Euro Rights Blog: Safe European Home – by Sarah Kay
Sarah Kay is a human rights lawyer specialized in counter terrorism and military intervention. She is a Trinity College Dublin graduate and started out in diplomatic mediation in Northern Ireland. Her research focuses on the use of torture and military intelligence in counter terrorism and counter insurgency.
The wording of the United Nations Security Council Resolution 2249 is unequivocal: ISIS, or Daesh, represents an ‘unprecedented threat to international peace and security’, and for states that are able, ‘all necessary means’ must be enforced to ensure the eradication of a global enemy that has attacked everywhere from Turkey to France. The same debate arises in the wake of each and every terror attack: where did intelligence fail? Was there anything else law enforcement could have done to thwart the plot? While it is difficult to assess whether a successful attack is an intelligence failure, or a misapplication of intelligence powers, the political reaction remains the same: more powers are needed to face an ever growing threat, the escalation of the military response is required, and there is always more executive decisions curbing liberties that can be implemented in order to prevent the next one.
There will always be a next one, and when it comes to a coordinated response, EU member states already have a comprehensive and strong counter terrorism arsenal. Some of the decisions were made in the wake of the January 7 attack in Paris, and had yet to be implemented; some were the subject of ministers’ and Commission meetings. One thing can be sure: the counter terrorism response must be international, coordinated, and efficient. The same rhetoric regarding the supposed lax behavior of states ensuring their compliance with human rights continues to permeate every level of political discourse. It is a fallacy. A security state that either requires derogations from the European Convention on Human Rights or that unilaterally revokes civil liberties at domestic level in the name of counter terrorism is playing a dangerous game, as the threat is neither limited in time nor place.
Two specific areas of EU coordination could prove crucial in the future, and need no part in the race to enact further legislation and respond to the terrorism threat: the already existing role of Europol, and the Schengen Information System (SIS), currently shaken by immediate decisions to curb travel within the EU. Both offer strong solutions that teeter on the edge of human rights violations, specifically in the right to privacy and freedom of movement. They however offer opportunities that need no derogation and can be subjected to judicial review by EU courts.
Coordinated Response: EuroJust, EuroPol and Counter Terrorism Raids
The understandably traumatic events of November 13 have eclipsed an EU-wide, simultaneous raid conducted by members of EuroJust on the request of the Italian prosecutor just a few days prior. The raid illustrated the capacity of European states to efficiently coordinate simultaneous counter-terrorism raids. Based on a request placed by the Italian Prosecutor, several countries – Italy, the UK, and Norway – arrested 13 individuals across Europe against suspected terrorists. Similar operations took place in Germany, Norway, Finland and Switzerland resulting in searches and seizures.
EuroJust confirmed that the operation against several ‘sleeper’ cells had been ongoing since September, and facilitated by access to US intelligence. A press release from EuroJust on the operation codenamed JWEB details the coordination efforts following the Italian request:
Coordination meetings to facilitate the exchange of information among the competent authorities and the execution of requests for mutual legal assistance were organized by EuroJust. These gatherings also provided the opportunity for the member states involved to discuss the most efficient common judicial strategy and response to this terrorist group. Over the past few months, an extensive amount of information from the Italian investigation was analyzed by the EuroJust Case Analysis Unit to identify the most important aspect for the member states involved in the upcoming operation. (…) Issues regarding the execution of the requested judicial measures were discussed and clarified in preparation for the action day, including the identification of the competent authorities and the formulation of European Arrest Warrants.
If an operation of this scale can be coordinated through a single focus point, and benefit from the various scope of actions of domestic counter-terrorism units subscribing to EuroPol, the development of Joint Investigation Teams (JITs) will reinforce a coordinated and multilateral counter-terrorism prevention and response in accordance with EU and domestic laws; will promote intelligence-sharing and state cooperation; and render European Arrest Warrants more effective. When President Hollande requested the help of other EU member states, this should not be restricted to a military intervention under the Lisbon Treaty – but expanded at a law enforcement level that would leave militarism as a last resort.
Threat Assessments: The Role of IntCen
Following the January attacks in Paris, committed by two brothers known from intelligence services, the idea of turning IntCen into an autonomous intelligence agency, initially submitted by then Justice Commissioner Viviane Reding in 2013, resurfaced; it never took hold, as the executive prerogative surrounding the conduct of intelligence investigations proved to be too much of interest to nation-states. Created from the former SitCen, the small agency – employing around 80 people – was discussed by interior ministers seeking ‘a common security and intelligence system’. The EU Commission denied holding such plan for the Brussels-based organization.
Instead, a EU Counter-Terrorism Coordinator document from January 17, 2015 – a week after the attack on Charlie Hebdo – lists the role of the European Criminal Records Information System (ECRIS) as a key player in the coordinated counter-terrorism fight. With ECRIS, member-states share their criminal record databases; De Kerchove sought a tighter and stronger sharing platform specific to terrorism-related convictions: ‘this would help to strengthen our ability to protect the public including against the insider threat’; already, a year ago, the focus seemed to shift from foreign fighters, only slightly, to domestic radicalization and ‘homegrown terrorism’; placed in parallel to border control to catch returning foreign fighters, ECRIS could become an all-seeing, all-knowing shared history of anyone ever caught by domestic police.
After November 13, everything changed. Calls for a ‘European FBI’ or a ‘European CIA’ from all parts of the political spectrum in the European Parliament found root recurrent proposal. This time, some of the attackers in Paris, once identified, were found to be not only known from intelligence services, but also submitted to ‘S file’ listing – and their movements throughout Europe, mostly back and forth across the Belgium border, in need to be monitored more closely.
A month before the attacks, Björn Fägersten, a research fellow at the Swedish Institute of International Affairs, wrote that the EU didn’t need a CIA-type of intelligence agency – and the very idea was not feasible in practice:
But creating real intelligence agencies with a mandate to collect secret information is both unrealistic and possibly counterproductive. Both member states and practitioners would be hesitant to support such agencies and the public sentiment in Europe is hardly in favour of new ambitious integration projects in controversial areas. Top-down establishment of new agencies is thus a closed route to better European intelligence.
Whether the public sentiment has changed is something difficult to evaluate; little is known, let alone discussed, about the role of IntCen and the centralization of intelligence and intercepted data. Even at the height of the European discussion surrounding the activities of the NSA, it was domestic agencies, such as the BND and GCHQ that were at the heart of the conversation. The modalities around which IntCen gathers and redistributes information would have to be submitted to EU law on data collection and retention, a sensitive topic after the invalidation of the Directive. Is it safer to rely on IntCen to centralize data, and making it accessible to member-states? What about intelligence coming from outside the EU? What about channels of verification? To centralize the amount of data collected by intelligence agencies now more concerned than ever about the terrorism threat – France currently increasing its analyst staff, Belgium inflates its security budget with an additional €400 million – IntCen would need a serious increase in trained staff, in senior analysts, and with a better, stronger link to law enforcement agencies – not just EuroPol and EuroJust.
The biggest hurdle, of course, is not just operational; it is political. Security being an untouchable area of sovereignty, it will require of member states to rely on EU agencies more than they are used to – and outside of their own bilateral or multilateral agreements.
Taking steps to boost the intelligence capacity of the EU obviously builds on the premise that this would allow for better policy. Is that really the case? Interviews with top level decision makers suggest it is. While the EU members frequently struggle to unite in the foreign policy domain, this process is facilitated by common assessment of the problems at hand. Common information does not guarantee collective action, but it raises the political cost of the actors resisting it. (Björn Fägersten, ‘EU Doesn’t Need a CIA – But Better Intelligence Would Help’, EurActiv, 16 October 2015)
Threat assessment has been extremely difficult since the rise of Daesh. The little vision into Syria has created a demand for domestic assessment – mostly centered around foreign fighters leaving the EU to join the fight in Iraq and Syria – has fostered a fearmongering discourse, which, stripped down of political gain, simply reflects that too much uncertainty could leave us vulnerable to an attack. Where many preferred conservative estimates, those closer to ISIS fighters, such as former French counter terrorism magistrate Trevidic, never ceased to warn of attacks on EU soil. After November 13, IntCen might benefit from both legislative and executive boosts that will favor centralized intelligence-sharing beyond what the SIS already allowed.
The most recent development took place on January 13, as the head of the European Parliament, Martin Schulz, met INTERPOL Secretary-General Jürgen Stock in Brussels. Together, they discussed increasing cooperation between EuroPol and INTERPOL, specifically on intelligence-sharing and the issue of centralization of information gathered outside of the EU. Barely noticed, the meeting however focused on implementing a decision taken a meeting of the EU Justice and Home Affairs (JHA) ministers, ‘calling for all EU external border control points to be connected to INTERPOL’s global databases for automatic screening of travel documents by March 2016’; INTERPOL also presented itself as a desirable interlocutor in the EU counter-terrorism framework as a ‘police information gateway to other strategic regions’, namely the Middle East, North Africa and the Sahel.
The transnational cooperation outlook in the fight against terrorism has also recently been praised by Tony Gardner, the US ambassador to the EU, emphasizing the necessity for both the EU and the US to share the same information in real time on potential terror threats. However, it is clear that the US fails to reach the high standards of protection granted by the EU parliament and EU courts; the definition of what and who constitutes a threat also vastly differs; the mechanism of terror listing and blacklisting functions differently on our side of the Atlantic; the question of preemption – and at which point a police intervention is desirable and lawful – is likely to occur in the sharing of lists containing the name of individuals on EU territory. Claims that the EU has been too lax or affording too many protection to suspected terrorists under surveillance have a significant, yet worrisome, impact on immediate legislation: while terrorism is meant to elicit fears, legislation should never fall prey to a collective emotional need for hyper-security, no matter how legitimate it may seem.
