The Counter-Terrorism Internet Referral Unit (CTIRU) was set up in 2010 by ACPO (and run by the Metropolitan Police) to remove unlawful terrorist material content from the Internet, with a specific focus on UK based material.
CTIRU works with
internet platforms to identify content which breaches their terms of service and requests that they remove the content.
CTIRU also compile a list of URLs for material hosted outside the UK which are blocked on networks of the public estate.
As of December 2017, CTIRU is linked to the removal of 300,000 pieces of illegal terrorist material from the internet
Censor or not censor?
The CTIRU consider its scheme to be voluntary, but detailed
notification under the e-Commerce Directive has legal effect, as it may strip the platform of liability protection. Platforms may have "actual knowledge" of potentially criminal material, if they receive a well-formed notification, with the
result that they would be regarded in law as the publisher from this point on.
At volume, any agency will make mistakes. The CTIRU is said to be reasonably accurate: platforms say they decline only 20 or 30% of material. That
shows considerable scope for errors. Errors could unduly restrict the speech of individuals, meaning journalists, academics, commentators and others who hold normal, legitimate opinions.
A handful of CTIRU notices have been made
public via the Lumen transparency project. Some of these show some very poor decisions to send a notification. In one case, UKIP Voices, an obviously fake, unpleasant and defamatory blog portraying the UKIP party as cartoon figures but also vile racists
and homophobes, was considered to be an act of violent extremism. Two notices were filed by the CTIRU to have it removed for extremism. However, it is hard to see that the site could fall within the CTIRU's remit as the site's content is clearly
In other cases, we believe the CTIRU had requested removal of extremist material that had been posted in an academic or journalistic context.
Some posters, for instance at wordpress.com, are
notified by the service's owners, Automattic, that the CTIRU has asked for content to be removed. This affords a greater potential for a user to contes tor object to requests. However, the CTIRU is not held to account for bad requests. Most people will
find it impossible to stop the CTIRU from making requests to remove lawful material, which might still be actioned by companies, despite the fact that the CTIRU would be attempting to remove legal material, which is clearly beyond its remit.
When content is removed, there is no requirement to notify people viewing the content that it has been removed because it may be unlawful or what those laws are, nor that the police asked for it to be removed. There is no advice to
people that may have seen the content or return to view it again about the possibility that the content may have been intended to draw them into illegal and dangerous activities, nor are they given advice about how to seek help.
There is also no external review, as far as we are aware. External review would help limit mistakes. Companies regard the CTIRU as quite accurate, and cite a 70 or 80% success rate in their applications. That is potentially a lot of requests that should not have been filed, however, and that might not have been accepted if put before a legally-trained and independent professional for review.
As many companies will perform little or no review, and requests are filed to many companies for the same content, which will then sometimes be removed in error and sometimes not, any errors at all should be concerning.
Crime or not crime?
The CTIRU is organised as part of a counter-terrorism programme, and claim its activities warrant operating in secrecy, including rejecting freedom of information requests on the
grounds of national security and detection and prevention of crime.
However, its work does not directly relate to specific threats or attempt to prevent crimes. Rather, it is aimed at frustrating criminals by giving them extra
work to do, and at reducing the availability of material deemed to be unlawful.
Taking material down via notification runs against the principles of normal criminal investigation. Firstly, it means that the criminal is
"tipped off" that someone is watching what they are doing. Some platforms forward notices to posters, and the CTIRU does not suggest that this is problematic.
Secondly, even if the material is archived, a notification
results in destruction of evidence. Account details, IP addresses and other evidence normally vital for investigations is destroyed.
This suggests that law enforcement has little interest in prosecuting the posters of the content
at issue. Enforcement agencies are more interested in the removal of content, potentially prioritised on political rather than law enforcement grounds, as it is sold by politicians as a silver bullet in the fight against terrorism.
Beyond these considerations, because there is an impact on free expression if material is removed, and because police may make mistakes, their work should be seen as relating to content removal rather than as a secretive matter.
Little is know about the CTIRU's work, but it claims to be removing up to 100,000 "pieces of content" from around 300 platforms annually. This statistic is regularly quoted to
parliament, and is given as an indication of the irresponsibility of major platforms to remove content. It has therefore had a great deal of influence on the public policy agenda.
However, the statistic is inconsistent with
transparency reports at major platforms, where we would expect most of the takedown notices to be filed. The CTIRU insists that its figure is based on individual URLs removed. If so, much further analysis is needed to understand the impact of these URL
removals, as the implication is that they must be hosted on small, relatively obscure services.
Additionally, the CTIRU claims that there are no other management statistics routinely created about its work. This seems somewhat
implausible, but also, assuming it is true, negligent. For instance, the CTIRU should know its success and failure rate, or the categorisation of the different organisations or belief systems it is targeting. An absence of collection of routine data
implies that the CTIRU is not ensuring it is effective in its work. We find this position, produced in response to our Freedom of Information requests, highly surprising and something that should be of interest to parliamentarians.
Lack of transparency increases the risks of errors and bad practice at the CTIRU, and reduces public confidence in its work. Given the government's legitimate calls for greater transparency on these matters at platforms, it should
apply the same standards to its own work.
Both government and companies can improve transparency at the CTIRU. The government should provide specific oversight, much in the same way as CCTV and Biometrics have a Commissioner.
Companies should publish notifications, redacted if necessary, to the Lumen database or elsewhere. Companies should make the full notifications available for analysis to any suitably-qualified academic, using the least restrictive agreements practical.