Alexandre Linden, a qualified person within the French National Commission on Information Technology and Civil Liberties (CNIL), has just published his first report on the implementation of measures to withdraw, block and declassify unlawful websites through administrative channels, for the period from March 2015 to February 2016. It will be recalled that the judicial authority may prescribe, by injunction or motion, for web hosts or, in their absence, for access providers, all the appropriate measures to prevent or stop damage caused by the content of a public online communication service. However, the legislature has doubled this legal channel by administrative police measures. The first implementation relates back to the law of 14 March 2001 (LOPPSI) on child pornography websites, but it did not enter into force for lack of an implementing decree. The law of 13 November 2014 strengthening the provisions regarding the fight against terrorism extended the measure to websites that incite or advocate for terrorism. This time, the implementing decrees of 5 February 2015 and 4 March 2015 were adopted very quickly. The 7 January attacks most likely account for this swiftness.
The law and the decrees entrust the Central Office for the Fight Against Crime Related to Information and Communication Technology (OCLCTIC) with the duty of being the administrative authority in charge of the process with regard to web hosts, publishers, access providers and search engines. The same law entrusts a qualified person, appointed within and by the CNIL, with monitoring the legality of the measures requested. It must be noted that the question of unlawful websites was at the heart of Bernard Cazeneuve’s meetings with the Big Four during his trip to Silicon Valley in February 2015, and that it is among the duties of the “cyber” prefect.
Alexandre Linden’s report underlined the methodology that he had to build with the OCLCTIC to allow him to perform his duties. Gradually, the requests were accompanied by contextual elements, text excerpts and images, allowing the soundness of the measures taken to be verified. While the examination of child pornography websites poses no particular problem, as the content is, alas, sufficient, terrorist websites require a more in-depth specific analysis. Images and text alone are not sufficient; it is necessary to look for the motivation. The example of the photo of the victims at the Bataclan, disseminated on social networks, is particularly pertinent: certain websites indeed posted it to condemn terrorism; others did so neutrally. This photo, shocking as it may be, does not, in itself, represent inciting or advocating for terrorism. Hence the need to give up on blocking 96 URLs.
In his first report, Alexandre Linden mentioned 25 verification sessions held between March 2015 and February 2016. These sessions also focused on “reverifications,” that is, on the obligation weighing on the OCLCTIC to verify that content is still unlawful.
|Period from Feb. 2015 to Mar. 2016||Withdrawal requests||Withdrawals made||Blocking requests||Declassification requests|
The above table emphasises the relative importance of measures concerning terrorism. As the Linden report highlights, the number of requests has been growing since March. This is most likely due to an improved efficiency of reports. However, this is also likely due to the persistence of the terrorist threat.
 Decree no. 2105-125 of 5 February 2015 concerning the blocking of websites inciting or advocating for acts of terrorism and websites disseminating images and representations of minors of a pornographic nature.
- EncroChat: Deciphering of the End-to-End Encryption Service Used by Criminals Cybercrime
- Preserving Digital Footprints and Cyber Resilience: Training the Swiss Police Cybercrime
- Ransomware in Six Questions (by the Ministerial Delegation to the Security Industries and the Fight Against Cyberthreats, French Ministry of the Interior) Cybercrime