Published by CapX and Open Europe
The attacks in Paris
have predictably resulted in a whole set of new proposals to deal with the
enormous challenge to fight violent salafi terrorism. Apart from the question
whether we should give up liberty for more security and still deserve both in case we do,
there is the question whether it’s a good idea to centralise security provision
and in particular hand it over to the European Union. Here’s why we should be
wary to trust the EU with this.
1. The
experience with the EU’s data retention directive should serve as a warning not
to let the EU take care of our data
The
EU already has a lot of powers in the area of justice and police matters, which
we discussed with Open Europe in our 2009
research paper “How the EU is watching you”. One good example is the
infamous “Data Retention
Directive”, which requires telephone operators and internet
service providers to store data regarding every phone call, text message, email
and website that their users access and make it available to government
authorities. This was passed in 2006 despite warnings
by academics from the Dutch Erasmus University
that 'in virtually all cases' the police could get
all the traffic data they needed, based on average availability of telephony
traffic data of 3 months. The European Parliament, supposedly a check on the EU
machine, happily approved the rules, which
however ended up in trouble when facing proper democratic checks: national
parliaments and national Constitutional Courts. Sweden’s Parliament postponed the implementation of the directive,
leading to Sweden having to pay a fine of 3 million euro to the EU in 2013. Already in 2009,
Romania’s Constitutional Court declared the EU directive “unconstitutional”,
something which its German counterpart did in 2010, criticising the absence
of safeguards for privacy. Only four years later, in 2014, did the EU’s
own top court, the European Court of Justice (ECJ), come to a similar
conclusion and annulled the legislation. The EU
Commission has said it isn’t planning new EU data retention legislation.
The
conclusion which should be drawn from the experience of the EU’s data retention directive should be obvious: there are insufficient checks and
balances present at the EU level to trust it with policies governing an area so
sensitively linked with the rule of law. Only the force of national democracy
could reign in this dangerous piece of legislation.
2.
Deciding to store data is one thing. Sharing them across
Europe yet another
The perpetrator of the recent attempted terrorist attack on
the Thalys – train between Amsterdam and Paris was known by the security
services of Spain and France, but this intel hadn’t been
passed on to their colleagues in the Netherlands. Also a
number of the terrorists acting in the Paris attacks were known – and
interrogated – by the Belgian authorities. So it would make sense for national security
services to share more intel on suspected terrorists, countering their
mentality to jealously guard their secrets.
During the last year however, the focus at the EU level has
oddly been more on sharing info of innocent citizens. EU countries are currently trying to agree on a Passenger Name
Records (PNR) database. The idea is that member states would not only collect and retain
information on anyone flying into or out of the EU but would also share the data. Over 60 different
kinds of data of travellers would be collected, including their
travel routes, IP-addresses, hotel bookings and diet preferences. This despite
the EU’s top court’s own ruling that data retention without any link to a certain risk or suspicion
isn’t proportionate and that human rights campaigners have warned that creating lists of people with alleged similar
characteristics “usually produces mismatches”, which may end up in wrongful
arrests.
One of the supposed safeguards would be that “PNR data may only be used for the purpose of
fighting serious crime and terrorist offences”. It’s likely that this safeguard
won’t be respected in reality. The “European Arrest Warrant”, another EU scheme
whereby countries decided to extradite their own nationals to other EU states
via a very simple procedure, was also supposed to be limited to these kind of
offences. In reality however, European Arrest Warrants have been issued also for minor crimes, as for example theft of a piglet.
Another EU initiative is the Prum Convention, an
agreement which allows for the automatic exchange of DNA, fingerprints and
vehicle registration data among EU member states. Already before the attacks in
Paris, France has demanded to have fingerprints and facial scans of everyone entering or leaving the EU collected. The EU’s Prum scheme
currently has an error rate of
67% in fingerprint matching, due to the fact
that it only requires six fully matching elements, while the UK system
requires 10, for example. This was one of the reasons why the UK opted out of it in 2014. The UK Parliament will later this year
vote on whether the UK signs back up to it. The UK
Home Office has warned that British police risk being overwhelmed with DNA and
fingerprint requests from other EU
countries, while there could be an increased risk of innocent Britons being accused of crimes since
some EU countries use lower quality DNA matching criteria than the UK.
Many people would agree storing data can make sense, but only
if there are proper democratic checks in place. It can be questioned if
Parliaments from other countries will be as keen to monitor how their security services
deal with data from non-nationals as they would be when dealing with data from
nationals. Whether the European Parliament can be trusted to monitor EU data
sharing, I’ll discuss next.
3.
