Rede von But Klaasen: „Es entsteht der Eindruck, wir wollen das Internet zerstören“

Der niederländische Koordinator für Terrorismusbekämpfung und Sicherheit hat heute in Amsterdam auf dem Treffen des Internet-Forums RIPE eine Rede über sein Projekt Clean IT gehalten. Netzpolitik.org dokumentiert an dieser Stelle das Transkript. Auch andere Talks haben das Projekt thematisiert, darunter Anto Veldre, der es recht deutlich kritisierte.

Hier die Rede:

So, I want to talk about some recent list discussion, which we have had. So 2012-06 will be discussed a little later (2011) but there was a mail this morning which will be talking about later in the agenda. CleanIT and the E DR I stuff, that’s something we will discuss at the appropriate agenda item. The data verification, which — is that actually what I meant or did I mean something else? I think I might there have actually meant the data privacy, I don’t know why I wrote „verification“ in that particular way. This is in relation to the legal structure for the RIPE database privacy, the abuse information, all of that, which the community asked for and which we will be talking about a little later on so there isn’t anything from the list that I think we need to discuss now.

So unless somebody thinks differently or it won’t be covered by the agenda? OK. Good.

So, we have some updates. So, first up, I’d like to ask But and Michl to present.

BUT KLASSEN: Thank you Mr. Chair. This is my second opportunity for — thank you, again, thank you, too. This is my second opportunity to present here the CleanIT project in this Anti-Abuse Working Group and I am again very grateful for this.

It has been a special week for me, for the first time in my life I received very unfriendly e-mails and Tweets, people that I don’t know accused me of destroying something I believe is one of the prettiest benefits of modern society, they accused me of destroying the Internet. A result I think of the CleanIT project and it started when European Digital Right organisations published a so-called leak document, I think you all know about it, but for those who don’t know what happened, I will explain.

But in the first place, let me say I am a believer, I believe in the freedom of speech and in my opinion, the freedom of speech is one of the core values of our society and one we should always protect. I believe in this core value and I take every possible care that the freedom of speech is lass core value within the CleanIT project. Every input, every comment, every idea, is handled equal and respectful. We do not centre the input we receive from participants or others. Everyone is allow to express their view (sense /SOR) and secondly, I also believe in innovation because it can contribute to a bit better, quicker and less expensive practices and organisations, but innovations requires an environment where you feel safe to experiment T needs a trusted environment where ideas are welcomed even when it’s still unclear if they will prove to be good or bad. I would like to emphasise that, still, if it’s unclear, if it’s good or bad ideas, such an environment should exist, and it should be no problem the ideas will lead to not feasible end results. If you never try, you will never know.

The best solution might be found only off the five, six, seven, eight or ten failed attempts. Now, those two angles, they come together in CleanIT project. We collect all the input we get and structure it and we give them the production of trusted environment where advantages and disadvantages are discussed. This is the first step in our drafting process.

The second step is to discuss these ideas in small Working Groups. In these groups, the issues are discussed in more detail. The results of these expert discussions will be provided to a plenary session and that plenary session is the third step. In the plenary session, we do our best to bring together a balanced participation on governments, industry and civil society, in the hope that this will lead to balanced results. During this plenary session, good ideas are improved, bad ones are deleted. And then we have the fourth step. And that’s where the project team drafts a new version of the document and checks with all participants if they agree with the changes we made. And

Then the fifth step is the project published is draft on the website. And it’s open for comment by the public. And then this cycle begins again after each meeting again, and now we work through this for three — four times, I think.

Now, by the time that the project nears end, we aim to have one document supported by all participants, and then we will have this final document that consists of three parts. We have a preamble, where the problem is described, and in this case it is the use described, and in this case it is the use or the abuse of the Internet for terrorist purposes. Secondly, a set of general principles endorsed by all participants, and please do note this does not mean that the principles are legally binding because we have a non-legislative approach. And in the third place a list of best practices to be implemented on a voluntary basis.

So, let me emphasise again that the end result of this project can never have — can never be binding in any way.

Now, what the European digital rights organisation did – what did they publish: The document that we use to capture the discussions in the first two steps that I described. We used this document to avoid all previous discussions being lost. If in this document you read somewhere that there is consensus, it means that the consensus was reached only in those small groups. And the proposals still have a long way to go before it ends in the final document.

Now, the reason we did not publish this document and we don’t do it, is that it does not have a formal status, it is continually changing, and without the proper context, people might actually think we do want to destroy the Internet. Compare it with cook preparing his dinner, he spends the afternoon in super market choosing his ingredients, some he will choose and others not, he might go to another shop. At this stage it’s really impossible to conclude what the menu will look like and how the food will taste. That’s why we don’t publish and based on this document you cannot conclude in which direction project is heading and it is not a secret document. Everybody may read it as long as we are able to explain the proper context.

And without this context publishing will only lead to misunderstandings.

Now, if we were to publish it, the third thing I would do is change the title. A better title at this stage would be „suggested practices that we don’t agree upon yet.“ And maybe a sub title „food for thought“ or something. So, many people now say we should be fully transparent, and I personally, I think this might be the CleanIT project might be the most open and transparent counter-terrorism project there is in the world. I wonder if there any other counter terrorist project that’s so open and puts private sector in such a strong position. But in a way they are right. We are not 100 percent transparent; there is some delay in what to publish, and we cannot be for 100 percent transparent for privacy reasons. This is more a general discussion and I open for debate on this matter.

Now, let me conclude by underlining once more that the CleanIT project does not aim to limit Internet freedom. We are trying to create a constructive dialogue about very complex issues and I believe we can only come to more understanding if law enforcement, academics, policy makers, the industry, the technology sector, the N G Ls and civil society meet together in balanced society and with open mind and that’s how CleanIT works.

Now, our group will publish a new draft document within a few weeks. You are, again, very welcome to comment on it, and I sincerely hope this new draft document will get the same attention as the leaked document has. Thank you very much and I am /TROD take any questions.

BRIAN NISBET: Thank you very much. So, please.

AUDIENCE SPEAKER: I am Anto from former Sovjet union or the great IT country Estonia. It’s a little bit unclear for me how is it possible that some club will decide on fundamental rights which must be defined by law, and I don’t understand how is it possible to prohibit the usage some languages. I don’t know what language will be proposed, Arabic or Estonian. My problem is how you succeeded to involve people making such kind of proposals. Thank you very much.

BUT KLASSEN: I don’t really catch your question, you have a question on language.

BRIAN NISBET: Myself and Anto have spoke Ben this during the week, if I could possibly help you with the understanding of the question and please antitell me if I am wrong here. Obviously, we have some examples from the brainstorming from the small group discussions, one of which was discussing or certainly the one that was said, was about enforcing language use in certain circumstances on the Internet. And I think the question is: Some of those suggestions were on the outer edge of what this community would consider to be certainly be technically feasible if nothing else, and so the question, there are people who are making those suggestions, how did they get /SROFDZ involved? Is that the bulk of people who are involved.

BUT KLASSEN: We don’t keep track who came up with which idea. So it’s well possible that there was one idea that was in the small discussion group, it’s possible that it came from the public. I have to ask, I really don’t know if we can find out. But anyway, these are ideas that just explained are in consideration, they came to us, we want to have a discussion about advantages and disadvantages, and if it’s legally not possible then it’s very simple, it will never get to the end stage. That’s it. So…

DANIEL KARRENBERG: Just another guy off the street. See, the problem that you are having is on the one hand, saying oh, this is just some ideas; on the other hand you have this blue and yellow thing on the left top. See, and that’s what is getting people worried. I can sort of — I have my ears around this crowd, and what I keep hearing is they tried child porn, now they are trying terrorism. Number one. Just giving feedback, it’s not a question, it’s just feedback. The other thing is we had a discussion, just to relate anecdotally on Monday, where someone from Denmark was saying „I run a grass roots thing that let’s people get around some filtering that’s implemented in Denmark.“ And during the whole discussion, somebody just asked, you know, aren’t you sort of doing something illegal? And he said no, it’s not — the filtering that happens in Denmark is not really based on the law; it’s based on an agreement that voluntarily the ISPs in Denmark, meant all of them, sort of entered into. Again, this /WRAOEBGs a little bit of that, and what you have here in this room are sometimes the people from the engineering community who, in other countries, have successfully resisted this, like in Germany for instance, where the same thing was tried and some people put their backbone up. So, I think it’s very good that you come and engage, but I think the fact that you are taking there it’s all informal, it’s not going to build confidence. That’s what I wanted to say as a guy off the street. So I think you should be a little bit more concrete.

BUT KLASSEN: Yes, but — if you allow, I would like to react because it’s not how it’s all informal, that’s not the issue. The issue is, that we ought to have an open dialogue and that’s where the project is about. If you read the project proposal we submitted, it is a process, it is a process for having a dialogue between different stakeholders in a multi-stakeholder environment, and this is very rare. Actually, there is one kind of conference I know where this really happens and that’s the IGF and the Eurodig conference, there we found many, many stakeholders to getting in discussion. We tried to do this with a balanced group and have an open and constructive dialogue. That’s what we try. And I don’t see why that is as — as a idea why that should be a problem. And one more thing. I do fully understand that these — there are a lot of misunderstandings about that. I am totally agree with you. Especially the yellow flag and seeing just as discussion document, where we say, we are going to filter whatever, yeah that confuses people, exactly that’s why we didn’t publish it in the first place.

AUDIENCE SPEAKER: Freedom, thank you for coming here to talk to the group, which is not something that is always done, if we have these kinds of debates. I have two questions, the first is concerning the process if you follow this and all the steps are communicated in as broad a manner upfront, timely, to everybody, then that would be great; the problem is I think, me and many other people in this room have been around the /WHROBG a few times and we have seen recently with acat that and a decade ago with software patterns in Europe that initially when people got hold of documents and they became very worried about the contents of them and started to ask questions they got the answer yes, but we are still discussing so your comments are too early. And then suddenly something happened and we were told no, no, now it’s locked in so now your comments are too late. Many people will be a bit scared going from the place where we are still talking about it so it’s not official, to the state yes but it’s now in the official EU process so you have to call MEP to comment, that the switch will be made and people will miss it and so this is not because we think you are necessarily without honour but it’s because this has happened several times before in the last decade so people are concerned about that. I think it would be very good if you would be as proactive as possible in just communicating the dates in which these five phases are going so that people can make sure they have comments in on time. That’s on a process.

The other thing is about the text. I didn’t know I was going to be here 24 hours ago so did I some more reading ton this morning and contacted some former intelligence service people this morning on what they thought about the text and there were two comments I got back on the text within 30 minutes and the first said oh, just like MI5 and the C I A they don’t seem to have an actual definition about terrorism is so it could mean pretty much anything. In the UK now if you protest the building of cold plant you are labelled as domestic extremist and all laws can be applied to you and your family which is not very nice. The old thing seems to be we go from fighting terrorism to much more general economic crime in one fell swoop which is also how the post London bombing laws in Europe are now applied to much more than just terrorism under whatever definition but now used for other sort of much less danger crimes that are — that don’t threaten society. So that’s a big concern.

The last e-mail I got back that says if you take the opening piece of text and replaceal /KWAOEUD da with the pent gone, it still works, killed more people in the last ten years so this is a bit worrying about what is the problem that you are trying to solve here.

BUT KLASSEN: Yes, thank you very much. About the process, in the first place, your comments are not too late, and you say and your comment not too early. We ask that every time we publish it on a /TKORPBLGTS /TKORPBLGTS we send it to our participants and invited them to comment, we invite them to forward other people to event so it has been open for comments all the time. Now, we are getting very much comments, actually. And I am also grateful because much of them are very useful so we have quite some work to look for all the blocks and articles to see what we can — but we ask for it from the beginning so it’s not — we are just not like ac/TARBGS having our own process; we try to be as much in contact with the community as we can.

In the second place, about what is terrorism and what is not, that’s a question actually I expected, and I think I have a sheet about this. I explained it also I think in the last time I was here at the Anti-Abuse Working Group. We projected the Internet in kind of three layers, idealogical websites, often illegal websites but not always, and the social media top /HREFPLT what we see (level) as terrorist use of the Internet, is not that it will be used as a weapon but more used as a resource for their normal daily activity.

As you can see here, it’s about spreading violent material, about clarifying violence, spread terrorist attacks and training manuals, plan and organise deadly attacks, that’s in deep web part. This is the kind of use we are looking for. The effect, it’s a kind of prop /TKPWAPBD da mechanism process going in opposite directions. That’s the phenomenon we face as counter-terrorism, in the fight against terrorism, and we just stick to the definition from the European Community, which is stated in our document. If you are saying we can replace terrorism by child pornography, whatever, theoretically, it can, I am not sure it would be the same kind of text. It is more or less pragmatic choice to do this for counter-terrorism because this is where I work, the project that was pre de/SESing us was about counter-terrorism which was 100% closed, EU restraint, we tried to make it more open process, that’s what we are doing now. Definitions about terrorism, we are also working to make it as clear as possible in a document we have.

