Amsterdam, 25th – 26th January 2016
PROGRAMME (version 21-1-2016)
Monday January 25 Home Affairs and Migration
09.00 – 10.45 Session I Home Affairs, Security (Counterterrorism)
11.15 – 12.15 Session II Home Affairs, Security (Counterterrorism)
12.15 – 12.30 Session III Home Affairs, Security (presentation cyber security)
13.00 – 14.30 Working lunch (EU and COMIX Ministers Home Affairs and Migration only)
14.30 – 16.00 Session IV Migration
16.30 – 17.30 Continuation session IV Migration
17.45 – 18.30 Press conference
Tuesday January 26 Justice
08.15 – 09.15 Breakfast ECRIS (Ministers of Justice only)
09.30 – 11.00 Session V Cybercrime (jurisdiction)
11.00 – 11.30 Family photo and coffee break
11.30 – 12.35 Continuation session V Justice Cybercrime (jurisdiction)
12.35 – 12.45 Presentation by European Commission proposals contract law and insolvency
13.00 – 14.30 Working lunch on the European Forensic Science Area
14.45 – 15.15 Press conference
PAPERS FOR DISCUSSION
Discussion Paper European Border and Coast Guard
In order to have an area without internal border controls within the Schengen area, an efficient and well-functioning control of the external borders of the Schengen area is essential.
The control by each Schengen Member State and Associated State of its parts of these external borders is not only in the interest of that Member State (MS), but in the interest of all.
Border control is necessary to prevent illegal immigration and crossing of the borders by persons who pose a threat to the public order or security of MS or the Schengen area.
Our citizens expect us to carry out this task, and will lose their confidence in Schengen if we don’t. MS are not only controlling their external borders in their own interest, but in the interest of all EU citizens.
Since the conclusion of the Schengen Treaty in 1985, the Schengen States (and later the EU) have worked on a broad range of legislative and policy instruments with the goal of creating common rules (Schengen Borders Code), common practices (Frontex, Schengen Evaluation Mechanism) and common tools (SIS, VIS, Eurosur) for managing the external borders.
The Integrated Border Management (IBM) concept has been a leading principle when developing these new instruments.
A true Integrated Border Management requires cooperation and genuine solidarity and sharing of responsibility among MS, which is reflected at EU level by the creation of Frontex in 2004 and funding possibilities under the Internal Security Fund.
Solidarity however comes with responsibility.
The main and final responsibility for border management is with the MS. Until now, this has worked relatively well in the ‘normal’ situation which we have experienced most of the time since the Schengen area was created.
Since last summer we are facing a different situation.
The constantly increasing pressure of (irregular) migration at the EU’s external border and present security threats within and outside the EU have shown that the existing border management tools are not sufficient to guarantee an efficient integrated border management. This puts the question on the table of what should be done to change the concept in a way to equip the EU and Schengen to counter these challenges effectively.
On 15 October 2015 the European Council set out clear political guidance to strengthen the EU external borders, especially in emergency situations. The European Council concluded that this must be done by enhancing the mandate of Frontex in the context of discussions over the development of a European Border and Coast Guard System.
On 15 December 2015 the European Commission presented its “border management package”, which contains a Communication on a European Border and Coast Guard and effective management of Europe’s external borders associated with a number of proposals and measures, including in particular the proposal for a Regulation of the European Parliament and of the Council on the European Border and Coast Guard.
The proposal is the main element in the Commissions’ response to address the current situation and aims at making border management more effective, reliable and to enable the EU to intervene to prevent and resolve crises, by proposing a new framework for border management.
The proposal does not replace the national border guards, but puts them within this new framework in order to achieve a more integrated management of Europe’s external borders, as foreseen by Art. 77(2)(d) TFEU.
The proposal lays down the general principles of genuine European integrated border management (IBM). It establishes a European Border and Coast Guard, with a strengthened agency, named the European Border and Coast Guard Agency, being a key player in the system.
With the establishment of the European Border and Coast Guard, the IBM becomes a shared responsibility of the Agency and the national authorities responsible for border management, as proposed in the European Agenda on Migration and the European Agenda on Security.
