Fighting ISIS online:
Is a co-regulatory system the most
effective approach to fight ISIS
online when using the NTD
procedure?
Author: Bartosz Kozłowski Student number: s1436694 Supervised by: Dr. E. De Busser
Leiden University - Faculty of Governance and Global Affairs MSc Crisis and Security Management
Table of Contents
List of abbreviations ... 3
Chapter 1: Introduction ... 4
1.1 Counterterrorism in a digital age ... 4
1.2 Societal and academic relevance ... 6
1.3 Research question ... 7
1.4 Methodology ... 7
1.5 Effectiveness criteria ... 9
Chapter 2: Terrorism and the Internet: Theoretical framework ... 12
2.1 Difficulties in defining terrorism... 12
2.2 Selected definitions of terrorism ... 13
2.3 Terrorism in Europe – present state ... 16
2.4 What is ISIS? ... 18
2.5 How terrorists use the Internet ... 18
2.6 Fight against terrorism on the Internet – current state ... 24
Chapter 3: Notice and Takedown procedure ... 27
3.1 Notice and Takedown procedure – different approaches ... 27
3.2 Notice and Takedown in the Netherlands ... 35
3.3 Challenges of using the NTD against jihadism ... 44
Chapter 4: A Coherent NTD system ... 49
4.1 Using NTD against jihadism in the Netherlands ... 49
4.2 An optimal coherent system in the Netherlands ... 50
4.3 The challenge of impact assessments ... 55
Chapter 5: Conclusions ... 57
Bibliography ... 60
List of abbreviations
AIVD Dutch General Intelligence and Security Service
DPC Dutch Penal Code
E-Commerce Directive Electronic Commerce Directive
EEA European Environment Agency
EU European Union
EU Council Council of the European Union
EU IRU Europol Internet Referral Unit
ICT Information and communication technology
INHOPE International Association of Internet Hotlines
IS Islamic State
ISIL Islamic State of Iraq and the Levant
ISIS Islamic State of Iraq and Sham
ISP Intermediary Service Provider
IWF Internet Watch Foundation
NTD Notice and Takedown
PPP Public-Private Partnership
TE-SAT EU Terrorism Situation and Trend Report
UN United Nations
Chapter 1: Introduction
1.1 Counterterrorism in a digital age
Terrorism is one of the greatest threats to national security. According to Europol’s report (Europol, 2016) from 2016, eight member states of the European Union (EU) reported 142 failed, foiled and completed terrorist attacks. Are Western countries prepared to fight terrorism? What did European societies learn from the 9/11 attacks and the tragic assassinations in Madrid, London and Paris and other acts committed by terrorist organisations? What and who threatens us, and when should we expect a terrorist attack? What means and media are used for propaganda dissemination? These and other questions come to mind when discussing terrorism in Europe, and they correspond to the purpose of my thesis.
Since World War II, international terrorism has become a growing threat to global security. Combating terrorism and counteracting its effects is time-consuming and costly for governments, and it is estimated that EU spending on counterterrorism increased from €5.7 million in 2002 to €93.5 million in 2009 (SGUEO, 2016). Individual countries and groups of countries cooperate with each other at the international level to counter acts of terrorism (NATO, EU, 2016). However, the development of digital media has created new opportunities for terrorists and raised new challenges for national security. Moreover, traditional media controlled the flow of information and shaped the discussion before the digital era, but today, anyone has the capability to reach a wide audience (NATO Strategic Communications Centre of Excellence, 2016). Raphael Cohen-Almagor has compared modern terrorism and the Internet by pointing out that both are global and decentralised and do not require a large budget (Cohen-Almagor, 2017). Terrorists use the Internet not only to spread their propaganda and recruit new members (Europol 2015) but also to collect funds for their organisations (Europol, 2014). For these reasons, the situation requires adapting transnational counterterrorism strategies to align them with the methods used by terrorists.
The United Kingdom and the Netherlands have included provisions in their counterterrorism policies that address the growth of terrorist propaganda on the Internet (United Kingdom House of Parliament, 2015). The countries decided to make use of the Notice and Takedown procedure (NTD) (United Kingdom House of Parliament, 2015), which limits the liability of an Intermediary Service Provider (ISP) if the content on its server infringes on intellectual property or copyright. At the same time, when a host is notified about illegal content appearing
on his or her server, he or she is obliged to remove it. In Europe, the NTD regime comes from the Electronic Commerce Directive (European Commission, 2000). The goal of the directive is to provide ‘rules on issues such as the transparency and information requirements for online service providers, commercial communications, electronic contracts and limitations of liability of intermediary service providers. It also enhances administrative cooperation between the Member States and the role of self-regulation’ (European Commission, 2000). Article 14 of the directive exempts the server from liability for illegal content provided that the material remains in good faith.
The initial goal of the NTD procedure was to cope with a completely different scope of problems (e.g. copyright infringement) than terrorism. The procedure originated in the United States and sought to address copyrights infringements, but its purpose was later expanded to fight child pornography on the Internet. As such, the NTD procedure is well structured for other fields. However, based on a literature overview, I have concluded that coverage of using the NTD procedure to counter the spread of radical content is limited, and I will describe the issues that arose during my research in subsequent sections. I also wanted to investigate the usefulness of the NTD procedure in fighting online radicalisation in the context of terrorism.
The idea behind the NTD technique appealed to policymakers as a universal solution for removing unlawful content from the Internet, and there are a variety of ways in which the NTD procedure can be implemented. First, in a self-regulatory approach, an ISP removes dubious content based on general regulations. Second, in a co-regulatory approach, lawmakers and private stakeholders share responsibility (Hirsch, 2010-2011). I will examine the relationships between three parties: EU regulators, member states’ governments and ISPs. My goal is to investigate whether the co-regulatory approach would be more effective in fighting terrorist propaganda on the Internet.
In light of the ongoing debate whether cybersecurity matters should be handled by public or private actors, some scholars have pointed out that a resilient, decentralised and self-regulated Internet is not possible to achieve (Mueller, Schmidt, & Kuerbis, 2013) (Bossong & Wagner, 2018). Governments need to at least partially regulate security measures, which should then be adopted by the private sector (Tropina & Callanan, 2015). Therefore, there should be cooperation between the private and public sectors, and I will examine the possibility of creating a coherent system to fight online radicalisation with the use of the NTD procedure. I will focus on the how Islamic State in Iraq and Syria (ISIS) has inspired terrorism since the
start of the conflict in Syria via the spread of radical content on the Internet. I will also describe and introduce how the NTD regime has been implemented in an international context by providing examples from particular countries, especially the Netherlands.
1.2 Societal and academic relevance
General studies on the NTD procedure exist broadly in the literature. There are studies on the implementation of NTD for copyright issues and to a lesser extent, in the fight against child pornography. From the beginning in 2000 when the E-commerce directive was introduced, doubts regarding the use of the procedure in the abovementioned areas have been thoroughly described and investigated. In addition, when the EU included NTD in its e-commerce directive, the organisation also initiated multiple legal studies on the use and imperfections of the procedure. Consequently, there are quite a number of analyses and comments on the use of NTD in practice, but specific literature regarding the use of NTD against radicalisation and terrorism is limited. In addition, due to the subject—terrorism—there is difficulty in conducting empirical research.
The EU directive has allowed member nations to freely implement the procedure at the state level (Baistrocchi, 2002). This method has caused confusion as countries approach the process at different speeds, which depend on many factors and will be described in more detail in Chapter 3. The EU has only recently responded to the threat of online radicalisation and started working on new regulationsthat are based on the NTD procedure. Individual member states have begun introducing and using the regime on their own with varying results, but these attempts have been rather sparse for the aforementioned reasons.
As such, my research aims to fill the gap in knowledge regarding the use of the NTD procedure against terrorism. By developing a new concept that utilises the co-regulatory approach for NTD to fight online radicalisation, this thesis can contribute to the theoretical field of security management. At the same time, assessing the effectiveness of this method makes my research practical and could be used by policymakers in the future as a basis for NTD implementation in the EU.
1.3 Research question
In light of the introduction, the basic question that steered this research was:
Is a co-regulatory system the most effective approach for fighting ISIS online when using the NTD procedure?
Guided by the main research question, the following sub-questions will be assessed:
1. What are the effectiveness criteria of a system using the NTD procedure to fight ISIS-inspired terrorism?
2. What elements of NTD practices that are used in other fields could be implemented in the fight against terrorism?
1.4 Methodology
In order to address my research question, I will first define the criteria of effectiveness that should be fulfilled by a system that seeks to combat ISIS online. For this purpose, I will make use of a policy evaluation framework from environmental field (Vaz, Martin, & Ribeiro, 2001).
Because there is no general, consistent definition of terrorism and instead there are a number of indefinite statements in the scientific literature, some systematisation and ordering are required. Thus, I will present selected definitions of terrorism, describe how terrorists use the Internet and explain the counteractions taken by the EU.
I will then present the elements of NTD that are necessary for understanding the procedure by clarifying existing concepts in international relations. In addition, I will outline the past and current state of the procedure’s implementation in the Netherlands. An important part of this chapter will be a description of the best practices used to fight child pornography online, which could be adopted to combat online terrorism.
To narrow the subject, the analysis will cover theories and practices in the Netherlands and the ISIS terrorist group between 2011 and 2017. I selected this period selected based on the timing of the Arab Spring and the founding of the Islamic State (IS). In order to address my research question, I will analyse the problem based on the literature by theoretical researchers and practitioners in the field of terrorism and NTD. Another source of data will be reports and source data regarding specific case studies in the Netherlands. The method of system analysis
helped me identify the instruments of EU policy and Dutch legal framework. I will look at Europol’s annual terrorist risk assessment and information about the creation of the Europol Internet Referral Unit (EU IRU) and one of the agency’s reports from a specific year. The described elements will be compared to the theories I have selected for this research.
I will introduce how the NTD procedure is used, in theory and in practice, based on the e-commerce directive of 8 June 2000 (European Commission, 2000), particularly in the Netherlands. This explanation is important as it elucidates what NTD is within its operational framework while examining the state of literature on the subject, and the third chapter will also consist of the genesis of different approaches to the procedure. Analysis of US and EU approaches are vital to understanding the challenges arising from the varying legal systems, and I will also analyse the working code of conduct for good practices in the Netherlands.
In my research, I will use the definition of the co-regulatory approach from the article ‘Public Strategies for Internet Co-regulation in the US, Europe and China’ (Frydman, Hennebel, & Lewkowicz, 2009), which explains the different types of regulatory tactics related to NTD. The approach assumes initiatives will come from the actors involved in the process. For the EU’s co-regulation methods, lawmakers (regulators) create legal provisions for the NTD procedure and allow member states to implement them in their legal frameworks. Thus, the co-regulatory approach calls for greater mandatory involvement of the actors in the NTD procedure than the self-regulatory approach does. The co-regulatory approach is also a more centralised system, but the implementation and enforcement of these rules are shared amongst private and public stakeholders. I will provide specific examples of both regulatory approaches.
In order to describe the practical use of NTD in the Netherlands, I will depict the use of the procedure in civil lawsuits and how it has been used in cases related to sabotage and defamation. The court cases were not related to terrorism, but they used a similar argumentation and are closest to terrorist cases in terms of applying the NTD procedure. The cases will be helpful for understanding the diverse aspects of ISP liability and how courts have approached the legal framework in such situations. I decided to use court cases to demonstrate that even if legal guidelines seem to be clear, practice shows that every instance is different. Moreover, involving the courts prolonged the procedure, and as a result, the illegal content remained online for a longer period of time. These difficulties are another argument for creating a coherent system that can bypass such obstacles.
In Chapter 3.3, I will analyse challenges related to using the NTD procedure against ISIS, especially in regard to hate speech and radicalisation. In other words, I will examine how this process currently works and whether it is effective in fighting terrorism. In this chapter, readers will also see what kinds of issues different actors encounter in the use of the regime, and I will outline general challenges such as ethical implications and privacy issues.
Finally, I will briefly describe past attempts using the NTD procedure against jihadism in the Netherlands. I will determine whether a coherent system that is based on a co-regulatory approach using the NTD procedure would meet the effectiveness criteria described in this thesis. For this part of my analysis, research by Carlijn Dohmen (Dohmen, 2008) proved to be helpful because the author has described the potential for creating a central NTD system in the Netherlands. This ex-ante evaluation of my proposed solution will bring me closer to answering the research question.
1.5 Effectiveness criteria
In order to assess whether the NTD procedure is an efficient tool in countering ISIS propaganda, I will outline criteria that can make the system effective and will use the framework proposed in the European Environment Agency’s (EEA) report (Vaz, Martin, & Ribeiro, 2001) that describes a methodology for European policy evaluations. I decided to use the EEA report because it presents a comprehensive structure for assessing effectiveness that can be used in domains other than the environment. The document provides clear definitions of terms such as ‘effectiveness’ or ‘impact’ for policy-evaluation researchers, and such thorough reporting could not be found in the field of counterterrorism.
The EEA report includes the following definition of the effectiveness:
A judgment about whether or not the expected objectives and targets of the policy measure have been achieved. This requires comparing the effects of the measure with its intended objectives. (Vaz, Martin, & Ribeiro, 2001)
The report distinguishes a measure’s ‘effect’ and its ‘effectiveness’. Identifying an ‘effect’ should be the result of an unbiased observation of how a policy impacts the outside world. ‘Effectiveness’ goes further and assesses whether and how far these effects meet the objectives set for a policy. The effectiveness means comparing outcomes and outputs against the intention
of the measure. The process is part of a larger framework for policy evaluation and is illustrated in Figure 1.
Figure 1: Policy evaluation (Vaz, Martin, & Ribeiro, 2001).
In light of my research, key elements of the framework include the following:
Outputs – the tangible results achieved after the implementation, e.g. number of blocked terrorist accounts or number of centres prepared;
Outcomes – mid-term effects, e.g. a smaller number of people affected by terrorist propaganda or faster reactions to the notification about illegal content;
Impacts – the ultimate effect of the measure on the outside world, e.g. dismantling the ISIS network or ending terrorist propaganda on the Internet.
The EEA report puts pressure not only on post factum evaluation but also on policy assessment before implementation in order to estimate its future effects, which also suits the purpose of my thesis.
I will also make use of the findings from the Securing Europe Through Counter-Terrorism: Impact, Legitimacy and Effectiveness project (De Londras & Doody, 2015), which examined
the challenges that arise when assessing the effectiveness of measures from a societal perspective. Sometimes the impact is difficult to measure because of its qualitative character such as changing the behaviour of actors. The effectiveness of the operational framework is easier to quantify, and the criteria proposed by me therefore use that perspective (De Londras & Doody, 2015).
Michael Brzoska, who has examined the role of evaluations regarding counterterrorist financing policies, has pointed out that official assessments conducted by institutions such as the United Nations Security Council Counter-Terrorism Committee focus on outputs and outcomes, even though their ultimate goal is to decrease the risk of terrorist attacks. These institutions report on policy implementation, e.g. whether an appropriate institutional structure is created rather than on the effects on society (Brzoska, 2011).
For these reasons, I will not assess the ultimate effects of the co-regulatory system in fighting terrorist propaganda using the NTD procedure. Instead, I will appraise whether the system would meet objectives of the measure in terms of its outputs and outcomes.
I will describe following outcome indicators of NTD effectiveness:
1) Authority – Institutions handling notices should cover a wide area of different states. These institutions should be connected with each other in order to transfer information between each centre, which is necessary because terrorism is a transnational phenomenon that requires transnational measures (Brzoska, 2011). For example, when a centre in country X receives a notification about illegal content on a website that is being hosted in country Y, centre X should transfer the notice to centre Y to handle the case under local authority.
2) Time of removal – If a notice concerns an ISP within a country, the time of removal should take no longer that 24 hours. In the case of another country within the EU, action should be taken within 72 hours (Dohmen, 2008).
3) Independence – a system should be transparent and accountable.
In Chapter 4, I will assess whether a coherent system created in the Netherlands is able to meet these criteria, which will subsequently lead me to a positive or negative answer to my research question: Is a co-regulatory system the most effective approach for fighting ISIS online when using the NTD procedure?
Chapter 2: Terrorism and the Internet: Theoretical framework
In this chapter, I will discuss the difficulties caused by the blurred character of terrorist activities. Terrorists make use of this issue and exercise loopholes in the legal framework to promote their propaganda. For example, I will outline a case where radical messages were created under the cover of religious content, which allowed them to go unnoticed. As such, a variety of definitions for radical propaganda provides more room for evading law enforcement, so several academic definitions of terrorism will be proposed in subsequent sections. In addition, I will briefly sketch the present state of terrorism in Europe and explain what ISIS is. This discussion will lead to a description of terrorist activities online outlined in Chapter 2.5, which will show how radical propaganda can be shared due to insufficient definitions of terrorism. Finally, I will summarise the current methods used to fight terrorism online.
2.1 Difficulties in defining terrorism
At present, there are many different definitions of ‘terrorism’, but the international community has failed to develop a single meaning of this term that would be universally accepted. In the next sections of my research, I will explain why the lack of a specific definition causes problems in acting effectively against terrorist propaganda.
The classification of the concept depends on who defines it. Terrorists believe they are fighting for freedom and against tyranny, i.e., ‘one man's terrorist is another man's freedom fighter’ (Cohen-Almagor, 2017). From this perspective, their actions are always justified because they depend on actions of an opponent. Others believe that terrorists use violence that is unnecessary and excessive considering their motives (Hoffman, 2006).
It is very difficult to distinguish between terrorism and phenomena which are more or less related to it, e.g. guerrilla war, terror, national liberation revolutions, wars for independence and separatism. The term ‘terrorism’ covers a number of different attitudes and behaviours such as anarchist and revolutionary activities or criminal acts. It is important to distinguish between ‘terror’ and ‘terrorism’. The former is a method of violence used by state authorities against their own nation, citizens or groups of citizens, i.e., so-called ‘top-down violence’ (Berdal & Malone, 2000). In comparison, ‘terrorism’ is violence applied by social groups to state authorities of a country, i.e., so-called ‘bottom-up violence’ (Berdal & Malone, 2000). In modern times, these two terms are commonly used interchangeably and treated as synonyms.
One definition of terrorism should be established for several reasons. First, it would facilitate creating effective problem-solving strategies by individual states and international organisations. Second, a single definition would help to provide unified classification and clearly identify which groups are terrorist organisations. Third, a common definition would structure knowledge about the phenomenon. Overall, creating a single meaning would lead to decreasing the threat of terrorism.
2.2 Selected definitions of terrorism
The concept of ‘terrorism’ has its origins in the Latin words ‘terror’, which means ‘terrible news’, and ‘terrere’, which means ‘to terrify’ (Chaliand, Blin, Pulver, & Browner, 2007). One must be aware that some authors even report the existence of over a hundred definitions od terrorism (Hoffman, 2006). I will discuss some of them in later parts of this chapter.
Analysis of the vast majority of scientific publications leads to the conclusion that so far, there are no universally accepted definitions of terror, terrorist and terrorism (Hoffman, 2006). In describing the phenomenon of terrorism, we are dealing with its evolution over time, which is dependent on changes in the world and implies that definition itself is changing as well.
2.2.1 Schmidt
Academic circles have repeatedly tried to define the concept of terrorism. It is worth quoting the results of a study by Alex Schmidt and Albert Jongman (1988), which distinguished the essential characteristics of this phenomenon. The authors analysed 109 different academic and official definitions of terrorism that had been formulated by various organisations and state agencies between 1936 and 1981. In their work ‘Political Terrorism’ (33) (Schmidt & Jongman, 1988), they characterised 22 elements recurring in different definitions of terrorism. Five most common elements are: violence and force (83% frequency), political (65%), fear (54%), threat (47%), and psychological effects and (anticipated) reactions (41%).
These elements distinguish terrorism from organised crime or criminal activity. It is interesting that the majority of definitions analysed by Schmid and Jongman (1988) did not account for features such as randomness, impersonality, violence against civilians or people who were not involved in the conflict and finally, the unpredictability of violent acts (Tomczak, 2010) The authors state that ‘terrorism is an anxiety-inspiring method of repeated violent action, employed by (semi-)clandestine individual, group, or state actors, for idiosyncratic, criminal, or political reasons (…) The immediate human victims of violence are generally chosen randomly (targets
of opportunity) or selectively (representative or symbolic targets) from a target population’ (Schmid & Jongman, 1988).
2.2.2 The Dutch definition
In the Netherlands, the definition of terrorism has been established in Dutch Penal Code (DPC), Section 83.
The Dutch Penal Code distinguishes the following two main concepts related to terrorism: 1) ‘terrorist offence’ (Section 83) and 2) ‘terrorist intent’ (Section 83a). The first concept clearly describes what is considered to be a terrorist offence (Netherlands, Louise Rayar, and Stafford Wadsworth., 1994). An example would Paragraph 108(2), which applies to attacks on a Royal Dignity. If the offence is committed deliberately or results in the death of a member of the royal family, it will be punishable by life imprisonment or a term of imprisonment not exceeding 30 yearsThere are a dozen crimes (offences) defined explicitly in specific paragraphsrelated to different spheres of social life and threats to national security (Netherlands, Louise Rayar, and Stafford Wadsworth., 1994).
As for the second concept, terrorist intent is understood fairly broadly according to Section 83a of the DPC. The intention of a terrorist is to influence or disrupt the activities of national and international authorities and also to influence the economic, constitutional and social foundations at both levels of government (Netherlands, Louise Rayar, and Stafford Wadsworth., 1994).
2.2.3 United Nations
The fight against terrorism is an integral part of the UN mandate. According to Article 1 of the UN charter, the organisation’s purpose ‘to maintain international peace and security, and to that end: to take effective collective measures for the prevention and removal of threats to the peace, and for the suppression of acts of aggression or other breaches of the peace...’ (Assembly UN, 2017).
The UN has not introduced an inclusive definition of terrorism, and it is still a subject of negotiations for the Comprehensive Convention on International Terrorism. This treaty will include a definition of terrorism, and while the convention’s work began in 2001, the participants have not yet decided on a definition of the crime. The proposed text is:
1. Any person commits an offence within the meaning of this Convention if that person, by any means, unlawfully and intentionally, causes:
(a) Death or serious bodily injury to any person; or
(b) Serious damage to public or private property, including a place of public use, a State or government facility, a public transportation system, an infrastructure facility or the environment; or
(c) Damage to property, places, facilities, or systems referred to in paragraph 1 (b) of this article, resulting or likely to result in major economic loss, when the purpose of the conduct, by its nature or context, is to intimidate a population, or to compel a Government or an international organization to do or abstain from doing any act. (Assembly UN, 2002)
Although there is no single definition by the UNwe can find some consistency in meaning via particular counterterrorism conventions. The organisation defined terrorism at the International Convention for the Suppression of Terrorist Bombings, the International Convention for the Suppression of the Financing of Terrorism and the International Convention for the Suppression of Nuclear Terrorism. At these conventions, the offence of terrorism generally consisted of intent to cause death and damage/destruction to property or environment. All of the proposed definitions also assumed that combatants were not involved in armed conflicts and did not represent state actors.
The unprecedented achievement of the UN was to establish 14 international conventions dealing with terrorist activities. Because of these agreements, the necessary legal regulations were created to prosecute and criminalise perpetrators of terror. None of the meetings fully covered the phenomenon of terrorism but only its particular aspects.
2.2.4 European Union
The European Commission has formulated one definition of terrorism, which was adopted in a framework for combating terrorism (2002/475/JHA) (European Council, 2002) on 13 June 2002 and a subsequent amending decision (2008/919/JHA) (European Council, 2008). The definition clearly indicates what crimes are considered terrorism, and the document also defines national legislation in this area.
The EU legislators delimited terrorism as:
offences under national law, which, given their nature or context, may seriously damage a country or an international organisation where committed with the aim of: — seriously intimidating a population, or — unduly compelling a Government or international organisation to perform or abstain from performing any act, or — seriously destabilising or destroying the fundamental political, constitutional, economic or social structures of a country or an international organisation. (European Council, 2002)
This definition is used by Europol in determining terrorist offences and also includes particular acts that are considered terrorismThe EU lists terrorist offences to consist of ‘attacks upon a person’s life which may cause death, an attack upon the physical integrity of a person’, through activities such as the ‘seizure of aircraft’. It also includes possession, acquisition or manufacturing of any dangerous materials, e.g. any kind of weapon, weapons of mass destruction (WMD) and explosives. Kidnapping, disrupting water supplies and threatening to commit any of the listed crimes are also included in the EU’s definition. The organisation’s characterisation of terrorism is quite broad and accounts for all possible acts that could be committed with the aim of terrorising society or governments. We need to remember that this approach should be implemented into the national laws of member states. Moreover, in this framework, the EU has the same approach as the UN and does not consider actions of armed forces under international humanitarian law to be terrorism.
2.3 Terrorism in Europe – present state
To describe the current situation, I will use Europol’s annual EU Terrorism Situation and Trend Report (TE-SAT) (EUROPOL, 2011, 2012, 2013, 2014, 2015 & 2016). In these reports, Europol described the state of affairs in each of the respective years, and the agency used a clear, defined methodology that allows for comparison of data. In addition, the reports were generated based on data that were provided by member states, open sources and Eurojust. Another reason for relying on these reports is that the documents have been published since 2002 and their methodology has been consistent since 2006 (Europol, 2016)
The situation in Europe from 2010 to 2017 fluctuated, and depending on the year, the number of attacks increased or lowered. Related to terrorist acts, the number of people arrested on terrorism charges also changed over time, and the gravity of the situation grew as the years
passed. According to Europol, the number of terrorist attacks has increased since 2010. At the beginning of the analysed period, the situation in Syria was developing and foreign fighters were still almost unknown in Europe. Most of the arrests were against national right, left and separatist movements. Apart from a few significant attacks that had high fatalities, the majority of incidents were relatively small in scale. The most notable situations that appeared in newspaper headlines were the Breivik 2011 attack in Norway where the perpetrator was responsible for 77 deaths and the notorious 2015 Paris event where the attackers caused 148 fatalities and wounded over 350 people (Europol, 2016).
In the last few years, many groups have been classified as terrorists, including left and right-wing activists, separatists and even pro-animal movements. All of them were active through the analysed period. However, since 2014 (Europol, 2015), Europol concluded that religiously inspired terrorism was on the rise in Europe despite higher numbers of spoiled attacks that were attributed to other groups.
Analysis of the above-described data shows that the number of attacks alternated in the 2010-2015 period. The evaluation also shows that the methods of assault changed and the number of attacks eventually decreased, although there were a few instances of successful attacks with numerous victims. Another insight from my analysis is that the number of radicalised people acting as ‘lone wolves’ grew in these years. A ‘lone wolf’ can be defined as ‘a person who acts on his or her own without orders from—or even connections to—an organisation (Burton i Steward, 2008). At the same time, analysis of the reports (Europol, 2011, 2012, 2013, 2014, 2015 & 2016) suggests that police and security agencies of the member states have become more effective in taking actions against terrorists. This increasing efficacy is due to the rising number of hindered attacks and accompanying arrests. To illustrate, 1,077 people were arrested on a basis of terrorist allegations in 2015, and 687 of those arrests were related to terrorism.
