Over two years ago, the Prevention of and Fight against Crime Programme of the European Commission awarded a €400,000 ($428,000) grant to CleanIT, a multi-party project that seeks to "counter the illegal use of Internet." As we reported last month, by February 2013, the group says it will produce a list of non-binding voluntary "principles" aimed at stopping terrorist content and activity online.

"These principles can be used as a guideline or gentleman’s agreement, and can be adopted by many partners," the group states on its website. "They will describe responsibilities and concrete steps public and private partners can take to counter the illegal use of Internet."

Setting aside the fact that there is no clear-cut, universal agreement about who is a terrorist or what defines terrorist content, CleanIT has continued to move forward. It is led by But Klaasen, the programme manager of the office of the Dutch national coordinator for counterterrorism and security.

Since November 2011, CleanIT has published intermediary documents on its website—the most recent one was released in May 2012. However, a Brussels-based Internet freedom organization, European Digital Rights, has recently published a leaked draft document from CleanIT, dated August 28, 2012.

An anti-terrorist browser? Huh?

The new 23-page document (PDF) includes many disturbing provisions, some of which are labeled as "recommendations," and others as "to be discussed." Many of those in the latter category are questionable at best, and at worst are ridiculous and likely verge on illegal. They include:

"Knowingly providing hyperlinks on websites to terrorist content must be defined by law as illegal just like the terrorist content itself"

"Governments must disseminate lists of illegal, terrorist websites"

"The Council Regulation (EC) No 881/2002 of 27 May 2002 (art 1.2) should be explained that providing Internet services is included in providing economics instruments to Al Qaeda (and other terrorist persons and organisations designated by the EU) and therefore an illegal act"

"On Voice over IP services it must be possible to flag users for terrorist activity."

"Internet companies must allow only real, common names."

"Social media companies must allow only real pictures of users."

"At the European level a browser or operating system based reporting button must be developed."

"Governments will start drafting legislation that will make offering... a system [to monitor Internet activity] to Internet users obligatory for browser or operating systems...as a condition of selling their products in this country or the European Union."

Many tech and legal scholars have been significantly alarmed by what has been proposed in this draft document.

"These are so out of scope," said Arthur van der Wees, an IT lawyer in Amsterdam, in an interview with Ars. "It is not even something we have to discuss. It’s clearly not legal. You don’t have to have studied law to see this."

Moreover, he pointed out, many of these proposed changes would be in direct violation of existing European law. That’s particularly striking especially in the Netherlands, which earlier this year became Europe’s first (and the world’s second) nation to enshrine the concept of net neutrality into law.

"Very rough ideas"

Klaasen, CleanIT’s leader, said that he understands the hysteria surrounding this newly released draft—however, he emphasized that the document was just that, an in-progress draft.

"I do fully understand that the publishing of the document led to misunderstandings," he told Ars. "If we publish like this, it will scare people—that’s the reason that we didn’t publish it. It’s food for thought. We do realize these are very rough ideas."

He said that this draft represents less than half of a five-step process that has resulted in the official draft documents that the group has released so far. This document is only what has come out of discussions from working groups, but has not yet been discussed by all 30-40 participants in attendance. (The group recently rescheduled its September London meeting for Utrecht, the Netherlands—a cheaper alternative—and is slated to convene in Vienna in November.)

"You can compare [this situation] to taking pictures of what someone buys for dinner with how a dinner tastes—you don’t have the complete picture," he added.

Klaasen told Ars that he is aware of the concerns that CleanIT’s proposals are conflicting with EU law.

"We have a trusted environment where everybody can speak freely," he said. "This came from the group. We don’t track who came with what idea. This is what came up. We just try to have an open and constructive dialogue. I’m confident that everything that will affect our online freedom will never pass through. I’m very confident about that."

The Dutch official called his group the most open counterterrorism project anywhere in the world, saying that publishing intermediate, official drafts was going above and beyond what normally takes place.

"I don’t see the problem [with that approach,]" he added. "I have no problem with publishing everything we do afterwards. I’m open for debate, but I’m not convinced that everything should be fully transparent 24/7."

More than anything, Klaasen said he was shocked that European Digital Rights did not respect basic instructions.

"We really didn’t expect that people would publish a document that clearly says ‘not for publication’—that really surprised us," he said. "I don’t know if it’s naive. Why can’t I trust people?"

Overbroad policy

Joe McNamee, the head of European Digital Rights, wrote on his organization’s website that the draft "shows just how far internal discussions in that initiative have drifted away from its publicly stated aims, as well as the most fundamental legal rules that underpin European democracy and the rule of law."

In an interview late Monday night, McNamee told Ars that the document had been leaked to him by a participant who wanted to show how some participants had concerns, but were afraid to express them, lest they be seen as soft on terrorism.

"Governments and the [European Commission] and whoever trying to privatize the rule of law through the terms of service is illegal under the most basic principles of international law, it’s unpredictable for the citizen, and it’s inevitably going to lead to perfectly legal content being deleted," he added. "It’s simply not the appropriate method of dealing with illegal or unwelcome content online. Full stop."

Other activists outside Europe have started to take notice as well. Seth Schoen, staff technologist at the Electronic Frontier Foundation, described the leaked draft as "kinda weird."

"We should start to freak out, but in a sort of preliminary way," he said.

If these provisions do actually come to pass—admittedly a long shot at this stage—one of the major problems with such a plan is how to distinguish what is and isn’t accepted speech in the European Union and when it crosses over to being "terrorist content."

"This document seems to present terrorist content as potentially any information produced by anyone associated with a terrorist group," he said, recalling the Irish Republican Army, often referred to as a domestic European terrorist organization.

"When the IRA was conducting terrorist attacks, I never heard anyone say that TV wouldn't show interviews with IRA members or that IRA members couldn't publish books or anything like that," he said. "There were restrictions on funding the IRA because they were using terrorism. But I never heard people suggest that people needed to be protected from the opinions or advocacy of IRA members, or that IRA was not entitled to freedom of speech."

UPDATE (Wednesday): As some commenters have pointed out, there actually were some bans laid down by the UK government in the late 1980s forbidding broadcast of any organization believed to support terrorism. Effectively that meant that the voice of Gerry Adams, the leader of Sinn Fein, was never heard—rather, his voice was replaced with an actor's voice.

In response, Schoen e-mailed Ars Tuesday evening:

"I have to concede that this is exactly the kind of government action that I had assumed people would not have called for or accepted," he wrote.

"Apparently, I was just not familiar enough with my Troubles history. I find this action shocking from a US legal point of view, but it might show a historical European precedent for an extremely broad ban on publishing the speech of members of terrorist organizations (even when their speech is on political topics and not advocating violence)."

"It seems pretty odd that the ban applied only to the voice and image of the IRA members themselves, and not to their words—so the British audiences still ended up learning the IRA's opinions, from actors. At this distance from the Troubles, that feels somewhat surreal."