Clean IT Project Detailed Recommendations for Combating Terrorist Use of the Internet August 2012

The following recommendations document details preliminary best practices for the creation of a “non-legislative ‘framework’ that consists of general principles and best practices” for combating terrorists’ use of the internet.  The recommendations were produced by a group of several European governments operating under the name “Clean IT Project” and funded by the European Commission.  The document was originally obtained and released by European Digital Rights (EDRI).  Following EDRI’s release of the document, which is marked version 0.63, the Clean IT Project published another, reportedly updated draft document marked as version 0.66.


  • 23 pages
  • August 28, 2012


NOTE: this document contains detailed recommendations on how to implement the best practices identified in the Clean IT project. It will be developed further in the months ahead. After the end of the Clean IT project it will only be shared with organizations that have committed to implementing the best practices. It will be developed further with these organizations participating in the Clean IT permanent public-private dialogue platform.

Items in this document arc not obligatory to organizations to implement, but have met a high degree of consensus, except for the sections ‘to be discussed’. Items in the ‘to be discussed/ sections are either new, need reformulating or are contested. The items formulation includes three degrees to of whether organizations committing to the Clean IT ‘draft document’ are expected to implement the detailed recommendations in this document: what they ‘must’, what they ‘should’ if no specific, pressing situation or interest prevents them to, and what they ‘could implement if they want.’

1. After committing to this document, organizations will implement the best practices according to the following time schedule.

  • Within half a year:
    • Governments will review and decide on policies;
    • Internet companies will include terrorist use of the Internet in their business conditions and acceptable use policies;
    • Existing hotlines will explicitly include terrorist use of the Internet;
    • Organizations will appoint Points of Contact.
  • Within a year:
    • Governments will review and decide on improving legislation;
    • LEAs will start a national referral unit, and Internet companies of a country will jointly start a hotline;
    • LEAs and Internet companies will implement procedures for notice and take action;
    • LEAs and Internet companies will implement procedures for cooperation in investigations;
    • LEAs will start patrolling on social media;
    • Internet companies will start using flagging systems;
    • Internet companies will start to share abuse information;
    • A Points of Contact System will be operational;
    • National LEAs will implement a police reporting buton.
  • Within two years:
    • Governments, LEAs, NGOs and Internet companies will do all they can to promote the use and increase the effectiveness of end-user controlled filters on of terrorist use of the Internet;
    • Governments, LEAs, NGOs and Internet companies will implement improvements on awareness, information and education,
    • Governments, LEAs, NGOs and Internet companies will create European Research and Advisory Organization on terrorist use of the Internet;
    • Governments, LEAs, NGOs and Internet companies will start to use automated detection systems;
    • Internet companies will implement real identity policies on their platforms;
    • At the European level a browser or operating system based reporting button system will be developed and introduced.

To be discussed:

1. Knowingly providing hyperlinks on websites to terrorist content must be defined by law as illegal just like the terrorist content itself;

2. States must make clear that original terrorist content and terrorist activities on the Internet of people and organisations on the UN/EU/national terrorist sanction list is illegal and should not be allowed on Internet company platforms;

3. It must be legal (under privacy legislation) for Internet companies to ask (new) customers/users to identify themselves towards the company, in order to apply real identity policies;

4. It must be legal for LEAs to make Internet companies aware of terrorist content on their infrastructure (‘flagging’) that should be removed, without following the more labour intensive and formal procedures for ‘notice and take action’;

5. Judges, Public Prosecutors and (specialized) police offers must be legally allowed to order by means of a notice and take action procedure to (temporarily) remove terrorist content from the Internet;

6. Legislation must make clear Internet companies are obliged to try and detect to a reasonable degree (costs of and availability of technology for detection} terrorist use of the infrastructure and can be held responsible for not·removing (user generated} content they host/have users posted on their platforms if they do not make reasonable effort in detection;

7. Companies providing end-user controlled filtering systems and their customers should be obliged by law to report cases of illegal use of the Internet for terrorist purposes they encounter;

8. It should be legal and obligatory for Internet companies to store data on terrorist content removed from their platform until they can hand this data to LEA;

9. Governments must start a full review of existing national legislation on reducing terrorist use of the Internet, after this start improving legislation and puting more effort into explaining existing legislation;

10. The Council Regulation (EC) No 881/2002 of 27 May 2002 (art 1.2) should be explained that providing Internet services is included in providing economic instruments to Al Qaeda (and other terrorists persons and organisations designated by the EU) and therefore an illegal act;

11. (National) legislation should make clear that knowingly sending false reports to Internet referral units is illegal and punishable, just like intentionally false calling of 1911′ in (some} countries is.

12. Youth protection legislation must (be expanded to) include protection against terrorist use of the Internet.

To be discussed:

1. Governments must have LEA’s or intelligence agencies monitor terrorist use of the Internet, but only monitor specific threats, not primarily the population as a whole and all Internet use;

2. Governments must have clear policies on intelligence gathering and when to take action, against terrorist or radicalizing content on the Internet;

3. Governments must have specialized police officer(s) ‘patrol’ on social media;

4. Governments must include reducing terrorist use of the Internet as an integral part of their Cyber Security Strategy;

5. Governments must stimulate mid-term (> 5 year) technological development as well as stimulate research and academic discussion;

6. Governments must disseminate lists of illegal, terrorist websites;

7. Governments must disseminate lists of domain names that can are not allowed to be registered, to prevent terrorist propaganda;

8. Governments must subsidize competent NGOs that substantially contribute to reducing terrorist use of the Internet and radicalizing content on the Internet;

9. Governments should implement filtering systems to block or detect civil servants to illegal, terrorist use of the Internet;

10. Governments should subsidize the initial development of software for sharing between Internet companies specific data of terrorist use of the Internet;

11. Governments should include Internet companies’ track record on reducing terrorist use of the Internet as a criterion in purchasing policies and Public Relation policies;

12. Governments could have programs to educate web moderators;

13. Governments could implement counter narrative policies and projects.

Share this: