Until June 23 Poland was a green island on the European black sea of internet filtering. Once, back in 2010, the Polish government considered this popular yet ineffective form of preventing cybercrime. But as a result of eager public debate the then Prime Minister, Donald Tusk, was advised against introducing a list of forbidden websites and services . The usual arguments used by freedom of expression advocates in other countries proved successful in Poland: Tusk decided against the costly operation, having been persuaded that even with internet filtering in place, undesirable content would still be accessible. The infrastructure and manpower costs would surmount the limited benefits of the few lay internet users actually believing the misleading 404 error message or complying with the automated ban.
Yet only six years later that debate and all relevant arguments seem to have been forgotten. As the Warsaw NATO summit dawns, and in the face of the growing threat of terrorism in other European countries, the Polish law on anti-terrorist measures, authored by the right wing Law and Justice government, has introduced the first ever Polish procedure on internet filtering, raising serious concerns about privacy, freedom of expression and other human rights.
Vague definition — vast authority
The new Polish act on anti-terrorist measures came into force on June 29. It was approved by the Parliament without debate, less public consultation and within a week the President signed it into law. Despite calls from civil society there was no public hearing on the draft, one kept classified until the final parliamentary vote, and the President, the acting guardian of the Constitution and the values it stands for, decided against vetoing it although the act itself raises fundamental constitutional concerns.
The critics have rightfully, yet unsuccessfully, indicated that the very notion of a terrorist threat, crucial to the implementation of this act, is vast and unclear. An event of a terrorist character , focal to the act, is defined as a situation which is suspected to have resulted from a terrorist crime , making direct reference to the Polish Penal Code. In its definition of a terrorist crime the Penal Code reflects to some extent the existing international law consensus on the notion of terrorism when it stipulates that an offense of a terrorist character is any offense committed to result in serious intimidation of many people, compel a Polish public authority or that of any other state or the authority of an international organization to perform or abstain from certain activities, or cause serious disturbances in the economy of the Polish Republic, another state or an international organization.
Regardless of the reference to the existing law, the new definition of terrorist event strikes one as bluntly overbroad brushstroke, in particular since it directly reflects on the scope of human rights to be exercised. It seems a mirror image of the infamous three hops FISAA rule , allowing them to restrict the right to share and access any information relating to a situation which is suspected to have resulted from a terrorist crime, and allowing a broad interpretation of any activity as possibly connected with what might be considered a terrorist offence. It is this broad interpretation that prompts most criticism. The law remains silent on the procedures applicable in making such decisions and the bodies competent to decide whether the suspicion is justified. The actual link between the terrorist crime and the introduction of special measures could be dangerously loose and vague.
The other argument made by the critics of the new law is that it is discriminatory – most of the antiterrorist measures are aimed at foreigners, including those from EU countries and applicable to all non-Polish persons (a vague resemblance to the US FISAA logic of applying constitutional privacy and civil liberties guarantees only to US-persons can be traced here). For example the conversations of foreigners (regardless of the nationality of the person on the other side of the line) may be eavesdropped and recorded by the Internal Security Agency without a court order.
The third point of contention is the right granted to the authorities to limit the freedom of assembly in circumstances perceived as entailing a terrorist threat — a provision viewed as a possible way of curtailing public protests, ones which Poland seems to have indulged in regularly of late. Luckily no official reference to online assemblies has yet been made, but one is left to wonder whether Jaroslaw Kaczynski, leading the governing PiS party, will follow in the footsteps of another authoritarian leader and take Erdogan’s example by applying the law on assembly to online gatherings on e.g. Facebook or Twitter, resulting in country-wide blocking of those services for all country users.
With regard to the application of human rights online, the introduction of a court-ordered blocking seems particularly alarming. In 2010 there was a debate on a list of forbidden sites and services in the context of enforcing Polish gambling law. Its provisions required anyone operating a gambling service, both off-line and online, to register with the local Ministry of Finance. The reason for this was primarily a tax concern — the government wanted to ensure that gambling revenue fuelled the budget. The authorities quickly realized that the gambling law would be unenforceable against online services and in consequence there was much talk of introducing a list of gambling sites to be blocked unless registered. The usual arguments (ineffectiveness of blocking, risk of unauthorized censorship etc.) resulted in Donald Tusk’s government abandoning this idea.
While the debate in 2010 proved to be vocal and public, the 2016 law was rapidly passed, with few civil society organizations expressing any concern. Unlike in 2010 there was no roundtable debate with the government. Unlike with the ACTA protests there were no protests in the streets. The official reasons presented briefly by the government referenced broadly increasing terrorist risks, in particular in the face of planned high-level meetings and mass events to take place in Poland this summer. Should such terrorist threats appear online, whether it involved the inciting of a terrorist attack or instructing how to assemble a bomb, the power to curtail free speech and block such threatening content for the purposes of terrorism prevention rests with the ABW. As explained by the government, this new instrument relates to information and communication systems and its purpose is the prevention and detection of terrorist offences as well as prosecuting the perpetrators of such crimes. These measures are directed at terrorist organizations that use the internet to promote their ideology, instruct on carrying out terrorist attacks or to communicate with followers. Yet rumor has it that in the works is also a list of gambling sites to be blocked. While there is no talk of copyright violations as of yet, the UK example indicates that those avenues will be explored next.
While the ABW authority is broad, there is a sense of judicial supervision present in the new act. It grants courts the power to issue an order for the ABW to install blocking or require the system administrator to block specific data or data communication services available in the ICT system that they manage. This court order is to follow a written request from the ABW chief, made after having received written consent from the Attorney General. The data or services to be blocked need to be related to an event of terrorist nature and they are to be blocked for a specified period not longer than 30 days . In undefined urgent cases however the decision to block or to have the ISP block data or services related to an event of terrorist nature can be made by the head of the ABW after obtaining a written consent from the Attorney General. Once consent is granted, the ABW chief must refer to Warsaw District Court with a written request for a decision on the matter. The court may then decide on blocking the relevant data for no longer than three months, unless the circumstances justifying the blocking have ceased. The court has five days to consent to the blocking or its continuation and unless a court decision is in place, the blocking is to stop. The relevant court decisions are subject to appeal as per the provisions of the Code of Criminal Procedure, but the right to appeal has not been granted either to the ISP or to the individual whose data has been blocked.
…Read the full article from opendemocracy.net