The European Parliament isn’t an effective check on any
future EU security apparatus
The European Parliament has been complicating handing over
data to the US, voting down the “SWIFT” deal on banking data transfers to the US, while applauding a recent ECJ ruling against handing over consumer data to the US through the
“Safe Harbour” deal. Still, the impression remains that for some of them this
may have been more inspired by anti-American instincts than a genuine concern for
privacy, given that the same assembly’s
Civil Liberties and Justice Committee approved a draft for PNR only in July, while also having rubber stamped the data retention
directive, as discussed.
Instead of standing up
for civil liberties, some of the nominally “liberal” MEPs seem to be keen to
create a police apparatus at the EU level, with Swedish MEPs Cecilia Wikström
and Jasenko Selimovic now calling for a “European FBI”. That’s
coming from the “liberal” ALDE faction, which
supposedly cares about civil liberties.
Already now there is a
whole range of EU intelligence services, which face little democratic supervision,
something which has been criticised by former independent Austrian MEP Martin
Ehrenhauser, without much result however. Whereas Europol and Frontex are
subject to some parliamentary oversight, the Intelligence Analysis Centre (IntCen), the Satellite Centre (SatCen), the Intelligence
Directorate (IntDir) and the Situation
Room are not. They are part of the European External Action Service (the
EU’s Foreign Ministry), and do not even disclose their budget. When the
European Parliament’s Budget Committee had the chance to force them to disclose
their budgets, the Committee declined to do so, according to Ehrenhauser,
who added that the creation of IntCen’s predecessor, “SitCen”, even violated EU Treaty Law. Instead of at least scrutinizing the finances
of these embryonic secret services, MEPs prefer to call for giving them more powers instead, something the EU
Commission now also wants, demanding to create “a European
CIA”. This despite the fact that IntCen has
been criticized for the quality of its reports, as Member State officials
are quoted saying “they receive the same level of information and
analysis
but faster through magazines (e.g. Time, the Economist, Newsweek) or open
source news providers."
To those having watched
the European Parliament more closely, this all won’t come as a surprise. As opposed to more
critical member states such as the UK, the Netherlands and Sweden, the
institution happily approves the EU’s spending of 144 billion euro every year,
despite the stringent criticism of the EU’s own
accounting body, the EU Court of Auditors. Is this an institution which could
be trusted to stand up against a security apparatus? Asking the question is
providing the answer.
4.
Assuming all EU member states have the same level of justice
protection can lead to serious miscarriages of justice, as witnessed by the
experience of the European Arrest Warrant
The “European Arrest Warrant”, pushed through right
after 9-11 by the Belgian EU presidency, basically forces states to extradite their own citizens if asked to do so.
The problem is that it falsely assumes that all member states of the European
Union offer the same standards of legal protection and equally fair trials – a
thought so naïve it can only be taken serious in Brussels.
The reality
unfortunately looks different: when a British citizen was extradited to
Portugal for a crime allegedly committed, his trial over there was described by
British judges as “an embarrassment and a violation
of his right to a fair trial.” NGOs have expressed concern
about the EAW being used to punish petty crimes instead of fighting
terrorism or cross-border crime. Particularly
Poland has drawn criticism for its excessive use of European Arrest Warrants, having issued thousands more
Warrants than any other country.
Making the whole thing
even more bizarre, one can be extradited in another EU member state for
something which doesn’t even constitute a crime in one’s home state, something Austrian cartoonist Gerhard Haderer had to learn the hard way. In 2005, he was
convicted to
a six month sentence in Greece, after depicting Christ as a binge-drinking friend of Jimi Hendrix, surfing
naked while high on cannabis. The artist didn't even know that his book, The
Life of Jesus, had been published in Greece until he received a summons to
appear in court in Athens.
In the end, only an appeal to the Greek Supreme Court saved him from ending up
in a Greek jail without having committed a crime. Taking into account the
increasing number of “hate speech” laws introduced in various
European countries, and the unclear legal status of online commentary, it doesn’t
take too much fantasy to imagine some of the dangers.
Another case saw
British student Andrew Symeou being extradited to Greece in July 2009 to face
charges in connection with the death of a young man at a nightclub on a Greek island,
after Symeou had already returned home to the UK. Andrew was extradited despite
evidence that the charges were based on statements extracted by Greek police
through the violent intimidation of witnesses, who later retracted their
statements. He spent over ten months in terrible conditions in a Greek prison,
was released on bail but then remained unable to leave Greece. He was finally
cleared only months later, four years after the facts. Given that the Greek
legal document requesting extradition was flawless, there was no way UK courts
could have denied his extradition, apart from perhaps refusing to implement EU rules,
something a number of EU countries initially tried.
The human consequences
resulting from a misplaced trust of EU member states in each other’s justice
systems should carry a warning not to repeat this mistake. Cooperation on
justice and police matters isn’t a bad idea in itself, but control over this
sensitive policy area should always firmly remain with national democracies.
Pieter Cleppe and Leo
Traugott represent independent think tank Open Europe in Brussels