, or even lone individuals, motivated by an ideology similar to that of Al-Qa’ida, but with no connection to that organization; and terrorist groups that follow a broadly similarideology as Al Qa’ida but which have their own identity and regional agenda. (p.9)” Further, the document goes on to acknowledge the role and impact of the internet in the “two way dialogue between their organizations and their actual or prospective members…that enables fundraising, recruitment, and some training and operational planning (p.41).” Previous actionby far-right/anti-immigration groups and recent calls by extremist Islamists to move out of their password protected chat-rooms and expand onto social network sites like Facebook and Twitter in order to ‘appeal to the masses’, just as they have used YouTube to spread extremist propaganda, is a disturbing development given the trend of online radicalization seen in recent arrests. The goal of the research project that is the basis for this article is to understand the impact of the extremist narrative and its component parts, as reflected in the discourse within these social networking sites, by developing collection and analytical protocols and tools toward facilitatinga multi-level statistical analysis, and culminating in the production of a PhD Thesis.

As a PhD candidate at the University of St. Andrews researching how terrorist/extremist groups utilize online social network sites (SNS) to further their radicalization and/or recruitment efforts, it became immediately evident during the research design phase there were substantial ethical and legal issues that would need to be considered and worked through. Having originally developed a collaborative relationship with theComputer Science Department at St. Andrews, the quantity and quality of the data we anticipated would be collected was greatlyincreased as compared to what would have otherwise been possible.However, due to the extreme nature of the material being researched, it became clear that much of the content that would be included and stored as a part of this collection would, by theletter of the law, be in violation of the UK Data Protection Act and more seriously in violation of the 2000 and 2006 UK TerrorismActs. As such, efforts were immediately made to incorporate into

the research design, collection and storage protocols that would insure compliance with the Data Protection Act. The issue of theTerrorism Acts was considerably more difficult to resolve and dueto the risk of being charged and prosecuted under provisions of these Acts, it was determined that no online target selection or data collection should/would take place until we were able to secure a liaison within law enforcement in the United Kingdom.

The result of these endeavors is a research design that incorporates data collection/storage protocols insuring the protection of individual identities in accordance with ethical guidelines and the UK Data Protection Act. Additionally, concerted efforts over several months resulted in the developmentof a law enforcement liaison that has provided a level of comfortfor all involved allowing the project to move forward.1 This paper presents the lessons learned from nearly one year of work to bring this research project to the point of beginning data collection. The efforts put forth by all involved have hopefullyserved to further facilitate the development of UK policy that will guide future online terrorism research and it is hoped that these lessons learned will assist others in their work and forward the ability of academics to conduct research in this important and growing field without having to spend months agonizing over these same issues. I would not presume to suggestthat this article is in any way a best practices guide. It is intended to spark consideration and debate on important issues including academic freedom and the establishment of ethical and legal guidelines in an important field of inquiry.

1 Accomplishing these important goals would not have been possible without the support, guidance and efforts of my supervisors Dr. Roger MacGinty and Dr. Jeffrey Murer, and Dr. Saleem Bhatti and Dr. Tristan Henderson from the Computer ScienceDepartment. Further, the support of Dr. Paul Wilkinson, whose passing is a great loss to the academic community, and others within the office of the Centre for the Study of Terrorism and Political Violence at St. Andrews was invaluable toward overcoming these obstacles.

Ethical considerationsThe growth in the use of computer mediated communications

(CMC) and particularly the use of social network sites like Facebook, Twitter, MySpace and others offer a new and unique opportunity for social scientists as well as other researchers tocollect vast quantities of data with comparatively minimal cost. When one considers the fact that out of 1.9 billion internet users worldwide nearly 900 million are members of Facebook, it isnot surprising that serious research is being done to understand the iterative effect these online social networks, and the groupsoperating within them, have on the individual user. The quantityand potential quality, as well as the cost effectiveness of collecting data makes it very alluring to acquire as much information as possible (Johns 2004, Buchanan 2004, Amichai-Hamburg 2005). However, it should be recognized that users of these social network sites and other blogs and chat rooms are nottruly anonymous. Increasingly, the amount of profile informationas well as the make-up of the individual’s social network makes it possible to identify even those who choose to operate using pseudonyms. As an example, most categories of personal information contained within the typical Facebook profile (birth date, political and/or religious affiliations, sex, and sexual orientation) is deemed to be sensitive personal information underEU law (Edwards and Brown 2009). As users integrate the use of mobile phone devices into their social network experience, identification of individual users becomes even easier.

The challenge is to identify that information considered essential to the research project and how this essential data canbe collected and stored in a manner insuring adherence to academic ethical guidelines, and EU/UK law to protect the individuals who would become the subjects of the research. More importantly, when research is being conducted into terrorist/extremist groups, where informed consent is not practical and would most certainly be counterproductive, the needto protect the identity of the users becomes an important ethicalissue and includes with it certain security risks for the researcher(s) that cannot be ignored. The following represents some issues which were considered important to the progress of the St. Andrews project.

Informed Consent One of the early challenges was to consider the implications of the well-established practice of obtaining informed consent from the participants prior to data collection. Ethical guidelines in social science have long held that when human subjects are involved, informed consent must be obtained. When research in online environments began, there was debate as to whether these online personas should be considered equal to human subjects given the perceived anonymity of the online users.This discussion is further complicated when these communications are being conducted in public chat rooms and therefore viewed as existing in the public domain and not considered private communications (Bruckman 2004). Add to this the nature of large social media or chat groups, where membership can be very dynamic(Ess 2007), and the practicality of informed consent become a major concern. Fortunately, these debates have led to a growing body of literature dealing with conducting ethical online research and the establishment of guidelines to assist researchers in this relatively new area of inquiry. While this discussion is not intended to be a comprehensive review of the online research ethics literature, it is meant to inform the reader of the literature and the issues that may arise when considering the issue of informed consent when conducting online research of extremist/terrorist groups. Under normal circumstances, the literature is consistent inthe need to obtain informed consent when collecting information from, or engaging with, subjects in online environments (Buchanan2011, Roberts et.al. 2004). Susan Barnes (2004) points out thatas early as 1993 in the Spring edition of Communications of the ACM, the Association of Computing Machinery (ACM) put forth an ethics statement indicating, “The ACM imperative clearly advises limiting the amount of information gathered, and seeking informedconsent of individuals whose information a researcher is

interested in using” (p.216). Further, the Association of Internet Research (AoIR) 2002 guidelines provide direction for the researcher. In the section on Informed Consent, it states that :

“Determining not only if, but when to ask for informed consent is thus somewhat context-dependent and requires particular attention to the “fine grained” details of the research project not only in its inception but also as it may change over its course.(p.6)”

Most recently, as online interaction has changed to more interactive formats existing in Web 2.0, the AoIR guidelines havebeen updated into “Ethical Decision-Making and Internet Research (version 2.0) Recommendations from the AoIR Ethics Working Committee (2011).”2 While these revised guidelines acknowledge the applicability of “traditional and established approaches (p.4)” is goes further to state that, “When the limits of those approaches are reached, Internet research calls for new models ofethical evaluation and considerations (p.4)”. Within the GuidingEthics Research Principle of these new recommendations by the AoIR lies the key regarding this project; that being the obligation to minimize harm to the research subject. By definingthe potential harm to those within the online environment, it wasthen possible to examine the question of informed consent objectively as well as practically. First, it is important to note that the research design was specific in that there would be not interaction with the individual users/participants within the online group. This was considered observational research to examine various patterns within the fora that might provide insight into the impact of these venues and their content. Second there was considerable concern that by making our research presence known we might be sanctioned from the group. This is not an uncommon practice, as is discussed by Hudson and Bruckman (2004) where they found that 2 The works cited page of this Version 2.0 provides an excellent starting point for further investigation into online research ethics. This list including a list of online resources can be found in Ess and Jones (2004).

when attempting to acquire informed consent within chat rooms by asking participants to opt out of the study they were kicked out (sanctioned) 72% of the time. When asking participants to opt-inthey were sanctioned 62% of the time. Their conclusion was that,“individuals in online environments such as chat rooms generally do not approve of being studied without their consent”…and that “the vehement reaction to many in our study indicates they the object to being studied (p. 135).” Given the inflammatory and potentially illegal nature of the communications within online extremist/terrorist environments, and the likelihood that requesting informed consent would result in being sanctioned fromany group that became a focus of this study, a determination was made that informed consent would not be obtained but that there was an obligation to develop protocols that would insure that no harm would come to those participating in the online group and their identities would be safeguarded.

Conducting passive covert observationThe Statement of Ethical Practice for the British Sociological

Society states:“(31)There are serious ethical and legal issues in the use of covert research but the use of covert methods may be justified in certain circumstances. For example, difficulties arise when research participants change their behavior because they know they are being studied. Researchers may also face problems when access to spheres of social life is closed to social scientists by powerful or secretive interests.”

The matter of informed consent was discussed at length in the development of the research design. Given the nature of the medium and the nature of the group(s) to be examined it was determined that informed consent was not practical for several reasons.

First, the extreme nature of the groups(s) to be studied made it clear that informed consent would have a negative impact on the continued free flow of dialogue within the group, thereby negating the value of the research. The ethical and legal implications of conducting covert research were taken very seriously and involved questioning the status of the participants

as real people given the virtual nature of the communications; how one could/would be able to determine if the data collection contained communications from minors; could one actually gain informed consent in a dynamic and continually changing environment; and if we were able to obtain informed consent, would we then be legally obligated to report any criminal activity or threats of impending criminal activity thus violatingthe confidentiality of the agreement. After lengthy and careful deliberation it seemed obvious that making our research presence known would be counterproductive to the goals of the project and could not only place the participants at risk of arrest but also potentially place this researcher and the team at risk of reprisals by the subjects (Amichai-Hamburger 2005).

Second, and to the issue of risk, while we considered these efforts to be virtual field work, it was acknowledged that it involved the communications of real people and was therefore viewed as conducting fieldwork in a dangerous environment. Making ourselves known to the subjects within these groups could have exposed those on the research team to physical danger in thereal world. The literature on conducting research in dangerous places discusses the need to remain covert and the possibility ofphysical reprisals if the covert researcher is discovered (Lee-Treweek 2000).

