ENDitorial: CleanIT: creating a safer internet…for terrorists?

By EDRi · August 29, 2012

This article is also available in:
Deutsch: [CleanIT – ein sichereres Internet … für Terroristen? | https://www.unwatched.org/EDRigram_10.16_ENDitorial_CleanIT_ein_sichereres_Internet_fuer_Terroristen?pk_campaign=edri&pk_kwd=20120913]

The “CleanIT project”, funded by the European Commission and led by the
Dutch police, aims to produce a “guideline or gentleman’s agreement” to
fight terrorism online in a way which does not involve the use of
legislation. The latest draft of its proposals was recently made available.

The intention to launch the project was first publicly announced in May
2010, during a European Commission event with the same goal and
involving the same industry. At that event, the European Commission
proposed that ISPs change their terms of service to allow them to more
easily remove content that either industry or police forces felt was
illegal. Two years and 400 000 Euros of funding later, the CleanIT
project has formulated broadly the same proposal. Its draft document is
3 348 words long (which works out at a cost of 119.47 Euro per word),
including definitions such as “the term “Internet companies” refers to
companies providing divers [sic] services on the Internet” and informs
us that “from a technical perspective, terrorist use of the Internet is
not substantially different than regular, legal use of the Internet.”

The current draft document elevates Internet companies to a new level of
corporate government. On a legislative level, it suggests that they
should “ban the illegal terrorist use of the Internet in their terms of
service/business conditions and acceptable use policies” – moving past
the traditional rule-of-law based society where democratically-elected
governments decided what should be prohibited. They will do this despite
the fact that CleanIT believes that “Waht [sic] is terrorist use of the
Internet is not always adequately defined or clearly explained.” The
need for this move is hinted at by a recognition by the authors that
“many activities of (potential) terrorists start in ordinary, easy
accessible parts of the Internet and are not illegal”. This activity,
they appear to believe, can be “banned” by private companies but not by
democratically elected governments.

After fulfilling their legislative role, the Internet companies would
then be in a position to implement their laws. They become the judge and
decide what is illegal. Where their ruling is that it is illegal, they
act as executioner of the law – imposing sanctions “immediately and
proportionately” unless they believe that the activity that they are
regulating may not be illegal, at which case they can refer the ruling
to a court.

Internet companies are also expected to undertake a stronger policing
role. The head of the project, Mr But Klaasen, envisages the development
of a database of “illegal” (under which definition or in which
jurisdiction is unclear – as CleanIT points out “there are differences
in (il)legality between national legislations”) material, which could
then be used, it appears, as some form of upload filter and/or download
block. This would ensure that content deemed “illegal” could not be
uploaded anywhere else… unless it was modified to get past the filter,
of course. The fact that the draft project document says that “Internet
companies must be transparent about the use of automated detection
systems for this purpose” doesn’t get around the fact that such
widescale, suspicionless filtering was already deemed to be in breach of
fundamental rights in the Scarlet/Sabam and Sabam/Netlog cases in the
European Court of Human Rights. The draft document expresses a hope for
widespread implementation of “automated detection systems” which,
paradoxically would “not endanger Internet Freedom or even be illegal”.

The current project document also offers implicit encouragement to
minimise or eliminate anonymity online, arguing that , while this is
“logical and desirable” in some cases, “for many it is not a necessity”.
This obviously ignores the fact that, for many, it is a necessity for
this option to be available, even if not always used.

Despite much competition, possibly the most confusing element of all is
the section on reporting. What is confusing is not that the
Commission-funded CleanIT is working on re-inventing online reporting
tools while the Commission-convened “CEO Coalition” is also (in parallel
and with no coordination between them) re-inventing online reporting
tools. What is confusing is more what it thinks this will achieve. What
is confusing is that, in the context of online child abuse material, we
are told by child protection organisations and the Commission that there
are so many reports, that there is no hope of investigating a
significant fraction of them and there is no point in asking for more
resources for more of these crimes to be investigated. Meanwhile,
CleanIT says that there isn’t enough reporting of allegedly illegal
material and “a large part of the terrorist use” is “never brought to
the attention of Internet companies and LEAs.”

Of course, if the terrorists know that the only sanctions that will be
taken against them will be superficial, because real law enforcement
authorities will be relying on Internet companies to legislate on and
police the Internet, maybe it would generate legal certainty – making
the Internet a safer place… for terrorists… which is just a few
words different from what CleanIT intended to achieve.

CleanIT Project

EDRi/EuroISPA statement on predecessor project to CleanIT (9.07.2010)

Interview with But Klaasen (6.06.2012)

(Contribution by Joe McNamee – EDRi)