Dealing with Low-Tech Terrorist Communications in the Hi-Tech Age: Toward a Theory of Fault-Intolerant Network Organizations

Information systems analysts have typically focused on high technology, often overlooking low-technology communications even though the core of social network load is still essentially low-tech. In this context, the paper argues that while hi-tech offers efficiency gains at the individual level, many shortcomings prevent its complete penetration at the social network level in organizations that operate in hostile environments, requiring them to prioritize fault-tolerance above efficiency. Thus, such fault-intolerant network organizations optimize hi-tech for the individual level and low-tech for the social network level. The general class of such organizations is well represented among business and government structures; however, terrorist organizations provide an especially fitting research case at this time of acute terrorist threats facing the world economy and society at large. Hence, setting aside the prevailing preoccupation with hi-tech and attempting to understand the underlying principles of the highversus low-tech interplay, particularly as applied to these organizations, is crucial in being able to detect terrorist communications and thwart their activities. Toward this goal, this paper introduces a concept of fault-intolerant network organization (FINO) and develops an analytical framework for addressing the research question of how such organizations use technology. Keywords: Fault-intolerant network organization, FINO, technology use, terrorist communications, reliability, security, critical national infrastructure, privacy “…between the general aims that we are fighting for, and the immediate tasks of the moment, you will never know anything.” 1984, George Orwell 1 CENTRAL ARGUMENT AND THEORETICAL FOUNDATIONS While information systems analysts among researchers as well as practitioners have to a large degree focused on organizational benefits of high-technology communications, their low-technology alternatives, such as human couriers, face-to-face meetings, postal services and POTS, have remained relatively overlooked, even though the core of social network load is still essentially Drozdova/Fault-Intolerant Network Organizations Note, in particular, that virtual organizations enabled by telecommuting have by no means approached the widespread levels expected in the 1990s, partly because people prefer to work in physical social settings, and simple telephone usage still far outweighs the Internet (there are about 163 telephone lines versus 18 computers connected to the Internet per 1,000 people worldwide; UNDP 2002). 712 2002 — Twenty-Third International Conference on Information Systems low-tech. Thus, while hi-tech communications offer efficiency gains at the individual level, their multiple shortcomings, including security failures and economic costs, prevent total penetration at the social network level, e.g., within complex organizations and society at large. This effect is particularly evident in network-type organizations that operate in hostile environments and must, therefore, prioritize fault-tolerance above efficiency. Although substantial research has been devoted to network organizations and their usage of advanced information and communications technologies (ICT), the fault-intolerant class has been relatively understudied and its reliance on low-tech communications is poorly understood. Such lack of attention not only constitutes a potential knowledge gap in an important area of information systems (IS) and organizational research, it may also lead to increasingly perilous practical implications, since due to the intrinsically risky nature of their operations, such organizations might be in position to cause considerable damage to the economy and society—some by accident, others on purpose. The primary characteristics of the fault-intolerant network organization (FINO) can be defined as: 1. Extremely hostile operating environment, including social pressure, geographical hazards, economic adversity, and vast operational and developmental uncertainty 2. Overall strength and survivability of the network is generally defined by its weakest node 3. Node reliability and security must be pursued relentlessly to ensure the organization’s survival and maximize the likelihood of implementation of its objectives 4. Resulting fault-tolerance requirements take precedence over efficiency and must be achieved at the expense of efficiency if the two values conflict The central research question is: How do fault-intolerant network organizations use technology? Typically, IS research literature would suggest that optimal technology use would enable a fit between an organization’s information processing requirements and the capabilities of its structure (Tushman and Nadler 1978). This can be achieved by creating self-contained tasks and slack resources, investing in vertical information systems, and enabling more lateral interactions, i.e., by reducing the need for information processing and/or increasing processing capacity (Galbraith 1974). These approaches broadly apply to FINOs but require a different strategic implementation since, for example, increased intra-organizational interactions would introduce new vulnerabilities. Therefore, primary strategies for FINOs are to • prioritize node reliability over efficiency • reduce the number of intra-organizational interactions through node isolation and self-sufficiency • reduce the amount of information communicated to the need-to-know basis only Accordingly, by drawing upon these organizational distinctions, a conjecture could be made regarding FINO’s use of technology to support such strategies. FINO Conjecture: Fault-intolerant network organizations’ use of technology is such that • hi-tech is optimized for the individual level, while • low-tech is optimized for the social network level. Thus, while on the individual level hi-tech can provide desirable efficiencies, at the network level, where strength of the network is defined by its weakest node and nodes are sensitive to failure, fault-tolerance must take priority over efficiency. Therefore, for their most sensitive, mission-critical communications, FINOs must choose time-tested low-tech methods, with their minimal infrastructure requirements and great robustness in the face of external hazards, over sophisticated yet vulnerable hi-tech. Drozdova/Fault-Intolerant Network Organizations Outside of noninteractive TV and radio, POTS is the last major and the only interactive pre-digital age technology widely used for communication around the world. 