The Meijers Committee on the “Money Laundering Directive”

ORIGINAL COMMENT PUBLISHED ON 12 MAY 2017 (*)

The Meijers Committee would like to comment on the European Commission’s proposal for a Directive on countering money laundering by criminal law.1

1. The Meijers Committee wishes to express its support for the idea of reviewing existing EU instruments in order to clarify obligations and achieve more coherence in the criminalisation of money laundering. However, the Meijers Committee considers that some elements of the Commission’s proposal deserve reconsideration in light of the principle of proportionality (article 5(4) TEU) and the ideas about criminalisation at EU level that the European Commission, the Council and the Parliament have expounded.2

The Meijers Committee holds that safeguards for suspects and defendants should be improved in the directive, inter alia because such harmonisation is important to enhance the effectiveness of cooperation between Member States.

2. The Meijers Committee deplores the fact that the Commission has not made an impact assessment of this proposal. The Commission reasons that the Directive mainly incorporates existing international obligations. Yet criminalisation of this behaviour at EU level, with its particular legal order, is more far-reaching than most existing international obligations. Moreover, as will be shown below, the proposal does go further than existing international obligations in some important aspects and it concerns a sensitive topic. Therefore, an impact assessment is necessary.

3. In the Commission’s proposal, the definition of criminal activity from which the property is derived (the ‘predicate offences’) has a wide scope. Whereas the Commission explains the necessity of the proposal mainly from the viewpoint of countering (financing of) terrorism, this is in reality only a small part of the proposal. Besides the list of EU-criminal offences, the proposal deals with ‘all offences as defined in the national law of the Member States, which are punishable by deprivation of liberty or a detention order for a maximum of more than one year or, as regards Member States that have a minimum threshold for offences in their legal system, all offences punishable by deprivation of liberty or a detention order for a minimum of more than six months’ (article 2(1 )(v)).

This may include possession of a small amount of property from a minor theft.

As the German delegation proposed, ‘a mandatory criminalisation of money laundering without any limitation to serious crimes could be disproportional’.3 Especially in purely national cases, which will be affected by the directive as well, having such a wide definition of the predicate offence may lead to unjustified outcomes. According to the Meijers Committee, this element of the proposal could be improved by including a requirement that Member States are only obliged to criminalise money laundering with regard to ‘particularly serious criminal activity’, which could include serious criminal activity with a cross-border element.

4. The Meijers Committee finds it questionable whether it is necessary and proportionate to oblige EU Member States to criminalise ‘self-laundering’ (article 3(3)), even though it should be welcomed that this offence only applies to conversion, transfer, concealment and disguise, and not to acquisition, possession or use. The Commission does not convincingly state why an EU-wide obligation to criminalise this behaviour, which is only optional in other instruments such as the Warsaw Convention, should be necessary to achieve the objective of the directive.

In many EU Member States, self-laundering is not criminalised because it is thought to lead to violations of the right not to be tried or punished twice for the same offence.4 The directive’s explanatory memorandum does refer to the ne bis in idem principle laid down in article 50 of the Charter of Fundamental Rights; however, this only applies to persons who have been finally acquitted or convicted and not to cases in which simultaneous prosecution takes place. Thus, the directive still leaves a gap in the protection for the defendant. Moreover, confiscation of the proceeds is already possible (see Directive 2014/42).

An option could be to limit the obligation to criminalise self-laundering to actions (of conversion, transfer, concealment and disguise) that cause further damage to the integrity of the financial system, in addition to the damage already caused by the predicate offence.

Another option could be to oblige states to limit the criminalisation of self-laundering (with regard to conversion, transfer, concealment or disguise) to situations where a person cannot be held criminally responsible for the predicate offence.

5. Even when there is no self-laundering involved, in some countries the prosecution of behaviour such as acquisition, possession or use of the property, when there is also a prosecution of the predicate offence, leads to problems of double jeopardy. As explained in par. 4, these problems cannot simply be solved by referring to article 50 of the Charter. It is exactly issues like these that, according to the Meijers Committee, necessitate an impact assessment of the proposal.

6. The Meijers Committee recommends putting in place more safeguards in relation to article 3(1), as these obligations potentially cover a wide range of conduct. There is a risk that states could use the money laundering offence as a ‘catch-all’ offence that also covers conduct which is not (or only very remotely) related to the rationale of protecting the integrity of the financial system. The Meijers Committee considers that this rationale of protecting the integrity of the financial system should be at the heart of the Directive, because that is what makes money laundering a serious crime and distinguishes it from other forms of assistance or encouragement of criminal conduct.

The latter forms should not be the subject of EU criminal law regulation, because the EU’s competences in article 83(1) TFEU are limited to particularly serious crime with a cross-border dimension.

This element could be improved by requiring that the conduct in article 3(1) – under a, b and c (not only under a) – is carried out with the purpose of concealing or disguising the illicit origin of the property. Also, the proposal would be improved if the offence definition would require that the conduct is suitable for concealing or disguising the illicit origin of the property. 7.

The Meijers Committee recommends amending article 3(2)(b), which states that it shall not be necessary to establish other circumstances relating to the criminal activity. If requirements with regard to establishing the predicate offence are too loose, Member States’ criminal law systems may focus on prosecuting for money laundering in order to evade the problems they may have in prosecuting the predicate offences. The wording proposed by the Council Presidency could provide a solution to this: ‘a conviction for the offences, referred to in paragraph 1 is possible where it is established that the property has been derived from a criminal activity, without it being necessary to establish all the factual elements relating to such activity’.5

(*) The Council has in the meantime agreed a new version of the text : see document 9280/17 on May 22, 2017 (however not directly accessible to the public)

NOTES

1 21 December 2016, COM(2016) 826 final.
2 Council Conclusions on model provisions, guiding the Council’s criminal law deliberations, 2979th JHA Council meeting, 30 November 2009; European Parliament, Resolution ‘An EU approach to criminal law’, 22 May 2012 (2010/2310(INI)); European Commission Communication ‘Towards an EU Criminal Policy: Ensuring the effective implementation of EU policies through criminal law’, 20 September 2011, (COM(2011)0573).
3 Council of the EU, Comments by delegations on the proposal for a Directive of the European Parliament and of the Council on countering money laundering by criminal law, 10 February 2017, 2016/0414 (COD), 15782/16, 6050/17.
4 Council of the EU, Comments by delegations on the proposal for a Directive of the European Parliament and of the Council on countering money laundering by criminal law, 10 February 2017, 2016/0414 (COD), 6050/17.
5 Examination of the proposal for a Directive of the European Parliament and of the Council on countering money laundering by criminal law, 9 February 2017, 2016/0414 (COD), 5443/17.

Worth reading : the final report by the EU High Level Expert Group on Information Systems and Interoperability (HLEG),

NB: The full version (PDF)  of the Report is accessible HERE

On May 8th the (EU) High Level Expert Group on Information Systems and Interoperability (HLEG) which was set up in June 2016 following the Commission Communication on “Stronger and Smarter Information Systems for Borders and Security ” has published its long awaited 56 long pages Report on Information Systems and Interoperability.

Members of the HLEG were the EU Members States (+ Norway, Switzerland and Liechtenstein), the EU Agencies (Fundamental Rights Agency, FRONTEX, European Asylum Support Office, Europol and the EU-LISA “Large Information Support Agency”) as well as the representatives of the Commission and the European Data Protection Supervisor (EDPS) and the Anti-Terrorism Coordinator (an High Council General Secretariat Official designated by the European Council).

Three Statements, respectively of the EU Fundamental Rights Agency, of the European Data Protection Supervisor and of the EU Counter-Terrorism Coordinator (CTC),  are attached. The first two can be considered as a sort of partially dissenting Opinions while the CTC  statement is quite obviously in full support of the recommendations set out by the report as it embodies for the first time at EU level the “Availability Principle” which was set up already in 2004 by the European Council. According to that principle if a Member State (or the EU) has a security related information which can be useful to another Member State it has to make it available to the authority of another Member State. It looks as a common sense principle which goes hand in hand with the principle of sincere cooperation between EU Member States and between them and the EU Institutions.

The little detail is that when information is collected for security purposes national and European legislation set very strict criteria to avoid the possible abuses by public EU and National Law enforcement authorities. This is the core of Data Protection legislation and of the art. 6, 7 and 8 of the EU Charter of Fundamental Rights which prevent the EU and its Member States from becoming a sort of Big Brother “State of surveillance”. Moreover, at least until now these principles have guided the post-Lisbon European Court of Justice jurisprudence in this domain and it is quite appalling that no reference is made in this report to the Luxembourg Court Rulings notably dealing with “profiling” and “data retention”(“Digital Rights”, “Schrems”, “TELE 2-Watson”…).

Needless to say to implement all the HLWG recommendations several legislative measures will be needed as well as the definition of a legally EU Security Strategy which should be adopted under the responsibility of the EU co-legislators. Without a strong legally founded EU security strategy not only the European Parliament will continue to be out of the game but also the control of the Court of Justice on the necessity and  proportionality of the existing and planned EU legislative measures will be weakened.  Overall this HLWG report is mainly focused on security related objectives and the references to fundamental rights and data protection are given more as “excusatio non petita” than as a clearly explained reasoning (see the Fundamental Rights Agency Statement). On the Content of the  perceived “threats” to be countered with this new approach it has to be seen if some of them (such as the mixing irregular migration with terrorism)  are not imaginary and, by the countrary, real ones are not taken in account.

At least this report is now public. It will be naive to consider it as purely “technical” : it is highly political and will justify several EU legislative measures. It will be worthless for the European Parliament to wake up when the formal legislative proposals will be submitted. If it has an alternative vision it has to show it NOW and not waiting when the Report will be quite likely “endorsed” by the Council and the European Council.

Emilio De Capitani

TEXT OF THE REPORT (NB  Figures have not been currently imported, sorry.)

——- Continue reading

Immigration detention and the rule of law: the ECJ’s first ruling on detaining asylum-seekers in the Dublin system

ORIGINAL PUBLISHED ON EU LAW ANALYSIS (May 5,2017)

by Tommaso Poli (LL.M. candidate in Human Rights and Humanitarian Law at the University of Essex, School of Law).

One of the most controversial issues in immigration law is the detention of asylum-seekers. This issue was not initially addressed by the European Common Asylum System (CEAS), but is now addressed in some of the second-phase CEAS measures (the CEAS consists of the Asylum Procedures Directive, the Reception Conditions Directive, the Qualification Directive, the Dublin Regulation and the EURODAC Regulation).

In particular, the second-phase CEAS measures contain detailed rules on detaining asylum-seekers in two cases:  a) general rules in the Reception Conditions Directive, which were the subject of a first ECJ ruling in 2016 (discussed here) and a recent opinion of an Advocate-General; and b) more specific rules in the Dublin III Regulation, applying to asylum-seekers whose application is considered to be the responsibility of another Member State under those rules. Recently, the ECJ ruled for the first time on the interpretation of the latter provisions, in its judgment in the Al Chodor case.

As we will see, the Court took a strong view of the need for the rule of law to apply in detention cases. Moreover, its ruling is potentially relevant not just to Dublin cases, but also detention of asylum-seekers and irregular migrants in other contexts too.

The rules on detaining asylum-seekers in the context of the Dublin process are set out in Article 28 of the Dublin III Regulation. First of all, Article 28(1) states that asylum seekers can’t be detained purely because they are subject to the Dublin process. Then Article 28(2) sets out the sole ground for detention: when there is a ‘significant risk of absconding’. If that is the case ‘Member States may detain the person concerned in order to secure transfer procedures in accordance with’ the Dublin rules, ‘on the basis of an individual assessment and only in so far as detention is proportional and other less coercive alternative measures cannot be applied effectively’.

Next, Article 28(3) sets out detailed rules on time limits for ‘Dublin detention’; these are the subject of the pending Khir Amayry case. Finally, Article 28(4) states that the general rules on guarantees relating to procedural rights and detention conditions set out in the Reception Conditions Directive apply to asylum-seekers detained under the Dublin rules.

Al Chodor concerned the interpretation of the grounds for detention under Article 28(2): what is a ‘serious risk of absconding’?  The Dublin III Regulation offers some limited clarity, defining ‘risk of absconding’ as ‘the existence of reasons in an individual case, which are based on objective criteria defined by law, to believe that an applicant or a third country national or a stateless person who is subject to a transfer procedure may abscond.’ (Article 2(n) of the Regulation).

Facts

The case relates to an Iraqi man and his two minor children who were traveling from Hungary in the Czech Republic, without any documentation to establish their identity, with the aim of joining family members in Germany. After stopping the Al Chodors, the Czech Foreigners Police Section (FPS) consulted the Eurodac database and found that they had made an asylum application in Hungary. As a consequence, the Al Chodors were subjected to the transfer procedure according to Article 18(1)(b) of the Dublin III Regulation. In addition, the FPS took the view that there was a ‘serious risk of absconding’, given that the Al Chodors had neither a residence permit nor accommodation in the Czech Republic, while they were waiting for their transfer to Hungary.

So, they placed the Al Chodors in detention for 30 days pending their transfer pursuant to Paragraph 129(1) of the national law on the residence of foreign nationals, read in conjunction with Article 28(2) of the Dublin III Regulation. The Al Chodors brought an action against the decision ordering their detention to the regional Court, which annulled that decision, finding that Czech legislation does not lay down objective criteria for the assessment of the risk of absconding within the meaning of Article 2(n) of the Dublin III Regulation. That Court accordingly ruled that the decision was unlawful. Following the annulment of the decision of the FPS, the Al Chodors were released from custody.

The FPS brought an appeal on a point of law before the Supreme Administrative Court against the decision of the Regional Court. According to the FPS, the inapplicability of Article 28(2) of the Dublin III Regulation cannot be justified by the mere absence in Czech legislation of objective criteria defining the risk of absconding. That provision subjects the assessment of the risk of absconding to three conditions, namely an individual assessment taking account of the circumstances of the case, the proportionality of the detention, and the impossibility of employing a less coercive measure. The FPS has submitted that it satisfied those conditions.

The Supreme Administrative Court was uncertain whether the recognition by its settled case-law of objective criteria on the basis of which the detention of persons pursuant to Paragraph 129 of the Law on the residence of foreign nationals may be carried out can meet the requirement of a definition ‘by law’ within the meaning of Article 2(n) of the Dublin III Regulation, in so far as that case-law confirms a consistent administrative practice of the FPS which is characterised by the absence of arbitrary elements, and by predictability and an individual assessment in each case. So the Court decided to refer to the European Court of Justice for a preliminary ruling asking whether Article 2(n) and Article 28(2) of the Dublin III Regulation, read in conjunction, must be interpreted as requiring Member States to establish, in a national law, objective criteria underlying the reasons for believing that an applicant for international protection who is subject to a transfer procedure may abscond, and whether the absence of those criteria in a national law leads to the inapplicability of Article 28(2) of that regulation.

Judgment

The Court of Justice first of all ruled that Article 2(n) of the Dublin III Regulation explicitly requires that objective criteria defining the existence of a risk of absconding be defined by the national law of each Member State (paragraph 27-28). Then, determining whether the word ‘law’ must be understood as including settled case-law, the Court reaffirmed that in interpreting a provision of EU law, it is necessary to consider not only its wording but also the context in which it occurs and the objectives pursued by the rules of which it forms part (judgment of 26 May 2016, Envirotec Denmark, paragraph 27).

So with regard to the general scheme of the rules of which Article 2(n) of Dublin III Regulation forms part, the Court, referring to recital 9 of that regulation, states that the regulation is intended to make necessary improvements, in the light of experience, not only to the effectiveness of the Dublin system but also to the protection of fundamental rights afforded to applicants under that system. This high level of protection is also clear from Articles 28 and 2(n) of that regulation, read in conjunction. As regards the objective pursued by Article 2(n) of the Dublin III Regulation, read in conjunction with Article 28(2) thereof, the Court recalls that, by authorizing the detention of an applicant in order to secure transfer procedures pursuant to that regulation where there is a significant risk of absconding, those provisions provide for a limitation on the exercise of the fundamental right to liberty enshrined in Article 6 of the Charter.

In that regard, it is clear from Article 52(1) of the Charter that any limitation on the exercise of that right must be provided for by law and must respect the essence of that right and be subject to the principle of proportionality. Furthermore, it is worth noting that in this ruling the European Court of Justice explicitly aligns its interpretation to the European Court of Human Rights (ECtHR), reaffirming that any deprivation of liberty must be lawful not only in the sense that it must have a legal basis in national law, but also that lawfulness concerns the quality of the law and implies that a national law authorizing the deprivation of liberty must be sufficiently accessible, precise and foreseeable in its application in order to avoid risk of arbitrariness (judgment of the European Court of Human Rights of 21 October 2013, Del Río Prada v Spain, paragraph 125).

The Court then concluded by stating that taking account of the purpose of the provisions concerned, and in the light of the high level of protection which follows from their context, only a provision of general application could meet the requirement of clarity, predictability, accessibility and, in particular, protection against arbitrariness. It follows that Article 2(n) and Article 28(2) of the Dublin III Regulation, read in conjunction, must be interpreted as requiring that the objective criteria underlying the reasons for believing that an applicant may abscond must be established in a binding provision of general application. In the absence of such criteria, the detention was unlawful.

Comments

First of all, the Court’s ruling is likely relevant to the interpretation of other EU measures concerning immigration detention. In the Returns Directive, which inter alia concerns the detention of irregular migrants (as distinct from asylum seekers), the ‘risk of absconding’ forms part of the ground for detention (as well as one of the grounds for refusing to allow the irregular migrant a period for voluntary departure); and it is defined exactly the same way as in the Dublin III Regulation. As for asylum seekers who are detained on grounds other than the Dublin process, a ‘risk of absconding’ is an element of one of the grounds for detention under the Reception Conditions Directive, but is not further defined. But a recent Advocate-General’s opinion notes (at para 73) that this clause aims to prevent ‘arbitrary’ detention, which was a key feature of the reasoning in the Al Chodor judgment. This surely points to a consistent interpretation of the two asylum laws. It follows that arguably the Court’s judgment should be relevant not just to Dublin cases but to any immigration detention of non-EU citizens in any Member State bound by the relevant EU legislation.

Secondly, this ruling has reiterated the principle by which although regulations generally have immediate effect in national legal systems without it being necessary for the national authorities to adopt measures of application, some of those provisions may necessitate, for their implementation, the adoption of measures of applicability by the Member States (judgment of 14 April 2011, Vlaamse Dierenartsenvereniging and Janssens, paragraphs 47 and 48).

Most significantly, the Court has reaffirmed the primacy of Human Rights law in EU asylum law implementation, highlighting that the development of the EU asylum law itself depends on its compliance with Human Rights law. In particular, the ECJ’s ruling in this case first of all reflects the ECtHR’s interpretation of the ‘arbitrariness’ of detention, which extends beyond the lack of conformity with national law. Notably, it states that a deprivation of liberty that is lawful under domestic law can still be arbitrary and thus contrary to the general principles, stated explicitly or implied, in the Convention (judgment of the European Court of Human Rights of 9 July 2009, Mooren v. Germany, paragraphs 73-77).

The Court’s ruling also reflects UN human rights norms. The Human Rights Committee’s General Comment No. 31 related to the nature of the general legal obligation imposed on State parties to the UN Covenant on Civil and Political Rights, which all EU Member States are State parties to, which reads that ‘in no case may the restrictions be applied or invoked in a manner that would impair the essence of a Covenant right’ (paragraph 4). Furthermore, the Human Rights Committee’s General Comment No. 35 points out that “arbitrariness is not to be equated with ‘against the law’, but must be interpreted more broadly to include elements of inappropriateness, injustice, lack of predictability and due process of law, as well as elements of reasonableness, necessity and proportionality” (paragraph 12, see also HRC, Van Alphen v. Netherlands, paragraph 5.8).

Finally, the Court’s ruling has confirmed the constitutional value of the Charter of Fundamental Rights of the European Union, which assumes a critical value in this historical period, since, as with any constitutional instrument, the more society as a whole is going through difficult times (such as the perceived ‘migration crisis’ in Europe), the more important it is to reaffirm its principles and values.

Likewise Article 52 of the EU Charter states that in no case may restrictions be applied or invoked in a manner that would impair the essence of a Charter right; in the context of detention, a fortiori it can be also affirmed that essential elements of guarantee for that right, as the requirement of lawfulness and non-arbitrariness for the right of liberty, cannot be disregarded in any circumstance. The Al Chodor ruling puts meat on the bones of that fundamental principle.

EU accession to the Istanbul Convention preventing and combating violence against women. The current state of play.

by Luigi LIMONE (*)

The Council of Europe Convention on preventing and combating violence against women and domestic violence, known as ‘Istanbul Convention’, is the first legally binding treaty in Europe that criminalises different forms of violence against women including physical and psychological violence, sexual violence, sexual harassment and rape, stalking, female genital mutilation, forced marriage, forced abortion and forced sterilization.

It emphasises and recognises that violence against women is a human rights violation, a form of discrimination against women and a cause and a consequence of inequality between women and men. The Convention requires the public authorities of State parties to adopt a set of comprehensive and multidisciplinary measures in a proactive fashion to prevent violence, protect its victims/survivors and prosecute the perpetrators. The Convention recognises that women experience multiple forms of discrimination and requires the State parties to ensure that tits implementation is made without discrimination on any ground such as sex, gender, race, colour, language, religion, political or other opinion, national or social origin, association with a national minority, property, birth, sexual orientation, gender identity, age, state of health, disability, marital status, migrant or refugee status or other. It also states that violence against women can never be justified in the name of culture, custom, religion, tradition nor so-called ‘honour’.

It foresees obligations to adopt a specific gender-sensitive approach in migration and asylum matters, and the establishment of a specific monitoring mechanism, (The Group of Experts on Action against Violence against Women and Domestic Violence “GREVIO”), tasked with ensuring effective implementation of its provisions by the Parties.

The Convention contains 81 articles set out in 12 separate chapters and was adopted by the Committee of Ministers of the Council of Europe on 7 April 2011, and opened for signature.  on 11 May 2011.  The Convention is open for signature and approval by the (47) member States of the Council of Europe, non-member States which have participated in its elaboration and the European Union, and is open for accession by other non-member States. The Istanbul Convention came into force in 2014. It has been signed by all the EU Member States (but the ratification is still missing for Bulgaria, Croatia, Cyprus, Czeck Republik, Estonia, Germany, Greece, Hungary, Ireland Latvia, Lithuania, Luxembourg, Slovakia and UK)

EU Accession : different perspectives of the Commission and of the Council

It should be noted that from a legal point of view the Istanbul Convention, like many other international treaties, is a ‘mixed agreement’ which allows for EU accession in parallel to the Member States’ accession.  While the EU cannot sign up to older international human rights treaties, like the UN Covenants, since they are only open to States, newer treaties expressly provide for the EU to sign up to them. This holds particularly true for the Istanbul Convention, which deals with a number of fields the EU is competent in, including victims’ rights and protection orders, asylum and migration, as well as in judicial cooperation in criminal matters.

As Steve Peers said, the EU accession to the Istanbul Convention can only be welcomed. Although it may not, by itself, prevent any act of violence from being committed, it may accelerate a broader process of ratification and corresponding national law reform on this issue. It may also have the important practical impact of helping victims receive support or protection, particularly in the context of the law on crime victims, immigration or asylum.

More specifically, the EU ratification of the Istanbul Convention could provide encouragement to its Member States, as well as non-EU Member States, to ratify the Convention and, since the CJEU will have jurisdiction to interpret those provisions of the Convention which fall within the scope of EU competence, it could promote a uniform interpretation of those provisions within the EU, thus establishing a truly comprehensive  framework for preventing and combating violence against women and domestic violence.

On 4th March 2016, the European Commission has then issued a proposal for a Council decision on the conclusion, by the European Union, of the Council of Europe Convention on preventing and combating violence against women and domestic violence.

The Commission proposal for the EU accession to the Istanbul Convention has recognised the mixed nature of the Convention and but has explicitly stated that the European Union has exclusive competence to the extent that, according to art.3(2) the Convention may affect common EU rules or alter their scope (recital 6).

However it has to be noted that according to art.73 of the Convention  :“The provisions of this Convention shall not prejudice the provisions of internal law and binding international instruments which are already in force or may come into force, under which more favourable rights are or would be accorded to persons in preventing and combating violence against women and domestic violence.”  Consequently, contracting Parties to the Convention are allowed to maintain or introduce a higher level of protection for women and girls than the norms set out in the Convention.

This gives some leeway to the Member States which have already signed and in some cases also ratified the Convention. Moreover in cases where relevant Union legislation contains minimum standards as well, it can be questioned if they have lost their possibility of adopting national legislation more favorable to the victims. On September 2016, the Slovak Presidency has then requested the Legal Service to give an opinion on the competences of the Union relating to the Convention, and to identify the parts of the Convention, if any, that fall within the Union’s exclusive competence.

This opinion was issued on 27 October 2016 (doc. 13795/16 -only partially accessible to the public) and as a result of subsequent debates in the Council working Groups it was decided that the Convention should be signed on behalf of the EU only as regards matters falling within the competence of the Union insofar as the Convention may affect common rules or alter their scope.

According to an internal Council source the EU must be held to have exclusive competence for some of the provisions of the Convention set out in Chapters IV (“Protection and Support”), V (‘Substantive Law) and VI (‘Investigation, prosecution, procedural law and protective measures’) but only insofar as they relate to victims covered by Directive 2011/92/EU and Directive 2011/36/EU. (Moreover in the case of the Victim Directive it deals with minimum EU rules so that some competence remain at MS level).

On the contrary it seems indisputable that the Union has acquired exclusive competence in relation to two of the three provisions of Chapter VII (‘Migration and Asylum’).  In relation to Article 60(1) and (2) of the Convention, the current EU rules of the “Qualification Directive” does not appear to be much leeway for Member States to exceed the protection level set out in Union rules. The same applies to Article 60(3) of the Convention, in the light of the detailed provisions of the same Qualification Directive, the “Procedures Directive” and the “Reception conditions Directive”, even if they set, technically speaking, Member States to maintain or introduce more favourable protection.  As for Article 61 of the Convention, on non-refoulement, this appears to set “minimum” norms, but only in theory.  The same must be held for the corresponding provisions of EU provisions, whether primary (Article 78(1) TFEU), or secondary law.

Therefore, to protect the MS competence the Council has decided to change the legal basis and the draft decision on the signing on behalf of the European Union of the Istanbul Convention was divided into two decisions: one with regard to matters related to judicial cooperation in criminal matters and the second with regard to asylum and non-refoulement.

Both Council and Commission have recognised that the respective competences of the European Union and the Member States are inter-linked and have considered that it is appropriate to establish arrangements between the Commission and the Member States for the monitoring mechanism provided by the Convention, the so-called Group of experts on action against violence against women and domestic violence (GREVIO).

…in the meantime the European Parliament ..

At the European Parliament level, on several occasions MEPs have recalled that the EU accession to the Istanbul Convention would guarantee a coherent European legal framework to prevent and combat violence against women and gender-based violence and to protect the victims of violence, provide greater coherence and efficiency in EU internal and external policies and ensure better monitoring, interpretation and implementation of EU laws, programs and funds relevant to the Convention, as well as more adequate and better collection of comparable desegregated data on violence against women and gender-based violence at EU.

According to the MEPs the EU ratification would also reinforce the EU accountability at international level and, last but not least, it would apply renewed political pressure on Member States to ratify this instrument (note that so far all EU Member States have signed the Istanbul Convention, but only fourteen of them have ratified it).

The European Parliament has also recalled that the Commission is bound by Article 2 TEU and by the Charter of Fundamental Rights to guarantee, promote and take action in favour of gender equality. It has, therefore, welcomed the Commission proposal to sign and conclude the EU accession to the Istanbul Convention.

In this respect, a draft interim report between the LIBE and FEMM Committees is being drafted by two rapporteurs, Anna Maria Corazza Bildt (EPP – Sweden) and Christine Revault D’Allonnes Bonnefoy (S&D – France). A first LIBE/FEMM joint hearing on the issue took place on 29 November 2016. It was followed by a second joint hearing, which was held on 27 March 2017, whose aim was to highlight the importance as well as the necessity for the EU to access the Istanbul convention as a unique body.

During the latter hearing, some MEPs reiterated the importance of the EU accession to the Istanbul Convention, which could represent the basis for the introduction of a holistic approach addressing the issue of violence against women and girls and gender-based violence from a wide range of perspectives, such as prevention, the fight against discrimination, criminal law measures to combat impunity, victim protection and support, the protection of children, the protection of women asylum seekers and refugees and better data collection.

According to Malin Björk  (GUE/NGL – Sweden), the EU accession to the Istanbul convention would represent a very important step forward and it would allow to see violence against women as a political issue. For her, the EU ratification would be an opportunity to make people understand that such an issue is part of gender politics and it has to be recognised as such.

For Iratxe García Pérez (S&D – Spain), it would be extremely important to use all the best practices provided by some EU countries, such as Spain and Sweden, in order to define a common European framework for an active policy to combat violence against women. In her opinion, the European society is still unequal and gender-based violence derives from such an unbalance of power. The EU accession to the Istanbul Convention would be therefore crucial in order to set the basis for a common European strategy aiming to eliminate gender unbalances across Europe.

The key elements of the interim report were outlined during a third joint hearing which took place on 11 April 2017. On that occasion, the two rapporteurs stressed the needs for a joint effort between the European Parliament and the European Commission, in order to set up a holistic and comprehensive approach towards violence against women. Both the rapporteurs  expressed their strong support for the introduction of an EU directive and recalled that violence against women should not be considered as a national issue but as a European issue, since it affects the whole European society.

Despite the progress made at the European Parliament level, some MEPs deplored the fact that negotiations in the Council were not proceeding at the same speed.

It is not clear if the LIBE members were aware of the debates on the Council side or if they have been “timely and fully informed” of the new approach emerging on the Council side as it should had be the case according to art. 218 of the TFUE. Nor it is clear if the Commission has taken duly informed the LIBE Members in compliance with the EP-Commission Framework agreement.

(*) FREE-GROUP Trainee

 

Legal Frameworks for Hacking by Law Enforcement: Identification, Evaluation and Comparison of Practices

EXECUTIVE SUMMARY OF A STUDY FOR THE EP LIBE COMMITEE.

FULL TEXT ACCESSIBLE  HERE  

by Mirja  GUTHEIL, Quentin  LIGER, Aurélie  HEETMAN, James  EAGER, Max  CRAWFORD  (Optimity  Advisors)

Hacking by law enforcement is a relatively new phenomenon within the framework of the longstanding public policy problem of balancing security and privacy. On the one hand, law enforcement agencies assert that the use of hacking techniques brings security, stating that it represents a part of the solution to the law enforcement challenge of encryption and ‘Going Dark’ without systematically weakening encryption through the introduction of ‘backdoors’ or similar techniques. On the other hand, civil society actors argue that hacking is extremely invasive and significantly restricts the fundamental right to privacy. Furthermore, the use of hacking practices pits security against cybersecurity, as the exploitation of cybersecurity vulnerabilities to provide law enforcement with access to certain data can have significant implications  for  the security of the internet.

Against this backdrop, the present study provides the LIBE Committee with relevant, actionable insight into the legal frameworks and practices for hacking by law enforcement. Firstly, the study examines the international and EU-level debates on the topic of hacking by law enforcement (Chapter 2), before analysing the possible legal bases for EU intervention in the field (Chapter 3). These chapters set the scene for the primary focus of the study: the comparative analysis of legal frameworks and practices for hacking by law enforcement across six selected Member States (France, Germany, Italy, the Netherlands, Poland and the UK), with further illustrative examples from three non-EU countries (Australia, Israel and the US) (Chapter 4). Based on these analyses, the study concludes (Chapter 5) and presents concrete recommendations and policy proposals for  EU  action  in  the field (Chapter 6).

The international and EU-level debates on the use of hacking techniques by law enforcement primarily evolve from the law enforcement challenge posed by encryption – i.e. the  ‘Going  Dark’  issue.

Going Dark is a term used to describe [the] decreasing ability [of law enforcement agencies] to lawfully access and examine evidence at rest on devices and evidence in motion across   communications   networks.1

According to the International Association of Chiefs of Police (IACP), law enforcement agencies are not able to investigate illegal activity and prosecute criminals without this evidence. Encryption technologies are cited as one of the major barriers to this access. Although recent political statements from several countries (including France, Germany, the UK and the US) seemingly call for ‘backdoors’ to encryption technologies, support for strong encryption at international and EU fora remains strong. As such, law enforcement agencies across the world started to use hacking techniques to bypass encryption. Although the term ‘hacking’ is not used by law enforcement agencies, these practices essentially mirror the techniques used by hackers (i.e. exploiting any possible vulnerabilities – including technical, system  and/or human  vulnerabilities  – within  an  information  technology  (IT) system).

Law enforcement representatives, such as the IACP and Europol, report that access to encrypted and other data through such hacking techniques brings significant investigative benefits. However, it is not the only possible law enforcement solution to the ‘Going Dark’ issue. Outside of the scope of this study, the other options include: requiring users to provide their password or decrypt their data; requiring technology vendors and service providers to bypass   the   security   of   their   own   products   and   services;   and   the    systematic   weakening   of encryption through the mandated introduction of ‘backdoors’ and/or weakened standards for encryption.

With the benefits of hacking established, a 2016 Joint Statement published by the European Union Agency for Network and Information Security (ENISA) and Europol2 noted that the use of  hacking  techniques also brings  several   key  risks.

The primary risk relates to the fundamental right to privacy and freedom of expression and information, as enshrined in international, EU and national-level law. Hacking techniques are extremely invasive, particularly when compared with traditionally intrusive investigative tools (e.g. wiretapping, house searches etc.). Through hacking, law enforcement can gain access to all data stored or in transit from a device; this represents a significant amount of data (e.g. a recent investigation by Dutch law enforcement collected seven terabytes of data, which translates into around 86 million pages of Microsoft Word documents3), as well as extremely sensitive data (e.g. a person’s location and movements, all communications, all stored data etc.). Consequently, the use of hacking techniques will inherently restrict the fundamental right to privacy.

Therefore, current debates at international and EU fora focus on assessing and providing recommendations on the current legal balances and safeguards for the restriction of the right to privacy by hacking techniques. However, these debates have assumed that hacking practices are necessary for law enforcement and simply require governing laws; they have not discussed whether the use of hacking techniques by law enforcement is necessary and proportional. The law enforcement assertions regarding the necessity of these invasive tools have  not   been  challenged.

The second key risk relates to the security of the internet. Law enforcement use of hacking techniques has the potential to significantly weaken the security of the internet by “[increasing] the attack surface for malicious abuse”4. Given that critical infrastructure and defence organisations, as well as law enforcement agencies themselves, use the technologies targeted and potentially weakened by law enforcement hacking, the potential ramifications reach  far  beyond  the intended  target.

As such, debates at international and EU fora focus on the appropriate balances between security and privacy, as well as security and cybersecurity. Regarding security v. privacy, the debates to date have assessed and provided recommendations on the legislative safeguards required to ensure that hacking techniques are only permitted in situations where a restriction of the fundamental right to privacy is valid in line with EU legislation (i.e. legal, necessary and proportional). Regarding security v. cybersecurity, the debates have been limited and primarily centre around the use and/or reporting of zero-day vulnerabilities discovered  by  law enforcement agencies.

Further risks not discussed in the Joint Statement but covered by this study include: the risks to territorial sovereignty – as law enforcement agencies may not know the physical location of the target data; and the risks related to the supply and use of commercially-developed hacking tools by governments with poor consideration for human rights.

Alongside the analysis of international and EU debates, the study presents hypotheses on the legal  bases  for  EU  intervention  in  the  field. Although  possibilities for  EU  legal  intervention  in several areas are discussed, including mutual admissibility of evidence (Art. 82(2) TFEU), common investigative techniques (Art. 87(2)(c) TFEU), operational cooperation (Art. 87(3) TFEU) and data protection (Art. 16 TFEU, Art. 7 & 8 EU Charter), the onus regarding the development of legislation in the field is with the Member States. As such, the management of the risks associated with law enforcement activities is governed at the Member State level.

As suggested by the focus of the international and EU discussions, concrete measures need to be stipulated at national-level to manage these risks. This study presents a comparative analysis of the legal frameworks for hacking by law enforcement across six Member States, as well as certain practical aspects of hacking by law enforcement, thereby providing an overview of the primary Member State mechanisms for the management of these risks. Further illustrative examples are provided from research conducted in three non-EU countries.

More specifically, the study examines the legal and practical balances and safeguards implemented at national-level to ensure: i) the legality, necessity and proportionality of restrictions to the fundamental  right  to  privacy;   and ii) the security  of  the internet.

Regarding restrictions to the right to privacy, the study first examines the existence of specific legal frameworks for hacking by law enforcement, before exploring the ex-ante and ex-post conditions and mechanisms stipulated to govern restrictions of the right to privacy and ensure they are legal, necessary  and  proportional.

It is found that hacking practices are seemingly necessary across all Member States examined, as four Member States (France, Germany, Poland and the UK) have adopted specific legislative provisions and the remaining two are in the legislative process. For all Member States except Germany, the adoption of specific legislative provisions occurred in 2016 (France, Poland and the UK) or will occur later (Italy, the Netherlands).  This  confirms the  new  nature  of these investigative techniques.

Additionally, law enforcement agencies in all Member States examined have used, or still use, hacking techniques in the absence of specific legislative provisions, under so-called ‘grey area’ legal provisions. Given the invasiveness of hacking techniques, these grey areaprovisions are considered  insufficient  to adequately  protect the right to privacy.

Where specific legal provisions have been adopted, all stakeholders agree that a restriction of the right to privacy requires the implementation of certain safeguards. The current or proposed legal frameworks of all six Member States comprise a suite of ex-ante conditions and ex-post mechanisms that aim to ensure the use of hacking techniques is proportionate and necessary. As recommended by various UN bodies, the provisions of primary importance include judicial authorisation of hacking practices, safeguards related to the nature, scope and duration of possible measures (e.g. limitations to crimes of a certain gravity and the  duration  of  the hack,  etc.) and  independent   oversight.

Although many of these types of recommended conditions are common across the Member States examined – demonstrated in the below table – their implementation parameters differ. For instance, both German and Polish law permit law enforcement hacking practices without judicial authorisation in exigent circumstance if judicial authorisation is achieved in a specified timeframe. However, the timeframe differs (three days in Germany compared with five days in Poland). These differences make significant difference, as the Polish timeframe was criticised  by the Council  of  Europe’s  Venice Commission  for being  too long.5

Furthermore, the Member States examined all accompany these common types of ex-ante and ex-post conditions with different, less common conditions. This is particularly true for ex-post oversight mechanisms. For instance, in Poland, the Minister for internal affairs provides macro-level information to the lower (Sejm) and upper (Senat) chambers of Parliament;6 and in the UK, oversight is provided by the Investigatory Powers Commissioner, who reviews all cases of hacking by law enforcement, and the Investigatory Powers Tribunal, which  considers disputes or  complaints surrounding  law enforcement  hacking.7

Key ex-ante considerations
Judicial authorisation The    legal    provisions    of    all    six    Member    States    require    ex-ante judicial        authorisation        for        law        enforcement        hacking.        The information  to  be  provided  in  these requests differ.

Select     Member     States     (e.g.     Germany,     Poland,     the     UK)     also provide for hacking without prior judicial authorisation in exigent circumstances  if  judicial  authorisation  is subsequently  provided. The timeframes  for  ex-post authorisation  differ.

Limitation by crime and  duration All  six Member  States  restrict  the  use  of  hacking  tools  based  on the   gravity   of   crimes.    In    some    Member   States,    the    legislation presents  a  specific  list  of  crimes  for  which  hacking  is permitted; in     others,     the    limit    is    set     for    crimes    that    have    a    maximum custodial    sentence   of   greater   than    a   certain   number    of   years. The lists and numbers  of years required differ by Member   State.

Many Member States also restrict the duration for which hacking may   be   used.   This   restriction   ranges   from   maximum   1   month (France, Netherlands) to a maximum of 6 months (UK), although extensions     are     permitted     under     the     same     conditions     in     all Member States.

Key ex-post considerations
Notification and effective remedy Most    Member    States    provide    for    the    notification    of    targets    of hacking  practices and  remedy  in  cases  of unlawful   hacking.
Reporting and oversight Primarily, Member States report at a micro-level through logging hacking  activities and  reporting them  in  case  files.

However,   some   Member   States   (e.g.   Germany,   Poland   and   the UK) have macro-level  review  and  oversight mechanisms.

Furthermore, as regards the issue of territoriality (i.e. the difficulty law enforcement agencies face obtaining the location of the data to be collected using hacking techniques), only one Member States, the Netherlands, legally permits the hacking of devices if the location is unknown. If the device turns out to be in another jurisdiction, Dutch law enforcement must apply  for Mutual  Legal  Assistance.

As such, when aggregated, these provisions strongly mirror Article 8 of the European Convention on Human Rights, as well as the UN recommendations and paragraph 95 of the ECtHR  judgement  in  Weber and  Saravia  v.  Germany.  However,   there are  many,  and  varied, criticisms when the Member State conditions are examined in isolation. Some of the provisions criticised include: the limits based on the gravity of crimes (e.g. the Netherlands, France and Poland); the provisions for notification and effective remedy (e.g. Italy and the Netherlands); the process for screening and deleting non-relevant data (Germany); the definition of devices that can be targeted (e.g. the Netherlands); the duration permitted for hacking (e.g. Poland); and a lack of knowledge amongst the judiciary (e.g. France, Germany, Italy and the Netherlands).With this said, certain elements, taken in isolation, can be called good  practices. Such  examples  are  presented below.

Select  good practice: Member State legislative frameworks

Germany: Although they were deemed unconstitutional in a 2016 ruling, the provisions for the screening and deletion of data related to the core area of private life are a positive step. If the provisions are amended, as stipulated in the ruling, to ensure screening by an independent body, they would provide strong protection for the targeted individual’s private data.

Italy: The 2017 draft Italian law includes a range of provisions related to the development and monitoring of the continued use of hacking tools. As such, one academic stakeholder remarked that the drafting of the law must have been driven by technicians. However, these provisions bring significant benefits to the legislative provisions in terms of supervision and oversight of the use of hacking tools. Furthermore, the Italian draft law takes great care to separate the functionalities of the hacking tools, thus protecting against the overuse or abuse of a  hacking tool’s  extensive  capabilities.

Netherlands: The Dutch Computer Crime III Bill stipulates the need to conduct a formal proportionality assessment for each hacking request, with the assistance of a dedicated Central Review Commission (Centrale Toetsings Commissie). Also, the law requires rules to be laid down on the authorisation and expertise of the investigation officers that can perform hacking.

With these findings in mind, the study concludes that the specific national-level legal provisions examined provide for the use of hacking techniques in a wide array of circumstances. The varied combinations of requirements, including those related to the gravity of crimes, the duration and purpose of operations and the oversight, result in a situation where the law does not provide for much stricter conditions than are necessary for less  intrusive  investigative activities such  as interception.

Based on the study findings,  relevant  and actionable policy proposals and recommendations have been developed under the two key elements: i) the fundamental right  to  privacy;  and  ii) the security  of the internet.

Recommendations and policy proposals: Fundamental  right  to  privacy

It is recommended that the use of ‘grey area’ legal provisions is not sufficient to protect the fundamental right to privacy. This is primarily because existing legal provisions do not provide for the more invasive nature of hacking techniques and do not provide for the legislative precision  and  clarity  as  required  under  the  Charter and the  ECHR.

Furthermore, many of these provisions have only recently been enacted. As such, there is a need for robust evidence-based monitoring and evaluation of the practical application of these provisions. It is therefore recommended that the application of these new legal provisions is evaluated regularly at national level, and that the results of these evaluations are  assessed at  EU-level.

If specific legislative provisions are deemed necessary, the study recommends a range of good practice, specific ex-ante and ex-post provisions governing the use of hacking practices by  law  enforcement  agencies. These are detailed  in  Chapter 6.

Policy proposal 1: The European Parliament should pass a resolution calling on Member States to conduct a Privacy Impact Assessment when new laws are proposed to permit and govern the use of hacking techniques by law enforcement agencies. This Privacy Impact Assessment should focus on the necessity and proportionality of the use of hacking tools and should  require input  from  national  data protection  authorities.

Policy proposal 2: The European Parliament should reaffirm the need for Member States to adopt a clear and precise legal basis if law enforcement agencies are to use hacking techniques.

Policy proposal 3: The European Parliament should commission more research or encourage the European Commission or other bodies to conduct more research on the topic. In response to the Snowden revelations, the European Parliament called on the EU Agency for Fundamental Rights (FRA) to thoroughly research fundamental rights protection in the context of surveillance. A similar brief related to the legal frameworks governing the use of hacking techniques by law enforcement across all EU Member States would act as an invaluable piece  of  research.

Policy proposal 4: The European Parliament should encourage Member States to undertake evaluation and monitoring activities on the practical application of the new legislative provisions  that  permit  hacking  by  law  enforcement  agencies.

Policy proposal 5: The European Parliament should call on the EU Agency for Fundamental Rights (FRA) to develop a practitioner handbook related to the governing of hacking by law enforcement. This handbook should be intended for lawyers, judges, prosecutors, law enforcement officers and others working with national authorities, as well as non­governmental organisations and other bodies confronted with legal questions in the areas set out by the handbook. These areas should cover the invasive nature of hacking techniques and relevant safeguards as per international and EU law and case law, as well as appropriate mechanisms for supervision  and   oversight.

Policy proposal 6: The European Parliament should call on EU bodies, such as the FRA, CEPOL and Eurojust, to provide training for national-level members of the judiciary and data protection authorities, in collaboration with the abovementioned handbook, on the technical means for hacking in use across the Member States, their potential for invasiveness and the principles of  necessity  and  proportionality in  relation  to these  technical  means.

Recommendations and policy proposals: Security of  the  internet

The primary recommendation related to the security of the internet is that the position of the EU against the implementation of ‘backdoors’ and similar techniques, and in support of strong encryption standards, should be reaffirmed, given the prominent role encryption plays in our society and its importance to the EU’s Digital Agenda. To support this position, the EU should ensure continued engagement with global experts in computer science as well as civil society privacy and  digital  rights groups.

The actual impacts of hacking by law enforcement on the security of the internet are yet unknown. More work should be done at the Member State level to assess the potential impacts such that these data can feed in to overarching discussions on the necessity and proportionality of law enforcement hacking. Furthermore, more work should be done, beyond understanding the risks to the security of the internet, to educate those involved in the authorisation and use of  hacking  techniques by law enforcement.

At present, the steps taken to safeguard the security of the internet against the potential risks of hacking are not widespread. As such, the specific legislative provisions governing the use of hacking techniques by law enforcement, if deemed necessary, should safeguard the security of the internet and the security of the device, including reporting the vulnerabilities used to gain access to a device to the appropriate technology vendor or service provider; and  ensure  the  full  removal  of  the software  or hardware from the targeted  device.

Policy proposal 7: The European Parliament should pass a resolution calling on Member States to conduct an Impact Assessment to examine the impact of new or existing laws governing  the  use  of hacking  techniques by  law  enforcement on  the  security  of  the internet.

Policy proposal 8: The European Parliament, through enhanced cooperation with Europol
and the European Union Agency for Network and Information Security (ENISA), should
reaffirm its commitment to strong encryption considering discussions on the topic of hacking by law enforcement. In addition, the Parliament should reaffirm its opposition to the implementation of  
backdoors and  similar techniques in information technology infrastructures or  services.

Policy proposal 9: Given the lack of discussion around handling zero-day vulnerabilities, the European Parliament should support the efforts made under the cybersecurity contractual Public-Private Partnership (PPP) to develop appropriate responses to handling zero-day vulnerabilities, taking into consideration the risks related to fundamental rights and the security  of the internet.

Policy proposal 10: Extending policy proposal 4, above, the proposed FRA handbook should also cover the risks  posed  to  the  security  of the  internet  by  using hacking  techniques.

Policy proposal 11: Extending policy proposal 5, training provided to the judiciary by EU bodies such as FRA, CEPOL and Eurojust should also educate these individuals on the risks posed  to  the security  of  the internet  by  hacking  techniques.

Policy proposal 12: Given the lack of discussion around the risks posed to the security of the internet by hacking practices, the European Parliament should encourage debates at the appropriate fora specific to understanding this risk and the approaches to managing this risk. It is encouraged that law enforcement representatives should be present within such discussions.

TERROR AND EXCLUSION IN EU ASYLUM LAW CASE – C-573/14 LOUNANI (GRAND CHAMBER, 31 JANUARY 2017)

ORIGINAL PUBLISHED ON EUROPEAN LAW BLOG  ON  MARCH 3, 2017 (NB: EMPHASIS ARE ADDED)

By Stephen Coutts

The on-going conflict in the Middle East has profound implications for the global legal order in two areas of law in particular: asylum law and anti-terrorist law.

The European Union and EU law have not been immune from this development and in many respects are closely affected by these geopolitical developments and their legal impact. After a fitful start, the EU has become a major actor in the area of criminal law, and in particular anti-terrorist law, on the one hand and in asylum law on the other.[1]

The two fields meet in Article 12(2)(c) of the Qualification Directive, itself reflecting Article 1F of the Geneva convention,[2] providing that an individual shall be excluded from eligibility for refugee status for acts contrary to the principles and purposes of the United Nations, acts which have been held to include acts of terrorism.

Furthermore, Article 12(3) of the Qualification Directive extends that exclusion to ‘persons who instigate or otherwise participate in the commission of the crimes or acts’ mentioned in Article 12(2). The status of terrorist and refugee are legally incompatible and mutually exclusive; one simply cannot be a terrorist and also a refugee. What, however, constitutes a terrorist for the purposes of Article 12 of the Qualification Directive? That essentially is the question at stake in Lounani.

Facts and Background Context

Mr Lounani, a Moroccan national, arrived in Europe in 1991 and initially applied for asylum in Germany where his application was rejected. He moved to Belgium in 1997 and lived there illegally. In 2010 he was convicted of membership of the Moroccan Islamic Combatant Group (MICG), an organisation that has been listed by the United Nations Security Council as a terrorist organisation. It appears he occupied a leading role in the MICG over many years and participated in various aspects of its organisation including fund-raising, forging of documents and arranging the travel of individuals to Iraq.

Crucially, however, he was never convicted of direct terrorist acts and there appears to be some dispute as to whether the MICG and/or individuals Mr Lounani aided in travelling to Iraq themselves participated directly in terrorist acts.

Mr Lounani subsequently claimed asylum in Belgium on the grounds that, following his conviction for terrorist related offences, he would be persecuted upon return to Morocco. An initial decision excluding him from refugee status on the basis of Article 12(2)(c) of the Qualification directive was overturned on review. That decision was in turn appealed to the Conseil d’Etat which stayed the case and referred a number of questions to the Court of Justice asking essentially if the exclusion clause operated only in relation to terrorist acts as defined in Article 1 of the Framework Decision on Combatting Terrorism (FDCT)[4] or if ancillary acts of participation in terrorist organisation and facilitating the commission of terrorist acts could be considered contrary to the principles and values of the UN as referred to in Articles 12(2)(c) and 12(3)[5] of the Qualification Directive.

Finally, if so, the Conseil d’Etat queried if a criminal conviction would automatically lead to the application of the exclusion clause.

Opinion of AG Sharpston[6]  Continue reading

The  European Union’s  Policies  on  Counter-Terrorism. Relevance,  Coherence and Effectiveness

FULL TEXT (226 pages) ACCESSIBLE HERE 

(*)This research paper was requested by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs and was commissioned, overseen and published by the Policy Department for  Citizens’ Rights and  Constitutional  Affairs. (January 2017)

AUTHORS :
(PwC) : Wim  WENSINK, Bas WARMENHOVEN, Roos HAASNOOT, Rob  WESSELINK, Dr  Bibi   VAN  GINKEL,
 International  Centre for  Counter-Terrorism (ICCT)  – The  Hague:  Stef WITTENDORP,  Dr  Christophe  PAULUSSEN, Dr  Wybe  DOUMA, Dr  Bérénice  BOUTIN,  Onur  GÜVEN, Thomas  RIJKEN, With   research   assistance   from:   Olivier  VAN   GEEL,   Max   GEELEN,   Geneviève   GIRARD,   Stefan HARRIGAN, Lenneke  HUISMAN,  Sheila  JACOBS  and  Caroline TOUSSAINT.

EXECUTIVE SUMMARY (emphasis are added)

Background and aim

The series of recent terrorist attacks, as well as the various foiled and failed terrorist plots on European soil, have more than ever reinforced the popular awareness of the vulnerabilities that go hand-in-hand with the open democracies in the European Union (EU). The fact that these attacks followed each other with short intervals, but mostly due to the fact that they often did not fit the profile and modus operandi of previous attacks, have significantly contributed to the difficulty for security agencies to signal the threats as they are materialising. The modi operandi used showed a diversity of targets chosen, were committed by a variety of actors including foreign fighter returnees, home-grown jihadist extremists, and lone actors, and were executed with a variety of weapons or explosives. Furthermore, another complicating factor is the trend towards the weaponisation of ordinary life  in  which  a truck or  a kitchen  knife already  fulfils the purpose.

Governments, policy-makers, and politicians in most EU Member States feel the pressure of the population who call for adequate responses to these threats. Similarly, the various actors of the EU on their own accord, or the European Council driven by (some) Member States, have stressed the importance of effective responses to these increased threats, and have specifically underlined the importance of sharing of information and good cooperation. Very illustrating in this respect are the conclusions adopted during the European Council meeting of 15 December 2016, in which the European Council stressed the importance of the political agreement on the Counter-Terrorism Directive, emphasised the need to swiftly adopt the proposals on regulation of firearms and anti-money laundering, as well as the implementation of the new passenger name record (PNR) legislation.1 The European Council furthermore welcomed the agreement on the revised Schengen Borders Code, and stressed the importance of finding agreement on the Entry/Exit System and the European Travel   Information  and   Authorisation  System.2

Although the easy way to satisfy the call for action by the national populations seems to be to just take action for the sake of it, the responsibility lies with the relevant actors, in line with the objectives and principles of the EU Treaty and the values the EU represents 3, to actually assess the security situation, and implement, amend or suggest (new) policies that are adequate, legitimate, coherent and effective in the long run. It is with that objective in mind that this study, commissioned by the European Parliament, has made an assessment of the current policy architecture of the EU in combating terrorism, particularly looking into loopholes, gaps or overlap in policies in areas ranging from international and inter-agency cooperation, data exchange, external border security, access to firearms and explosives, limiting the financing of terrorist activities, criminalising terrorist behaviour and prevention of radicalisation. This study furthermore looks into the effectiveness of the implementation of  policies in Member States  and  the  legitimacy and coherence  of  the  policies.

Seven major policy themes were selected and addressed in depth by this study:

  • Measures and tools for operational cooperation and intelligence/law enforcement and judicial information exchange;
  • Data collection and database access and interoperability;
  • Measures to enhance external border security;
  • Measures to combat terrorist financing;
  • Measures to reduce terrorists’ access to weapons and explosives; . Criminal justice measures;
  • Measures to combat radicalisation and recruitment.

The research team has assessed the degree of implementation of EU counter-terrorism measures under these seven themes in a selection of seven Member States: Belgium, Bulgaria, France, Germany, the Netherlands, Slovakia and Spain. This study sets out policy options for the future direction of EU counter-terrorism policy. The focus of policy options is on future threats and developments, and on developing creative yet feasible policy solutions.

Main findings Continue reading