Privatised online enforcement series: B. Is "self-regulation" worse than useless?
This article is also available in:
Deutsch: [Serie: Privatisierung der Online Strafverfolgung – Teil B | http://www.unwatched.org/EDRigram_9.7_Privatisierung_der_Online_Strafverfolgung_Ist_die_Selbst-Regulierung_mehr_als_nutzlos]
Much of the policy with regard to “self-regulation” in the context of
illegal online content is developed on the basis that anything that industry
can do to help fight crime is automatically a good thing. The assumption is
that, however distasteful it is that private companies should be regulating
and enforcing the law in the online world, it is better that “somebody” is
doing “something”. The reality is, however, very different.
The first area where Internet intermediaries started enforcing the law is in
relation to child abuse images. The European Commission funds “hotlines” to
receive reports of child abuse images and these send reports to law
enforcement authorities and Internet hosting providers and, sometimes,
Internet access providers. Law enforcement authorities are supposed to play
their role in investigation and prosecution, while Internet providers are
supposed to play their role, in diligently and within the rule of law,
removing content that has been shown to be illegal and supporting collection
of evidence by law enforcement authorities.
At a recent meeting of the European Commission “dialogue” on dissemination
of illegal content within the European Union”, the Safer Internet Unit of
the Commission gave a different and more worrying analysis. A representative
explained that many EU police forces did not prioritise online child abuse
and even if it was on the priority list in some countries, it was at the
bottom. The proposal was made, therefore, that hotlines should send reports
directly to Internet hosting providers to delete the websites. The fact that
this would facilitate and propagate the alleged inaction of the police
appears not to be a consideration.
This approach is confirmed by the European Commission’s guidelines for
co-funded hotlines on notice and takedown (that are, unsurprisingly, not
publicly available), which suggest that agreements should be signed between
the hotlines and the police. These guidelines suggest that “the agreement
should preferably stipulate a deadline for the police to react after which
the hotline would proceed with giving notice”. In other words, law
enforcement authorities would be assured that, if they remained wholly
inactive for an agreed period, the evidence of their failure to address
serious crimes would be diligently hidden by the hotlines, in cooperation
with well-meaning “industry self-regulation”.
This is, unfortunately, far from the only example. As mentioned above,
hotlines also contact Internet access providers. In some countries, these
take it upon themselves to undertake technically limited “blocking” against
sites identified as being illegal. In Sweden, for example, ISPs “block”
sites and receive an updated list from the police every two weeks. The
pointlessness of this whole process is shown by the fact that, while the
lists are updated every 14 days, the British hotline, the IWF, has produced
statistics showing that the average length of time the sites remain online
is only twelve days. In other words, on average, there are no functioning
sites at all on the “blocking” list one day out of every seven.
Unfortunately, this activity is not just useless, it is worse than useless.
In a speech given to the German Parliament, a Danish police official
explained that, having “blocked” the websites domestically, the police in
that country do not see any point in communicating evidence of serious
crimes against children to the police forces in the United States and
Russia, because they probably wouldn’t be interested. It is difficult to
imagine another crime which would be treated in such a trivial way.
Reports from the European Commission are that there will be a major push to
increase the “safer internet” budget, which is currently being reviewed. As
yet, there are no signs that any lessons are being learned regarding the
failures of “self-regulation” under the current programme.
Internet Watch Foundation Annual Report 2010
http://www.iwf.org.uk/assets/media/annual-reports/Internet%20Watch%20Foundation%20Annual%20Report%202010%20web.pdf
EDRi-gram: Dialogue on illegal online content (28.06.2010)
http://www.edri.org/edrigram/number8.15/edri-euroispa-notice-takedown-comission
Child abuse is difficult to stop on the web (only in Swedish, 29.09.2010)
http://www.dn.se/nyheter/sverige/overgrepp-pa-barn-svart-stoppa-pa-natet
Danish police statement
http://www.edri.org/files/Written_Statement_Underbjerg.pdf
Privatised Online Enforcement Series
A. Abandonment of the rule of law (23.03.2011)
http://www.edri.org/edrigram/number9.6/abandonment-rule-of-law
(Contribution by Joe McNamee – EDRi)