Europol has recognised the threat caused by jihadist terrorism, especially by IS or ISIS. Al-Qaeda has not been classified at a similar threat level as ISIS, which is also referred to as the Islamic State of Iraq and the Levant (ISIL) or Daesh (the Arabic acronym). The Islamic State has been known to use locally based operatives, to increase the speed of radicalisation, and to select soft targets for effectiveness rather than going after the police, governments and critical infrastructure, which usually are well defended. Moreover, IS is training the ‘the next generation’ of foreign terrorist fighters, who are minors born or brought up in the territory occupied by Daesh and who are trained and prepared to execute terrorist attacks. Another
worrying aspect has been Western security services were holding ‘prominent positions’ within IS and maintaining contact with terrorist cells in their home countries. 2015 saw a shift in IS strategy to ‘intimidate Western audiences’ (Europol, 2015) in response to increasing Western military involvement in the conflict in Syria. Authors have also pointed out the growing threat of individuals becoming radicalised without contacting an organisation or traveling to Syria. Overall, there were 17 jihadist terrorist attacks in 2015, which was an increase of 425% in comparison to 2014, and the number of arrests went from 385 in 2014 to 687 in 2015 (Europol, 2016).
Between 2011 and 2017 terrorists used social media even more extensively for communication, radicalisation/recruitment and fundraising. Moreover, it was noticed that terrorists started to take advantage of encryption to secure their communications.
To summarise, terrorist activities have been increasing, but at the same time, the security services of the EU member states have become more effective at capturing perpetrators. Due to globalisation and technological developments, new methods of fighting terrorist propaganda have needed to be established.
2.4 What is ISIS?
In my thesis, apart from explaining ISIS and the history of the group, I will use the abbreviations IS, ISIS, ISIL and Daesh interchangeably.
The abbreviation ‘ISIS’ comes from the ‘Islamic State of Iraq and al-Sham’ and represents a Salafic terrorist organisation that declared an ‘Islamic State’ on 29 June 2014 (Kerr & Larkin, 2015). In fact, IS is a self-proclaimed caliphate in the territory of Iraq and Syria. The official purpose of the group is to create a state based on Sharia principles that regulate religious practices and also acts as a religious authority in the daily lives of Muslims. As ISIS is comprised of Sunni extremists, the entity is more ruthless in achieving their goals in comparison to other terrorist groups (Law, 2014).
2.5 How terrorists use the Internet
2.5.1 An overview of methods used by terrorists
The United Nations Office on Drugs and Crime has identified several key areas where the Internet is used by terrorist organisations (United Nations Office on Drugs and Crime, 2012) (3-6), including the following:
Propaganda, recruitment, incitement and radicalisation
Terrorist organisations have a broader outreach of their messages because of the Internet, which allows them to reach a wide audience across the globe. Furthermore, the technology creates an opportunity to share true and false information to spread terrorist ideology or to intimidate, deprecate and discredit opponents (United Nations Office on Drugs and Crime, 2012).
Financing
Terrorist activity on the Internet allows terrorists to acquire a substantial amount of money. According to the US Federal Bureau of Investigation, between $3 billion and $7.5 billion dollars were stolen via computers in the 1990s. Moreover, there is a known case of large amounts of money being withdrawn from Wahhabi accounts in Saudi Arabia. Based on incidents such as these, terrorists intended to create their own banks, and these organisations can gather enormous resources from fake electronic transfers, bank robberies or stolen credit cards (United Nations Office on Drugs and Crime, 2012).
Training
The Internet is also a suitableeducational platform for potential terrorists, who can find a variety of digital training materials provided by terrorist organisations or individual fighters. For example, there are instructions available on the Internet about a variety of activities, including how to build a simple explosive or how to carry out a terrorist attack (United Nations Office on Drugs and Crime, 2012) (Neumann & Stevens, Countering Online Radicalisation; A strategy for action, 2009).
Planning terrorist attacks and communication
Many terrorist organisations use the Internet to better arrange and coordinate attacks, primarily because they want to improve their efficiency and flexibility. The actions of Sunni Hamas are a good example of using the Internet for planning an attack. Members of this group use chat rooms and emails to plan operations in the Gaza Strip, Lebanon and the West Bank (United Nations Office on Drugs and Crime, 2012).
Execution of the attacks
The Internet can also be useful in final phase of terrorist attacks. It is used to indicate the exact location of an attack, to coordinate the course of execution, share information with subgroups and to disperse or interrupt actions taken by terrorists (United Nations Office on Drugs and Crime, 2012).
Cyberattacks
Successful attacks on information systems in basic areas of the economy, including banking, finance, telecommunications and commerce, could effectively paralyse state institutions and involve significant costs. In extreme cases, terrorist activities in cyberspace can harm civilians, e.g. affecting flight control systems (United Nations Office on Drugs and Crime, 2012).
To illustrate the observation from the above-mentioned reports, I will depict more details regarding how terrorist organisations have used the Internet for their purposes in the following paragraphs.
Islamist terrorist organisations using the growing communication potential of the Internet is not a 21st-century invention. In the 1990s, there were already first attempts being pursued, which focused on the following five actions: propaganda, funding, communication, terrorist attacks and training. Due to technological limitations at that time, propaganda campaigns took the form of simple websites that contained manipulated informational materials and articles aimed at spreading the ideological message of an organisation. The precursors of such practices were utilised by the most dangerous terrorist organisations, including Hezbollah, Palestinian Hamas and al-Qaeda. For example, Hezbollah created an entire network of websites that contained propaganda material from other controlled media such as Manar television and al-Nour radio (9-29) (Anti-Defamation League, 2002). Moreover, Palestinian Hamas was active in the network around the Palestinian Info website, which was available in several languages, including Arabic, English and Russian (The Palestinian Information Center, 2017).
At the turn of the century, al-Qaeda took more advanced actions, which usually did not rely on official media. Instead, they used semi-official websites featuring propaganda materials promoting jihad such as al-Maqdese, Azzam Publications, alneda.com or jehad.net (Anti-Defamation League, 2002).
Over time, terrorist organisations began to use the Internet in other activities. Their leaders concluded that digital networks could be helpful for collecting additional financial resources. Even before the event of 11 September 2001, al-Qaeda used associated foundations such as The Benevolence International Foundation and the al-Haramain Foundation. With the help of foundations official websites, it was possible to make bank transfers that supported the activity of the al-Qaeda (Anti-Defamation League, 2002). Furthermore, Europol described several of
the agency’s investigations into terrorist networks using charities or non-profit organisations to raise funds via the Internet, and they distinguished two forms in which terrorists used the Internet. First, terrorist groups used the Internet as a tool to spread information about donations on social media platforms such as Facebook. Second, terrorists gathered money through online accounts like PayPal, which effectively made donations much easier to process and covered a much wider target audience (Europol, 2014).