BRIAN NISBET: Jim.

JIM REID: Thank you, just another guy that has wandered in off the street. I think we have to be careful when we are trying to do things in this area because of potential bounding conditions and the processes that are used. I think everyone grease that things have to be done to prevent terrorist analysis of bad things, child porn, money-laundering whatever, how are those proses and procedures used on a day-to-day basis and there is always a concern about mission creep and that’s something I worry about quite a lot. I will give an example: In the UK context, which is not specifically about terrorism, there was a law passed which was to do primarily with information about telephone calls and things of that nature, but those powers could be used by other parts of government and local authorities and other public bodies for other purposes which was not what the scope of /A*BG /KA was about, powers to check that people were really living where they say they were in order to get kids into particular schools because they were in a nice neighbourhood or getting their bins etchtied properly and PI Pa powers used for that. My concerns was for these noble purposes like counter-terrorism, could start to get abused either deliberately for other purposes and the scoping and /PWOUPBing conditions there is always potential for that mission creep and what way the concerns about human rights.

BUT KLASSEN: In essence you are touching the item of trust, can you trust the government in doing this.

JIM REID: It’s partly trust but what can do you about it if you think those powers are being misused, where are the audits and controls.

BUT KLASSEN: Very short reaction. I would like to be an ability to change the public image about trust in government but that’s far beyond my possibilities but I totally agree that this is a very important issue and one thing we try, I don’t know if we succeed but we try to gain more trust by doing a counter-terrorism project in as open as we can at the moment so we hope it will gain trust by make publications on-line available every two months and so you can see your progress, that’s what we hope anyway. But point taken. Thank you.

BRIAN NISBET: We are massively over the time I allocated to this. Two people and then we have got to close it.

AUDIENCE SPEAKER: I am from Russian Federation. I have some short questions. How many terrorists acts have been prevented in Netherlands last years?

BUT KLASSEN: Sorry, I didn’t catch the —

BUT KLASSEN: I am from national – for counter-terrorism in the Netherlands and ministry of security and justice —

AUDIENCE SPEAKER: I am from country which you do not think very dramatic and open and so on, and I am glad to see this slide because we have a fresh example of counter-terrorism prevention in Russia, exactly by this slide. Some students was sued and jailed for preparing a terrorist act against /PAOUT in, but the most interesting thing that they have been /KAFPD on forums on Internet, they really made an explosive but once they decided not to make — that explosive stops but they got catched because they were watched. And the most interesting guy that the guy who was prop /TKPWAPBDing them to make terrorist attack wasn’t found. Do you — do you believe that somebody who for some months explained how to make an ex-employee sieves in Internet wasn’t found? Who believes? No one. It’s Russian law enforcement agency tradition to prove Kate. So, I beg you here in Europe don’t trust counter terrorists, because they are trying to overrule Internet.

BRIAN NISBET: We are very, very tight on time here so —

BUT KLASSEN: Freedom of speech, so…

Sandra: RIPE NCC I am doing the monitoring, I have three questions, I don’t know if I can ask the three of them.

BRIAN NISBET: You really can’t unfortunately.

BUT KLASSEN: The most important one.

AUDIENCE SPEAKER: I will ask the first one in line. So that will be Alex Sander: How many terrorist acts have been prevented in —

BRIAN NISBET: That was already asked.

AUDIENCE SPEAKER: I will go to the second in line, which is also — so from /AR anyone access for all, can you Lynn some of the participants which have been reached out to in the creation of this document?

BUT KLASSEN: Yes, we stated on our website, we have created can web page anyway so if you go to our website, you will find a tab partners and participants and there wave list with government partners and civil society and what we do, we ask the /TPAERTS they are OK with them that we publish their names and if they say yes we publish them, so visit our site and there is your answer.

BRIAN NISBET: I linked to that particular page in a thread last week, or possibly this week, in relation to the point that the participants, the statement on the page, the participants by participating do not state that they agree with the document, etc..

BUT KLASSEN: Exactly. And at this point, because we did start the process of commitment, we will start after our last conference, so this is — this participation means exchange and ideas, not more on that, and if they agree with the document in the later phase it will never be a /PWAOEUPBGD document, as I already explained (binding).

BRIAN NISBET: I think there is a lot more to discuss and talk about but unfortunately we are out of time for today. So thank you very much gentlemen and thank you for your participation.