Border Control: PNR and the Schengen Information System
The rushed commentary following the attacks focused on President Hollande’s declaration of a state of emergency, and talks of re-establishing border checks. ‘Is this the end of Schengen?’ warned headlines, while the US spilled much ink explaining how free movement of peoples around selected states of the European Union had facilitated the communication, training and planning of attacks on EU soil. Indeed, in the days following the attacks, and for law enforcement purposes as the hunt for the remaining shooters and possible accomplices continued, border checks were re-instituted, or strengthened. At airports, train stations, and other ports of entry, additional customs border protection staff was added. Even after the raid in Saint Denis and several other raids in Belgium, the additional border checks would last until February 2016.
It is a common yet uninformed belief that Schengen creates a multi-state area of unmonitored, uncontrolled movement. The Schengen Information System (SIS), currently in its second iteration, constitutes an incredible database of information on individuals entering and leaving the Schengen zone, either on a visa, temporary stay, or permanent residence. Information gathered by external border points (for instance, the France / UK border) makes it into SIS. The November 13 attacks were, again, not necessarily a failure to gather and store intelligence on given individuals suspected of membership of a proscribed organization, but more likely a failure to cross-reference intelligence that was already known, but not shared nor exploited by the relevant domestic intelligence agencies.
An extremely large, compact assessment of SIS’ violation of civil liberties for EU citizens and residents has already been compiled. The system was not implemented lightly. Combined with the Passenger Name Record (PNR), the SIS could become the largest database holding information on those entering and leaving Europe to be accessible by intelligence agencies – and this has not escaped the European Parliament, that has halted PNR negotiations between the US and the EU since 2007. The PNR agreement would provide for bilateral sharing of information between EU member states and the US, of all airline passengers travelling across the Atlantic – and even the possibility of sharing said information with third party states, if believed to assist law enforcement. But is it of utmost necessity to intelligence agencies, or yet another inflated information system? MEP Sophie In’t Veld, a longtime critic of the PNR, wrote in a blog post:
PNR data can be accessed in the context of a specific investigation, with a court order, as in any regular police or judicial investigation, or intelligence operation. The EU PNR Directive is only about the mass collection of PNR data, not about accessing individual passenger records in the context of a specific investigation.
In addition, some member states have their own national PNR schemes, or are in the process of setting up a national scheme. 14 Member states have actually received EU funds for the setting up of such a scheme (f.ex: France has received 18 million euro).
For the identification of suspects, the authorities have access to API data (Advance Passenger Information, essentially passport and ticket information, available under EU Directive (2004/82/EC).
There are also other sources, such as the Schengen Information System, the Visa Information System, Eurodac, ECRIS and more.
In practically all terrorist attacks in the past 14 years, the terrorists were already known to the intelligence services and the police. All information on the travels by airplane of those perpetrators was also known. The problem was never that the authorities did not have access to the PNR data of suspects. The real problem is that the available information is not shared between agencies and between countries.
In’t Veld is absolutely correct. The recent passing of PNR legislation was unblocked following the November 13 attacks, in a sense of political urgency, of legal necessity, of social need and responsibility to respond by taking action, by being perceived as active, and offensive, as opposed to passive and always on the defensive following considerable loss of life.
The issue with passing legislation in severe breach of privacy violations – or anything susceptible to constitute a violation of the ECHR in absence of a clear declaration of an article 15 derogation – is that it is extreme; it responds to a popular and populist need to react, to do something, regardless of how dangerous it might be in the long run, in the actual decade(s) the proposed agreement might be enforced following the attacks. This ‘Something Must Be Done’ theory in the aftermath of attacks based and capitalizing on fear has created an unsustainable human rights vacuum in the last 14 years.
France never specified what its announcement of derogation to the ECHR concerned. The right to privacy is the first that comes to mind. Intelligence-sharing, however, is absolutely vital in counter-terrorism, and needs to be oriented, focused, detailed, analyzed at EU level, while still abiding by EU laws – not only ECHR requirements, but also by the motives on which the ECJ invalidated the Directive. In’t Veld continues (emphasis mine):
What would have made a real difference, is if information had been shared between the French and Belgian authorities. That is why Parliament has repeatedly called for improved information sharing. In the case of the EU PNR Directive, ALDE proposals for mandatory information sharing were endorsed by LIBE. It concerns sharing of the results of data analysis, not sharing of all raw PNR data. But Member States refuse. In view of the repeated intelligence failures from 9/11 onwards, it is incomprehensible that Member States are refusing the clause on mandatory information sharing. That refusal is a big obstacle to reaching an agreement on a Directive.
This seems to follow a pattern of necessary efficient methods of intelligence-sharing to be followed by law enforcement protocols, as opposed to senseless, purposeless gathering of data without the appropriate number of qualified personnel to analyze it. We are, effectively, as EU citizens and professionals, being ushered into a new era of necessity above all, of strategy above rights. Or duty is to ensure compliance. All of our grief, our pain, our dismay and disorientation following the Paris attacks can’t justify an end to the values that were upheld by various EU courts throughout the last decades. If November 13, 2015 was France’s – and the EU’s – 9/11, we owe it to ourselves not to respond in the same disproportionate and unlawful way.