Third, given the choice of conducting passive covert observation or covert participant observation, it was decided that there should be no interaction with the subjects within the virtual environment and therefore the determination was made to conduct passive covert observation. This involved the establishment of pseudonyms that would allow access to the targetgroups without making them aware of our intent or placing the research(s) at risk. It was determined that engagement in the ongoing dialogue brought with it increased legal problems and by simply monitoring or lurking (Crystal, 2001), without participating, we could collect the desired information without risk of violating the law, beyond the actual collection of material which may be deemed in violation of the terrorism act (to be discussed in a later section).

Finally, the nature and function of certain online fora make it possible to spend a limited amount of time within the group on

a daily basis in order to collect the needed material. In some environments, with no interaction with the subjects, it is possible to access and store 24-36 hours of activity while being in the online environment for only a few hours per day. This ability to open and copy archived material is very advantageous as it greatly reduces the online footprint of the covert identityand makes it possible to collect data without risk of being identified and then sanctioned (removed) as a lurker or troll (Amichai-Hamburger 2005). Extreme groups are constantly on the lookout for those they consider to be ‘unfriendly’s’. Examination of one group’s website/blog revealed that the designated security officer for the group was able to identify trolls/spies within the group and went on to post the online identities of over a dozen individuals who were then sanctioned from the group (site withheld per 2006 UK Terrorism Act).

What can be collected vs. what should be collectedThe impact of this issue became clear when it was revealed

that what we could collect greatly exceeded the needs of the project and the more important question we should ask ourselves is what we should collect to achieve our research goals. This isa very important consideration when collecting data in online social network environments. Fortunately academic researchers are often required to submit research proposals to University Ethics Review Committees (UTREC) or an Institutional Review Board(IRB) that seek to insure the subjects of the study are protected. But does the fact that online users are not ‘identifiable’ reduce the need to protect the individual users? It is clear that modern data mining applications allow for the collection of vast amounts of individual data, especially when privacy settings on social network sites do not restrict access to personal information. Even then some programs are able to circumvent restrictive settings to access the personal data of the users. Fortunately, the UK Data Protection Act (DPA) provides guidance for the collection of what is considered ‘sensitive personal data.’

In this Act “sensitive personal data” means personal data consisting of information as to—(a) the racial or ethnic origin of the data subject,

(b) his political opinions, (c) his religious beliefs or other beliefs of a similar nature, (d) whether he is a member of a trade union (within the meaning of the [1992 c. 52.] Trade Union and Labour Relations (Consolidation) Act 1992), (e) his physical or mental health or condition, (f) his sexual life, (g) the commission or alleged commission by him of any offence, or (h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings. (DPA, 1998, 6)

Similar language is also found in Directive 95/46/EC of the European Parliament and of the Council of 24 October, 1995, also known as the Data Protection Directive (DPD 1995, 8)).

Therefore, in an environment where it is possible to collect such a vast amount of personal information, the researcher must determine for themselves what they can and should legitimately collect for their research purposes. Clearly, it is possible to collect more than is needed for most studies and there is an obligation to be sensitive to the rights of those who will becomeresearch subjects to insure academic integrity and secure/protectthe identities of the individual users.

Protecting identities and information Central to this discussion is why this data is considered

sensitive. Both the DPA and the DPD are clear that ‘personal data’ is that which is “related to an identified or identifiable natural person (DPD 1995, 8), “who can be identified from those data” (DPA 1998, 5). With the guidance of these provisions and the ethical considerations of identity protection due to the use of passive covert observation, it was determined that certain protocols should be implemented to provide the required protection while still allowing for the substantive collection ofdata within online social network environments.

These include: Anonymizing user names Only collecting and storing data that has been determined

critical to the project

Segregating/sanitizing the data into the packets that are required for individual analysis thereby removing individualidentifiers

Storing data on dedicated servers to avoid unintentional andpotentially intentional access of data by unauthorized persons

Having the researcher(s) complete the University’s Data Protection briefing to reinforce the understanding of the responsibilities and limitations

Insuring secure long term storage of the data after the project has been completed

As research into online terrorist radicalization in social network environments is not conducive to ‘informed consent’, these and other protocols, to be discussed later, were deemed sufficient to protect the identities of users on these sites. These protocols were included in the application for UTREC approval which was reviewed and found to be acceptable in the Spring of 2010.

Access to and storage of dataConsidering who should/would have access to the data, it was

decided that access to the raw data would be limited to those individuals who are listed as participants in the research project. Subsequently, any additional researchers who might havea need to come into contact with the data, as additions to the research team, should receive a DPA briefing and acknowledge by signature their understanding of the law.

Further, the data should be stored in such a manner as to prevent unauthorized access and/theft. This includes the storagemethods mentioned previously in addition to other precautions that may not be so obvious. It is common for researchers to copydata onto disc or portable drives to facilitate working from homeor when travelling. These practices significantly increase the risk that the data might be accessed by individuals who are not apart of the research team. Further, possession of this material,away from the confines of the University places the data at a higher risk of being lost or stolen. Beyond the dissemination ofprivileged personal information, which would be a violation of the DPA, depending on the content it could place one at risk of

arrest and prosecution Under the 2006 UK Terrorism Act which willbe discussed in a later section.

While care will have been taken to protect the identities of the SNS users, one cannot ignore the capability of others to reverse engineer the segregation/sanitation algorithms to access user identity. As such, researchers should consider the real value/danger of retaining a copy of the anonymized raw data beyond the point of its usefulness to the segregation/sanitation process. Once the data has been segregated into packets/variables for analysis and those variables have proved effective, consideration should be given to erasing the raw data to eliminate any possibility of user identification. While this may be viewed as extreme and even controversial, one should consider that simply being a user on these SNS’s does not, in most cases, equal criminality and that the ethical considerationsof identity protection are paramount. With the understanding thatthe data is being used for the purpose of researching terrorist radicalization, consideration should be given to how the researcher and the University would respond to law enforcement orintelligence agency requests to access or take control of the data. The erasure or destruction of the raw data, once sanitizedand packaged for analysis, could serve to mitigate this situation. Again, this is an area in need of thoughtful consideration during the research design phase.

Additionally, post analysis publications and presentations should take similar care to avoid disseminating ‘sensitive personal data’ for the same reasons. Researchers should consideronly providing graphic representations of findings, and avoid including strings of comments or other content that may be used to identify individuals. While the natural process of writing for publication might be to include content from the raw data to provide substantive examples of concepts or analytical findings, such practices are not only a risk to the research subjects but also to the researcher(s). If users of an extremist/terrorist group were to determine, by the material included in a paper or presentation, that their group had been infiltrated and monitoredfor the purposes of terrorism research, the researcher may have then placed themselves and others at risk. While this is certainly an extreme example, given the nature of the material

and the agenda of the groups being studied, the need to limit data access and dissemination cannot be ignored. There are also certain legal considerations that should be considered.

Legal implicationsAre researchers protected from prosecution under the auspices

of academic freedom when conducting terrorism research? The simple answer to this very important and often unasked question is NO. The 2006 UK Terrorism Act (UKTA06) is very clear that possession or dissemination of terrorist publications or content therein is a criminal offense. As the following excerpt shows, there is no protection for researchers and there is no discussionregarding any protection from prosecution based upon how one intends to use the material.

Terrorism Act 2006CHAPTER 11PART 1 OFFENCES2 Dissemination of terrorist publications (1) A person commits an offence if he engages in conduct falling within subsection (2) and, at the time he does so— (a) he intends an effect of his conduct to be a direct or indirect encouragement orother inducement to the commission, preparation or instigation of acts of terrorism; (b) he intends an effect of his conduct to be the provision of assistance in the commission or preparation of such acts; or (c) he is reckless as to whether his conduct has an effect mentioned in paragraph(a) or (b). (2) For the purposes of this section a person engages in conduct falling within this subsection if he— (a) distributes or circulates a terrorist publication; (b) gives, sells or lends such a publication; (c) offers such a publication for sale or loan; (d) provides a service to others that enables them to obtain, read, listen to or look at such a publication, or to acquire it by means of a gift, sale or loan; (e) transmits the contents of such a publication electronically; or (f) has such a publication in his possession with a view to its becoming the subject of conduct falling within any of paragraphs (a) to (e). (UKTA 06)

This opinion is reinforced by the comments of University and government officials following the much publicized and unfortunate arrest in May 2008 of Rizwaan Sabir, a graduate student in terrorism studies, and Hashim Yezza a member of the administrative staff, both from the University of Nottingham, under provisions of the 2006 Terrorism Act. This incident servesas a prime example of what can happen when researchers are in possession of material the government deems in violation of the Act, even when these materials are being used to support terrorism research. While both men were released without charges six days after being detained, their arrest and detentionhas had a chilling effect on the academic community. Further, itwould seem that even having university approval to conduct this research offers little protection against prosecution if law enforcement determines the research material violates the Terrorism Act, even when that material it is being used to understand terrorist radicalization within an academic environment.

Following this incident, Nottingham Vice Chancellor Sir CollinCampbell issued a statement saying, “There is no ‘right’ to access and research terrorist material. Those who do so run the risk of being investigated and prosecuted on terrorism charges. Equally, there is no prohibition on accessing terrorist materialsfor the purpose of research. Those who do so are likely to be able to offer a defence to charges (although they may be held in custody for some time while the matter is investigated). This isthe law and applies to all universities” (Times Higher Education,17 July 2008) These comments are reinforced by those of Oliver Blunt QC, Anti-Terrorism Team at Furnival Chambers in London, saying that while academics do have a right to access terrorist materials, the problem comes when the material is downloaded or copied and they then become in possession of that material. He said: "Once the researcher knowingly downloads or saves the materials that he is accessing, then he is in 'possession' of terrorist materials. There is no 'right' to 'possess' terrorist materials and, while a genuine researcher would be able to establish a defence, the evidential burden is on the researcher to do so" (Times Higher Education, 17 July 2008). Following these events, Dr. Rod Thornton, from Nottingham University

questioned the actions of the University and the Nottingham Police. Dr. Thornton is a lecturer in terrorism and international security and has been a staunch supporter of Mr. Sabir and Mr. Yezza, He has sought since the incident in 2008 toconfront the issue of academic freedom and other questions surrounding the handling of this matter by the university and lawenforcement. Dr. Thornton, who was Mr. Sabir’s supervisor, expressed his concern regarding the arrests and the implications they had for academic freedom. Following his continued protests and as a result of his authoring of a scathing 110-page article which was characterized as blowing the whistle on the failure of the University and law enforcement to protect the rights of Mr. Sabir specifically and academic freedom in general, Dr. Thornton was, in May 2011, suspended from Nottingham University. (Gaurdian.co.uk, 4 May 2011).

