icon caret Arrow Down Arrow Left Arrow Right Arrow Up Line Camera icon set icon set Ellipsis icon set Facebook Favorite Globe Hamburger List Mail Map Marker Map Microphone Minus PDF Play Print RSS Search Share Trash Crisiswatch Alerts and Trends Box - 1080/761 Copy Twitter Video Camera  copyview Whatsapp Youtube
The Cybersecurity Paradox
The Cybersecurity Paradox
Understanding the New U.S. Terrorism Designations in Africa
Understanding the New U.S. Terrorism Designations in Africa
Decentralised, networked self-defence may well shape the future of national security. FLICKR/Yuri Samoilov
Commentary / Global

The Cybersecurity Paradox

There is a paradox in the quest for cybersecurity which lies at the heart of the polemics around whether or not Apple should help the U.S. Federal Bureau of Investigation (FBI) break the encryption on an iPhone used by the pro-Islamic State killers in San Bernardino.

The unexpected truth is that the world is made a safer place by allowing public access to full encryption technology and sharing responsibility for action. When it comes to encryption, it is wrong to give into fears of terrorism and to take refuge in misguided illusions of total top-down control.

Violent extremists have already understood more quickly than most states the implications of a networked world. They know that a terrorist attack in Paris or Istanbul immediately reverberates worldwide, and the so-called Islamic State (IS) makes astute use of gruesome videos to terrify as well as to recruit. The number of victims matters less than the number of “impressions”, as Twitter users would say.

States are relatively comfortable fighting for territory, whether it is to destroy the territory of the enemy – bombing IS in Syria and Iraq – or defending their own. But how does one win in the digital space?

As the FBI’s demands on Apple to help them investigate the San Bernardino shooters have shown, security officials are unsurprisingly trying to maximise the comparative advantages provided by state resources and authority. Many have the capacity to access countless sources of data, to process them with ever increasing computing power and eventually to find the terrorist needle in the haystack of law-abiding citizens. They are also keen to retain the capacity to access all digital communications through back doors, so that encryption does not protect criminal enterprises.

Human rights concerns have so far had limited impact on this trend. In the U.S. and Europe, infringements on rights are seen as a lesser evil than the alternative of more terrorist attacks, especially when one considers their potential political consequences: authoritarian populists who would go much further in the destruction of civil liberties.

But centralising state national security may not work. Behind closed doors, a growing number of professionals question the effectiveness of systematic reliance on data-mining, noting that too many false alerts mean that security services are spread thin. Most of the terrorists involved in the recent Paris attacks were not unknown to the police, but the thousands of people who are now listed in databanks could only be effectively monitored by tens of thousands of intelligence operatives.

Excessive reliance on signal intelligence generates too much noise. It may be more effective to focus on targeted electronic surveillance and focused human intelligence. The critical ingredient of volunteered help is also more likely if genuinely inclusive policies can win over allies among disadvantaged communities and countries.

The received wisdom that state surveillance requires back doors to encryption programs was being questioned well before Apple took its stand. If there are secret keys for the authorities to access data, it is wishful thinking to believe that criminals won’t find them too. In fact, making unbreakable encryption widely available might strengthen overall security, not weaken it. Violent extremists and criminals will have the benefit of secure communications, but so will many more millions of citizens and systems threatened by their hacking.

In cyberspace, attack is cheaper than defence: criminals engaged in fraudulent schemes are already exploiting that asymmetry. Perhaps already, and certainly tomorrow, it will be terrorist organisations – and legal states – which will exploit it with lethal effectiveness. Critical infrastructures, transport, and industry have become increasingly dependent on digital processes. Encryption, while it can have an offensive use, may become the ultimate defensive weapon that will help limit the imbalance between offence and defence in cyber-warfare.

This idea of decentralised defence allows individuals and corporations to become providers of security as they strengthen their firewalls and create a resilient society.

It points to a broader trend for nation states too. National security structures are not going to become redundant, but in a world that is both asymmetric and networked, the centralised organisation of power may not be the most effective organising principle. A nation state’s remit is not broad enough to effectively confront global threats; but at the same time, the concentration of power that it embodies provides an attractive target for weak but nimble enemies.

One way to fight asymmetric wars is to deprive the enemy of a strategic target by distributing power rather than concentrating it, copying the way terrorists make themselves elusive targets for states. Unarmed civilians will continue to provide easy soft targets for terrorists, but attacks against them will have less strategic impact, and therefore be less attractive, if power is more dispersed.

Distribution of security measures among a multiplicity of actors – neighbourhoods, cities, private stakeholders – will make society more resilient. And over time, smaller but well-connected communities may be more effective at preventing and identifying terrorist threats among their members. Decentralised, networked self-defence may well shape the future of national security.

An Armed Forces of the Democratic Republic of Congo (FARDC) soldier takes part in a foot patrol following an alleged ADF attack in the village of Manzalaho near Beni, 18 February 2020. AFP/ Alexis Huguet
Q&A / Africa

Understanding the New U.S. Terrorism Designations in Africa

The U.S. has designated two armed groups in the DRC and in Mozambique as terrorist organisations, claiming they are affiliated with the Islamic State, and creating potential legal peril for peacemakers who may deal with them. Crisis Group analyses the implications.

Which armed groups did the U.S. designate under its terrorism authorities and what is their backstory?

Last week the U.S Department of State designated two armed groups in the Democratic Republic of Congo (DRC) and Mozambique, as well as their leaders. U.S. officials allege that these two groups – the Allied Democratic Forces (ADF) in the DRC, and Ahlu Sunna Wal Jammah (ASWJ) in Mozambique – have become Islamic State (ISIS) franchises. It refers to them as the Islamic State of Iraq and Syria – Democratic Republic of the Congo (ISIS-DRC) and the Islamic State of Iraq and Syria – Mozambique (ISIS-Mozambique). ASWJ is also known locally as Al-Shabaab, although it is distinct from its Somali namesake.

The U.S. designations come amid expressions of increasing alarm in Washington that despite the end of ISIS’s physical caliphate in the Levant, the group could be gaining influence elsewhere, especially in Africa. Already, local groups in Nigeria and the Sahel fight under ISIS’s banner. Since 2019, ISIS has stated that its “Central Africa Province” includes parts of the DRC and Mozambique, where it says it has developed alliances with local armed groups, including the ADF and ASWJ.

The ADF and ASWJ are groups whose violence has historically been first and foremost driven by local dynamics and grievances. They recruit mainly local fighters.

Although it emerged in the 1990s as an Islamist movement fighting the Ugandan state, the ADF has since the 2000s mostly been active in the northern part of the DRC’s North Kivu province, where it has recruited Congolese fighters, including by force, and entrenched itself by manipulating disputes among local chiefs and communities in areas under its control. Having developed tactical alliances with both senior army officers and armed groups fighting security forces, it both fuels and feeds off an internecine and murky conflict on the ground.

In Mozambique, ASWJ formed when frustrated youth, including local petty traders and poor fishermen, began building their own mosques and prayer houses in Cabo Delgado province and challenging established religious leaders they saw as too close to state authorities. As the police clamped down, they eventually took up arms, launching their first attack in 2017. Some former ruby miners, expelled from mining concessions earlier that year, also joined the fight, according to Crisis Group’s research.

There is some evidence of prior contacts between the two designated groups. Local observers and officials in the DRC and Mozambique say that there are some known cases of Mozambicans, including some of the leaders of ASWJ, travelling to the DRC for training, but these movements are believed to have ended years ago. The U.S. Department of State says the two groups are “distinct”.

Women wait in line during a World Food Program distribution at a school in Matuge district in northern Mozambique, 24 February 2021. AFP/Alfredo Zuniga

How dangerous are the ADF and ASWJ?

Both the ADF and ASWJ have grown more dangerous over the years, becoming increasingly bold in their attacks against security forces while inflicting terrible violence against civilians.

The ADF, long dormant in the DRC, first began resurfacing again in 2014, mainly committing atrocities against civilians in gruesome machete attacks. From 2017, the group then began turning its attention increasingly against government security forces and UN peacekeepers. Its operations became more sophisticated and used greater firepower. According to a December 2020 report by UN investigators in the DRC, the ADF has over time also become better at building improvised explosive devices, although it has nothing like the ISIS core’s expertise.

Recent Congolese military operations between late 2019 and October 2020 have killed hundreds of fighters belonging to the ADF, which Crisis Group’s research indicates is now split into competing factions. Some elements have moved east to the foothills of the Rwenzori mountains bordering Uganda, and some north into neighbouring Ituri province, where they have been involved in reported killings.

In Mozambique, ASWJ has become significantly more dangerous and sophisticated since it first started up in 2017. In the early stages of the insurgency, attackers grouped in small packs of a few fighters to attack remote police outposts or villages, often brandishing blunt weapons. But by early 2020, the insurgents had taken significant stockpiles of weapons from government security forces and were able to mount attacks on district capitals, including the port of Mocimboa da Praia. Government forces fled the city in August and have yet to retake it. Violence against civilians also escalated over the past year, as the insurgency swept south towards the provincial capital Pemba, with numerous credible reports of atrocities committed by ASWJ fighters.

In recent months, security forces working with foreign military contractors from South Africa have caused the group some setbacks, destroying some of their camps and storage facilities in the bush. Nevertheless, insurgents continue to regroup and mount guerrilla attacks on security forces, while also plundering villages for food.

Are countries in the region concerned about these groups?

Yes, although for the time being the DRC’s and Mozambique’s neighbours in the Great Lakes region and Southern Africa are less concerned about the groups’ possible territorial ambitions than the threat they might pose to public spaces in their capitals and other locations. Some worry that they will face the kind of attacks that Kenya has seen in recent years in Nairobi, or that Uganda saw in Kampala in 2010. Somalia’s Al-Shabaab jihadist group has claimed responsibility for the Nairobi and Kampala attacks, although some Ugandan security sources believe the latter was carried out with assistance from ADF operatives. South Africa also shows signs of being worried about militant groups, including those from the Great Lakes region and Mozambique, using its territory as a base or safe haven, and about possible links between home-grown militants in South Africa and those in the DRC and Mozambique.

