First child pornography, now extremism: Internet providers and police investigation authorities to use Microsoft upload filters

Material uploaded onto the Web could soon be scanned for extremist or radicalising content with an upload filter produced by Microsoft. The filter would be installed in the systems of Internet service providers (ISPs), but the necessary databases could be held by the police authorities.

Two weeks ago in Washington, the international Counter Extremism Project presented a software solution with which extremist content is said to be detectable on upload. The process is based on PhotoDNA, an application originally developed by Microsoft to combat child pornography. It is able to detect video and audio content. The recognition rate is reportedly in the region of 98%.

PhotoDNA operates on the principle known as ‘robust hashing’ and extracts a distinct digital signature from the file. With the checksum, the software is then able to recognise images even if they have been distorted or post-edited. The comparison is made with a hash database, which is administered either by ISPs or by both ISPs and public authorities. In the United States, for example, PhotoDNA makes use of the database of the National Center for Missing & Exploited Children. Interpol, the International Criminal Police Organization, also maintains a Child Sexual Exploitation Image Database.

Unclear concept of extremism

The software was developed by a former Microsoft employee, Hany Farid. Dr Farid is now working for the Counter Extremism Project, to which Microsoft has assigned the copyright for PhotoDNA. The Project describes itself as a non-governmental organisation and has offices in London and Brussels. Through targeted lobbying, it seeks to persuade Members of Parliament to relax laws that hamper efforts to combat the ‘extremist threat’. One of its objectives is the development of a ‘counter-narrative’.

The organisation pursues its aims on the basis of a concept of extremism that is not clearly delineated. Its comprehensive dossier on extremist or terrorist organisations also contains details of extreme right-wing political parties from Germany, Hungary and Greece. One of the advisers to the Counter terrorism Project is August Hanning, who was formerly President of Germany’s foreign secret service, the Federal Intelligence Service, and later became a State Secretary in the Federal Minister of the Interior.

PhotoDNA also used by the German Criminal Police Office

Besides Microsoft, several Internet service providers, including Facebook, Google, YouTube and Twitter, have already installed PhotoDNA on their servers. These ISPs also use the software to scan content that users store in their private cloud. If child pornography is detected in that content, notification may be sent to the competent prosecution authorities. The cases are then pursued internationally. The Bundeskriminalamt, the German Federal Criminal Police Office, has received such notification at least once from US authorities.

In 2012 the Bundeskriminalamt also procured the software for ‘test purposes’. The Office, based in Wiesbaden, maintains a reference collection of images relating to cases of sexual abuse and the dissemination of child and adolescent pornography, which is searched by various programs in the context of Bundeskriminalamt investigations. It may well be that PhotoDNA is now in regular operational use there.

Call for more Internet referral units for extremist material

As is already the case for child pornography, the Counter Extremism Project is pressing for the establishment of Internet referral units for extremist material. In each participating country, it says, national databases of removed content could be maintained.

Last summer, the European Union began by setting up such an Internet Referral Unit at Europol, the European Law Enforcement Organisation. Prosecution authorities and intelligence services from the Member States can refer content to the Unit for removal, and Europol then forwards it to the ISPs.

Europol itself also actively searches for content, including content on Facebook, Twitter, YouTube, Vimeo and Archive.org. In a work file set up at Europol by the Bundeskriminalamt, case-related personal data are stored, including user names and IP addresses.

Private ISPs, however, have no access to police data. For this reason, the European Commission launched an Internet Service Providers’ Forum in a bid to prevail upon ISPs themselves to oversee the Internet. The EU Ministers of Home Affairs and the Counter-Terrorism Coordinator, Gilles de Kerchove, are also part of this Forum.

PhotoDNA used by Europol and ISPs?

The Internet Service Providers’ Forum is to develop ‘instruments’ to combat terrorist propaganda on the Web and in the social media. The aim is to establish a public-private database of detected and removed material. According to a Communication from the Commission, ISPs will develop the joint referral platform “with full Europol involvement”.

Presumably the PhotoDNA software developed by Microsoft will likewise be used on this platform. The German Federal Ministry of the Interior confirms that “the technical identification of the same or similar Internet content” will be carried out with the aid of hash values. In the view of the Federal Government, such an upload filter should be “based with the companies”.

It is not certain, however, where the required database containing the hash values of data with “extremist or terrorist content” is to be administered. It is also unclear whether only Web content will be stored there which has already been uploaded or whether European criminal police offices, including Europol, will also be able to deposit unpublished material there for possible deletion.

‘Clean IT’ as the master plan

The introduction of the joint referral platform and the upload filter will implement another finding of the European Union’s Clean IT project, which ended in 2013. The project involved searching, with the cooperation of the Counter-Terrorism Coordinator, for means of combating terrorist, extremist or ‘radicalising’ online activities. The aim of Clean IT was to shift responsibility for overseeing and removing content to Internet providers (see final report).

According to a report in the British Guardian newspaper, the efforts were successful, with Facebook and YouTube already using the Counter Extremism Project’s upload filter to remove material from so-called Islamic State and similar groups.

Lawsuit against Twitter, YouTube and Facebook

Now the provider companies are coming under pressure, including legal pressure. The week before last, the father of Nohemi Gonzalez, who was killed in the Paris attacks last November, filed a suit with a federal court in California. Nohemi was the only US citizen among those who were murdered. The application states that the short message service had enabled so-called Islamic State to maintain tens of thousands of accounts, including at least 79 ‘official’ accounts. Google (YouTube) and Facebook, it was alleged, had also been used in this way. The providers are being sued for damages by the victim’s family for having “knowingly permitted the terrorist group ISIS to use their social networks as a tool for spreading extremist propaganda, raising funds and attracting new recruits”.

A similar action had previously been brought against Twitter by the widow of a man murdered in Jordan. According to media reports, numerous passages and screenshots in the two applications were identical. In its defence, Twitter had stated that it consistently took action against propaganda from ‘Islamic State’. It was announced in February that Twitter had suspended more than 120,000 accounts.

The text first appeared here.

Image: PhotoDNA