Let's Clean up the Clean IT Project

Any EU project called "Clean IT", with all that implies for elements that are regarded as "dirty", is worrying enough. But combined with a stated intention of "reducing the impact of the terrorist use of the Internet", the concerns naturally...


Any EU project called "Clean IT", with all that implies for elements that are regarded as "dirty", is worrying enough. But combined with a stated intention of "reducing the impact of the terrorist use of the Internet", the concerns naturally grow. After all, it is precisely by invoking the vague and emotional threat of "terrorism" that the UK government has sought to short-circuit criticism of many of its most illiberal policies, most recently with the ill thought-out Draft Communications Bill.

Thanks to a leaked document published by EDRI [.pdf], we now have a more precise idea of some of the things being considered by the Clean IT project. I've discussed most of the worst proposals at some length elsewhere (sample: forbidding the use online of unusual or rarer foreign languages that can't be understood by those seeking to spy on people), but there's one issue I wanted to highlight here, since it's of particular relevance to Computerworld UK readers.

It occurs in a section entitled "Police button", and reads as follows:

At the European level, a browser or operating system based reporting button must be developed;

The browser or operating system based reporting button must send a signal to the Internet company involved, which will take appropriate action;

The system will also send a signal to LEA [law enforcement authority], which after some time will check whether it is satisfied by the Internet company and could chose to start a formal notice and action procedure,

Governments will start drafting legislation that will make offering such a system to Internet users obligatory for browser or operating system service company as a condition of selling their products in this country of the European Union.

As you will have immediately noticed, these proposals don't take account of how open source browsers or operating systems are created and distributed. There isn't always a "company" that produces such code. In other words, the entire mental structure of the person or persons putting forward the above proposals seems innocent of the idea of free software and what that freedom necessarily means. A cynic might wonder whether open source would even be allowed in a world ruled by Clean IT ideas...

This disconnect from the reality of today's technology is typical of practically every suggestion in the Clean IT document: they show absolutely minimal understanding of how the Internet works, and the fact that many of the proposals are literally impossible to implement. The others might be possible, but at the cost of creating a surveillance state with censorship on an unprecedented scale.

In response to similar criticisms elsewhere, the Clean IT project has been quick to point out that the proposals found in the leaked document were merely suggestions:

However EDRI suggests otherwise, a posted document on their website does not provide concrete proposal to tackle terrorism on the internet. The document is food for discussion only, and summarizes possible solutions and ideas that have to be evaluated by all partners, public and private. While taking into account that any measure taken should not affect our online freedom, the advantages and disadvantages of the possible measures will be discussed in next meetings.

As soon as the plans will be more concrete and supported by all participants, they will be published on the Clean IT website. When the project ends at the beginning of 2013, all plans and documents will be published.

But the key point is that most of these suggestions are so absurd that they should never have been considered for an instant by any reasonable, intelligent group of people. They are so far from the norms of European society that they should have been laughed out of the room the instant anyone was foolish enough to suggest them.

It is the fact that they weren't, and that they made it into any kind of document from the Clean IT project that is so worrying: it suggests that the groups taking part consist largely of fantasising police and security forces who want to make their jobs easier by locking down every action on the European Internet, and allowing extra-judicial punishments without the need to involve tiresome things like judges or courts. It is, in short, an online police state perfected down to the last electron, unconstrained by what is rational or – ironically – even legal in the EU.

If the Clean IT project wants to have a serious discussion about the use of the Internet by terrorists, and how that can be minimised without damaging civil liberties, if it is found objectively to be a serious problem, that is entirely reasonable. But it must be evidence-based, not simply a wish-list of repressive tools from state security organisations, it must be based on a real understanding of how the Internet – and free software – works, and it must be completely open.

That means making it easy for the public to contribute through meetings throughout the EU, not just for well-funded state security organisations that can travel around Europe at the drop of a hat (and at taxpayers' expense), and organising a formal consultation process that encourages input from as wide a range of European society as possible. After all, it is the EU public that is funding Clean IT, to the tune of 400,000 euros [.pdf], so that doesn't seem too much to ask.

First of all, though, if the Clean IT project wants to have any credibility as an impartial enquiry into serious issues that go to the heart of freedom, it must repudiate publicly the leaked document, admitting that its measure are completely disproportionate and utterly incompatible with a fair and free society, and start again. From a clean slate, as it were....

Follow me @glynmoody on Twitter or identi.ca, and on Google+

"Recommended For You"

EU air passenger data retention system ready for take-off, says Parliament Data control, terrorism and the problem with US regulation