What is the Islamic State’s relationship with the two groups?

Crisis Group has shown in the past how ISIS was able to strengthen and shape the tactics of the Boko Haram faction that became the Islamic State in West Africa Province (ISWAP) by deploying a limited amount of resources, training and instruction, although any influence ISIS possessed did not transform the movement’s overwhelmingly local aspirations. There is little to suggest that ISIS has gained anything like that level of sway over either the ADF or ASWJ, much less the ability to exert command and control over them.   

A recent study on the ADF by George Washington University, which some U.S. officials privately endorse, provides evidence that ISIS has given financial assistance to the DRC group, and that there have been communications between the two organisations. Specifically, the report details financial transactions between Waleed Ahmed Zein, an ISIS financial operative who was sanctioned by the U.S. Department of Treasury in September 2018, and his alleged ADF contacts. It additionally details cases where ISIS disseminated propaganda about ADF attacks and presents ISIS-published photos of ADF leader Seka Musa Baluku, who according to the study has pledged allegiance to the global ISIS leadership, preaching to his recruits.

The study also states, however, that it has found “no evidence of direct command and control orders” from ISIS to the ADF. The December 2020 UN report states that even if ISIS claimed 46 purported ADF attacks in 2020, compared to 29 in 2019, many of the claims inaccurately described the attacks’ locations and dates, leading the authors to conclude that ISIS had “limited knowledge and control” of these operations. In the meantime, sources close to the ADF say one ADF faction appears to have rejected ISIS and may even be turning against Baluku’s group.

Similarly, while there is evidence that ISIS has had some contact with jihadists in Mozambique, it is unclear how close or meaningful their ties are. In a report issued last year, UN investigators working on Somalia stated that Mohamed Ahmed “Qahiye”, a native of the semi-autonomous region of Puntland in northern Somalia and a member of an ISIS-linked Al-Shabaab splinter group, had travelled to Mozambique in early 2020. Regional security sources say he is a trainer and a bomb-maker. While ASWJ attacks did become more sophisticated in 2020, the group has yet to show evidence of explosive device capacities.

In addition, communication between the groups and some coordination in disseminating propaganda does not suggest especially close links. When ASWJ took control of the port of Mocimboa da Praia in August, ISIS did not broadcast this in its Al-Naba magazine for two weeks. Nor has it claimed any ASWJ attack as its own since October. U.S. officials say this is because the ISIS core’s media wing is under pressure that currently limits its output.

Are there foreign fighters in ASWJ?

Yes. The biggest cohort of foreigners fighting within the ranks of ASWJ, according to government officials, regional security sources and eyewitnesses interviewed by Crisis Group, are from Tanzania. Many of them appear to be acolytes of Aboud Rogo, a former Kenyan cleric who was linked to both al-Qaeda and Al-Shabaab in Somalia and who was assassinated in 2012. Abu Yasir Hassan, whom the U.S. has identified as ASWJ’s leader, is also Tanzanian.

What will be the effect of these designations and how might authorities in the DRC and Mozambique manage the fallout?

Among other things, the terrorism listings freeze all of the assets under U.S. jurisdiction that belong to the ADF and ASWJ or their designated leaders, and make it a U.S. criminal offense to knowingly provide material support to any of the designees.  

While the sanctions that flow from these designations in theory do not criminalise all contact with the two groups, they are extremely broad, and their implementation could create problems for both humanitarians and peacemakers. Humanitarian agencies may shrink from providing support to vulnerable populations in Mozambique and the DRC if they believe they might end up resourcing someone who could later be accused of being an ADF or ASWJ member. Government or UN officials who might want to put resources into the hands of insurgents or fighters in order to, for example, transport them to a forum for peace negotiations, could technically also fall foul of the material support restrictions that flow from the designations.

Nor is there much likelihood that the designations will lead to a quick dismantling of these armed groups, which manage much of their money in cash or via forms of money transfer that will require painstaking work to investigate and chase, and may put them beyond the reach of U.S. sanctions.

The U.S. designations meanwhile could unintentionally send a counterproductive signal to political actors in the region. Especially in the DRC and Mozambique, where these measures are not fully understood even by top policymakers, they could be used by hardliners to justify calls for addressing the challenge posed by the ADF and ASWJ through military action alone. Diplomats in the region also now wonder whether the official unveiling of a U.S. military training program for Mozambique right after the sanctions were announced will be the thin end of the wedge for more U.S. military engagement in the gas-rich country. So far, however, the Mozambican government has signalled very clearly it does not want any foreign boots touching the soil of Cabo Delgado. Military operations in the DRC and Mozambique have recently dented both groups, but tackling the threat they pose will require a broader approach, including efforts to appeal to the Congolese and Mozambican citizens who respectively make up the bulk of fighters in both groups.

Contributors

Deputy Director, Africa Program
DinoMahtani
Deputy Project Director, Central Africa
PMvandeWalle
Senior Consultant, Southern Africa
PiersPigou
Researcher, Horn of Africa
Meron_El