Not so long ago we had ACTA – now it’s time for something “Made in Europe”. Recenlty EDRI (European Digital Rights) published a leaked document about the Clean IT project. Source PDF can be found here: Hopefully soon this leak will get even more attention.

I have a feeling that our lawmakers recently try to do everything to contradict themselves. The biggest problem is that it’s not funny at all and it will be us, Internet users and companies paying for their horrible ideas.

After the document has been leaked, Clean IT website posted a short commentary, which in the “PR world” I assume was supposed to say: “we have no secrets, everything is going to be published”. The question is – would it be the case if there was no leakage in the first place?

I recommend reading EDRI’s article about the leaked document if you are interested in a broader analysis. I would like to focus on a small subset of problems that this document introduces.

One of the ideas of the Clean IT project is to extend the “police system” and push more responsibility towards ISPs and Internet companies. According to the document it should be ISPs’ responsibility to filter and analyze the traffic. Did nobody think about the implications? Apart from the fact, that is clearly “1984, reloaded”, there are several issues here:

  • we use more and more bandwidth; it costs processing power to analyze the content in real-time; of course all costs will be pushed onto customers and that will be visible on our monthly bills
  • it’s the “Internet company” that is supposed to make sure, that blocked content isn’t re-uploaded on the Internet, also when the content in question was modified; I would classify this problem as a “computationally hard” one
  • “Internet companies must have sufficiently staffed and capable abuse departments or service to effectively enforce policy”; ISP or “the Internet company” are not the Police and it is in our interest so that they do not have this kind of power/obligation
  • logging – because everything must be provided with a timestamp; here we are talking about tremendous amount of data; the document does not mention retention frame, but here we are talking about loads of tapes
  • real name policy and verification; ISPs and other Internet companies will have to verify our names and pictures; even worse – these companies will have to store this information – can you imagine – a distributed database of verified information – a paradise for hackers and identity thieves; it takes just one hack of a company with a large customer base to get golden, 100% valid data!
  • take down policy does not mention anything about a valid court order (!); the document mentions also that if the “Internet company” disagrees with the take down notice, there should be no enforcement from the agency – my question is then – why do the whole thing in the first place then?

I see a serious contradiction here – a non-democratic body tries to enforce non-democratic standards and force businesses to become Police (and pay for it). Then we have two ideas that are supposed to protect our privacy online: do-not-track browser request and cookie directive. If everything is tracked anyway, why waste time and energy on informing people that “something is tracked” after all? The cookie directive is in effect, but does someone verify cookie reports? How about the do-not-track browser request? There are more and more voices on the Internet that will simply not honor it.

Most online retailers and other service provides use tracking, because they have no other means of observing their customers. Of course, they can analyze server logs, but services like Google Analytics provide a much better insight into visitors. In general online businesses use this data to improve themselves, give better offers, see if their strategy works. Benefits of competition are then consumed by customers, who get better e-commerce web pages, better service and possibly lower prices (of course there will be always evil businesses, but hey – “magic prices for returning customers” can be done without cookies, too). Still not convinced? Imagine a merchant in his physical shop, standing behind a counter – blindfolded! Sounds stupid, doesn’t it?

Now why are people complaining about the Clean IT anyway? Well, you can always say “I do not want to buy my new laptop on that website”, but you cannot do anything once all ISPs become tentacles of your local government… tentacles you will have to feed.