Germany Builds Infrastructure To Block The Internet

The German Parliament on Thursday evening passed legislation that obliges internet service providers (ISPs) to filter websites allegedly containing child abuse material, by a vote of 389 to 146. The vote followed fierce debate about the secret filtering list to be put together by the German Federal Police and transmitted to ISPs once a day with only occasional checks by a five-member monitoring body.

Opposition parties joined civil rights organisations in warning that Germany is introducing blocking architecture that was extensible and could be used to “censor” other content without due process.

“We are stepping on new territory,” said Martina Krogmann, lead rapporteur for the Christian Democratic Party (CDU). “For the first time, we are creating a blocking infrastructure to make the viewing of child pornography which is illegal under German law more difficult.”

Krogmann, who secured the final deal with coalition partner the Social Democratic Party, conceded that she could “understand the concerns of those who say that the blocking infrastructure once established would be a bursting of the dam” with regard to additional desires to block content.

Over 130,000 citizens had signed the largest e-petition ever in the history of the country against the law, based on this concern.

“The concerns are not unfounded,” said Krogmann, “as for example the regional court in Hamburg already ruled that such an infrastructure could be used against other illegal content.” Online gambling, copyright violations, protection from online “killer-games” and so on were on the list and had, according to civil rights organisations, come up in statements by coalition politicians.

Krogmann said that she is clearly opposed to a broadening of the scope, adding that the new law had been defined narrowly. She especially rejected the notion that the system was a start to “censor the net.”

“When it comes to child pornography, nobody can invoke the freedom of the internet,” she said. “There is no right to see the torturing of four-year old.”

All three opposition parties rejected the law pointing to substantial and procedural flaws that would lead to failure before the constitutional court. The internet is not lawless space, and must also not become a space “without civil rights at all,” warned Wolfgang Wieland, a Green Party member. An extension of the filtering infrastructure was “as sure as death and taxes,” cautioned Max Stadler from the Liberal Democrats (FDP). “Call me Cassandra,” he said, “but Cassandra was right in the end.”

The broadening of the originally limited legislation touching on civil rights had occurred regularly in recent years, Stadler said, pointing to screening licence plates on German highways or the much debated online search of personal computers. Stadler, therefore, also is suspicious with regard to changes made by the coalition with regard to the storage and transfer of IP-addresses of those who try to get to the listed sites to the Federal Police.

For the Liberals, the ban to store and transfer data is still not well defined enough. Civil rights groups, data protection officials and experts in constitutional law had warned that mainly innocent and accidental users might fall into the trap of the blocked sites. But the changes by the coalition now make sure, according to Krogmann, that the data could not be used for criminal investigations.

The procedural problems that might make the new law fail before the constitutional court, according to the opposition, include several issues, including the question why the issue is not left to state legislators as it “clearly was a police issue disguised as economic law,” as Wieland put it.

Police law in Germany lies in the hand of state, not the federal legislators. Also a provision requiring that the German data protection officer convene the five-member control body that will check on the blocking list at least quarterly is likely meaningless, according to the opposition parties. Instead, a judge should make a decision first before a site goes to the Federal Police list.

Wieland criticised the law as inconsistent in several ways. While based on administrative law procedures for notices from the Federal Police to content and hosting providers, there are no options for hearings and appeals, he said. With regard to content hosted in non-European countries like the United States, which according to statistics is a major home for child pornography, notice-procedures also are vague. The Federal Police in fact can decide if it thinks sending a notice prior to putting a site on the list will be effective.

One of the biggest problems for Alvar Freude from the civil rights organisations’ “Censoring Working Group“ (Zensur AK) is that information will not be shared and child pornography sites will not be taken off the web because of that. Freude said: “The respective law enforcement agencies are creating blocking sites, but they do not inform their colleges in other countries where the servers are located nor do they inform the hosters. The content therefore will only be poorly hidden but stay on the net.”

Filtering lists from police are in use in Sweden, Denmark and Norway on an obligatory basis. In the United Kingdom and the US, self-regulatory bodies like the Internet Watch Foundation (IWF) and the National Center for Missing and Exploited Children (NCMEC) – both members of the European Community financed INHOPE network of hotlines – provide lists to providers on a voluntary basis.

The Censoring Working Group checked the lists that have been leaked from Scandinavian countries and criticised “a lot of sites listed were not child pornography.” A global list that was envisioned first by the CIRCAMP project at Interpol and which was put forward again by the head of the German Federal Police at a recent Interpol meeting might be difficult.

Freude also tried to prove that removal was the way to go instead of blocking. He started an exemplary action in which he informed 348 providers in 46 countries about their listing in one of the various European blocking lists and reported 60 take-downs over the first 12 hours. Reactions from the US, the Netherlands, Denmark, Russia and Germany came within minutes, he said. Some 250 providers responded they did not host illegal content. Providers were not informed that they were put on the lists, he said, and some found out that the illegal content sat on “cracked” sites.

Overblocking of sites can be a problem concede experts who have worked on the blocking lists for years. At the Internet Watch Foundation, precaution is taken by not one daily update of the list but two updates, a spokesperson said, and the list only contains specific URLs because the domain on which the URL sits might be innocent.

At the NCMEC a team of 20 analysts works on the list, according to the Exploited Child Division Director John Shehan, a number that none of the European law enforcement agencies will be able to dedicate for this. Despite such efforts, the IWF experienced a widely publicised case of overblocking where a listing for the “Virgin Killer” cover of the rock band Scorpions on the Wikipedia website led to a degradation of access to several Wikipedia services.

The German law speaks of “fully qualified domain names, IP-addresses and target addresses” to be put on the list. Blocking should happen “at least based on the fully qualified domain name.”

For Freude and other civil rights organisations, the better path would have been putting child pornography on the same level of attention as phishing, attempts to mislead the customers to sites disguised as their banking sites. “The banks got it, they succeed in getting phishing sites removed in four to eight hours,” said Freude.

The new law with all its deficiencies did not help much in the fight against child pornography and even less in the fight against child abuse in the first place. “Blocking is designed to protect people from inadvertent access to potentially illegal images of child sexual abuse. No known technology is capable of effectively denying determined criminals who are actively seeking such material: only removal of the content at source can achieve that goal,” writes the IWF in its FAQ (frequently asked questions) on the issue.

“The point is you need to identify the child in the picture, you need primarily to focus on that,” said a spokesperson at the British Child Exploitation and Online Protection Centre (CEOP). The centre cooperates with IWF, leaving the filtering list task to it, and with other law enforcement agencies in the Virtual Global Network internationally, and with industry in the European Financial Coalition (EFC) that tries to catch offenders and child abuse image users by following the money.

The whole purpose of the Virtual Global Network, according to the CEOP spokesperson, was that countries could achieve more with less resources. A pedophile chatroom could be surveyed for 24 hours with the Australian colleges “taking up when we go to bed here at ten o’clock in the evening. This is only one example.” The Virtual Global Group also allowed quick sharing of information, the spokesperson said, and it Germany and many more partners would be welcome to join.

Yet for the time being Germany seems to be caught in the fight about the blocking architecture introduced in what many call a “bumbling rush” before the German elections and this debate will be continued before the courts.

“There will be a constitutional complaint, that is for sure,” said Freude. And nobody disagrees.