Due to the ever-increasing functionality of the Internet, it has become a convenient medium for terrorists. Special software for message encryption and steganography techniques have made it easier to communicate and prepare terrorist attacks. Websites have been used to spread encrypted or specially crafted messages (Thomas, 2004), and the Internet has also become a convenient storage mechanism and source of information about potential goals. For example, it has become easy to find architectural plans for buildings, satellite maps and interior pictures that could facilitate the planning of attacks without sending reconnaissance. Lastly, terrorist organisations have adopted eLearning methods by publishing training materials. on the Internet, including how to prepare explosives from easily accessible materials (International Telecommunication Union, 2012).
The attacks on the World Trade Center and Pentagon in 2001 launched a whole sequence of events related to the war against terrorism. At the beginning of 21st century, the Internet was increasingly being used by Islamist fundamentalists to intimidate Western societies and inspire followers. It was the global network that helped al-Qaeda members buy at least nine tickets for planes later used the 9/11 attacks (Neumann & Stevens, 2009).
Online speeches of Osama bin Laden or other leaders of terrorist organisations and the executions of captives became popular. With the increasing availability of a variety of electronic devices such as digital cameras, well-prepared recordings of attacks on coalitions of Western states in the Middle East and Central Asia began appearing on the Internet (Szczurek, 2014) (195-196). To compare, in the first decade of the 21st century, traditional media and ‘mainstream’ Internet websites (e.g. CNN, BBC, Yahoo!) avoided the publication of this type of material. Even if there were reports such as those involving drastic executions, they were generally covered with photographs, which were often censored.
In many cases, the Internet facilitates activities that would be much harder to execute in a non-digital environment. Online media were used after the events of November 2013 in Kiev, when
right-wing extremists from other European countries showed their support for pro-Ukrainian groups (Europol 2015). Recruitment for these groups was mainly organised on the Internet. In addition, according to the latest report by Europol (Europol 2017), so-called lone wolves have been using web forums and social media networks to find bomb-making information, which would be much harder to access outside the digital world.
Platforms such as Facebook and YouTube are the most popular media used to spread radical content and build a sense of community, and the content provided on social media enables radicalisation. Because of these platforms, the ideas of individual extremists become available to an entire community network. It is not rare that a person contacts virtual friends from Facebook groups more frequently than his or her peers and family in real life, and an extremist who may feel alone in his or her convictions can find other people sharing the same beliefs on social media (Weimann, 2006).
An example of radicalisation and effective propaganda of Islamist terrorism was the case of a Muslim from London. Younis Tsouli was active on social media under the pseudonym ‘irhabi007’ (in Arabic: ‘terrorist007’) for a number of years. He regularly posted statements from leaders of Islamic terrorist groups and gave advice on how to safely use the World Wide Web. He also organised terrorist groups by looking for them on the Internet, and he finally decided to carry out a suicide assassination (BBC News, 2007).
Twitter is readily used by terrorists as the main information channel for an instant communication with a wide audience. Moreover, in case of a terrorist attack, the mainstream media refer to tweets posted by perpetrators. This service allows for the rapid dissemination of information, which is particularly important in the chaos accompanying such events. To illustrate, during attacks in Nairobi (Kenya) in 2013, al-Shabab militants posted 258 messages using this platform, and public and private media were reporting this event along with the terrorists (Libor, 2016).
2.5.2 How ISIS uses the Internet
At the present time, every major terrorist organisation has its own media, produces its own films, and creates magazines and publishes them for the public via the Internet. The Islamic State is conducting these activities as well, and an important part of the group’s media coverage are descriptions of everyday life in the areas it controls. Western media show images of Syria and Iraq being destroyed by the civil war, pictures of ruined cities, widespread terror and
barbarism, but official ISIS media show the contrary, i.e., calm, well-managed cities and happy citizens who fully support their new authorities (Saltman & Winter, 2014).
An example of ISIS using popular social media platforms involves sharing videos of executions, and in August 2015, Daesh made a strategic decision to share the beheading of American journalist James Foley. First, a YouTube video was made available, which was accompanied with a series of Twitter posts featuring photos of his throat being cut and then his decapitation. This performance caused a disturbance on social media, and tweets were retweeted by thousands of users (Libor, 2016). In addition to raising fear and gaining publicity, online videos are a source of income for terrorists.
According to the research by the Brookings Center for Middle East Policy (Berger & Morgan, 2015), there were no fewer than 40,000 active Twitter users who openly supported Daesh in 2014. Sixty percent of them joined the platform in 2014 alone, which coincided with the progress of Islamist offensives in Syria.
Content posted by ISIS on platforms such as Flickr and Instagram has significantly increased the effectiveness of terrorist messages because they can use pictures posted on these platforms to enhance messages from other Internet platforms/websites. The content may include taking responsibility for an assault or presenting a relation to it (e.g. images posted by Daesh fighters from Syria and Iraq). Interestingly, many people commenting on this content are from outside the Middle East and are younger than 35, which proves the group can be effective at reaching its designated audience (Berger & Morgan, 2015). Islamist terrorists such as those associated with ISIS can use social media to create their own brand and to monetise it. On Facebook groups and on Twitter, there are links to specialised sites where anyone can design a shirt with the Daesh logo or order an ISIS flag and all sorts of other gadgets. Many fighters and supporters of ISIS are eager to post their images on social media with themes relating to the idea of global jihad. These types of activities prove that Islamists are able to adapt to needs of the market and that new marketing approach is an important element of propaganda on the Internet.
Preventing the attacks of ‘lone wolves’ is far more difficult than preventing conventional assaults prepared by terrorist organisations. For this reason, ISIS launched an effective campaign focused on lone wolves, and from December 2014 to June 2015, there were seven terrorist attacks or attempts committed by Islamic fundamentalists in France. Most of the
perpetrators explicitly referred to the caliphate ideology by their slogans and behaviours or attitudes.
To conclude, a model of online propaganda activity adopted by IS undoubtedly represents a serious threat to the security of EU countries. This danger results from the group’s innovative methods described above and also from ‘merging’ into everyday communications taking place on the Internet. In the following sections of my thesis, I will describe detailed strategies for fighting online propaganda at local and international levels.
