This article is also available in:
Deutsch: [Clean IT ist bloß ein Symptom für die blindwütige Politik der privaten Rechtsdurchsetzung im Internet |]

There has been a lot of attention to the “Clean IT” project since EDRi
published a leaked draft document last week, on 21 September 2012. Since
then, the project organisers have said that the statement on the front
page saying that “this document contains detailed recommendations” was
incorrect and that it also contained (unidentified) other mistakes.

Project coordinator But Klaasen explained on Twitter that the leak was
little more than a “discussion document.” According to the Clean IT
website, this is the output of two day meetings in Amsterdam (October
2011), Madrid (January 2012), Brussels (March 2012) Berlin (June
2012) and Utrecht(September 2012). According to the website of Clean IT,
which has produced 23 pages of bullet points of policy suggestions,
there will be just one more meeting (Vienna, November 2012) before a
final presentation is made in February 2013. Mr Klaasen also explained
on Twitter that all suggestions received thus far are only “food for
discussion”, because they do not censor the ideas they receive.

Clean IT is therefore part of a wider problem – a conveyor-belt of
ill-defined projects whereby industry is expected to do “something” to
solve ill – or even undefined problems on the Internet. For example, it
takes an almost impressive amount of fragmentation for the European
Commission to be simultaneously funding two different and uncoordinated
projects (Clean IT and CEO Coalition on a Safer Internet for Kids)
developing “voluntary” industry standards on “notice and takedown”, on
“upload filters”, on “reporting buttons” and all with little or no
analysis of the specific problems that need to be solved.

Worse still, Clean IT was born out of a failed “voluntary” project
organised directly by the European Commission on “illegal online
content”. That project failed because it did not have a problem
definition. Without knowing what problems it was trying to solve, it
ended up going round in ever smaller circles before finally disappearing
down the proverbial drain. Sadly, no lessons were learned before the
Commission committed to funding Clean IT, which is currently making the
same mistakes all over again.

Even bigger mistakes have not been learned from in this approach. In the
Commission-organised “dialogue on illegal uploading and downloading”, a
proposal was made for widespread “voluntary” filtering of peer-to-peer
networks. This was resisted by the Internet access provider industry and
ultimately ruled by the European Court of Justice (Scarlet/Sabam case
C70/10) to be in breach of fundamental rights.

All of this experience meant that EDRi could not possibly participate in
Clean IT without seeking to ensure that the project did not make the
same mistakes that we have seen over and over again. In 2011, as a
precondition of participation, we therefore set very reasonable demands:

1. Identify the specific problems to be solved. (At different moments,
Clean IT was meant to address “Al Quaida influenced” networks,
“terrorist and extremist ‘use’ of the Internet” and
“discrimination”/“illegal software”.)

2. Identify the scope of the industry involvement. Listing every single
type of online intermediary is neither credible nor effective.

3. Actively seek to identify and avoid possibilities for unintended
consequences for both fundamental rights and addressing illegal content.

The project leader rejected all of these preconditions, regrettably
leaving us no option but to stay outside the process. As a result, we
have a project that seeks to use unspecified industry participants to
solve unidentified problems in ways which may or may not be in breach of
the Union and international law. It would be unconscionable for EDRi to
participate in these circumstances.

We have also been contacted via Twitter by Commissioner Kroes’
spokesperson. Mr Heath’s comments suggest that CleanIT is only a
“brainstorming” session and the Commission has spent hundreds of
thousands of Euro just for lists of possible policies.

It is very important to stress that absolutely nothing in the document
that we released last week has been officially approved as European
Commission policy. The recommendations, insofar as they are
recommendations, are the sole responsibility of the CleanIT project.
Commissioner Malmström has acted to distance herself from the project
and has made this very clear via Twitter messages. There are, however,
serious questions that are still to be asked regarding the budget
approval processes that lead to such projects being approved for public

The law is quite clear – the Charter of Fundamental Rights, the
Convention on Human Rights and the International Covenant on Civil and
Political Rights are quite clear – restrictions on fundamental rights
must be foreseen by law and not introduced as unpredictable, ad hoc
projects by industry. The rule of law cannot be defended by abandoning
the rule of law and EDRi will continue to defend this principle.

EDRi: Clean IT – Leak shows plans for large-scale, undemocratic
surveillance of all communications (21.09.2012)

Clean IT rebuttal of our comments

Mr Heath’s comments

Mr Klaasen’s tweet

Commissioner Malmström’s tweets

(Contribution by Joe McNamee – EDRi)