Leaked Clean IT Document Is Frightening
Europe can not catch a break. Somebody in government is constantly trying to push some kind of law or treaty to regulate the Internet. The technology has those in power running scared and they need something to convince the general public that they should be allowed to control it. After ACTA failed, they’re now going for the terrorist angle.
EDRI got their hands on a leaked copy of the Clean IT project. It’s a proposed European Commission project that would turn the European Internet into a gigantic surveillance system. There’s more to it, but it would be appropriate to say that somebody’s been reading up on their Orwell recently.
So, what’s the goal of Clean IT? The government wants to stop terrorism, and they think that terrorists are using the Internet to coordinate attacks. The goal, according to the official Web site, is to prevent terrorists from using the Internet. The official draft document also says that “any action taken to reduce the terrorist use of the Internet, will respect fundamental rights and freedoms, including access to the Internet, freedoms of assembly and expression, privacy and data protection.”
That all sounds pretty good, but policy makers are known masters of spin. Now, let’s take a look at the proposed policies that are present in the leaked version of Clean IT. Here’s the major talking points from EDRI:
Removal of any legislation preventing filtering/surveillance of employees’ Internet connections
Law enforcement authorities should be able to have content removed “without following the more labour-intensive and formal procedures for ‘notice and action’”
“Knowingly” providing links to “terrorist content” (the draft does not refer to content which has been ruled to be illegal by a court, but undefined “terrorist content” in general) will be an offence “just like” the terrorist
Legal underpinning of “real name” rules to prevent anonymous use of online services
ISPs to be held liable for not making “reasonable” efforts to use technological surveillance to identify (undefined) “terrorist” use of the Internet
Companies providing end-user filtering systems and their customers should be liable for failing to report “illegal” activity identified by the filter
Customers should also be held liable for “knowingly” sending a report of content which is not illegal
Governments should use the helpfulness of ISPs as a criterion for awarding public contracts
The proposal on blocking lists contradict each other, on the one hand providing comprehensive details for each piece of illegal content and judicial references, but then saying that the owner can appeal (although if there was already a judicial ruling, the legal process would already have been at an end) and that filtering such be based on the “output” of the proposed content regulation body, the “European Advisory Foundation”
Blocking or “warning” systems should be implemented by social media platforms – somehow it will be both illegal to provide (undefined) “Internet services” to “terrorist persons” and legal to knowingly provide access to illegal content, while “warning” the end-user that they are accessing illegal content
The anonymity of individuals reporting (possibly) illegal content must be preserved… yet their IP address must be logged to permit them to be prosecuted if it is suspected that they are reporting legal content deliberately and to permit reliable informants’ reports to be processed more quickly
Companies should implement upload filters to monitor uploaded content to make sure that content that is removed – or content that is similar to what is removed – is not re-uploaded
It proposes that content should not be removed in all cases but “blocked” (i.e. make inaccessible by the hosting provider – not “blocked” in the access provider sense) and, in other cases, left available online but with the domain name removed.
In essence, Clean IT wants to punish you for using the Internet as it was intended. It would require you to use your real name in all online communication. It would punish you for linking to “terrorist content” (whatever that means), and it makes no distinction between linking for educational or malicious purposes.
Clean IT has proven itself to be bad. What does it mean for Europe though? Nothing yet, but that could change. Europe has proven to be more accommodating to sweeping surveillance programs, but the Internet community may surprise us with another continent wide protest. They were able to successfully kill ACTA, and they may just be able to kill Clean IT as well.
Beyond that, the biggest obstacle to Clean IT’s passage is the Internet itself. All these programs require ISPs and social media networks to take on the duties of surveillance. Such programs cost too much and those running ISPs tend to have something resembling moral fiber when it comes to privacy. Facebook and Twitter would obviously reject having their services turn into surveillance systems as well.
Since the original publication of EDRI’s report, the Clean It project has published a conversation between the project’s manager, But Klaasen, and tech writer, Glyn Moody. Klaasen says that the leaked document are just suggestions, but never really clarifies beyond that. He does invite Moody and any other interested parties to attend meetings on the matter. It’s encouraging, but Moody nails it by saying that it’s worrying that the ideas present were even considered.
We’ll continue to watch the progress of Clean IT. If it does prove to be successful, you can bet a similar program will be proposed for the U.S. It’s already rumored that the NSA and other agencies collect civilian communications, but a Clean IT-like project would allow them to work in the open.
Here’s a copy of the draft Clean IT project, courtesy of TechDirt: