EU pressures firms to tackle online terrorism

The state and government leaders said that "challenges posed by systems that allow terrorists to communicate in ways that competent authorities cannot access, including end-to-end encryption” should be addressed.

The text on encryption had been inserted in the draft statement at least since Monday, but on Thursday, several EU countries pushed for a last-minute addition aimed at protecting privacy of ordinary citizens.

The sentence “while safeguarding the benefits these systems bring for the protection of privacy, data and communication” was added.

Popular chat messaging services like Whatsapp, and also competitors like Telegram and Signal, use so-called end-to-end encryption to make sure that its users can communicate without anyone else listening in on their conversations.

According to two EU sources, who spoke on condition of anonymity, the addition came from the Netherlands. The country wanted to note the importance of citizens being able to use services like Whatsapp in private.

One source noted that the countries who actively supported the privacy safeguard sentence were countries that have not experienced major terrorist attacks recently, noting the Nordics and Sweden in particular.

He added that countries focused on counter-terrorism did not necessarily object to adding the privacy clause, but rather that it was not their priority.

France was one of the countries pushing for a way to deal with end-to-end encryption where it hinders counter-terrorism operations.

At a press conference on Thursday evening, French president Emmanuel Macron stressed the importance of being able to track the metadata of communications between terror suspects, but also noted “the need to fully respect the liberties of individuals”.

His German counterpart, Angela Merkel, said it was important that states “pay attention to the strict requirements from the rule of law”.

Earlier this month, Macron and UK prime minister Theresa May already discussed how to get easier access to encrypted data.

Role of social media

EU leaders on Thursday also called on social media companies to do more to prevent the spread of terrorist material on the internet.

"In practice, this means developing new tools to detect and remove such materials automatically," European Council president Donald Tusk said at a press conference.

Tusk added in the next breath that the EU was ready to adopt relevant legislation "if need be", putting pressure on social media companies to self-regulate or face bureaucracy.

EU leaders debated the issue in a broader discussion on security and defence, following recent attacks in London and Paris as well as a foiled suicide bombing attempt in Brussels only days ago.

The adopted conclusions state the need for the industry to set up a forum where they can work together on developing new technology and tools to improve automatic detection and removal of content that incites terrorist acts.

Facebook, the world's largest social media network, and Google, the world's most popular search engine, have both issued blog posts in the last few days in which they commit to stepping up their efforts to remove terrorist content.

Facebook said it would use artificial intelligence to screen uploads for content that has previously been identified with the so-called Islamic State, Al-Qaeda and their affiliates. It would also hire more people to monitor complaints.

Google pledged the same, but also a tougher stance on videos that don't violate company rules but contain inflammatory religious or supremacist content.

Such videos "will in the future be hidden behind an interstitial warning and they will not be monetised, recommended or eligible for comments or user endorsements", wrote Kent Walker, Google's general counsel.

In the past, however, the companies have complained that there was just so much they could do to combat online terrorism.

The Guardian, a British newspaper, last month published an investigation into Facebook's internal rulebook. The so-called Facebook Files suggested that the company has grown too big to control the content posted by its almost two billion users, who are spread across all countries except for China, Iran and North Korea.

Edri, a coalition of civil and human rights groups, told EUobserver they strongly cautioned "against any moves towards encouraging companies to prevent allegedly 'illegal' content appearing on their networks”.

“Regulation by algorithm is untransparent, biased, unnecessary, disregards context, is contrary to the most basic requirements of predictability and leads to counter-productive effects," Edri's Maryant Fernandez said in a written statement.

The organisation recalled a recent press release by the European Commission, which had called it a success that internet companies deleted 90 percent of complaints referred to it by Europol, the European police agency.

But the commissioner for home affairs, Dimitris Avramopoulos, had later admitted, when asked a parliamentary question by German far-left MEP Cornelia Ernst, that companies deleted content on the basis of their terms of service, rather than law, and that there were no statistics on how many of the referrals had led to the opening of an investigation.

"It seems that the trend in the EU is showing that 'something is being done' rather than focusing on solving the real issues,” said Fernandez.

“When tackling terrorism, member states need to assume their obligations to uphold human rights and the rule of law. Companies have also a responsibility to resist pressure and take freedom of expression and the right to privacy very seriously."

Encryption

Earlier this month, a member of the European Parliament proposed that cracking encryption should be forbidden.

Estonian centre-left MEP Marju Lauristin is in charge of steering a file on electronic communications through the EU parliament. In her draft report, she proposed amendments to a European Commission proposal for e-privacy.

She wrote that “when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited”.

“Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services,” Lauristin wrote in the draft report, which still needs to be adopted by the parliament's civil liberties committee.