2.6 Fight against terrorism on the Internet – current state
2.6.1 Difficulties with fighting terrorism
At the beginning of the 21st century, the main means used by cyber-jihadists were far easier to identify and combat Today, terrorists are more active than ever before on the largest social media networks, and the scale, dispersion and constant evolution of such platforms means blocking terrorist organisations is exceedingly difficult. (Europol 2015). Solutions are needed that will end this campaign in a systematic way. At the moment, however, lack of coherent legal framework and cooperation between countries is still a substantial problem, and security services respond to many of these projects with considerable delay. An equally serious challenge is counteracting terrorist propaganda’s lingering effects on the minds of many Internet users, and an internationally coordinated communication campaign would be necessary to address this problem (van Ginkel, 2015). Such campaign and actions are crucial because it can indirectly influence the level of terrorist threats, given the amount of social support for the al-Baghdadi organisation (IS)in some European countries.
In this context, it seems that finding effective solutions to block and reverse the effects of ISIS propaganda is now one of the main challenges faced by the NATO states and the EU. The lack of an appropriate response will result in the growing threat of terrorist attacks and a higher level of intimidation and disorientation for Western societies.
Methods used by the terrorists, described in the preceding section, show that a global threat requires global solutions. Extremists can no longer be easily countered on a national level because of the decentralised nature of online communication. Yet who should take ownership
of the problem? The Internet blurs the connection between national territories and the laws that should be enforced by a specific county (Frydman, Hennebel, & Lewkowicz, 2009).
2.6.2 Creation of the EU IRU
The EU IRU was established in June 2015 in response to the increasing radicalisation threat. The decision to create the EU IRU was made by the Council of the European Union (EU Council) on 12 March 2015. The unit’s goal is to become a facilitation centre for all member states within EU. Core tasks include flagging violent content, handling carry and support referrals, providing strategic analysis for its partners and acting as the European Centre of Excellence. The one year report from the EU IRU states that another of its aims is to build ‘partnerships with the private sector (to promote ‘self‐regulation’ by online service providers)’ (Europol 2017). The important aspect for future analysis is the self-regulatory approach, which I will discuss later in the second chapter.
Europol as a European agency is restrained by the willingness of member-state law enforcement groups to share knowledge and information. To engage member states in transnational law enforcement, Europol has introduced liaison officers, who are recruited from member-state law enforcement agencies to facilitate communication between the Hague headquarters and local offices. The EU IRU is even more restrained in its operations and employs 21 staff members. However, only four countries have appointed their seconded national experts (temporally or permanently), and the UK was the only country to assign a liaison officer and create an operational channel between the EU IRU and UK CT IRU.
The centre was created for the purpose of countering radical online content and migration. The EU IRU refers flagged content to the proper ISP or social media platform to take down the content, but notification itself is not perceived to ‘constitute an enforceable act’. Instead, the centre fully relies on an ISP to comply with its own term and conditions. EU IRU found over 70 online platforms containing radical content. However, the centre requested removal of illegal content from only 31 of them. The success rate was 91.4%, which was relatively impressive number, considering that ISPs voluntarily removed illegal content (Europol, 2016).
Europol’s targeted approach is trying cope with its limited resources by ‘linking to a high profile event, and relayed by high profile accounts rather than try to identify every piece of propaganda’ (Europol 2017). By concentrating on the ‘viral’ or major events, the EU IRU is gaining valuable attention from the public, which helps pressure ISP providers to disrupt
radical propaganda. In addition, the EU IRU is focused on illegal migration and is trying to act upon this issue as well.At the end of its first year in operation, the EU IRU had assessed 11,050 pieces of content and made 9,787 referrals for removal. The goal for the future is to bridge the gap between ‘prevention and attribution’ (Europol 2017).
Chapter 3: Notice and Takedown procedure
This chapter will describe the state of literature and the genesis of the NTD procedure, and differences between the diverse approaches to NTD will also be explained. The genesis of NTD in Europe is quite complicated. One can observe cross-Atlantic inspirations in law making, but there are important discrepancies in handling the matter. The EU includes 27 different legal systems, and it is understandable that despite the common inspiration and regulatory framework provided by the EU’s institutions, variations still occur. It is important to remember that illegal content on the Internet is a very broad term, ranging from copyright infringements to spreading terrorist ideologies and also covering both civil and criminal offences. The most significant differences of regulations between countries lie therein.
First, I will describe the origins of NTD and the self-regulatory approach in the US because it is important to understand where the procedure came from and how it was initially developed. In the next part of this chapter, I will examine the EU genesis of NTD, and I will describe how child pornography can be combated on the transnational level. After that, there will be a description of how the Netherlands has implemented the NTD procedure in their legal framework. Then, I will analyse a code of conduct that was developed by different actors in the Netherlands, which sought to clarify the existing legal framework and became a partial basis for use of the procedure. This discussion will be followed by civil cases illustrating different types of ISP liability in the Netherlands. Finally, I will look into using NTD in the field of child pornography to help draw a conclusion and compare a functioning centralised NTD procedure to the field of terrorism (Dohmen, 2008).
3.1 Notice and Takedown procedure – different approaches
3.1.1 Self-regulatory approach: US example
The current legal framework in the US is based on several acts and court rulings. Establishing a procedure for holding or exempting a service provider from liability can be viewed as a periodical struggle between safeguarding citizens’ right to free speech while combating grievous criminal offences such as child pornography. By ruling of the New York Supreme Court in Stratton Oakmont, Inc., vs. Prodigy Services Co., an ISP taking measures to monitor its content was perceived as a publisher, meaning the business could be held liable for that content (Frydman, Hennebel, & Lewkowicz, 2009).
However, it was recognised willing ISPs that cooperated with government agencies should not be punished for such behaviour. In 1996, the the Communications Decency was passed by the US Congress was voted into effect (Frydman, Hennebel, & Lewkowicz, 2009), which created a new environment for ISPs. By creating the term ‘safe harbour´, lawmakers exempted ISPs from civil liability for content on their services (Frydman, Hennebel, & Lewkowicz , 2009). As one might imagine, this opened a loophole to exploit areas of copyright, trademark infringement or any other intellectual property damage. While the Communications Decency Act made ISPs responsible for information related to criminal offences, it also introduced a ‘good Samaritan’ provision (Frydman, Hennebel, & Lewkowicz , 2009), which protected ISPs voluntarily monitoring their services and actively restricting access to harmful or illegal content. That measure was effectively an incentive for industry self-regulation in this matter. In the courts, although ISPs were held liable, they could use an affirmative defence approach in fighting cases because of the ‘good Samaritan’ provision (Frydman, Hennebel, & Lewkowicz, 2009).
However, in the 1997 US Supreme Court ruling in Remo vs. ACLU, the court extended First Amendment provisions to Internet content. This meant that ISPs should no longer be liable for illegal content under civil or criminal law, and the case derailed regulation efforts in the US. As one example, a draft of the Children Online Protection Act had to be abandoned because its provisions would have been illegal under the new ruling. In 1998, the Protection of Children from Sexual Predators Act was passed, and it created regulations requiring ISPs to notify government agencies about any incidents of child pornography on their services. If ISPs failed to make such notifications, they could be fined repeatedly. This financial punishment was another incentive for self-regulation because ISPs were actually required to monitor their content now (Frydman, Hennebel, & Lewkowicz, 2009).
The US has taken the self-regulation approach, requiring their ISPs to establish procedures to combat criminally illegal content. Another method of inducing self-regulating behaviours can be seen in the Children’s Internet Protection Act of 2000, which linked the law’s requirements to the federal financing of institutions. Lawmakers persuaded institutions such as libraries to self-regulate by restricting access to pornography and other illegal content on their networks (Frydman, Hennebel, & Lewkowicz, 2009).
The first formalised NTD procedure was actually implemented in 1998 in the Digital Millennium Copyright Act. In a case where the ISP is unaware of hosting illegal infringing
material it, cannot be held liable for it, but when the company is notified, it has to take action to restrict the access to infringing material within 10 days or be held liable for damages. As part of this measure, the content provider to whose content the access is restricted has to be notified of the action taken. Previously mentioned provision opened a way to dispute the claim by starting a notice and put back procedure, meaning that the ISP may re-enable access to disputed material and notify the claim owner of doing so. The claim owner can further dispute the claim by taking action with a court injunction (Frydman, Hennebel, & Lewkowicz , 2009).
In the wake of the 9/11 attacks on the World Trade Center, additional provisions for national security were introduced by US Congress. In 2002, the Cyber Security Enhancement Act made an exemption from liability if an ISP discloses information in good faith about an emergency to any governmental agency. This regulation reassured ISPs that they would not be held liable for giving information critical to national security to the government, even if they made a mistake in identifying a threat (Frydman, Hennebel, & Lewkowicz, 2009).
3.1.2 Co-regulatory approach: The Electronic Commerce Directive
The initial idea behind implementation of the NTD regime in the EU was to create a safe and secure cyberspace. Provisions for the tool were implemented in the Electronic Commerce Directive (E-Commerce Directive) (European Commission, 2000). The model was based on US experiences and the Digital Millennium Copyright Act. The responsibility of ISPs is a well-known topic in the field of law and Information and communication technology (ICT). In Europe, the Electronic Commerce Directive was introduced in 2000, and the Dutch law was introduced in 2004.
The E-Commerce Directive contains a small number of articles that offer guidance on how ISPs should proceed and what their liabilities are. According to the articles, the procedure for denouncing and initiating proceedings should be implemented by default. Whenever an ISP receives a complaint (i.e., information about illegal content), the ISP must decide whether the information is actually illegal, and if so, whether the company should remove or block access to the website on its server.
The following entities are included in the definition of Internet intermediary: a network operator that provides the technical facilities for the transmission of information; an access provider that offers users access to the Internet; a search engine, which is a well-known tool for searching websites on the Internet; and a host service provider that offers space on the
Internet such as clouds, websites, chat rooms and other social media platforms (Baistrocchi, 2002). The directive specifically encourages member states to create a legal framework for proper tools, and it is expressed in Article 16 and 40 (Edwards, 2011).
The document defines five types of legal violations when ISP providers will take responsibility for delivered content. The enumerated fields are copyright material infringement, illegal and harmful content, private and defamatory material, misrepresentation, and others. The illegal and harmful category includes material that can be labelled as pornographic, racist or terrorist (Baistrocchi, 2002). In the directive, we can also find encouragement to create tools for ISP providers that can release them from such responsibilities. The document does not specify which measures should be used; it only encourages the creation of a proper legal framework by member countries (Dohmen, 2008) (Baistrocchi, 2002) (Ulys, Spindler, Riccio, & Perre, 2007).
3.1.3 Self-regulatory approach: European ‘Code of Conduct on Countering Illegal Hate Speech Online’
In response to the above-mentioned problems, the Internet’s largest companies, including Facebook, Microsoft, Twitter and YouTube, have signed the Code of Conduct on Countering Illegal Hate Speech (European Commission, 2016). Developed in collaboration with the European Commission, the code refers to the framework decision 2008/913/JHA (European Council, 2008) of 28 November 2008, which dealt with the fight against hate speech, xenophobia and racism. The increase in the pace of responses by the European Commission and ISPs was a result of the March ISIS terrorist attacks in Brussels (Council of the EU, 2016). The timing and circumstances confirm my assumption that high-profile media events that shock the public motivate ISPs to take action and remove radical content.
The Code of Conduct is a response to the challenge that IS, among other groups, poses to ISPs and security services. As I described earlier in this chapter, various techniques are used in the fight against hate speech on the Internet. The code allows for a unified approach between the major participants on the Internet market and also sets a framework for their activities. This is significant progress in member states' proposals. Co-regulation at the European level enables the centre to function on the basis of a uniform code of good practices across the EU, not just in the individual states. According to previous considerations, the procedure should ensure more effective functioning of a coherent NTD notification system. Of course, the good practice code is not perfect; as one example, clear descriptions of what elements a notification should
contain are lacking. However, ISPs have committed to developing internal NTD procedures that will be included in their rules and policies, which can allow them to more easily combat hate speech or incitements to violence. Intra-group assessment teams will be set up in accordance with both the framework decision 2008/913/JHA (European Council, 2008) and national member laws. Review, evaluation and response time should not exceed 24 hours. ISPs have also obliged themselves to raise awareness among their users to increase the number of NTD notifications coming from external sources. The developed NTD procedures will be forwarded to the centreand relevant police units of EU member states. The above-mentioned arrangement will increase the effectiveness and support of international cooperation and enable training of seconded personnel and experts. The signees of the Code of Conduct will assign ‘trusted reporters’ who will function within civil society organisations and alongside the centre (which is partly a civil society organisation), police units, and teams within ISPs or social media (IT Companies and the European Commission, 2017). In addition, cooperation and training are one of the objectives mentioned in the code. Because these elements are not related to the NTD procedure but to the creation of a counter-narrative to jihadist content, I will not analyse their content.
The document itself is important because it was signed by the largest social media platforms and is a framework for additional actions. It will complement the codes of good practices that exist in countries such as the Netherlands and is intended to work with centres and specialised police teams.
3.1.4 Towards a coherent system: the use of the NTD procedure against (child) pornography A good example of the global use of NTD in a field other than hate speech and the fight against jihadist content is the area of child pornography. Child pornography notifications are sent to a centralised hotline and processed, assessed and then sent to the appropriate ISP or police agency (Wei, 2011). Due to the sensitive nature of child pornography, many countries have precisely defined the legal framework in this field, and there are several reasons why the NTD procedure has become so widely used in the fight against child pornography. First, due to effective international cooperation, it is possible to efficiently remove content from the Internet. In addition, hotlines have developed techniques for evaluating content, and after reporting the NTD notification to the appropriate ISP, subsequent monitoring ensures the content was removed. In the UK, according to the Internet Watch Foundation (IWF), the amount of child pornography within UK borders dropped from 18% in 1997 to 1% in 2000.
