The impact of 9/11 has produced clear tendencies among political executives to re-establish Intelligence agencies’ autonomy and capacities but also to rely more and more on high tech technology in order to calculate the unpredictable. If framed according to the rule of Law, targeted surveillance for criminal investigation purposes can be legitimate. If surveillance is part of a counter-terrorist strategy then it is acceptable as long as it is proportionate, defined and restricted by law and monitored by the judiciary and the Parliamentary process. The major issue is when surveillance is unclear – both in terms of objectives, scale and techniques employed – and falls under the radar of parliamentary and judiciary scrutiny. What follows is a transcript of Emmanuel-Pierre Guittet’s intervention in front of the European Parliament on May 13, 2015.
Thank you very much for the invitation to talk about such a topical issue in such an important place as the European Parliament. I will speak today on the behalf of my colleagues from the Centre for Research on Conflict, Liberty and Security (CCLS) in Paris. In collaboration with the Centre for European Policy Studies (CEPS) we have produced several studies and reports for the European Parliament LIBE Committee on radicalisation, the fight against terrorism and mass surveillance. I will do my best to do justice to all that work.
To assess the efficiency of mass surveillance is quite challenging. The impact of 9/11 has produced clear tendencies among political executives to re-establish Intelligence agencies’ autonomy and capacities but also to rely more and more on high tech technology in order to calculate the unpredictable. Mass surveillance is not a theoretical possibility anymore and very few people would disagree with the technical possibility to be able to monitor suspicious individuals or suspicious activities en masse. Yet, one could ask how hacking Belgacom, installing highly sophisticated malware into Belgium’s dominant telecom provider and spying on European institutions would prevent an attack happening? It might be hard also to explain how the alleged collaboration between the US National Security Agency (NSA) and the German Intelligence Agency (BND) trying to spy on European firms and leaders would prevent extremism and radicalisation. Since the revelations of Edward Snowden in June 2013, no one can ignore the extent of mass surveillance without being alarmed. We all know that the NSA, the British, and equally, every European security service are routinely collecting, processing and storing huge quantities of digital communications. The series of scandals surrounding these surveillance programmes only reminds us of the recurrence of transgressions and illegal practices carried out by intelligence services.
Surveillance of individuals or groups is not a new phenomenon in liberal regimes. It is not an issue per se. If framed according to the rule of Law, targeted surveillance for criminal investigation purposes can be legitimate. If surveillance is part of a counter-terrorist strategy then it is acceptable as long as it is proportionate, defined and restricted by law and monitored by the judiciary and the Parliamentary process. The major issue is when surveillance is unclear – both in terms of objectives, scale and techniques employed – and falls under the radar of parliamentary and judiciary scrutiny. The different scandals and revelations since 2013 gave us a glimpse into a rather disturbing world where intelligence services –and their more or less disposed private-sector partners– managed to stay under the radar of oversight, but also engaged in disinformation and propaganda tactics to obfuscate their responsibility in the context of controversial actions taken in the name of national security and the fight against terrorism. The 4 December 2014 Report of Senator Feinstein on the CIA’s activities in extraordinary rendition and torture is an unflinching exposition of the insidious strategies employed by Intelligence Services. What/who are the ultimate targets of this surveillance exercise, and how is data collected, processed, filtered and analysed? All we have seen so far proved to be quite contentious as regards to efficacy, legitimacy and lawfulness.
The scale of the big data collected from upstream interception requires establishing systematic methods, techniques and infrastructure to filter such large flows of information. Electronic large-scale surveillance implies data extraction, data comparison, data retention and the use of a great variety of databases. What is clear, however, is that data appear to serve ‘multi-purpose’ ends. These retention and selection processes are supposedly in place to ensure the quality of the information, whereas the sheer quantity can generate errors (false negatives and false positives). However, one can easily see that even if algorithms can help to connect a series of elements, this will not necessarily give a meaningful result in terms of prevention. Even if cyber surveillance can help to ‘connect the dots’, most of the time such gathering of information becomes meaningful only after a specific event has occurred, not before. The implementation of programmes for interception via ‘up-streaming’ by EU member states indicates that law-making has not kept pace with the technological developments seen in surveillance practices in recent years, often designed for traditional intelligence techniques such as wiretapping, rather than the mass ‘dragnet’ approach that appears to be increasingly adopted by US and EU intelligence agencies. Furthermore and perhaps more worryingly, there are no mechanisms in place to ensure that EU home affairs agencies such as Europol (and the EU Intelligence Analysis Centre (INTCEN) in so far as it can be classified as an EU ‘agency’) have not received, processed or used information or intelligence that was illegally obtained by national authorities or third countries.
As I have already noted, surveillance, as part of a counter-terrorist strategy, can be acceptable as long as it is proportionate, defined and restricted by law and monitored by the judiciary and the Parliamentary process. The recently adopted French Bill on Intelligence precisely highlights how these requirements are not met. A close reading of the Bill shows that it authorises the government to engage in preventive surveillance of private communications and public spaces for a broad range of motives – from terrorism to economic espionage and the monitoring of social movements – without proper ex ante control. It also organises the legal whitewashing of mass surveillance, and legalises tools and policies that directly echo those of other surveillance superpowers, like the USA, the UK or Germany. Similar shortcomings have been raised across the EUMS. However and quite fortunately, some EUMS Constitutional Courts have reacted against mass surveillance, such as the Slovak Republic that very recently proclaimed the mass surveillance of citizens as unconstitutional.
How can the European Parliament ensure that the requirements of proportionality and oversight are met? We certainly know more now about large-scale surveillance than at any time previously. Yet, further research is needed in order to fully grasp the specific features and techniques of large-scale surveillance employed by EU member states. Furthermore, and on the basis of the 2009 Lisbon Treaty, the European Parliament and the Court of Justice of the European Union (CJEU) gained legal competence to ensure democratic accountability and judicial scrutiny of EU counterterrorism policies. In light of this, and drawing to a conclusion, I would like to reiterate three recommendations we made in our different reports for the European Parliament.
The European Parliament should propose the establishment of a policy infrastructure at EU level capable of ensuring effective follow-up of intelligence revelations. A committee at the European level led by the European Counter-Terrorist Coordinator could be set up to address possibilities for applying EU principles in the field of data protection, privacy and collective freedoms and to propose the basis for a transatlantic digital bill of rights concerning all data subjects, regardless of their nationality. Yet, in order to be credible, it should gather not only policy-makers, but also Internet providers as well as researchers and civil society representatives. The participation of national parliaments should be also foreseen, in light of the Brussels Declaration that emphasised the need to create a “European Intelligence Review Agencies Knowledge Network” (EIRAN), with the main goal of improving democratic accountability of the intelligence and security services in Europe. The European Parliament could use the European Parliament’s inter-parliamentary arrangement with national parliaments for sharing information on ‘good’ and ‘bad’ practices in the scrutiny of law enforcement authorities and intelligence services and the state of affairs in domestic inquiries.
In order to address the issue of accountability and subsequently to ensure a more effective scrutiny and monitoring of EU Home Affairs agencies in the field of security and information exchange, the European Parliament could propose to set up an independent evaluation about the extent to which any EU agencies such as Europol and INTCEN may have known or received any sort of information relating to large-scale surveillance programmes by the EU member states. The recent scandal about the alleged collaboration between the German intelligence agency and the NSA reinforce the necessity to investigate further.
As a mean to ensure democratic accountability and oversight, the European Parliament could establish a special and permanent inter-parliamentary committee on EU regulatory agencies, with a special focus on EU home affairs agencies working in the field of security and information exchange for law-enforcement purposes. This committee could be run by the European Parliament’s LIBE Committee, with the participation of other relevant committees and representatives from corresponding committees of national parliaments. Its mandate would include the possibility of setting up ‘confidential working groups’ that would have access to the secret/non-publicly disclosed information. It should have the power, resources and expertise to initiate and conduct its own investigations and inquiries, as well as full and unrestricted access to the information, officials and installations necessary to fulfill its mandate.
Thank you for your attention.