Friday, April 10, 2009

EU to require internet filtering?

One of the most important recent developments at EU level - and one that's received surprisingly little media attention (The Register aside) - is the proposal from the Commission to require member states to introduce internet filtering for child pornography. This requirement would be part of a wider Framework Decision on combating the sexual abuse, sexual exploitation of children and child pornography (PDF) and article 18 is the relevant provision:
Blocking access to websites containing child pornography
Each Member State shall take the necessary measures to enable the competent judicial or police authorities to order or similarly obtain the blocking of access by internet users to internet pages containing or disseminating child pornography, subject to adequate safeguards, in particular to ensure that the blocking is limited to what is necessary, that users are informed of the reason for the blocking and that content providers are informed of the possibility of challenging it.
In short, all European countries would be required to introduce filtering along the general lines of that coordinated by the Internet Watch Foundation in the UK (which I've described and criticised here).

The lack of detail in this proposal is worrying - what is meant by "internet pages" for example? Web pages? Usenet posts? Gopher pages? (Yes, it still exists folks - try it!) What are "adequate safeguards"? What is the difference between pages which "contain" and pages which "disseminate" child pornography? Would the ability to challenge a block include an appeal to an independent judicial authority? What sort of blocking would suffice - simple DNS poisoning, crude blocks of particular ranges of IP addresses, two-stage systems along the lines of BT's Cleanfeed?

On the other hand, in some jurisdictions (notably the UK), this proposal would represent a step forward for civil liberties. The specific safeguards proposed - decisions by "competent judicial or police authorities", blocking being limited to what is necessary, users being informed of the reason for a block and content providers being informed of a right to challenge a block - go well beyond what is currently provided for by the IWF for example. (Indeed, the Commission's impact assessment (PDF) for this proposal points out (p.30) that a system such as the IWF's which is based solely on self-regulation may not be "prescribed by law" as required by Article 10 ECHR.)

This proposal has met with strong opposition from EuroIPSA:
Malcolm Hutty, president of EuroISPA, representing ISPs from across Europe at the EU, considers the EU plans to block sites will "increase risks to the security, resilience and interoperability of the internet" and also stated: "For technical reasons, blocking simply cannot provide the level of protection that is necessary, and simple morality demands that we take strong collective action to get child pornography removed from the Internet, rather than simply hiding behind national firewalls," he added.
Incidentally, the impact assessment for the proposal contains an interesting and rather optimistic assessment of the costs associated with filtering (p.28):
In particular, blocking access to websites containing child abuse material would involve economic costs. The economic impact of a similar measure to restrict access to material inciting terrorism was assessed in revising the Council Framework Decision on Combating Terrorism. As the impact assessment accompanying the Commission proposal stated, the cost of imposing any of the different filtering methods to all internet service providers based in the EU is impossible to calculate. An upper limit of EUR 10 per computer is given on the basis of a specific example of implementing filtering in a network of 100 000 computers at 4 000 schools in Ireland. The cost of running a blacklist of illegal content may be borne by those in charge of it, whether law enforcement authorities or specific NGOs. This can be estimated at about EUR 110 000 to build the database and EUR 90 000 per year for maintenance. However, EU funding may be available for managing blacklists and exchanging information on illegal content.
The idea that the cost of generating and maintaing a blacklist can be capped at €90,000 per annum seems optimistic beyond belief. Is this supposed to include, for example, costs of compensating businesses who have been wrongfully blocked? The legal costs associated with appeals against wrongful blocks? The staff needed to look at alleged illegal content and decide whether it is in fact illegal? The effort required to keep the block list under review? By way of contrast, the overall budget for the IWF in 2006/2007 (PDF, p.15) was STG£876,087. Although not all that amount would be directed to generating and maintaining a blacklist, the figure nevertheless suggests that the Commission costs have little contact with reality.

[Edited to add: I've uploaded to SSRN a paper by Colin Scott and myself on internet filtering more generally.]


  1. TJ,

    Thanks for this post.

    IWF have been pushing their Cleanfeed solution now for years. It is limited, you have identified the other solutions available. Similar to the content debate on copyright and downloading no one solution can be enforced on a given operators network, particularly if the network is global or transnational.

    While of course some of the more horrible crimes are perpetrated to feed sick individuals who generate this content and it cannot be condoned, they should be prosecuted and with resulting tolls that suit the crimes. However, some logic in approaches to co, self-regulation or legislative processes needs to be undertaken.

    As I see it this is IWF seeking glory and the sale of one solution which does not and will not fit all.

    Showboating should not be allowed where such a serious issues subsists.

    Square peg, round hole and all that.

    Opens the whole question of legal and legislative supervision etc. Once the law becomes formal or not as the case maybe.

  2. PS: Holding such a black list (as mentioned above) in Ireland is a crime in itself under the 1989 CP Act, I think there is also a reverse onus clause under Section 5.

    In a letter I've seen to the Irish AG the reply stated that it would be a good Defence to have such a list for valid purposes, but as we've seen of late, such lists have become feed for nefarious posters in certain countries e.g., Denmark and Australia.

  3. I find this especially worrying in light of the recent fiasco with the Australian governments attempt at censoring internet content. Clearly thatw as done less for the "greater good" and more with a political agenda. Combien this with the way that the Wikileaks website was nearly shut down as well as the raids on houses owned by the people connected to wikileaks and a very ugly picture starts to emerge.
    Government censorship is never good as the "to be censored" content will always find a different medium for dissemination. Lack of detail would also leave these type of control mechanisms open to arbitrary misuse.