The Netherlands Presidency is convinced of the importance of this file and reiterates the conclusion of the European Council of 17 December 2015, stating that a Council position on the proposal on a European Border and Coast Guard should be adopted under the Netherlands Presidency.
With a view to fulfilling this task given by the European leaders, it is suggested that the file is discussed during the informal meeting of JHA ministers in order to give a political steer to expert work at the Council on the below main elements of the Commissions’ proposal, in relation to situations requiring urgent actions on the external borders.
- Defnition of the European integrated border management (IBM) concept in the proposal for a Regulation, and introduction of the principle of ‘shared responsibility’
A European Border and Coast Guard is set up bringing together the European Border and Coast Guard Agency and the MS authorities responsible for border management.
The national coastguard authorities are also part of the EU Border and Coast Guard in so far as they perform maritime border surveillance. The European Border and Coast Guard will ensure the full and coherent implementation of the European IBM.
The national border guard authorities will continue performing their regular functions on a daily basis at national level. However, in exceptional situations, the European Border and Coast Guard Agency will have a capacity to act in order to ensure the protections of the affected sections of the external border.
In this context, the MS will have the obligation to make available a certain percentage of their border guards to be deployed by the Agency. MS are also required to register in the Agency’s technical equipment pool. Furthermore, to ensure the implementation of the European IBM, the mandate of the Agency is strengthened.
- What is needed to effectively protect our external borders, including security aspects and screening?
- Do you agree that the European Border and Coast Guard (European Border and Coast Guard Agency and MS authorities) should carry a ‘shared responsibility’ for implementing the EU IBM as proposed?
- Do you agree that the principle of ‘shared responsibility’ should bring the obligation for MS to contribute a certain percentage to a pool of officers and to a pool of equipment in order to bring the Agency in the position to act more pro-actively, flexible and effective?
- The introduction of a vulnerability assessment
In parallel to the ‘stress test’ in the Banking Union, the Commission proposes a system to ensure that the European Border and Coast Guard has the capacity and means to be ready to face challenges at the external borders. The Agency will have the mandate to carry out a vulnerability assessment in order to assess the capacity of MS to face challenges at their external borders, including by means of an assessment of the equipment and resources of MS as well as of their contingency planning.
On the basis of this assessment the Agency will identify and decide on measures that need to be taken by the MS. This decision will be binding. In case a MS concerned fails to act, the mater will be referred to the management board of the Agency.
- Do you agree that a vulnerability assessment should be carried out in order to ensure that a MS and/or the European Border and Coast Guard is ready to face upcoming challenges at the external borders? Should the Agency carry out this assessment on its own or should MS be involved?
- Do you agree that this assessment could lead to a decision by the Executive Director of the Agency and, where necessary, a further decision by the Management Board of the Agency, with regard to the Member State concerned to take corrective measures concerning technical equipment, systems, capabilities, resources and contingency plans? Should this decision be binding?
- The right to intervene in case of a situation at the external border requiring urgent action
The Commission proposes a new procedure to address deficiencies rendering the control of the external borders ineffective to such an extent that it risks putting in jeopardy the functioning of the Schengen area.
This procedure can be applied in case a MS has not taken corrective measures decided by the Management Board of the Agency, or in case of disproportionate migratory pressure at the external border.
The Commission can adopt an implementing decision providing for measures such as for example organizing rapid border interventions and deploying European Border and Coast Guard Teams. The Member State concerned is required to comply with the Commission decision and cooperate with the Agency for that purpose.
This applies even when there is no request from a Member State for assistance; however, the operational plan of the operation will have to be drawn up in cooperation with the MS concerned.
- What remedies/measures should be taken regarding the Member States concerned in the situations referred to?
- Can Member States agree to a solution based on the proposal made by the Commission in order to prevent a situation meant in article 26 Schengen Borders Code?
- What should be the role of the Council in that situation?
Discussion Paper on counterterrorism
Information exchange on foreign terrorist fighters, firearms and precursors
Over the last decade the EU and its Member States, European and international bodies, have made much effort at the political, legal and operational level to improve information exchange on counterterrorism. In recent years the foreign terrorist fighters issue has been a particular focus. Member States have committed themselves several times to increasing the exchange of information.
Recent events and terrorist attacks as well as statistics on input of information in the various systems on EU-level have led us to conclude that there still is room for improvement in effective information exchange between our competent authorities and with European or international bodies. Two dimensions are essential to reach this: quantity, but also quality of information (contextual information concerning foreign fighters and their support networks especially), in order to identify new lines of investigation and to help prevent terrorist attacks and counteract related activities.
A high level of combined expertise and a correct and uniform (standardized) application of systems is crucial. Any challenges and obstacles that still prevent an effective and comprehensive practice must now be eliminated. Whether these lie at political, legal, operational or technical level, concrete and tangible steps must be taken to better facilitate our national competent authorities and European or international bodies.
This includes the exchange of information between security services and their respective national law enforcement services, between migration and law enforcement services, or between law enforcement and customs authorities.
The Presidency would like to discuss 1 the remaining underlying obstacles for information exchange on foreign terrorist fighters and ways forward to clear these obstacles, along the lines of the following questions:
- Given the specific safeguards in the handling of information (such as privacy considerations, source protection) which obstacles do you encounter in the exchange of information between national counterterrorism actors in your country and how does this affect co-operation and information exchange from your country with other European partners?
- Would you qualify defining common measurable deliverables for input into European systems as necessary in order to achieve an effective practice?
- What kind of common standards do you consider useful to improve the exchange of actionable information? Examples are timing, quality and additional background information. In which way could investments in collaboration and trust, or secure ICT solutions, support further improvement on current exchange practices? Which additional actions would you like to propose?
- Would you qualify a uniform (standardized) approach to the implementation and use of detection and signalling systems (such as the SISII, Interpol diffusions) as a vital element in stopping foreign terrorist fighters? In your experience, how are competent authorities best aided in acting upon the alerts entered into or resulting from such detection and signaling systems? In which way could the implementation or use be improved?
Another issue that will be addressed is information sharing between Member States on firearms and explosives precursors.
The revision of the firearms directive aims to establish a stricter regime for (the sale and purchase of) firearms and a more uniform practice within the EU.
Illegal arms trade, including via the internet, is the next target-area for EU Member States in partnership with Europol’s Counter Terrorism Centre. National law enforcement agencies have stepped up their intra-EU cooperation and shared more information on their national law enforcement efforts to combat the flow of illegal arms. This includes improved information sharing between organized crime and CT investigations. We have to look for further improvements.
Currently, information sharing on explosives precursors with a (possible) international dimension is ad hoc and limited.
This is especially problematic for online trade: it is of key importance that suspicious behaviour is immediately reported to the country of delivery (and not only the country where the internet company is established).The effect and value of the existing reporting structures on these suspicious transactions of explosives precursors can be strengthened by organizing information sharing between the national contact points. Other ways to alter this situation is to organize information sharing on licenses, as well as inspection and law enforcement practices.
This is especially relevant for customs authorities, so that they can properly check parcels and where appropriate passengers. In this regard, cooperation on national level among all stakeholders involved, including customs authorities and border guards, is important.
- In addressing better information sharing on firearms and explosives precursors, which capability gaps do you perceive, if any?
- Would an EU reporting structure be helpful to prevent the use of precursors for explosives, also in view of informing foreign law enforcement authorities in time? Please elaborate.
Comprehensive local approach
Terrorist organizations target urban areas in an effort to destabilize European society. As recent attacks in Europe have shown, some of the terrorists executing these atrocities, grew up in these cities. Law enforcement agencies and intelligence services work around the clock to prevent threats to national security and track down terrorists.
National and local authorities are combating these terrorist groups and the dissemination of their violent ideas and are trying to prevent the growth of new adherents.
In many EU Member States local authorities are the first line of defence in countering violent extremism. During this informal JHA Ministerial meeting we want to focus on the importance of local approaches as part of national CT-strategies and discuss how we can strengthen them within the EU.
Most of the local approaches in place center around the premise that combating terrorism and preventing radicalization is best addressed throughout a targeted strategy in which national and local authorities are partners. Goals of a local approach can be to strengthen the resilience of communities in cooperation with e.g. schools and social networks, to invest in risk assessments and early warning mechanisms and to create possible intervention tools.
These interventions can vary from multidisciplinary case-management to an administrative, a criminal justice or an intelligence measure.
In every scenario a solid information position and information sharing is crucial. This also concerns a sustainable and active relationship with the local communities. Local governments are addressing many dilemmas while developing these strategies.
We would like to address the following questions:
- Does your national CT strategy include a local approach? What are the main characteristics of your local approach? Do you have best practices to share with other Member States? Do you encounter challenges in developing an efective local approach?
- Would you asses a local approach to be most efective when it is multidisciplinary, and contains ‘preventive’ and ‘repressive’ measures? If so, which local partners should be included in a local approach?
- How can Member States share information, experience and best practices about a local approach? Do you need EU support (for example through the Radicalization Awareness Network Centre of Excellence) to further implement a local approach and, if so, what kind of support?
Discussion Paper on tackling cybercrime
The criminal use of cyberspace
Cyberspace is borderless. Information flows freely between countries providing citizens and organisations almost unlimited access to information and digital services. Information is everywhere; the physical location of the servers on which it is stored is often not known and deemed irrelevant to users.
Information can be stored, changed and deleted, and internet services can be used from anywhere in the world. Cyberspace has grown into an essential element of modern life.
The protection of cyberspace from incidents, malicious activities and misuse has become crucial for the functioning of our societies and economies.
The borderless nature of cyberspace poses special challenges and opportunities for law enforcement and judicial authorities. Important information for law enforcement and judicial authorities, such as electronic evidence, can also be stored, changed and deleted in seconds.
It can be stored in one country by criminals located in another country, and moved when they suspect law enforcement is catching up to them. The current procedures for mutual legal assistance (MLA) are complex, time consuming, and not adapted to the requirements of cyber investigations leaving law enforcement and juridical authorities far behind technically capable criminals. When criminals hide the location of their activities and identities with technical methods these MLA procedures become inadequate. In those cases it is not even known which country to request assistance from. Law enforcement agencies often rely on internet service providers to provide e-evidence. However, the laws for obtaining e-evidence are not identical in all countries. Internet service providers themselves, who are mostly willing to cooperate with law enforcement and judicial authorities if legally required, open have to cross borders to retrieve information, making it possible to violate laws in one country simply by complying in another.
Criminals know law enforcement and judicial authorities struggles to cope with these issues and they exploit these. They use technical means to hide their identity and move their criminal activity between countries, using the snail’s pace of existing procedures to their advantage. They also often know which countries do not have the necessary legal framework, capability or legal assistance processes in place to fight them effectively. They can use these countries as safe havens for their criminal activities. By effectively evading the rule of law they enjoy an impunity that is unacceptable.
The EU has recognized the challenge cyber criminality poses and has acted accordingly. Almost all Member States are party to the Budapest Convention on Cybercrime, providing a baseline for tackling cybercrime and for enhanced cooperation across borders. Europol and Eurojust have stepped up to the challenge of enhancing international cooperation both between Member States and with third countries.
The European Cyber Crime Centre (EC3) has evolved into a vital hub for international cybercrime investigations. Several Joint Investigation Teams were successful and the efficiency of legal assistance procedures has increased.
The implementation of the European Directive regarding the European Investigation Order in criminal matters will further improve cooperation between member states also for cyber investigations.
Unfortunately, some challenges remain unaddressed. Criminals who are technically capable or hide in countries with limited law enforcement capabilities against cybercrime are well able to evade prosecution.
Cyberspace still gives criminals the opportunity to make large gains with little risk and technically advanced criminals can find a safe have in cyberspace.
Two types of situations remain especially challenging:
1. Mutual legal assistance is not possible because the location of information or the origin of a cyber-attack is not known.
Various effective ways to hide information about the location of information and activities have been developed and some hosting providers offer hosting in countries of choice, allowing criminals to choose countries with limited law enforcement capabilities. This is called “bullet proof hosting”. These hosts promise their clients not to log their activities and to inform them when law enforcement and judicial agencies are requesting their data. Criminals use these hosters to store stolen data, including credit card information, data for botnet herding or child abuse images in those countries. Dedicated communication servers are another example.
Criminals can use their own enterprise server to direct their communications while applying strong encryption techniques. Eavesdropping is not effective because of the encryption, and data from the server cannot be obtained, because it is located in the criminal’s country of choice. There seems to be a lively trade in these kind of servers.
TOR and I2P techniques are a third example. Although these techniques of course also allow for legal use most TOR and I2P traffic is of a criminal nature, in particular the trade in drugs and weapons and the spread of child abuse images. Identifying criminals, both buyers and sellers, is often not possible and many criminals are untouchable.
In these situations mutual legal assistance is not possible, no matter how efficient procedures are. In these circumstances, stopping a cyber-attack or acquiring e-evidence could violate the sovereignty of another country. In most cases this is not allowed under international law. MLA can also be impossible for other reasons.
For example, the countries involved could have only limited relations or be involved in diplomatic issues.
Second, legal differences could limit the possibilities for assistance. Investigative powers can differ, or the dual criminality requirement might not be met.
Third, the country could lack effective capabilities for handling cybercrime and mutual legal assistance requests.
Fourth, criminals move their activities to other countries either regularly or when they suspect they are being investigated by law enforcement and judicial authorities, staying ahead of these agencies due to slow MLA procedures. These examples often involve countries outside the EU.
- Conflicting regulations hamper cooperation with private parties.
Internet service providers, especially those providing cloud computing services, often do not store information about clients and their activities in the countries where those clients are. Those private companies may even be established in one country while also providing their services in other countries.
Suspects of criminal investigations can be located in one country while information about them is in another. It can be necessary for law enforcement and judicial authorities to request information physically stored in another country. For internet service providers, differences in regulations can become an obstacle for cooperation. Complying with a request for data in one country could imply breaking the law in the other.
In situations as described in the above, the investigation and any further action taken against cybercrime comes to a halt.
These challenges cannot be resolved by further improving cooperation.
The European Agenda on Security (Doc. 8293/15) recognises that this state of affairs is unacceptable and prioritises “reviewing the obstacles to criminal investigations on cybercrime, notably on issues of competent jurisdiction and rules on access to evidence and information”.
Common interest: the security of cyberspace
The security of cyberspace is of common interest to law enforcement and judicial authorities, citizens, private organisations and other parts of government. Solutions for these challenges should therefore take into account interests of all these parties.
Law enforcement and judicial authorities are charged with upholding the rule of law within the appropriate legal framework, also in cyberspace.
People and businesses should be protected against crime.
A secure internet is vital to society. Law enforcement and judicial authorities should be given the ability to improve that security for social and economic activities and to counter crime.
The legal framework should provide law enforcement and judicial authorities with the powers necessary to perform their duties effectively.
At the same time, the investigative powers they hold can intrude into private lives and business processes. Everyone should be confident that law enforcement and judicial authorities will only use their investigative powers under strict conditions, their use being lawful, necessary and proportionate and subject to proper procedural safeguards.
Proper regulation and transparency about the use of investigative powers are essential for people and businesses to trust the law enforcement and judicial authorities and for their trust in cyberspace being safe and secure.
- Do we need alternative approaches (e.g. legal or other instruments) for situations when mutual legal assistance is not possible?
- Which alternatives would you propose?
- Conflicting national and international regulations regarding e-evidence hamper cooperation with private parties. Should we develop a common approach to tackle this issue?
- Which elements should be part of such a common approach?
- Private enterprises are often valuable partners in the fight against cybercrime.
The private sector not only has the information necessary to solve individual cases because of their control of applications on the internet but also has valuable knowledge about cyberspace and the possibilities it provides for effective investigation. So as to ensure that the cooperation with private partners remains constructive, clear regulations and points of contact are required. Moreover, the issue of conflicting regulations should be addressed.
Following the adoption of the EU Agenda on Security, valuable contributions were made to the debate on jurisdiction in cyberspace during Luxembourg’s EU presidency term.
The current paper serves as a basis for an informal discussion at the ministerial level during their EU presidency term. Current practices in joint cybercrime operations are set to be evaluated through EMPACT. This is to be followed up on by an expert-level conference to build on the insights gained thus far.
The results will thereafter be discussed by COSI and CATS, possibly leading to the development of a further programme of action.
In the light of the above, ministers are invited to discuss the following questions2:
- Do you support the development of a common view on jurisdiction in cyberspace in addition to improving operational cooperation?
- Which issues do you think could be addressed in that respect and what is your view on those issues?
Discussion Paper on the European Forensic Science Area 2020 (Lunch meeting Ministers of Justice, 26 January 2016)
Forensic evidence is increasingly important in criminal matters. Since crime goes beyond national borders, there is also a growing need for Member States to exchange forensic evidence. At present it is all too often the case that public prosecutors and judges are unable to use forensic evidence from another Member State because they do not have sufficient knowledge about how the investigation was carried out or whether it was up to standards.
The exchange of forensic evidence could be streamlined by creating a European Forensic Science Area. This would be an area in which the procedures of the providers of forensic services in the Member States would be better coordinated and the quality of investigations would be brought to an acceptable level.
This will build confidence and encourage cooperation in the field of law enforcement and prosecution.
On 13 and 14 December 2011 the Council (Justice and Home Affairs) approved conclusions regarding the realisation of a European Forensic Science Area by 2020 1.
In its conclusions of 15 and 16 June 2015 2 on the renewed Internal Security Strategy 2015-2020, the Council (Justice and Home Affairs) emphasised the importance of a European Forensic Area for law enforcement and prosecution: ‘Law enforcement and judicial authorities must be confident that the forensic data they rely on is of high quality, including if the data comes from another Member State. It is therefore important to ensure that the forensic data exchanged through information exchange systems, such as the Prüm framework for fingerprints and DNA profiles, can be effectively used in court.’
Notwithstanding differences of opinion, however, about the way in which a European Forensic Science Area can best be achieved, replies to a questionnaire issued in June 2015 show that Member States continue to underline the importance thereof.
The demand for forensic research continues to grow, especially with the growing power of technology. The available budgets for forensic research are nevertheless under pressure in many Member States.
The aim of creating and developing a European Forensic Science Area is to enable the mutual exchange of knowledge and expertise. In the longer term it may even be possible for the Member States to share capacities: It would then no longer be necessary for each Member State to have its own top-level expertise ‘in-house’ for every area of forensic expertise; as a consequence, the financial and technical burdens could be shared between them.
In order to cooperate well in the field of forensics it is essential to invest in quality.
In this regard an important contribution could be made by the objectives stated in the Council’s Conclusions of 2011 such as the accreditation of forensic science institutes, respect for minimum competence criteria for forensic science personnel, and minimum quality standards for scene-of-crime investigations.
In the short term an investment in quality could focus on the following objectives:
– developing best practice manuals and proficiency tests 3 for all areas of forensic expertise;
– developing courses to increase forensic awareness among the law enforcement and justice community;
– encouraging the exchange of forensic data from databases.
- Do you think that ENFSI should be given a greater role in the further elaboration of the details of some of the Council’s Conclusions of 2011 by being a European centre of expertise in the field of forensic research and could it contribute to the gradual realisation of the objectives set out in those conclusions?
- If not, why not? If so, do you have any suggestions on ENFSI’s role of governance?
- The knowledge and expertise built up by the European Network of Forensic Science Institutes (ENFSI) could be put to good use in achieving these objectives. Several countries have already indicated in their replies to the questionnaire that they envisage a greater role for ENFSI.
Cooperation with ENFSI could therefore be encouraged. Cooperation could also be sought with CEPOL (the European Police College) in relation to forensic awareness courses.
The ministers will be asked to answer 4 the following questions concerning the further development of the European Forensic Science Area:
- The exchange of DNA profles and fnger-prints in the EU by linking databases has been very successful. Would you also like to encourage the linking of national databases covering other forensic data?
- If so, for which areas of expertise (e.g. weapons and ammunition or drugs)?
- In your opinion, will the development and use of best practice manuals, profciency tests and forensic awareness courses contribute to the European Forensic Science Area in the short term?
- If so, which issues should have the highest priority?
1 htp://www.consilium.europa.eu/uedocs/cms_data/docs/ pressdata/en/jha/126875.pdf
2 htp://ec.europa.eu/dgs/home-afairs/e-library/documents/ basic-documents/docs/eu_agenda_on_security_en.pdf
3 Proficiency testing determines the performance of individual laboratories for specific tests or measurements and is used to monitor laboratories’ continuing performance.