Protesters demonstrate against ACTA in front of the Presidential Palace, Warsaw, Poland, January, 2012. ALIK KEPLICZ / Press Association. All rights reserved.
Until June 23 Poland was a green island on the European black sea of internet filtering. Once, back in 2010, the Polish government considered this popular yet ineffective form of preventing cybercrime. But as a result of eager public debate the then Prime Minister, Donald Tusk, was advised against introducing a list of ‘forbidden websites and services’. The usual arguments used by freedom of expression advocates in other countries proved successful in Poland: Tusk decided against the costly operation, having been persuaded that even with internet filtering in place, undesirable content would still be accessible. The infrastructure and manpower costs would surmount the limited benefits of the few lay internet users actually believing the misleading 404 error message or complying with the automated ban.
Yet only six years later that debate and all relevant arguments seem to have been forgotten. As the Warsaw NATO summit dawns, and in the face of the growing threat of terrorism in other European countries, the Polish law on ‘anti-terrorist’ measures, authored by the right wing Law and Justice (Prawo i Sprawiedliwosc; PiS) government, has introduced the first ever Polish procedure on internet filtering, raising serious concerns about privacy, freedom of expression and other human rights.
Vague definition – vast authority
The new Polish act on anti-terrorist measures came into force on June 29. It was approved by the Parliament without debate, less public consultation and within a week the President signed it into law. Despite calls from civil society there was no public hearing on the draft, one kept classified until the final parliamentary vote, and the President, the acting guardian of the Constitution and the values it stands for, decided against vetoing it although the act itself raises fundamental constitutional concerns.
The critics have rightfully, yet unsuccessfully, indicated that the very notion of a terrorist threat, crucial to the implementation of this act, is vast and unclear. An “event of a terrorist character”, focal to the act, is defined as a “situation which is suspected to have resulted from a terrorist crime”, making direct reference to the Polish Penal Code. In its definition of a terrorist crime the Penal Code reflects to some extent the existing international law consensus on the notion of terrorism when it stipulates that “an offense of a terrorist character” is any offense committed to result in serious intimidation of many people, compel a Polish public authority or that of any other state or the authority of an international organization to perform or abstain from certain activities, or cause serious disturbances in the economy of the Polish Republic, another state or an international organization.
Regardless of the reference to the existing law, the new definition of “terrorist event” strikes one as bluntly overbroad brushstroke, in particular since it directly reflects on the scope of human rights to be exercised. It seems a mirror image of the infamous ‘three hops’ FISAA rule, allowing them to restrict the right to share and access any information relating to a “situation which is suspected to have resulted” from a terrorist crime, and allowing a broad interpretation of any activity as possibly connected with what might be considered a terrorist offence. It is this broad interpretation that prompts most criticism. The law remains silent on the procedures applicable in making such decisions and the bodies competent to decide whether the ‘suspicion’ is justified. The actual link between the terrorist crime and the introduction of special measures could be dangerously loose and vague.
The other argument made by the critics of the new law is that it is discriminatory - most of the antiterrorist measures are aimed at foreigners, including those from EU countries and applicable to all non-Polish persons (a vague resemblance to the US FISAA logic of applying constitutional privacy and civil liberties guarantees only to “US-persons” can be traced here). For example the conversations of foreigners (regardless of the nationality of the person on the other side of the line) may be eavesdropped and recorded by the Internal Security Agency (Agencja Bezpieczeństwa Wewnętrznego, ABW) without a court order.
The third point of contention is the right granted to the authorities to limit the freedom of assembly in circumstances perceived as entailing a terrorist threat – a provision viewed as a possible way of curtailing public protests, ones which Poland seems to have indulged in regularly of late. Luckily no official reference to online assemblies has yet been made, but one is left to wonder whether Jaroslaw Kaczynski, leading the governing PiS party, will follow in the footsteps of another authoritarian leader and take Erdogan’s example by applying the law on assembly to online gatherings on e.g. Facebook or Twitter, resulting in country-wide blocking of those services for all country users.
With regard to the application of human rights online, the introduction of a court-ordered blocking seems particularly alarming. In 2010 there was a debate on “a list of forbidden sites and services” in the context of enforcing Polish gambling law. Its provisions required anyone operating a gambling service, both off-line and online, to register with the local Ministry of Finance. The reason for this was primarily a tax concern – the government wanted to ensure that gambling revenue fuelled the budget. The authorities quickly realized that the gambling law would be unenforceable against online services and in consequence there was much talk of introducing a list of gambling sites to be blocked unless registered. The usual arguments (ineffectiveness of blocking, risk of unauthorized censorship etc.) resulted in Donald Tusk’s government abandoning this idea.
While the debate in 2010 proved to be vocal and public, the 2016 law was rapidly passed, with few civil society organizations expressing any concern. Unlike in 2010 there was no roundtable debate with the government. Unlike with the ACTA protests there were no protests in the streets. The official reasons presented briefly by the government referenced broadly increasing terrorist risks, in particular in the face of planned high-level meetings and mass events to take place in Poland this summer. Should such terrorist threats appear online, whether it involved the inciting of a terrorist attack or instructing how to assemble a bomb, the power to curtail free speech and block such threatening content for the purposes of terrorism prevention rests with the ABW. As explained by the government, this “new instrument relates to information and communication systems” and its purpose is the “prevention and detection of terrorist offences” as well as “prosecuting the perpetrators” of such crimes. These measures are directed at terrorist organizations that use the internet to promote their ideology, instruct on carrying out terrorist attacks or to communicate with followers. Yet rumor has it that in the works is also a list of gambling sites to be blocked. While there is no talk of copyright violations as of yet, the UK example indicates that those avenues will be explored next.
While the ABW authority is broad, there is a sense of judicial supervision present in the new act. It grants courts the power to issue an order for the ABW to install blocking or require the system administrator to block specific data or data communication services available in the ICT system that they manage. This court order is to follow a written request from the ABW chief, made after having received written consent from the Attorney General. The data or services to be blocked need to be “related to an event of terrorist nature” and they are to be blocked “for a specified period not longer than 30 days”. In undefined “urgent cases” however the decision to block or to have the ISP block data or services “related to an event of terrorist nature” can be made by the head of the ABW after obtaining a written consent from the Attorney General. Once consent is granted, the ABW chief must refer to Warsaw District Court with a written request for a decision on the matter. The court may then decide on blocking the relevant data for no longer than three months, unless the circumstances justifying the blocking have ceased. The court has five days to consent to the blocking or its continuation and unless a court decision is in place, the blocking is to stop. The relevant court decisions are subject to appeal as per the provisions of the Code of Criminal Procedure, but the right to appeal has not been granted either to the ISP or to the individual whose data has been blocked.
Poland in a “Yildirim situation”
While the act provides for some court supervision over internet filtering, it fails to address the rights of users. The individual whose data is being blocked has not been given any right to object against unjustified blocking, either against the state, or against the ISP. It is only the ABW chief and the Attorney General who can object to the blocking order.
Moreover, it is likely that the current infrastructure in place will make it difficult to ensure that only individual content (websites) will be blocked. Poland might find itself in a Yildirim situation, with court orders resulting in overbroad blocking – a scenario confirmed by e.g. the European Court of Human Rights (ECHR) as a violation of Article 10 of the European Human Rights Convention. It was in the 2012 Yildirim v Turkey case that the ECHR decided against overbroad internet filtering lacking sufficient judicial supervision. But other countries have also struggled with finding an equilibrium between crime prevention online and human rights guarantees, not to mention the shifting line of adjudication of the European Court of Justice in copyright-related cases or the changing focus of national courts in France or Germany.
And also in Poland, as already indicated, the Internet filtering act fails to indicate who takes the decision and based on which procedures on there being a justified suspicion of a terrorism-related ‘situation’. The limited court supervision, granting the ABW chief permission to run surveillance without authorization, raises serious human rights concerns.
Solid as a rock
While the new bill raises justified and serious concerns on its legality and compliance with the rule of law, there seems little practical chance of it being reviewed or revised soon. On July 1, Parliament approved another amendment to the recently changed act on the Constitutional Tribunal, awarding the President of the Republic a broad authority to interfere with the work of the judges. Among other new prerogatives, the President has been granted the authority to decide on the sequence in which the Tribunal is to review the cases. Effectively, should the Polish Ombudsman file a constitutional complaint against the new antiterrorist law, indicating possible threats to the rule of law and individual rights and liberties present in the act, the Tribunal may actually be halted in its work of reviewing the Ombudsman’s motion. Moreover, the recent amendments of the act on the Constitutional Tribunal introduced a power of four (out of the appointed fifteen) judges to veto the proceedings of the court. In case of their veto vote, the investigation of the controversial case is to be suspended for three months. Should any consensus on such a case prove unattainable after that period, the Tribunal is to dismiss the case in its entirety without giving its opinion. Effectively, a minority of judges in the Constitutional Tribunal have been given the power to paralyze its work and ensure that any controversial law stays in force, making the Tribunal unable to declare it null and void.
Human rights in decline?
The faults of the new law are plenty – next to the threat they hold for free speech online, and the (non-virtual) right to assembly, they also introduced the controversial obligation to register any pre-paid phone with the buyer’s personal data and grant the Internal Security Agency vast access to public databases on social security or the municipal fingerprint records kept by the police.
Poland seems to be following the policies of fear popular in many European states but also well represented in the US presidential debates. One could argue that Poland is a universal trendsetter with an internet-related law countering the most current of threats, that of global terrorism, following the most recent UN Security Council plans to introduce universal regulations on controlling hate speech and communications supporting or inciting terrorism, following the agenda they set out in 2015. Yet even though the world’s major powers, including China, the US or UK, may agree on the need to combat dangerous words online, the practical limits to any corresponding legal regulation will surely be difficult, if not impossible, to trace. The Draft comprehensive convention on international terrorism, unsuccessfully negotiated since 2000, has taught us that much.
Terrorism is nothing more than a shorthand allusion to a set of problems reflecting the era of globalised culture and trade. The fragile balance between free expression and hate speech has been discussed in volumes of academic writing and court files, but remains unattainable in practical terms. With that in mind, any limits set for free expression online must be traced in pencil, not in ink, and not, and this is particularly important - within a hastily drafted piece of legislation.
 For a detailed discussion see e.g.: Joss Wright, Yana Breindl, Internet filtering trends in liberal democracies: French and German regulatory debates, Internet Policy Review, 2/2/2013.
 Caitlin Dewey, The United Nations has a radical, dangerous vision for the future of the Web, Washington Post, September 24, 2015.