2002 — Twenty-Third International Conference on Information Systems 713 Specifically, in this context low-tech could be defined as communications ranging from couriers and face-to-face meetings to interactions enabled or enhanced by technology no more sophisticated than a conventional telephone. Alternatively, hi-tech refers to the use of the more advanced technologies including computers, satellites and digital information systems. Social networks are viewed as identifiable governance structures marked by complementary strengths and relational communications (Powell 1990). Furthermore, network organization is broadly conceptualized in terms of individual participants whose actions are essentially embedded in social network interactions that affect organizational performance (Granovetter 1985; Uzzi 1996), with the individual level defined primarily by skills and tasks involved in one’s job, and the social network level defined in terms of the entire occupational and organizational structure (Barley 1990). These definitions could also be generally extended to FINOs, with the following specification: the individual level pertains to the tactical non-relational tasks as well as limited relational routine aspects that may be instrumental to, but not directly affecting, the network-level objectives and outcomes; and the social network level refers to the strategic direction and mission-critical communications. However, IS literature presently provides only limited insights for the understanding of technology usage by FINOs due to a common bias of typically referring to hi-tech when theorizing on the organizational impact of technology. Attempting to rectify this growing hi-tech versus low-tech dichotomy, which tends to overemphasize hi-tech in research and practice, is the central objective of this paper. Evidence supporting this FINO conjecture is widespread. 1. The most obvious example, underscoring the general nature of the misconstrued hi-tech versus low-tech dichotomy as well as its manifestation in FINO communications, is the largely low-tech nature of the September 11, 2001, attacks on the World Trade Center and the Pentagon. Hijacking and using a plane as a weapon was chosen over multiple hi-tech options known to be available to terrorists, from missiles to nuclear, chemical, biological, and cyber means. Furthermore, while the wouldbe hijackers used e-mail to communicate with flight schools, their suspected leader, Mohamed Atta, and other key conspirators traveled to Afghanistan in person to confer and strategize regarding the overall attack plans with their superiors at higher organizational levels (Franz and Butler 2002). 2. A deeper inquiry into what is known about the nature of Al Qaeda communications reveals, for example, that while the network used to channel funds to its overseas operatives by setting up financial institutions and relying on the hi-tech global financial system for relatively routine operations (e.g., Gunaratna 2002), since the United States’ retaliation for 9/11, it has shifted most of its capital into gold and diamonds—utilizing physical settlement and barter exchanges for the majority of transactions—as well as toward greater reliance on direct, rather than financial, support from its sympathizers. 3. In the face of this threat, the U.S. government has responded by attempting to turn to the centuries-old “neighborhood watch” intelligence gathering strategy of relying on informers, whose jobs involve circulating in local communities, to report potentially suspicious activity along their routes (http://www.citizencorps.gov/tips.html). Although this proposed program has raised serious questions regarding privacy and civil liberties, its objectives emphasize that the means necessary to gather information at the basic social level must inevitably match the nature of the prevailing threat, which is essentially low-tech. 4. In business, typically characterized as driven by efficiency considerations, reliability often takes precedence, especially with regard to vital communications. In particular, it is indeed a standard practice to invite important clients to social outings and seal major deals face-to-face, while the streets of New York business districts—the “CPU” of the global financial system— are awash with bicycle-mounted messengers. Furthermore, national economies generally still tend to keep gold reserves as a buffer against economic uncertainty. Even in such a proverbial hi-tech arena as computer technology, most cutting edge components now tend to be initially released for the individual user market, with government and corporate networks generally relying on older, but better-tested releases (amply demonstrated by, for example, the server market), particularly for their mission-critical applications. These examples underscore that FINOs exist in various socio-political sectors including government and business. A prime member of this class is the terrorist organization, poor understanding of which, in the face of the danger to society that it presents, makes it warrant a dedicated in-depth study. Drozdova/Fault-Intolerant Network Organizations 714 2002 — Twenty-Third International Conference on Information Systems 2 RESEARCH PROBLEM: TERRORIST CASE BACKGROUND Overall, terrorist organizations appear to fit the FINO definition on all accounts. Due to their fundamentally unlawful and subversive goals, they operate in extreme, socially marginalized environments. Their leadership and operating facilities are thus rendered to rugged geographical terrains and/or areas of low economic as well as technological development. They have to stay clandestine to survive as nation-states and international authorities continuously attempt to monitor, uncover, and thwart their activities and ultimately destroy them. To counteract this pressure, sophisticated groups such as Al Qaeda spread the risk, e.g., by using a loosely coupled worldwide cell structure. Nevertheless, they are still