Therefore, it is clear that the downloading and possession of terrorist material places the academic researcher at risk of arrest, detention, and potential prosecution under the provisionscited in the 2006 Terrorism Act. But, does collecting content from online social network sites place one at risk? This is difficult to know without first evaluating the online content prior to collection, for even this ‘monitoring’ could place one at risk of investigation. It can be expected that if a terrorist/extremist group is using a social network medium or other CMC to radicalize and recruit potential members, these communications will include links to terrorist publications, videos, and speeches. By saving any of this content to your computer or printing copies of the content and placing it in a file for future reference, one would then be considered in possession of terrorist material and therefore in violation of the Terrorism Act . More recent announcements by the UK government to expand its communications monitoring to include “calls, emails, text and website visits of everyone in the UK” would suggest that even the process of evaluation by visiting these sites could place one under suspicion.3

3 “Email and web use ‘to be monitored’ under new laws’. http://www.bbc.co.uk/news/uk-politics-17576745 (1 April 2012)

Scenarios that can create legal problems for academic researchers

While the 2006 Terrorism Act makes possession and/or dissemination of terrorist material illegal, the 2000 Terrorism Act (UKTA00) Section 58, states that possession of such material is illegal if the individual were “found to be involved in the commission, preparation, or instigation of an act of terrorism. If charged with an offence under this section it would fall upon the researcher to prove that his/her possession of the article was not for a purpose connected with the commission, preparation or instigation of an act of Terrorism” (UKTA00, 31). Potentially, if the research data were to come into the possession of someone who was involved in the preparation or instigation of an act of terrorism, the researchers could face charges, requiring them to prove their innocence. This reinforces the need to tightly control the data.

As mentioned previously, the dissemination of terrorist material in publications, speeches, lectures, or conference presentations can also be considered a violation of the 2006 UKTA. Providing uniform resource locators (URL’s) for terrorist sites, social networks, and links to terrorist videos, speeches, and other propaganda found during data collection can all be considered violations and make one subject to arrest and detention. Care must be taken to avoid placing this content intopower point presentations, published works, and classroom content. Providing such content, even in an academic environment, could have unintended and devastating consequences for those who might take that information and begin their own research efforts or worse seek to engage in terrorist activity. In this scenario, a defence under Sections 57 & 58 of the 2000 UKTA would prove difficult.

Unauthorized access to the raw data or lists of embedded URL’sthat may contain terrorist publications, videos, and other propaganda could also be seen as a violation if sufficient measures are not taken to insure the security of the data. It isimportant to keep all data contained and inaccessible to anyone outside the research group. This would suggest that copying the data onto external drives, personal computers, or thumb drives should be expressly prohibited due to the possibility of theft,

or unintentional access. The law makes no provision for such inadvertent dissemination. Being the source in this scenario would make one subject to arrest and detention at minimum and potential prosecution under the UKTA. Any unauthorized data access or information theft should be reported immediately to lawenforcement for investigation and for the legal protection of theresearchers.

Clearly, conducting this type of academic research presents one with the decision to proceed without making any effort to contact and engage law enforcement or taking the time, during theresearch design phase, to develop a relationship/liaison who can offer guidance and some protection from being charged with terrorism offenses. Even though one is conducting legitimate research and would very likely be innocent of any charges, the potential for embarrassment not only to the researcher and his/her team, but also to the academic institution they are associated with is high and could be quite costly to one’s reputation and finances. Consultation with university legal staff should take place prior to beginning any data collection toinsure the approval and support of one’s academic institution in the unfortunate event legal action is taken against the researcher(s).

Conducting research without being at risk of arrest and prosecution

It is possible to conduct this research, collect and store data, and have a reasonable measure of comfort that you will not be arrested and charged with terrorist offenses. However, such ‘insurance’ requires considerable effort and diligence toward developing a liaison within law enforcement. Students, even at the post graduate level, should consult with professors and senior staff throughout this process. It is likely that any requests made by students will be scrutinized heavily and having the cooperation of research supervisors and staff can help mitigate concerns by law enforcement regarding institutional knowledge of the research. It is important that a log of all inquiries be kept by the researcher that includes dates, times, contact information including name, phone number, and/or e-mail address, notations of messages left, and notes regarding the

substance of any discussions. These will help in tracking progress and assist with informing a new contact who you might come into contact with in the future.

In my own case, several attempts were made at various levels of government in Scotland and the UK to engage law enforcement ina dialogue regarding the research project. While most calls and e-mails were well received, little progress was made in developing a liaison while various offices tried to determine thebest course of action or who had jurisdiction in this area. After several months of phone calls and e-mails we were finally directed to the ACPO Counter Terrorism Internet Referral Unit andafter a period of time a liaison was developed with the ACPO Counter Terrorism Internet Referral Unit (CTIRU). This formalized relationship came about as a result of multiple e-mails, a review of the research proposal, and a face to face meeting in London where we had the opportunity to meet and discuss the project scope and goals along with the efforts that would be made to insure the security of the data.

As a result, the research team at St. Andrews was able to secure a letter that characterizes the work as being a “significant piece of research.” It clearly stated that as long as the researchers on this project remain within the parameters of the proposal which described the collection, analysis, and final disposition of the data, we would not be “in breach of the law.” The letter goes on to state that no such assurance could or would be provided if a breach of the Terrorism Act was found to take place by a member of the team, including being reckless with the data or by disseminating proscribed terrorist material when presenting or sharing findings.

While it would certainly be desirable to receive up front immunity from prosecution, it is unreasonable to think that any agency/office would provide blanket immunity from prosecution forsuch research, and the research team at St. Andrews was satisfiedthat, as acknowledged by the CTIRU, the protocols set forth in the research design and their implementation would allow us to proceed without legal concern. Even though the time required to acquire such an assurance was lengthy, the degree of comfort it provides far exceeds the inconvenience and lost time. To be clear, none of these delays were a result of our communication

with the CTIRU. Once we were able to make contact with them, thedevelopment of a liaison and completion of the letter from them acknowledging our work went smoothly. Other risks

While this paper deals primarily with concrete issues surrounding terrorism research, there are some tangential problems that merit mentioning, if for no other reason than to spark more in-depth consideration and discussion. When conducting fieldwork or data gathering on extremist/terrorist groups in online environments the researcher should also be awareof the psychological risks involved with this work. It is important to consider the impact extended contact with extremist or terrorist material might have on the researcher(s). While it is easy to think one can remain academically neutral toward the subjects being observed and the material collected, long term exposure to distasteful and often hate filled subjects or material can pose a significant risk to the psychological health of the researcher. Lee-Treweek (2000) suggests that researchers conducting field work in dangerous or high-risk environments should be cognizant of the psychological risk, which could include the development of contentious or adversarial feelings toward the research subjects which could/would negate the objectivity of the research; cause distress as a result of continued exposure to distasteful or in some cases violent content that could have an impact on the physical as well as psychological health of the researcher; or in extreme cases the researcher could come to identify with the group being studied asa result of continued and unmitigated exposure to distasteful or extreme material (Lee-Treweek 2000). Finally, as is evidenced bythe actions taken against Dr. Thornton, one cannot ignore how ones research might be viewed by colleagues, superiors, and the academic community at large, and the impact such research might have on one’s academic career. There is a perceived risk to researchers with regard to the long term implications of conducting terrorism/extremist research which is considered outside the mainstream of academia (Lee-Treweek 2000). The concern for one’s career, as well as the potential for arrest/prosecution, cannot be ignored as additional pressure

points on the academic engaged in researching online terrorist/extremist activities.

Moving ForwardAs research continues toward understanding the impact of

terrorist/extremist activity in online environments it is essential that the ethical and legal issues be given serious consideration during the design and methodology phases. Understanding the difficulties inherent in this work to the online participants as well as the researchers will facilitate collection, storage, and presentation protocols that allow for substantive work without putting the research subjects or the researchers themselves at risk. As in-depth research of online content continues, it is hoped that future researchers will buildon this early effort to search for best practices in researching terrorist/extremist online environments. Working to develop ethical guidelines that not only protect the identity of the users, but also allow for substantive data collection and useful analysis toward understanding online radicalization and recruitment, will add to the credibility of the work and avoid charges of racism or persecution.

At this time, no specific guidelines exist within the university system to facilitate approval for online terrorism research and this is no doubt preventing valuable projects being done. The St. Andrews project has been able to move forward as a result of determined efforts by all parties involved who were/arecommitted to the seeing the research completed. An important step to reducing the time needed to have projects reviewed and approved would be to have data collection and storage protocols established that would provide continuity among the academic research community. Within the UK university system, data protection and storage policy could be standardized to address the ethical and legal concerns that are integral to this research.

The legal minefield that surrounds this topic cannot be ignored. Academics and students should be aware of the consequences of doing this research and make every effort to notify and build some type of liaison relationship with law enforcement. This effort should begin early in the research

design process so any concerns that may be articulated by law enforcement can be addressed in the final research design. At this time the biggest issue is the lack of law enforcement guidelines to assist academics who wish to conduct online terrorism research. What is needed is a national policy which addresses and resolves the omissions in the Terrorism Acts regarding academic research which is very likely preventing substantive work in the area of online terrorist activity, including the collection for analysis of terrorist publications and other content as described previously. If one is to understand the impact of this online content on the group and theindividual user, it is essential that one be provided a legal avenue for access to the data to be analyzed.

Communication with the CTIRU in October 2010 revealed that theOffice of Security and Counter Terrorism (OSCT) was working on draft guidelines for researchers to utilize in this area that will allow them to safeguard themselves and their teams from prosecution. At that time we were informed these guidelines werebeing subjected to multiple reviews with publication expected later in 2010. It was made clear, however, that neither CTIRU nor the OSCT are in a position to ‘approve or disapprove’ research projects. Further, neither of these groups are positioned to receive a deluge of requests for project review. Clearly, having a published set of research guidelines for onlineterrorism research would be a step in the right direction to allow substantive research into online terrorist/extremist activity without the concern of arrest and prosecution. The latest contact with OSCT (June 30, 2011) resulted in being informed they were aware of no OSCT guidance in this area and they thought that UK Universities were to have published such guidelines at the beginning of 2011. No further updates have been provided since June 2011.

A search of the OSCT website did turn up a HM Government report titled, Countering the Terrorist Threat: Social and Behavioural Science, How Academia and Industry can play their role. This report provides a verybroad overview of how academia can play a role mostly by seeking to work on government sponsored projects. In Section 3 “How to Get Involved: UK Academic Institutions”. It states:

“The UK’s universities are renowned for world-class research, and so have an important role to play in developing the social and behavioural understanding we need to protect the UK. In addition to working through the research councils,we are keen to engage directly with universities and other research establishments to ensure that we are making the best use of research in the UK. We use a variety of informal and formal contacts to achieve this, including academic liaison networking at conferences, issuing formal contracts for research work, open research calls and exploiting opportunities for joint workingon specific projects.”

In Section 3, “I’m in Academia or Industry with a Bright Idea, Who Should I Contact,” it states:

“The Office for Security and Counter Terrorism (OSCT) was set up as part of the Home Office in March 2007. It supports the development, direction, implementation and governance of CONTEST. It also delivers those aspects of CONTEST that fall to the Home Office. In relation to science and technology, including social and behavioural science, its role is to coordinate and direct research and development relevant to counter-terrorism. OSCT periodically releases open research calls in counter-terrorism science and runs the INSTINCT programme, which aims to improve the Government’s ability to be an effective customer of innovation. The Science and Technology Team at OSCT will help academics or representatives from industry access the relevant department and provide further information about research calls and INSTINCT.” Email: CONTESTscience@homeoffice.gsi.gov.uk

INSTINCT, the office of Innovative Science and Technology in Counter-Terrorism, was established in 2009 to engage academia andindustry to work on key science and technology challenges in counter-terrorism. It seems this is accomplished primarily through ‘calls for research proposals’ for review and acceptance by this office.4

Having found no UK University wide guidelines to direct researchers in this area the departments listed above seem to be those primarily responsible to directing academics in the area ofterrorism research. What remains elusive are published guidelines that will allow researchers to design and conduct research without having to navigate a bureaucratic minefield that4 More information on this office can be found at: www.homeoffice.gov.uk/counter-terrorism/science-and-technology/instinct/

creates significant delays and very likely dissuades some from researching in this area. Part of the reason for the writing of this paper is to promote awareness of this deficit and move the dialogue forward toward an agreed upon set of guidelines that will facilitate research in this interesting and important area of inquiry.

Finally, as an American PhD student at the University of St.Andrews, and a guest in the United Kingdom, it became a priority for me to work within the system to achieve the desired result toward facilitating this research project. Fortunately, my supervisors and others within the department were very supportiveof these efforts and we all worked diligently to have this project move forward. Some might suggest it is better to proceedwithout the preparatory work that we deemed necessary, particularly as it relates to notifying law enforcement, thinkingan apology after the fact would suffice to resolve the problems that would be encountered as a result of taking ‘short cuts’ to begin their work. Such an approach not only places the researcher at risk of charges and/or prosecution but also places their host university at risk of legal action and embarrassment. Additionally, foreign students and academics cognizant of their guest status in the UK should consider the benefit of working to develop cooperative relationships that will assist future researchers. Even upon returning to the United States it was determined that notification should be sent to the appropriate agencies within the US to avoid any confusion regarding the nature on this work and the online activities that would be conducted as a part of the project. Interestingly, but not surprisingly, the response to these notifications and requests for a liaison were not dissimilar from my experience in the UK.

This is not to suggest that academic researchers must become collaborators with law enforcement or the intelligence community in order to forward their research projects, or that academic endeavors in this area should be restricted to only government sponsored research. Quite the opposite, it is my desire that researchers be allowed to conduct online terrorism research, within established guidelines, outside the constraints and control of the government. However, preparatory efforts should be done to provide notification of proposed projects allowing for

a mutual understanding so manpower and resources are not expendedto investigate online activities that turn out to be legitimate research efforts. Hopefully, the development of university research standards and the publication of research guidelines foronline terrorism research by UK Universities or the OSCT will simplify the process and provide for more academic freedom, thereby encouraging more researchers to enter this field of inquiry, and facilitate a deeper understanding of how terrorist/extremist group utilize the internet to radicalize, recruit, and mobilize new members.

Works Cited:Amichai-Hamburger, Y., ed., 2005. The Social Net: Human Behavior in Cyberspace. Oxford:

Oxford University Press.

Buchanan, Elizabeth A., 2011. “Internet Research Ethics: Past, Present, and Future,” in

Consalvo, Mia and Charles Ess, ed., The Handbook of Internet Studies. Oxford: Wiley-

Blackwell.

