Combating Terrorism in an Online World

October 15, 2007

When the 7 July London bombings happened, the Government was already planning revisions to existing UK legislation to give law enforcement agencies the power they needed to tackle terrorism and bring terrorists to justice. In revising existing UK legislation, the Government had to take into consideration the part the Internet plays in the spread of terrorism.  New legislation which is now in force (and which will continue to come into force) aimed at tackling terrorism will mean that ISPs must keep their policies and procedures for dealing with online content under continual review.


Prior to July 2006, the main legislation in the UK governing terrorism was the Terrorism Act 2000. The 2000 Act came into force on 19 February 2001 in response to the changing threat from international terrorism, and replaced the previous temporary anti-terrorism legislation that dealt primarily with Northern Ireland. It created new criminal offences including:

• inciting terrorist acts
• providing instruction or training in the use of firearms, explosives or chemical, biological or nuclear weapons and
• seeking or providing training for terrorist purposes at home or overseas.

The 2000 Act also gave the police enhanced powers to investigate terrorism and powers to detain suspects.

Whilst UK law enforcement agencies’ efforts to thwart attacks in the UK had been partially successful, the Government knew that existing UK terrorism legislation (including the 2000 Act) did not give law enforcement agencies the ammunition they needed to tackle the increasing terrorism threats which were being made against the UK. On 25 July 2006, the Terrorism Act 2006 (the ‘Act’) came into force.

The 2006 Act created new terrorism offences aimed at providing the ammunition UK law enforcement agencies needed and increased the penalties for terrorism offences under the Terrorism Act 2000. It also increased the length of time the police could detain suspects to up to 28 days.

Under the 2006 Act, it is now a criminal offence:

• to encourage others to commit acts of terrorism
• to disseminate terrorist publications
• to commit acts preparatory to terrorism
• to give or attend training in terrorist techniques
• to make and possess devices or materials to be used in terrorist activities
• to misuse materials or devices and misuse and damage facilities in terrorist activities
• to make threats for devices, materials or facilities to be made available for terrorist activities.

Offences under the 2006 Act (and now the 2000 Act) carry a range of penalties, with maximum penalties on conviction on indictment ranging from seven years’ imprisonment to life imprisonment.

Internet-focused Powers

With the 2006 Act came powers which UK law enforcement agencies needed to help them in their battle with terrorism over the Internet.  On 5 July 2007, Woolwich Crown Court sentenced three men to a combined 24 years in prison for inciting others to commit acts of terrorism wholly or partly outside the UK via a Web site. The men (who originally pleaded not guilty but later changed their plea to guilty) are the first to be convicted in the UK of inciting others to commit murder over the Internet.

Under s 3(1) of the 2006 Act, police can require providers of electronic services (eg ISPs) to remove terrorist statements, articles or records which are hosted on the Internet by them. If they fail to remove such without reasonable excuse within two working days of being requested by the police to do so, they will be deemed to have endorsed the statements, articles or records and be liable for criminal prosecution.  If, after receiving such notice, the ISP subsequently ‘publishes or causes to be published a statement which is, or is for all practical purposes, the same or to the same effect as the statement to which such notice related, or to matter contained in the article or record to which it related … (a “repeat statement”)’, the ISP will not be liable for such repeat statement if it has taken ‘every step [it] reasonably could to prevent a repeat statement’ or it ‘is not aware of the publication of the repeat statement’ or ‘having become aware of its publication, has taken every step that [it] reasonably could to secure that it either ceased to be available to the public or was modified as mentioned in subsection (3)(b)’.

Unsurprisingly, ISPs have not welcomed the introduction of this new criminal offence and it is not clear from s 3 of the 2006 Act who a ‘relevant person’ would be in the context of a company (although presumably a director) and thus which procedure should be followed by ISPs to avoid criminal liability.

ISPs also expressed concern that the 2006 Act did not afford them the same protections as the Electronic Commerce (EC Directive) Regulations 2002 (the 2002 Regulations) in relation to caching, hosting and acting as a mere conduit. As a result, on 21 June 2007 the Electronic Commerce Directive (Terrorism Act 2006) Regulations 2007 (the 2007 Regulations) came into force to ensure that the 2006 Act was consistent with the 2002 Regulations but subject to slight differences and certain conditions.

What is becoming increasingly clear is that ISPs will continue to face civil and criminal liability if they allow illegal activities to be carried out by their users. Indeed, the Racial and Religious Hatred Act 2006 came into force on 1 October 2007 and created a number of offences relating to the stirring up of religious hatred. ISPs could face liability under this Act and the Electronic Commerce Directive (Racial and Religious Hatred Act 2006) Regulations 2007 which have been introduced (and came into force on 1 October 2007) to ensure that this Act is also consistent with the 2002 Regulations but, as with the 2007 Regulations, subject to slight differences and certain conditions.

Clearly where the medium for carrying out illegal activities is the Internet and it is accepted that ISPs are an essential element of the Internet, the question is this: if ISPs are not held accountable to a certain extent for the actions of their users where they provide a forum for those users to carry out illegal activities, who is? ISPs will need to continually review their policies and procedures for dealing with illegal content and ensure that they are up-to-date, in compliance with the law and workable at all times. To enable ISPs to do this, the Government will need to ensure that the steps they require ISPs to take to tackle illegal content are consistent throughout legislation, clear and realistic.

Lisa Comber is an Associate in the London Commercial and Technology Practice of Faegre & Benson LLP: