GIFCT’s mission is to prevent terrorist and violent extremist exploitation of digital platforms. We work with our tech company members to identify and help prevent the spread of known terrorist and violent extremist content online, respond to terrorist and violent extremist incidents, and adapt to adversarial shifts.
Following the March 2019 attacks in Christchurch, New Zealand, we established GIFCT’s Incident Response Framework (IRF) to respond quickly, effectively, and in a coordinated manner to terrorist and mass violence events and activate the highest level, the Content Incident Protocol, when the perpetrators livestream violence as part of their attack. Developed to address scenarios like the Christchurch attack, the IRF is not intended to address every instance of violence but focuses on mitigating deliberate efforts to misuse technology as a part of, or to further amplify, a terrorist or violent extremist attack. The IRF has been carefully crafted to enable GIFCT and its members to respond in fast-moving and potentially uncertain situations, while respecting freedom of expression and access to information, and engage with other international crisis response protocols, including the European Union and Christchurch Call.
The IRF directs how GIFCT supports our members to identify online content produced by the perpetrators and accomplices of an offline violent attack, which might activate the Content Incident (CI) or Content Incident Protocol (CIP) levels of the IRF. When these levels are activated, the IRF enables our members to swiftly add hashes of the content — understood as a digital fingerprint for a piece of content in the form of alpha-numeric codes — to GIFCT’s hash-sharing database. These hashes can then be used by other tech company members to detect the same perpetrator-produced content on their platform and action it in line with their policies. In line with our commitment to transparency and agreed-upon protocols with member companies, GIFCT issues a public notification when either the CI or CIP level of the IRF is activated, and publishes the composition of the hash-sharing database in our annual transparency report.
To date, the hash-sharing database contains approximately 400,000 unique and distinct items, with approximately ⅔ of those being images and ⅓ video, with few instances of texts. Overall there are currently approximately 2.3 million hashes. This is the result of the ongoing work of our members continuing to add hashes related to new versions of terrorist and violent extremist content as they enforce their respective platform policies. Hashes are added routinely by members, including but not limited to when GIFCT activates the highest levels of the IRF. The vast majority of hashes in GIFCT’s database have been added outside the times when the CIP or CI are activated, enabling ongoing industry cooperation.
To deliver on its mission, GIFCT diligently follows international security dynamics, to keep our members abreast of emerging risks of terrorist and violent extremist activity that may appear on their platforms through regular cross-platform information sharing. This work is essential to our broader work developing resources and identifying new challenges to solve at the nexus between technology and terrorism. It allows GIFCT to deliver expert analysis to support our members to address and quickly adapt to adversarial shifts in the terrorist and violent extremist threat landscape. To that end, our academic network, the Global Network on Extremism and Technology (GNET), has published 12 research insights since October 7 on a range of pressing topics across the globe.
Since the October 7 attacks perpetrated by Hamas and the ongoing violence against Israeli and Palestinian civilians, GIFCT has worked with members and stakeholders to monitor the evolving conflict, and provide members with in-depth situational analysis, research, and bespoke knowledge products to support their teams. In addition to continued work to respond to the conflict in Israel and Palestine, GIFCT and our members have also shared situational awareness about attacks or unrest in ten other countries across Europe, North America, Asia and North Africa, including attacks claimed by ISIS or racially and ethnically motivated groups and networks. Alongside this day-to-day work, we remain prepared for the ever-present possibility of the need to activate the CI or CIP level of our Incident Response Framework when content meets the agreed criteria.
As the terrorism and violent extremism threat landscape and collective international efforts to address them evolve, GIFCT will continue to work with our members, Independent Advisory Committee, partners, and stakeholders to deliver on our mission amidst the rapidly-evolving dynamics of the conflict and their broader impacts on terrorism and violent extremism online.