„Crawling, monitoring and gathering“: EU funds search engine for criminal Internet content

European police authorities and arms companies are working on a „powerful terrorism intelligence platform“ on the Internet. It is intended to track down material to promote violence and radicalisation. The technology thus goes far beyond the threat of upload filters.

In the security research programme „TENSOR“, the European Union is developing automatic detection of criminal content on the Internet. The technology is to find material that can „contribute to the advancement of terrorist violence and radicalisation“ in an automated process. On the project website, this is referred to as „crawling, monitoring and gathering“. Described as a tool for „Internet penetration“, it should also operate in multilingual social media and use „dialogue-empowered bots“ with artificial intelligence. Found criminal content will then be categorized and interpreted so that it can be used by law enforcement agencies. The software would also be used in Darknet.

The project is the technical implementation of the demand for „early detection“ of terrorist organised activities, radicalisation and recruitment as called for by the European Union in the Council Conclusions and a Commission paper of 2017. It calls not only for the rapid removal of „illegal online content“, but also for its „proactive detection“.

Police authorities and arms companies

„TENSOR“ is led by the police from Northern Ireland, in addition to other European police authorities several arms companies and research institutes are involved. They are advised by the German Police University, the United Nations and Interpol. The international police organization could make the results of „TENSOR“ known worldwide and train police authorities in its application.

In September, the Commission presented its proposal to prevent the dissemination of online terrorist content. The upload filters required there for „extremist“ or „terrorist“ material would be based on a database launched by YouTube, Google, Twitter and Facebook. This does not store entire files, but their hash values. Researches like in „TENSOR“ go beyond that and are supposed to discover hitherto unknown contents. These could then also be included in the upload filter.

The hash database of the large Internet companies is also fed by European police authorities. The police agency Europol operates a „Referral Unit“ for Internet content in The Hague, which itself searches the Internet for suspected criminal content and then sends removal requests to the companies. These are not contents or accounts which are classified as criminal by courts or public prosecutors, but assessments of the police authorities.

Storage in Europol analysis file

Europol would probably also set up a search engine such as „TENSOR“. In order to be usable for law enforcement purposes and as evidence in court, all content that Europol considers to be criminal must be downloaded. In The Hague they are stored in the Europol analysis work file „Check the Web“, which emerged from a project of the German Federal Criminal Police Office.

Europol operates an „Internet Referral Management Application“ (IRMA) for the administration of removal requests. The database is to manage accounts or contents that have already been reported for removal, so that a second order is no longer necessary. However, some Internet content is monitored by police or intelligence services for gathering intelligence and should therefore remain online. These conflicting requests will also be moderated by IRMA. As part of a pilot project, France, the Netherlands and Belgium were connected to the IRMa, followed a few weeks ago by the BKA.

To facilitate investigations on the Internet, Europol has put the SIRIUS portal online. It contains FAQ’s, forums, and „tools“ for the law enforcement authorities. There, investigators can find out which contact point at Internet companies can be used to request the removal of content. SIRIUS also contains instructions on types of data that can be „directly retrieved by service providers“ as evidence during investigations. In order to facilitate cross-border searches of „electronic evidence“, the Council and the European Parliament have recently agreed on a common regulation.

More than „Clean IT“

Many of the measures that now monitor and control the Internet are based on the former EU research project „Clean IT“. Under Dutch leadership, it should improve the detection and removal of „violent or pro-violent forms of terrorism and extremism“. The conclusions and recommendations set out in the final report six years ago have largely been implemented. For example, „Clean IT“ proposed the establishment of private and police referral units and hotlines, a system of „trusted flaggers“ and a common database. The installation of upload filters, as now requested by the Commission, was not in the findings of „Clean IT“. Instead, the researchers recommended „end-user controlled filters“. If any illegal terrorist content would be found, it should be taken offline with regular means of law enforcement.

For the research in „TENSOR“, the European Commission is paying around 5 million euros, with a further 600,000 euros to be financed by the participants. The project will end on 31 August, then the results will be presented. With „DANTE“, „Asgard“ and „RED-ALERT“, the Commission is conducting similar research that provides additional functions such as tracking financial flows or speech recognition. It would also be conceivable to equip the search engines with face recognition. With such an application, Interpol is currently searching the Internet for evidence on „foreign fighters“. According to a document published online by the British civil rights organisation Statewatch, the police agency Europol is also running such a project under the name „FACE“.

Image: The obligatory hacker in a hooded sweater as an illustration of an EU research project to track down terrorist Internet content (RED ALERT).