Dear Mr  Killock

Freedom of Information Request Reference No: 2017100000250

I write in connection with your request for information which was received
by the Metropolitan Police Service (MPS) on 08/10/2017.  I note you seek
access to the following information:

* In relation to the Counter Terrorism Internet Referral Unit, can you
please supply me with: (1) A list of policy documents and codes of
practice relating to the identification and classification of Internet
content (2) A list of current template notices sent to external
parties or placed on websites (3) Confirmation that you have an
agreement with the Home Office relating to the supply of the a list
for the blocking of extremist content; and a list of the document or
documents that form this agreement I understand that in some
circumstances the content of documents might fall under exemptions
such as national security or prevention of crime.  For this reason, I
am asking for lists of documents rather than the contents themselves.
In some cases, such as template notices placed on seized websites, or
blocked websites, these are in effect public facing documents and
should be able to be released. Furthermore, as the government debates
its "Digital Charter" and measures to reduce the incidence of
extremist content online, it will be very important for the public to
understand the scope of current activities in this area.

Your request will now be considered in accordance with the Freedom of
Information Act 2000 (the Act).  You will receive a response within the
statutory timescale of 20 working days as defined by the Act.  

If you have any further enquiries concerning this matter, please contact
us at [email address] or on the phone at 0207 161 3500, quoting the
reference number above. Should your enquiry relate to the logging or
allocations process we will be able to assist you directly and where your
enquiry relates to other matters (such as the status of the request) we
will be able to pass on a message and/or advise you of the relevant
contact details.

Yours sincerely

Peter Deja
Support Officer - Freedom of Information Triage Team
 
COMPLAINT RIGHTS

Are you unhappy with how your request has been handled or do you think the
decision is incorrect?

You have the right to require the Metropolitan Police Service (MPS) to
review their decision.

Prior to lodging a formal complaint you are welcome to discuss the
response with the case officer who dealt with your request.  

Complaint

If you are dissatisfied with the handling procedures or the decision of
the MPS made under the Freedom of Information Act 2000 (the Act) regarding
access to information you can lodge a complaint with the MPS to have the
decision reviewed.

Complaints should be made in writing, within forty (40) working days from
the date of the refusal notice, and addressed to:

FOI Complaint
Information Rights Unit
PO Box 57192
London
SW6 1SF
[email address]

In all possible circumstances the MPS will aim to respond to your
complaint within 20 working days.

The Information Commissioner

After lodging a complaint with the MPS if you are still dissatisfied with
the decision you may make application to the Information Commissioner for
a decision on whether the request for information has been dealt with in
accordance with the requirements of the Act.

For information on how to make application to the Information Commissioner
please visit their website at www.ico.org.uk.  Alternatively, write to or
phone:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: 0303 123 1113

Consider our environment - please do not print this email unless
absolutely necessary.

NOTICE - This email and any attachments may be confidential, subject to
copyright and/or legal privilege and are intended solely for the use of
the intended recipient. If you have received this email in error, please
notify the sender and delete it from your system.  To avoid incurring
legal liabilities, you must not distribute or copy the information in this
email without the permission of the sender. MPS communication systems are
monitored to the extent permitted by law.  Consequently, any email and/or
attachments may be read by monitoring staff. Only specified personnel are
authorised to conclude any binding agreement on behalf of the MPS by
email. The MPS accepts no responsibility for unauthorised agreements
reached with other employees or agents.  The security of this email and
any attachments cannot be guaranteed. Email messages are routinely scanned
but malicious software infection and corruption of content can still occur
during transmission over the Internet. Any views or opinions expressed in
this communication are solely those of the author and do not necessarily
represent those of the Metropolitan Police Service (MPS).

Find us at:

Facebook: Facebook.com/metpoliceuk

Twitter: @metpoliceuk

Dear Mr Killock

Freedom of Information Request Reference No: 2017100000250

I write in connection with your request for information which was received
by the Metropolitan Police Service (MPS) on 08/10/2017.  I note you seek
access to the following information:

* In relation to the Counter Terrorism Internet Referral Unit, can you
please supply me with:

(1) A list of policy documents and codes of practice relating to the
identification and classification of Internet content
(2) A list of current template notices sent to external parties or placed
on websites
(3) Confirmation that you have an agreement with the Home Office relating
to the supply of the a list for the blocking of extremist content; and a
list of the document or documents that form this agreement

I understand that in some circumstances the content of documents might
fall under exemptions such as national security or prevention of crime.
 For this reason, I am asking for lists of documents rather than the
contents themselves.

In some cases, such as template notices placed on seized websites, or
blocked websites, these are in effect public facing documents and should
be able to be released.

Furthermore, as the government debates its "Digital Charter" and measures
to reduce the incidence of extremist content online, it will be very
important for the public to understand the scope of current activities in
this area.

I am sorry to inform you that we have not been able to complete our
response to your request by the date originally stated.

Under the Freedom of Information Act 2000 (the Act), we have 20 working
days to respond to a request for information unless we are considering
whether the information requested is covered by one of the 'qualified
exemptions' (exemptions which must be tested against the public interest
before deciding whether they apply to the information in question).

Where we are considering the public interest test against the application
of relevant qualified exemptions, Section 17(2)(b) provides that we can
extend the 20 day deadline.  Please see the legal annex for further
information on this section of the Act.

For your information we are considering the following exemption:

Section 31 - Law Enforcement

I can now advise you that the amended date for a response is 30/11/2017.

May I apologise for any inconvenience caused.

Should you have any further enquiries concerning this matter, please
contact me via email at [email address], quoting the
reference number above.

Yours sincerely

C. Gayle-Petrou
Information Manager

LEGAL ANNEX

Section 17(2) provides:

(2) Where-

a) in relation to any request for information, a public authority is, as
respects any information, relying on a claim-
i) that any provision of Part II which relates to the duty to confirm or
deny and is not specified in section 2(3) is relevant to the request, or
ii) that the information is exempt information only by virtue of a
provision not specified in section 2(3), and
b) at the time when the notice under subsection (1) is given to the
applicant, the public authority (or, in a case falling within section
66(3) or (4), the responsible authority) has not yet reached a decision as
to the application of subsection (1)(b) or (2)(b) of section 2,
the notice under subsection (1) must indicate that no decision as to the
application of that provision has yet been reached and must contain an
estimate of the date by which the authority expects that such a decision
will have been reached.

 
COMPLAINT RIGHTS

Are you unhappy with how your request has been handled or do you think the
decision is incorrect?

You have the right to require the Metropolitan Police Service (MPS) to
review their decision.

Prior to lodging a formal complaint you are welcome to discuss the
response with the case officer who dealt with your request.  

Complaint

If you are dissatisfied with the handling procedures or the decision of
the MPS made under the Freedom of Information Act 2000 (the Act) regarding
access to information you can lodge a complaint with the MPS to have the
decision reviewed.

Complaints should be made in writing, within forty (40) working days from
the date of the refusal notice, and addressed to:

FOI Complaint
Information Rights Unit
PO Box 57192
London
SW6 1SF
[email address]

In all possible circumstances the MPS will aim to respond to your
complaint within 20 working days.

The Information Commissioner

After lodging a complaint with the MPS if you are still dissatisfied with
the decision you may make application to the Information Commissioner for
a decision on whether the request for information has been dealt with in
accordance with the requirements of the Act.

For information on how to make application to the Information Commissioner
please visit their website at www.ico.org.uk.  Alternatively, write to or
phone:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone:  0303 123 1113

Consider our environment - please do not print this email unless
absolutely necessary.

NOTICE - This email and any attachments may be confidential, subject to
copyright and/or legal privilege and are intended solely for the use of
the intended recipient. If you have received this email in error, please
notify the sender and delete it from your system.  To avoid incurring
legal liabilities, you must not distribute or copy the information in this
email without the permission of the sender. MPS communication systems are
monitored to the extent permitted by law.  Consequently, any email and/or
attachments may be read by monitoring staff. Only specified personnel are
authorised to conclude any binding agreement on behalf of the MPS by
email. The MPS accepts no responsibility for unauthorised agreements
reached with other employees or agents.  The security of this email and
any attachments cannot be guaranteed. Email messages are routinely scanned
but malicious software infection and corruption of content can still occur
during transmission over the Internet. Any views or opinions expressed in
this communication are solely those of the author and do not necessarily
represent those of the Metropolitan Police Service (MPS).

Find us at:

Facebook: Facebook.com/metpoliceuk

Twitter: @metpoliceuk

Dear Mr Killock

Further to your query below, I have checked the MPS electronic system (MetRIC) used to record and respond to FoIA requests. This shows that your response was sent, whilst I was on leave, on 09/11/2017.

Please find attached a copy of this response.

Kind regards

C. Gayle-Petrou

show quoted sections

Dear Mr Killock

Freedom of Information Review Reference No: 2017120000533

I write in connection with your request for a review of the handling
and/or decision relating to 2017100000250 which was received by the
Metropolitan Police Service (MPS) on  19/12/2017.  

A review will now be conducted in accordance with the Code of Practice
issued under Section 45 of the Freedom of Information Act 2000 (the Act).
 The reviewing officer will reconsider the original request before
responding to you with their findings.

There is no statutory time limit in relation to the completion of an
Internal Review.  However, the MPS aim to complete Internal Reviews within
20 working days or in exceptional cases, within 40 working days.  This is
based upon guidance published by the Information Commissioner.

If it is not possible to complete the Internal Review within this
timescale you will be informed at the earliest opportunity.

If you are unhappy with the outcome of an Internal Review you may wish to
refer the matter to the Information Commissioner's Office (ICO).

For information on how to make an application to the Information
Commissioner please visit their website at www.ico.org.uk.  Alternatively,
write to or phone:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone:  0303 123 1113

Yours sincerely

David Edwards
Information Rights Unit

Consider our environment - please do not print this email unless
absolutely necessary.

NOTICE - This email and any attachments may be confidential, subject to
copyright and/or legal privilege and are intended solely for the use of
the intended recipient. If you have received this email in error, please
notify the sender and delete it from your system.  To avoid incurring
legal liabilities, you must not distribute or copy the information in this
email without the permission of the sender. MPS communication systems are
monitored to the extent permitted by law.  Consequently, any email and/or
attachments may be read by monitoring staff. Only specified personnel are
authorised to conclude any binding agreement on behalf of the MPS by
email. The MPS accepts no responsibility for unauthorised agreements
reached with other employees or agents.  The security of this email and
any attachments cannot be guaranteed. Email messages are routinely scanned
but malicious software infection and corruption of content can still occur
during transmission over the Internet. Any views or opinions expressed in
this communication are solely those of the author and do not necessarily
represent those of the Metropolitan Police Service (MPS).

Find us at:

Facebook: Facebook.com/metpoliceuk

Twitter: @metpoliceuk

Dear Mr Killock

Freedom of Information Review Reference No: 2017120000533

I write in connection with your request for a review of the decision
relating to  2017100000250 which was received by the Metropolitan Police
Service (MPS) on  19/12/2017.  

Although there is not a statutory deadline for dealing with FOIA
complaints, we endeavour to provide a response within 20 working days.
Unfortunately this has not been possible.

Enquiries related to you request are ongoing.

I am sorry for the delay and any inconvenience it may cause you. I will
keep you updated.
Yours sincerely

Yvette Taylor
Information Manager

Consider our environment - please do not print this email unless
absolutely necessary.

NOTICE - This email and any attachments may be confidential, subject to
copyright and/or legal privilege and are intended solely for the use of
the intended recipient. If you have received this email in error, please
notify the sender and delete it from your system.  To avoid incurring
legal liabilities, you must not distribute or copy the information in this
email without the permission of the sender. MPS communication systems are
monitored to the extent permitted by law.  Consequently, any email and/or
attachments may be read by monitoring staff. Only specified personnel are
authorised to conclude any binding agreement on behalf of the MPS by
email. The MPS accepts no responsibility for unauthorised agreements
reached with other employees or agents.  The security of this email and
any attachments cannot be guaranteed. Email messages are routinely scanned
but malicious software infection and corruption of content can still occur
during transmission over the Internet. Any views or opinions expressed in
this communication are solely those of the author and do not necessarily
represent those of the Metropolitan Police Service (MPS).

Find us at:

Facebook: Facebook.com/metpoliceuk

Twitter: @metpoliceuk

Dear Mr Killock

Thank you for your email dated 3/4/18.

A draft response has been circulated to the relevant departments and awaits approval and quality assurance.

I hope to provide you with the response next week.

Thank you for your patience.

Yvette Taylor - Information Manager - Freedom of Information Team, Information Rights Unit (IRU)
STRATEGY & GOVERNANCE, MetHQ
Metropolitan Police Service
MetPhone 780074 | Telephone 020 7161 0074 | E-Mail: [email address]   
Address - Information Rights Unit, PO Box 57192, London SW6 1SF

Please consider the environment before printing this email
NOT PROTECTIVELY MARKED

Recipients of this email should be aware that all communications within and to and from the Metropolitan Police Service are subject to consideration for release under the Data Protection Act, Freedom of Information Act and Environmental Information Regulations. The MPS will consider information for release unless there is are valid and proportionate public interest reasons not to, therefore, sensitive information not for public disclosure must be highlighted as such. Further advice can be obtained from the Information Rights Unit - 0207 161 3500.

show quoted sections

Dear Mr Killock

Freedom of Information Review Reference No: 2017120000533

I am sorry you are disappointed with the outcome of your request for
information.

Further to our earlier correspondence dated 19/12/2017, I am now able to
provide a response to your complaint concerning Freedom of Information Act
(the Act) request reference number: 2017100000250.  

Background to your request:

This review concentrates on the following request that you submitted to
the Metropolitan Police Service (MPS) on 08/10/2017

In relation to the Counter Terrorism Internet Referral Unit, can you
please supply me with:

(1) A list of policy documents and codes of practice relating to the
identification and classification of Internet content

(2) A list of current template notices sent to external parties or placed
on websites

(3) Confirmation that you have an agreement with the Home Office relating
to the supply of the a list for the blocking of extremist content; and a
list of the document or documents that form this agreement I understand
that in some circumstances the content of documents might fall under
exemptions such as national security or prevention of crime.  

For this reason, I am asking for lists of documents rather than the
contents themselves. In some cases, such as template notices placed on
seized websites, or blocked websites, these are in effect public facing
documents and should be able to be released. Furthermore, as the
government debates its "Digital Charter" and measures to reduce the
incidence of extremist content online, it will be very important for the
public to understand the scope of current activities in this area

On 09/11/2017, we exempted the information requested in questions 1 and 2
by virtue of the following exemptions:

Section 24(1) - National Security
Section 31(1)(a) - Law Enforcement

For question 3, we explained that the requested infornation was not held
by the MPS. We advised the following:

With regards to Question 3, where you have asked for ‘Confirmation that
you have an agreement with the Home Office relating to the supply of the
list for the blocking of extremist content: and a list of the document or
documents that form this agreement’ please note that the CTIRU do not
block content.  They request for terrorist and violent extremist material
to be removed. Any content that is not removed by industry is placed on a
Filtering List. This list is maintained in conjunction with the Home
Office to support appropriate filtering in schools and across the
government estate.  Therefore, in relation to this part of your request,
information is not held by the MPS.
We added the following also:
Please note that our records indicate that the MPS complied with a
previous request received on the 22nd April 2017 vide Reference No:
2017040000748, and that request was substantially similar to your current
request. Any future requests may well be subject to the provisions of
Section 14 of the Act, a summary of which I attach here.

On 19/12/2017, you complained as follows:

While we understand that the content of internal policy documents may be
exempt or partially exempt from disclosure under the National Security and
Prevention/Detection of Crime exemptions found in FOIA s.24(1) and
s.31(1)(a), we would like to highlight that our request was for lists of
documents, and not for the documents themselves or any content thereof.

We have deliberately not asked for all documents and all information. We
wish to ensure the FoI burden of redaction and selection is as limited as
possible from your side. A list of documents would represent an efficient
first step to allow us to understand where to look in order to better
understand your processes. We therefore believe that we are taking a
particularly co-operative and responsible approach.

*Public policy and public interest*

There is a strong public interest argument to be made for the release of
information relating to the work of CTIRU. As CTIRU's goal is to remove
material from the internet, great care must be taken to ensure that a
balance is struck between CTIRU's desire to ensure unlawful material is
removed, and their obligation to respect the right of free expression.
Very limited information is publicly available about the processes of
CTIRU, and releasing information about such processes is therefore likely
to increase public confidence in the unit's work. Scrutiny may help you
improve your efficacy and accuracy.

Transparency helps to inform not only the general public, but also
Ministers, MPs and Lords who may be making decisions on the unit's future
and extensions of duties to remove extremist material. This policy area is
under active political consideration, mentioned in the Conservative
government's 2017 election manifesto and in the recent Queen's Speech,
which announced a "Digital Charter" with legislative underpinning that
would cover takedown of extremist material.

The current lack of insight into CTIRU's operation leads to a lack of
public accountability. Since CTIRU do not pursue site operators through
court proceedings, or seek court injunctions for material takedowns, it
follows that Freedom of Information requests of this sort are the primary
accountability mechanism between the public and CTIRU as censor.

The absence of prior or subsequent judicial oversight of the decisions
being taken make it all the more important for information to be made
public where possible. We therefore ask that you make particular
consideration of this fact when reviewing our request.

*Volumes versus efficacy*

Very limited figures and insight are publicly available about the content
that CTIRU succeeds in removing from the internet. In December 2017,
Baroness Williams of Trafford suggested that 300,000 pieces of "illegal
terrorist material" have been removed since 2010. Little more than this
single statistic is available, and the statistic does not make clear what
kind of content it refers to.

A large volume of takedowns is not a measure of efficacy or even of harm.
Without context, it is unknown whether this figure refers to 300,000
unique items of content, or whether it includes duplicates, or content
posted by bot accounts or spread across multiple platforms. We would
expect CTIRU to assess the number of prior accesses and estimate the
likely reach of the content being removed.

On the other hand, situations in which Communication Service Provider
(CSP) systems have been 'gamed', in an attempt to artificially promote
content by making it appear popular, may mean that certain takedowns are
more important as they otherwise cause great visibility.

Lists of evaluation documents may help us form a clearer picture of the
information you hold, which would provide an indication of whether you are
able to assess the importance of the takedowns you make.

*Template notices*

In your response to our second request, you note that disclosure of lists
of template notices sent to external parties or placed on websites may
"help to identify where terrorist material might be held in relation to
companies".

We recognise that, if published unredacted, some information that would be
held in the lists we request may enable a reader to locate some services
that host primarily or exclusively host terrorist material. We therefore
imagine that there are some sites making takedowns that you do not wish to
reveal. In such cases, the names of such services within the lists could
be partially redacted, to allow for publication of the list without
prejudicing national security or the prevention or detection of crime. We
do not believe the names of large services, such as Facebook, Twitter, and
YouTube would reveal enough information to require redaction.

In some cases, full titles of documents may also be sensitive for reasons
we cannot anticipate. While this is somewhat tenuous, as a takedown should
be clear to the end user in order to be accountable, we accept that you
may argue for redactions in specific cases.

*Policies relating to Nominet domain suspensions*

Through Nominet's own transparency procedures, it is clear that on some
occasions you will make requests to them about domain suspensions. We have
requested the policy documents and request template in a separate FoI
request. However, the existence of records of request processes between
CTIRU and Nominet in the public domain surely makes disclosure of the
names of the documents governing requests to Nominet unarguably un-risky
and not in any way a matter of national security or any danger to the
prevention or detection of crime.

*Transparency at CSPs*

CSPs may be under few, if any, obligations after they receive requests for
takedowns. This would be unsatisfactory for a number of reasons:

1 If a user has done something that is likely to be unlawful, they need to
be informed. Removing it as a breach of terms and conditions is
insufficient. Users must be informed that they are at risk of legal
action.
2 If a user revists material which is unlawful and sees it has been
removed, they need to be notified that is likely to be unlawful. They need
to understand that they are visiting and watching material that may be
judged as dangerous, and that by looking at their contacts' shared links
they are interacting with people who may be breaking the law.
3 CSPs may want to take the opportunity of a takedown notice to remind
people who are encountering extremist material how they may seek help.
4 In each case, notifications to posters and viewers should be different
to a general message saying "content deleted by a moderator".
5 If the basis of CTIRU's actions is that material can be referred by
CTIRU to CSPs because it contravenes the law, it should be made possible
for the uploader or poster to assert the legality of the published
material, ultimately in the courts, to stop any further incorrect removal
requests by CTIRU.

Another area we are concerned about is whether CSPs make use of any
"shadow banning" or "shadow takedown" techniques. Here, we are concerned
about website takedowns which do not return any form of error message or
identifier that would indicate to an end-user that the material was
inaccessible as a result of a CTIRU-requested takedown.

Takedowns executed in this manner would be highly unaccountable. Viewing a
list of your policy documents would help us understand where to ask for
documents that may establish if this may be taking place, or if it is not
taking place, or if you make no demands about these issues. We would be
able to consider requesting specific documents that could establish other
areas of concern with your relationships with CSPs.

While we make no assertion about any of these practices at CTIRU at this
point, we wish to find out which documents may be useful to establish what
policies are in place to cover these concerns.

*Home Office agreements*

We requested "confirmation that you have an agreement with the Home Office
relating to the supply of the a list for the blocking of extremist
content; and a list of the document or documents that form this
agreement". In response, you noted that "CTIRU do not block content", but
confirmed that "any content that is not removed by industry is placed on a
Filtering List. This list is maintained in conjunction with the Home
Office to support appropriate filtering in schools and across the
government estate". You noted that this meant the relevant information
required to respond to our request was not held.

We believe that, in this response, MPS have misunderstood our request. We
understand that CTIRU do not engage in content filtering directly, however
we understand that CTIRU do maintain what you describe as a "Filtering
List". Although you noted that information relating to our request was not
held, you did confirm the existence of this Filtering List, and confirmed
an agreement with the Home Office to supply such a list to schools and the
Government estate. We would therefore like to reiterate our request for a
list of the document or documents that form this agreement.

Given that the policies exist, we cannot see any reason why a list of the
names of the policy documents would pose any danger to national security
or the prevention or detection of crime.

*Mosaic theory*

In other responses, CTIRU has applied the argument that release of
information in small amounts can allow criminals to understand their
procedures better by piecing together information to infer potential
investigative methods.

This theory should not in our view be a reason for rejecting disclosure.
Firstly, at this stage we are asking for lists of documents, not the
contents, which reduces any possible risk. Secondly, the best course of
action for criminals to reverse engineer your detection methods will to
observe what and when content gets taken down. This will provide much
greater clarity than documentation for criminals to understand how and why
censorship takes place.

Unlike, for instance, covert operations, censorship and takedown is an
inherently public process, necessarily showing its work as it takes place
and needing to provide steps to allow people to stay within the law.

In any case, the argument that disclosure should not take place because of
the possibility that detection of crime may be averted through some form
of discovery is deeply problematic. For instance:
1 You are - as we understand your remit - reporting content, but not
prosecuting people as such, which limits the need for you to demand
protections to safeguard court action.
2 You are primarily acting as a censor, rather than as a law enforcement
body.
3 In any case, the roles of censor and law enforcement must be separated
or compartmentalised so that sufficient transparency to censorship can be
applied.
4 When free expression is limited, for that limitation to be legitimate,
it must be predictable and clear in law how it takes place. In our view,
that requires interactions between the police and platforms to be clear
and transparent.
5 Protections for legitimate speech also need to be clear. Without some
sight of your documents, we have no way of knowing whether appeals or
reviews take place, or how you deal with your own errors.
6 You are operating without judicial supervision which, as noted above,
increases the need for transparency through FoI.

In short, any argument that methods of detection may be ascertained
through accumulation of smaller facts is simply to imply an unacceptable
confusion between censorship and possible criminal detection roles, which
fails to give due regard to the highly important public interest
requirements of transparency and accountability needed of a censor,
especially given the absence of a clear legal framework for CTIRU's
takedown procedures.

*National security or contributions to national security: censor or law
enforcement agency?*

While CTIRU's work removing extremist material makes a contribution to
national security, it may not follow that the task itself is automatically
a matter of national security. Deleting an extremist video does not, in
and of itself, prevent the organisation of terror. Rather, it makes it
harder for extremists to persuade themselves of the legitimacy of
committing crime, or of persuading susceptible people that their views are
legitimate.

This is the role of a censor, rather than of general law enforcement.

Only in very limited circumstances would removal of internet content be
directly contributing to a specific national security threat. For the
majority of your important work, we would assume and expect that you are
making a general contribution to the combating of extremist views, much as
the PREVENT programme tries to do, rather than being a proactive element
of specific investigations into particular crimes or or the committing of
such crimes.

Indeed, as a censor making judgements about the legality of content
referred to or discovered by you, we would assume that you are broadly
applying the same rules to all content referrals you receive, rather than
prioritising or de-prioritising the activities of any particular group.
This would make your work of a general nature, rather than specific.

We would argue that a content control authority operating at scale as
CTIRU does must take the view that its role is to define the line between
acceptable and unacceptable, and be clear that this is the case.

Given the vast range of educational, cultural, political, religious and
economic activities undertaken to combat extremism, we do not accept that
general activities undertaken for this vital task are automatically a
matter of national security.

Use of informal takedown and censorship procedures under CSP terms and
conditions without judicial oversight would be particularly inappropriate
to place into an unaccountable 'national security' category.

We would therefore wish to be given a direct explanation of how and when
your work targets specific national security concerns or incidents in
order to assess if a national security argument should be applied in these
limited and specific circumstances.

We would also expect that if CTIRU's role does in fact include
investigations or taking action to disrupt organisations in specific,
targeted operations, and does have a specific law enforcement role beyond
a censorship role in referrals and content control, that this needs to be
made public through this and other disclosures.

While we are of the view that your public mission as explained to
Parliament indicates that you are primarily a takedown and censorship
organisation, with a secondary role in referring content onwards for
investigation by others, in our view it would be vital that your roles are
compartmentalised, in order that you are able to provide transparency
including through FoI for your work as a censor.

Censorship of any kind, in our view, cannot and must not be placed under
the levels of secrecy imposed by a blanket claim of national security and
crime prevention exceptions, if it is to be legitimate and accountable,
clearly proportionate, and verifiably in accordance with the law.

We submit, with reference to all requests made in our initial enquiry,
that the release of this information is desirable in the public interest,
and we do not believe that the reasons presented by MPS to refuse
disclosure are valid.

DECISION

The MPS upholds its original decision to exempt disclosure by virtue of
the following exemptions:

Section 24(1) - National Security
Section 31(1)(a) - Law Enforcement

Your Previous FOIA Requests:

Your request 2017100000250 and this complaint contain a great deal of
content which was covered in previous FOIA requests you have submitted to
us.

I refer you to our reference number 2017040000748 and linked Internal
Review 2017090000762. The latter complaint was not upheld by the MPS.
Our previous arguments in favour of reliance on Sections 24(1) and 31(1)
of the Act remain unchanged.

You have also requested information under reference 2017120000309
concerning the same topic. This request was refused by virtue of Sections
23(5), 24(2) and 31(3) of the Act.

MPS Reliance on Section 31(1) Law Enforcement and Section 24(1) National
Security:

You have asked for:

A list of policy documents and codes of practice relating to the
identification and classification of Internet content

You have argued:

There is a strong public interest argument to be made for the release of
information relating to the work of CTIRU. As CTIRU's goal is to remove
material from the internet, great care must be taken to ensure that a
balance is struck between CTIRU's desire to ensure unlawful material is
removed, and their obligation to respect the right of free expression.
Very limited information is publicly available about the processes of
CTIRU, and releasing information about such processes is therefore likely
to increase public confidence in the unit's work. Scrutiny may help you
improve your efficacy and accuracy.

The MPS will not disclose information relating to how we conduct our
business if doing so, discloses methodologies which would impact on the
operational effectiveness of the CTIRU.

In this regard, I draw your attention to our response dated 09/11/2017:

To disclose any policy documents and codes of practice relating to the
identification and classification of internet content would be revealing
sensitive information, relating to tools and techniques employed by the
CTIRU.  Disclosure of this information would cause harm by undermining the
work of the CTIRU and therefore compromise our law enforcement function.

You have said that CTIRU is acting in the 'role of a censor, rather than
general law enforcement'. The CTIRU does not remove material from the
Internet. It does not seek to 'censor' content but aims to limit terrorist
content online.
The CTIRU identifies material that breaches UK Terrorism Legislation. When
such material is identified, it is referred to the hosting platform via
publicly available reporting mechanisms. The CTIRU advises that the
material is in breach of that legislation and identifies where it also
breaches their terms of service. It is then the sole decision of the
respective platform to review the referral and make an independent
decision as to whether that material is removed.

I also draw your attention to our response to Internal Review
2017090000762, we advised:

The role of the CTIRU is to identify and flag material that it assesses to
commit offences contrary to Terrorism legislation (Section 1 & 2 of the
Terrorism Act 2006).

Where the CTIRU assess material that does reach this threshold it refers
the material to the relevant company for them to make their own assessment
as to whether the material brought to their attention should be removed,
judged against their terms of service. Ultimately the decision to remove
material rests with them. The social media companies are very much aware
of the needs to balance 'free expression interests' against the ever
growing threat of terrorism and that is the balance they make when
carrying out their own assessment.

The relationships that the MPS has built and work to maintain in this area
of policing are crucial to the effectiveness of our activities in removing
content that contributes to the narrative that encourages radicalisation
amongst individuals so the removal of terrorist content can be seen as a
key part of prevent activity within the Government's counter terrorism
strategy (CONTEST) and as such we are keen not to reduce the operational
effectiveness of our operations by jeopardising those relationships.

You have asked for a list of current template notices sent to external
parties or placed on websites and you have pointed out that you are
requesting lists of documents, and not for the documents themselves or any
content thereof.

The review draws your attention to our original response in which we
stated:

Similarly to disclose a list of current template notices sent to external
parties or placed on websites would be in effect disclosing a list of
companies who have removed material at the CTIRU's request.  Disclosure of
this list would therefore be revealing which websites' have and maybe
likely to contain terrorist or extremist material.  Information of this
nature would detail intelligence and the level of policing capability. It
could infer where the police focus was (e.g. which types of websites the
CTIRU were concentrating their efforts) and also identify areas in which
the CTIRU had not focussed on, which could give a misleading picture on
the focus of police activity.

As stated by providing any information which contains the names of
companies could be used to assist a user to discover terrorist or
extremist content.  Any disclosure which provides potential
terrorists/extremists with access to material which encourages/glorifies
acts of terrorism or which otherwise incites or assists others to
participate in such acts would compromise the MPS's ability to accomplish
its core function of law enforcement.

Disclosure of any lists which provide company names could also allow
terrorists to build a picture of the perceived companies of interest to
the CTIRU.  They could then create a company which does not fit this
criteria to avoid detection and publish their material.  Such an
occurrence would undermine the CTIRU's ability to detect such websites
which pose a risk to society.  Disclosure would negate the CTIRU's purpose
of tackling online radicalisation and extremist material to protect the
public and prevent offences that incite or encourage acts of terrorism.  

Home Office Agreements:

You have stated:

We understand that CTIRU do not engage in content filtering directly,
however we understand that CTIRU do maintain what you describe as a
"Filtering List". Although you noted that information relating to our
request was not held, you did confirm the existence of this Filtering
List, and confirmed an agreement with the Home Office to supply such a
list to schools and the Government estate. We would therefore like to
reiterate our request for a list of the document or documents that form
this agreement.

Given that the policies exist, we cannot see any reason why a list of the
names of the policy documents would pose any danger to national security
or the prevention or detection of crime.

The filter list contains material that was assessed to breach UK
legislation but the hosting platform disagreed with the assessment and
made an independent decision not to remove that content. The list is
maintained by the CTIRU as it is extracted from the CTIRU case management
system. It contains a list of URL's that the CTIRU have assessed to be
'terrorist content' but the hosting platform have not removed, either
because they have declined to engage with a request to remove or have
reached an alternative view as to its suitability for removal or have
limited capacity to process requests in a timely manner . However, given
that time is a factor in content being removed by hosting companies, this
is a fluid document in its content with material being removed and added
on an almost daily basis. As previously stated, the MPS considers that
there is harm in disclosure of this list as it contains harmful terrorist
content and the signposting to platforms where terrorist content can be
found. As advised in our original response, there is no document which
forms this agreement.

Mosaic Effect:

You have stated that in previous responses, the MPS has said release of
information in small amounts can allow criminals to understand their
procedures better by piecing together information to infer potential
investigative methods.

This theory should not in our view be a reason for rejecting disclosure.
Firstly, at this stage we are asking for lists of documents, not the
contents, which reduces any possible risk.

I consider that there is a risk of the 'mosaic effect' by way of FOIA
disclosures. As pointed out to you previously, disclosures which appear
harmless, pieced together with other disclosures can be used in a 'mosaic
effect' to give a fuller picture to those wishing to evade detection.

This 'cumulative prejudice' or the 'mosaic effect' whereby the information
requested may be of increased significance when combined with other
information obtained through other means and/or at a later date.  The
'mosaic' effect has been described as follows:

'The "mosaic theory" describes a basic precept of intelligence gathering:
Disparate items of information, though individually of limited or no
utility to their possessor, can take on added significance when combined
with other items of information. Combining the items illuminates their
interrelationships and breeds analytic synergies, so that the resulting
mosaic of information is worth more than the sum of its parts.' - Source:
David Pozen, The Mosaic Theory, National Security, and the Freedom of
Information Act, 115 Yale L. J. 628, 630 (2005).

The Information Commissioner's guidance in relation to Law Enforcement
acknowledges the harm that may be caused by the mosaic effect where it
states:

'Mosaic and precedent effects
21. The prejudice test is not limited to the harm that could be caused by
the requested information on its own. Account can be taken of any harm
likely to arise if the requested information were put together with other
information. This is commonly known as the 'mosaic effect'. As explained
in the Information Commissioner's guidance information in the public
domain, the mosaic effect usually considers the prejudice that would be
caused if the requested information was combined with information already
in the public domain.

22. However, some requests can set a precedent, ie complying with one
request would make it more difficult to refuse requests for to refuse
requests for similar information in the future. It is therefore
appropriate to consider any harm that would be caused by combining the
requested information with the information a public authority could be
forced to subsequently provide if the current requested was complied with.
This is known as the precedent effect.'

Public Interest:

You have said that in the interests of transparency and accountability,
there is a strong public interest argument favouring disclosure of
information relating to the CTIRU. I consider that the public interest is
being met by proactive disclosure of information concerning the CTIRU when
it is considered appropriate to do so. I have provided examples below:

http://questions.london.gov.uk/QuestionS...

https://www.gov.uk/government/publicatio...

http://news.met.police.uk/news/250000th-...

http://news.met.police.uk/news/report-ex...

I consider that the arguments favouring non-disclosure of the requested
information are far greater than those favouring disclosure, particularly
given that the UK threat level is currently set at 'severe' meaning that a
terrorist attack is 'highly likely'.

The review takes due regard to the arguments made in our response to you:

Factors against disclosure for S24 - By disclosing this information would
render security measures less effective. This would lead to the compromise
of ongoing or future operations to protect the security or infra-structure
of the UK. The risk of harm to the public would be increased if unlawful
material were highlighted for individuals to access and perpetrate crimes
or provide an opportunity for terrorist planning.  To counter this, a full
review of security measures would be needed and additional costs would be
incurred.

Factors favouring non-disclosure for S31 - Disclosure of the requested
information would compromise law enforcement which would hinder the
prevention and detection of terrorist and extremist crimes.  It is given
that the threat of terrorism will increase as more crimes are committed as
a result of terrorists gaining access to subversive material which incites
or assists others to participate in these acts, therefore placing the
general public at a greater risk and a fear of crime will be realised.  

You have stated:

*Policies relating to Nominet domain suspensions*

Through Nominet's own transparency procedures, it is clear that on some
occasions you will make requests to them about domain suspensions. We have
requested the policy documents and request template in a separate FoI
request. However, the existence of records of request processes between
CTIRU and Nominet in the public domain surely makes disclosure of the
names of the documents governing requests to Nominet unarguably un-risky
and not in any way a matter of national security or any danger to the
prevention or detection of crime.

You have previously asked for information concerning the relationship
between the MPS and Nominet. Our reference 2017120000309 refers. You have
previously asked the following:

In relation to:
(a) Counter Terrorism Internet Referral Unit
I note that both have a policy of making domain suspension requests to
Nominet.[1]
Can you send me:
1 The policy document governing the domain suspension requests policy for
each unit;
2 Any template for notifications made to Nominet for domain suspension
requests by each unit;
3 Any graphics, URL or IP address used to show or host notices explaining
that a domain has been suspended after a request made by each unit.

We neither confirmed nor denied that the requested information is held. We
stated:

Police forces work in conjunction with other agencies and on a daily basis
information is freely shared in line with information sharing protocols.
Modern day policing is intelligence led and this is particularly pertinent
with regard to both law enforcement and national security. The public
expect police forces to use all powers and tactics available to them to
prevent and detect crime or disorder and maintain public safety.

To confirm or deny whether the MPS have a policy of making domain
suspension requests to Nominet.[1], would reveal operational specifics
with regard to this subject area. If the request was submitted nationally
and either substantive exemptions cited or 'no information held'
disclosed, this would enable individuals, some of whom may be terrorists,
to create a geographical map which would identify which forces have or do
not have reports of this type of offending.

The public entrust the Police Service to deal with all information
submitted to them appropriately and in line with the APP mentioned above.
To confirm or deny whether information is held in this case has the
potential to undermine the flow of information (intelligence) received
from members of the public into the Police Service and other outside
agencies relating to these types of offences which could undermine any
ongoing investigations.

You have said 'it is clear that on some occasions you will make requests
to them about domain suspensions'. You appear to be seeking commentary,
opinion and explanations in your complaint.  This also seems to be the
case when you refer to Communication Service Providers in your complaint.

The Freedom of Information Act provides a right of access to 'recorded'
information.  Public authorities are not required to create new
information in response to a Freedom of Information Act request.  Section
84 of the Act defines 'information' as 'information recorded in any form'.

This is explained in ICO Decision Notice FS50191203 which states at
paragraph 18:

'Set out at section 84, the right of access under the Act is defined as
the right to access recorded information held by a public authority. A
public authority is under no obligation to create new information, provide
general explanations or opinions.'

In our response dated 08/10/2017, we advised you that you appear to be
seeking the same information you have previously requested. We have
advised you that future similar requests may be refused under Section
14(2) of the Act.

Conclusion:

All requests and internal reviews are dealt with on a case-by-case basis.
 The internal review is intended to provide a fair and thorough review of
handling issues and of decisions taken pursuant to the Act. It enables a
fresh decision to be taken on a reconsideration of all the factors
relevant to the request.  For this reason, as far as is practicable, FOIA
internal reviews within the MPS are conducted by individuals that have had
no connection with the initial handling of a request to facilitate a fresh
look at the circumstances of a request.  

I hope the explanation provided clarifies why the MPS has upheld its
original decision.

If you are dissatisfied with the outcome of this Internal Review you have
the right to appeal the decision by contacting the Information
Commissioner's Office (ICO) for a decision on whether the request for
information has been dealt with in accordance with the requirements of the
FOIA.

For information on how to make an application to the Information
Commissioner please visit their website at www.ico.org.uk.  Alternatively,
write to or phone:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone:  0303 123 1113

Yours sincerely

Yvette Taylor
Information Manager

Consider our environment - please do not print this email unless
absolutely necessary.

NOTICE - This email and any attachments may be confidential, subject to
copyright and/or legal privilege and are intended solely for the use of
the intended recipient. If you have received this email in error, please
notify the sender and delete it from your system.  To avoid incurring
legal liabilities, you must not distribute or copy the information in this
email without the permission of the sender. MPS communication systems are
monitored to the extent permitted by law.  Consequently, any email and/or
attachments may be read by monitoring staff. Only specified personnel are
authorised to conclude any binding agreement on behalf of the MPS by
email. The MPS accepts no responsibility for unauthorised agreements
reached with other employees or agents.  The security of this email and
any attachments cannot be guaranteed. Email messages are routinely scanned
but malicious software infection and corruption of content can still occur
during transmission over the Internet. Any views or opinions expressed in
this communication are solely those of the author and do not necessarily
represent those of the Metropolitan Police Service (MPS).

Find us at:

Facebook: [1]https://m.facebook.com/metpoliceuk 

Twitter: @metpoliceuk

References

Visible links
1. https://m.facebook.com/metpoliceuk