Barnes, Susan, 2004. “Issues of Attribution and Identification inOnline Social Research,” in

Johns, M. D., Chen,S.S. and Hall, G.J.ed,. Online Social Research: Methods, Issues, &

Ethics. New York: Peter Lang Publishing.

Bruckman, Amy S., 2004, “Introduction: Opportunities and Challenges in Methodology and

Ethics,” in Johns, M. D., Chen,S.S. and Hall, G.J.ed,. OnlineSocial Research: Methods,

Issues, & Ethics. New York: Peter Lang Publishing.

Casciani, D., BBC News, “Students who Descent into Terrorism” 26 July 2007.http://news.bbc.co.uk/2/hi/uk_news/6916654.stm

Crystal, D., 2001. Language and the Internet. Cambridge, UK: Cambridge University Press.Directive 95/46/EC of the European Parliament and of the Council of 24 October, 1995.http://ec.europa.eu/justice_home/fsj/privacy/docs/95-46-ce/dir1995-46_part1_en.pdf

Edwards, L. and Brown, I., 2009. Data Control and Social Networking: Irreconcilable Ideas?.Harboring Data: Information Security Law andthe Corporation. A. Matwyshyn, ed., Sanford University Press.

Ess, Charles, and the AoIR ethics working committee, 2002. “Ethical Decision-Making and

Internet Research: Recommendations from the AoIR Ethics Working Committee.

Appoved by AoIR November 27, 2002. Available online: www.aoir.org/reports/ethics.pdf

Ess, Charles and Steven Jones, 2004. “Ethical Decision-Making andInternet Research:

Recommendations from the AoIR Ethics Working Committee” in Buchanan, E.A., ed.

2004. Readings in Virtual Research Ethics: Issues and Controversies. Hershey,PA.:

Information Science Publishing.

Ess, Charles, 2007. “Internet Research Ethics”, in. The Oxford Handbook of Internet Psychology.

Joinson, A., McKenna, K., Postmes, T., and Reips, U., ed. New York: Oxford

University Press.

Hudson, James M., and Amy Bruckman. 2004. “Participant Objectionsto Being Studied and the

Ethics of Chatroom Research.” The Information Society 20: 127-139.

Jenkins, B. M., 2007. “Building and Army of Believers: Jihadist Radicalization

and Recruitment,” Testimony before the House Homeland Security Committee,

Subcommittee on Intelligence, Information Sharing and Terrorism Risk. April 5,

2007. Published by the Rand Corporation

Lee-Treweek, G and Linkogle,S., ed. 2000. Danger in the Field: Risk and Ethics

in Social Research. London: Routledge.

Markham, Annette and Elizabeth Buchanan with the AoIR Ethics Committee, 2011. “Ethical

Decision-Making and Internet Research (version 2.0): Recommendations from the AoIR

Ethics Working Committee. Draft copy available online:

http://aoirethics.ijire.net/aoirethicsprintablecopy.pdf

Roberts, Lynne, Leigh Smith and Clare Pollock, 2004. “Conducting Ethical Research Online:

Respect for Individuals, Identities, and Ownership of Words,” in Buchanan, E.A., ed.

Readings in Virtual Research Ethics: Issues and Controversies. Hershey, PA.:

Information Science Publishing

Sageman, Marc. 2004. Understanding Terror Networks. Philadelphia: University of

Pennsylvania Press.

Times Higher Education, “Researchers have no ‘right’ to study terrorist material”. 17 July 2008.http://www.timeshighereducation.co.uk/story.asp?storycode=402844

United Kingdom Data Protection Act 1998. http://www.opsi.gov.uk/acts/acts1998/plain/ukpga_19980029_en

United Kingdom Terrorism Act, 2000http://www.opsi.gov.uk/acts/acts2000/ukpga_20000011_en_1

United Kingdom Terrorism Act, 2006http://www.legislation.gov.uk/ukpga/2006/11/pdfs/ukpga_20060011_en.pdf

Vasagar, D., 2011. “Row after University suspends lecturer who criticized was student was treated”. 4 May, 2011, Gaurdian.co.uk.http://www.guardian.co.uk/education/2011/may/04/nottingham-university-row-after-lecturer-suspended

Weimann, G., 2006. Terror on the Internet. Washington, DC: United States Institute of

Peace.

“Email and web use ‘to be monitored’ under new laws’. 1 April 2012.http://www.bbc.co.uk/news/uk-politics-17576745

Counter-Terrorism Division of the Crown Prosecution Service, 2008Reporthttp://www.cps.gov.uk/publications/prosecutions/ctd_2008.html

Counter-Terrorism Division of the Crown Prosecution Service, 2009Reporthttp://www.cps.gov.uk/publications/prosecutions/ctd_2009.html

Counter-Terrorism Division of the Crown Prosecution Service, 2010Reporthttp://www.cps.gov.uk/publications/prosecutions/ctd_2010.html

Counter-Terrorism Division of the Crown Prosecution Service, 2011Reporthttp://www.cps.gov.uk/publications/prosecutions/ctd_2011.html