highly sensitive to cell (network node) failure, for once counterterrorist authorities compromise a cell, they can, at least in principle, penetrate and unravel the entire network. Thus, for terrorist organizations fault-tolerance must take priority over efficiency, causing them to generally choose the reliable low-tech methods over more efficient hi-tech ones for the majority of their substantive network-level communications. If we were to ask a question, “How could the lengthy and elaborate planning in preparation for the spectacular terrorist attacks of September 11, 2001, go on undetected, all our sophisticated global information interception, sharing and analysis technologies notwithstanding?,” a basic interpretation might be that a nation that values life and personal liberty, as well as commands the most advanced military in the world, simply did not expect that humans, including its own civilians—and not some complicated war machinery—would be used to attack its homeland from its own friendly skies. Such a miscalculation serves to highlight a basic discrepancy in the world-views of adversaries in the war on terrorism, which is enhanced by the globalization trends reinforcing their separation along the spectrum of economic, political, and technological issues. Attackers frequently originate from areas that are at the low end of that spectrum. They believe that they know all they need to about “the West” and tend to blame it for their misfortunes as well as to advocate violence against the perceived source of their oppression. At the opposite end of the spectrum are the defenders of the prosperous and relatively open West, which could be characterized as having the most in the way of resources (and, therefore, the most to lose), while possessing little animosity toward but also little interest and understanding of their opponents. 9/11 has not only underscored this need for better understanding our opponents, it has also brought about a forthright recognition by the researchers as well as government officials and business leaders that a much higher than previously acknowledged level of threats comes from well-organized global terrorist networks, whose prime target is the United States and its global economy per se, not just individual businesses and branches of government. It has long been suspected that terrorist networks may have access to advanced communications means. In fact, the ascendance of the Internet has been repeatedly blamed for putting advanced encoding and explosive technologies in every pair of willing hands. In response, legislators, law enforcement and intelligence agencies have worked on a strategy to expand their investigative capabilities and surveillance infrastructures by utilizing the latest scientific breakthroughs while attempting to relax civil liberty protections that may constrain their usage. Although such efforts were evidently insufficient to detect the September 11 plot and the (un)related anthrax mailing campaign, they have nevertheless been further stepped up since the 9/11 attacks (e.g., the USA Patriot Act). Meanwhile, the issue of the overall relevance of hi-tech communications has not been thoroughly addressed, potentially at the expense of other means. In light of all these developments, the question of detecting and dealing with low-tech terrorist communications has received far less attention in our hi-tech age than seems warranted by their use. While hi-tech tactics may seem more appropriate, or at least more probable, in today’s information age, terrorists are still relying on low-tech communications and perhaps more so in response to the presence of increasingly hi-tech detection measures. For example, Osama bin Laden has reportedly stopped using satellite or cell phones once his communications were traced (and after a former Chechen leader was killed having been located through his use of a satellite phone) and has subsequently vanished. The issue is that detecting lowand lower-tech communications can be much more difficult and costly than tracking the advanced digital information, which can be collected, computed, and processed automatically. Searching people and letters is resource demanding (hundreds of millions of dollars have been spent on airport security and reequipping the postal system since September, 2001), essentially inefficient (explosives and bio-active agents are still getting through, while the sender of anthrax letters is yet to be found), harmful to the operations of critical national infrastructure segments (air travel services have been severely undermined by the direct and indirect costs of new regulations with the majority of United States airlines filing for or teetering on the verge of bankruptcy), and highly questionable from the perspective of human rights (e.g., privacy). Most importantly, low-tech communications can be used and have been demonstrated to be very effective in delivering high-impact payloads, including anthrax in letters and explosives tied to human bodies (which have been used to kill thousands of people, particularly in the Middle East and Sri Lankan conflicts, including India’s Prime Minister Rajiv Ghandi). Thus, the relative lack of attention toward such “less sophisticated” methods could potentially lead to an oversight of major attacks in the making, which, as 9/11 has aptly demonstrated, threaten not only the lives of individuals, but also the very economic and social underpinnings of the society. Drozdova/Fault-Intolerant Network Organizations 2002 — Twenty-Third International Conference on Information Systems 715 3 ANALYTICAL FRAMEWORK Based on the terrorist network case background including known communication patterns of sophisticated terrorist organizations such as Al Qaeda, one can devise a general analytical framework for studying the technology use by fault-intolerant network organizations. Figure 1 presents such a framework developed by combining the technological and organizational dimensions defined above, specifying organizational objectives and pertinent technologies in use at each level, and articulating the reasons underlying the resulting conjectures. Primary Organizational Level Technology Level Individual Objectives: tactical goals, routine activities Social Network Objectives: strategic goals, mission-critical activities