Category: 8. Judicial cooperation

Statewatch leaked document on the state of play of EU Antiterrorism policy (and its perspectives..)

On the Statewatch site is now accessible a very interesting document of the EU Counter terrorism Coordinator in preparation of the Justice and Home affairs Council meeting of December 4, 2015. Without prejudice of the political and legal judgment that anyone can have on the initiatives listed below the text gives a very comprehensive (and relatively objective ) view of the current state of play of the EU initiatives. It remains a mystery why this kind of purely descriptive documents are not directly accessible to the public, to the European and national parliaments.

EDC

DOC14438/15
NOTE From: EU Counter-Terrorism Coordinator To: Delegations
Subject: Report: State of play on implementation of the statement of the Members of the European Council of 12 February 2015 on counter-terrorism

The extraordinary Council (JHA) of 20 November 2015 highlighted the need to accelerate the implementation of all areas covered by the statement on counter-terrorism issued by the Members of the European Council on 12 February 2015 (doc 14406/15). Therefore, in preparation of the Council of 4 December 2015, this paper lists all the measures foreseen in the February 2015 Statement and assesses their implementation. Implementation of the Conclusions of the Council of 20 November 2015 will enhance implementation of the February 2015 statement.

Documents 9422/1/15 and 12318/15 drafted by the EU CTC assessed the state of implementation in June and October 2015. Document 12551/15, drafted by the Presidency and the EU CTC, was endorsed by the Council in October 2015. It suggests five priorities for action by December 2015. Discussion in the extraordinary JHA Council of 20 November (doc 14406/15) and COSI of 16 November 2016 focused on firearms, strengthening external border controls, information sharing and terrorist financing (doc 14122/15).

I. ENSURING THE SECURITY OF CITIZENS

  1. PNR

Following the adoption of the rapporteur’s report by the LIBE Committee on 15 July 2015, four trilogues and three technical meetings have taken place. Important differences of view between the Council and the EP remain, notably on the inclusion of internal flights, the scope (transnational element of serious crime) and the period during which PNR data can be stored in an unmasked manner. Agreement on many other issues is outstanding.

The rapporteur’s ability to broker a deal with the Presidency is hampered by the fact that, except for the EPP shadow rapporteur, his report was not supported by other shadow rapporteurs, but by a heterogeneous majority across party lines. The EP’s commitment in its resolution of 11 February 2015 to work towards passage of a PNR Directive by the end of 2015 has so far not been shared by the shadow rapporteurs (S&D, ALDE, Greens, GUE) who voted against the Kirkhope report.

As long as there is no EU PNR Directive, Member States who do not have national legislation do not have a legal basis to acquire data from carriers. On 20 November 2015, the Council reiterated the urgency and priority to finalise an ambitious EU PNR before the end of 2015.

  1. Information sharing

–   Europol: by November 2015, 14 EU MS had connected their counter terrorism authorities to the Secure Information Exchange Network Application (SIENA) hosted by Europol, a key enabling platform for information exchange. This means that half of the Member States are still not connected. Siena will be upgraded to “confidential” in 2016. Terrorism crime related information and intelligence exchange remains low. A dedicated area for counter-terrorism authorities was created in SIENA in October 2015, allowing for direct bilateral and multilateral communication between counter-terrorism authorities, with Europol and third parties with an operational cooperation agreement.

There has been a strong increase of the use of the Europol Information System (EIS) since December 2014. By 13 November 2015, 1595 foreign terrorist fighters have been registered in EIS by 14 EU MS, 5 third parties and Interpol. Nevertheless, considering the much higher number of existing EU foreign terrorist fighters and the fact that half of all EU MS still have not used EIS, the system is clearly a work in progress.

FP Travellers, both from a quantitative and qualitative perspective, is not yet a tool which can provide in depth analysis in relation to all contributed operational cases across the EU. To date, 50.45 % of all contributions originate from just five MS and one associated third country. 2081 confirmed foreign terrorist fighters have been entered into FP Travellers.

Europol will launch the European Counter-Terrorism Center (ECTC) in early 2016 to strengthen information exchange. This will provide inter alia a robust security and confidentiality framework. A more robust information-sharing and operational-coordination platform will be established at Europol as part of ECTC to connect the police CT authorities. In the Council Conclusions of 20 November 2015, Member States committed to seconding CT experts to the ECTC to form an enhanced cross-border investigation support unit and indicated that Eurojust should also be involved. As Europol is actively engaged in support of ongoing CT investigations in several Member States and has been tasked by the Council to set up the IRU and the ECTC, it will be important to increase Europol ‘s resources accordingly to achieve sustainability.

–   Eurojust: Operational cooperation and information sharing have increased considerably. But this still does not reflect the extent of ongoing investigations and prosecutions. Operational cooperation in terrorism cases referred to Eurojust for assistance has more than doubled (13 cases in 2014, 29 cases so far in 2015, cases related foreign terrorist fighters increased from 3 to 14). Ten coordination meetings in terrorist cases have been organized in 2015, four of which related to FTF. In November 2015, Eurojust coordinated a joint action in six countries in a case of a radical terrorist group, leading to 13 arrests. The information on prosecutions and convictions for terrorist offences shared with Eurojust has more than doubled since 2014. So far in 2015, 109 cases were opened at Eurojust in relation to information exchange on terrorist offences – 17 on court results and 92 on ongoing prosecutions.
This is a threefold increase on the figure for 2014. Eurojust also animates several relevant networks such as the network of national correspondents for terrorism matters and the consultative forum of prosecutors-General and Directors of Public Prosecutions, specialized cybercrime prosecutors etc. The association of Eurojust to Europol’s Focal Point Travellers has allowed for improved information exchange.

Update of the Framework Decision on Combating Terrorism: The EU signed the Council of Europe Convention on the Prevention of Terrorism and its additional Protocol on Foreign Terrorist Fighters on 22 October 2015 in Riga. The Commission plans to present a proposal for the update of the Framework Decision before the end of 2015.

  1. External border controls

    2. Continue reading “Statewatch leaked document on the state of play of EU Antiterrorism policy (and its perspectives..)”

Fundamental Rights Agency :  Surveillance by intelligence  services: fundamental rights safeguards and remedies in the EU.  Mapping Member States’ legal frameworks

EXECUTIVE SUMMARY : FULL REPORT AVAILABLE HERE

 Introduction

Recent revelations of mass surveillance underscore the importance of mechanisms that help prevent fundamental rights violations in the context of intelligence activities.

This FRA report aims to evaluate such mechanisms in place across the European Union (EU) by describing the current legal framework related to surveillance in the 28 EU Member States. The report first outlines how intelligence services are organised, describes the various forms surveillance measures can take and presents Member States’ laws on surveillance. It then details oversight mechanisms introduced across the EU, outlines the work of entities set up thereunder, and presents various remedies available to individuals seeking to challenge surveillance efforts.

The report does not assess the implementation of the respective laws, but maps current legal frameworks. In addition, it provides an overview of relevant fundamental rights standards, focusing on the rights to privacy and data protection.

Background

In June 2013, media worldwide began publishing the ‘Snowden documents’, describing in detail several surveillance programmes being carried out, including by the United States’ National Security Agency (NSA) and by the United Kingdom’s Government Communications Headquarters (GCHQ). These brought to light the existence of extensive global surveillance. Details of these programmes, which set up a global system of digital data interception and collection, have been widely publicised 1 and critically assessed.2

Neither the US nor the British authorities questioned the authenticity of the revelations,3 and in some cases confirmed them.4 However, the media’s interpretation of the programmes was sometimes contested – for example, by the UK Intelligence and Security Committee of Parliament 5 and academia.6

Since most of the Snowden revelations have not been recognised by the British government, the Investigatory Powers Tribunal, in hearing challenges to the legality of the programmes, took the approach of hearing cases on the basis of hypothetical facts closely resembling those alleged by the media.7 For the Austrian Federal Agency for State Protection and Counter Terrorism (BVT), the Snowden revelations represented a “paradigm shift”: “Up until a few years ago, espionage was largely directed at state or business secrets, and not, for the most part, at people’s privacy, which can now be interfered with extensively by intelligence services since they possess the necessary technical resources to do so”. 8

The Snowden revelations were not the first to hint at the existence of programmes of large-scale communication surveillance set up in the aftermath of the 11 September 2001 attacks.9

But the magnitude of the revelations was unprecedented, potentially affecting the entire world.

The revelations triggered an array of reactions.10 In the intelligence community, and in particular among the specialised bodies in charge of overseeing the work of intelligence services, dedicated inquiries were conducted.11 The European Union reacted strongly.

The European Commission (EC), the Council of the European Union and the European Parliament (EP) reported on the revelations, expressing concern about mass surveillance programmes, seeking clarification from US authorities, and working on “rebuilding trust” in light of the damage created by the revelations.12

On 12 March 2014, the EP adopted a resolution on the US NSA surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ fundamental rights, and transatlantic cooperation in Justice and Home Affairs (the Resolution).13

The resolution drew on the in-depth inquiry that the EP tasked the Civil Liberties, Justice and Home Affairs Committee (LIBE) to conduct during the second half of 2013, shortly after the revelations on mass surveillance were published in the press.14

The wide-reaching resolution launched a “European Digital Habeas Corpus”, aimed at protecting fundamental rights in a digital age while focusing on eight key actions. In this context, the EP called on the EU Agency for Fundamental Rights (FRA) “to undertake in-depth research on the protection of fundamental rights in the context of surveillance, and in particular on the current legal situation of EU citizens with regard to the judicial remedies available to them in relation to those practices”.15

Scope of the analysis

This report constitutes the first step of FRA’s response to the EP request. It provides an overview of the EU Member States’ legal frameworks regarding surveillance. FRA will further consolidate its legal findings with fieldwork research providing data on the day-to-day implementation of the legal frameworks. A socio-legal report based on an empirical study, to be published at a later stage, will expand on the findings presented ere.

While the EP requested the FRA to study the impact of ‘surveillance’ on fundamental rights, given the context in which the resolution was drafted, it is clear that ‘mass surveillance’ is the main focus of the Parliament’s current work. During the data collection phase, FRA used the Parliament’s definition to delineate the scope of FRA net’s research.

The EP resolution refers to “far-reaching, complex and highly techno-logically advanced systems designed by US and some Member States’ intelligence services to collect, store and analyse communication data, including content data, location data and metadata of all citizens around the world, on an unprecedented scale and in an indiscriminate and non-suspicion-based manner” (Paragaph 1).

This definition encompasses two essential aspects: first, a reference to a collection technique, and second, the distinction between targeted and untargeted collection.

The report does not analyse the surveillance techniques themselves, but rather the legal frameworks that enable these techniques. For Member States that carry out signals intelligence, the focus of the analysis is on this capacity, and not on other intrusive capabilities the services may have (such as wiretapping).

This report covers the work of intelligence services. It does not address the obligations of commercial entities which, willingly or not, provide intelligence services with the raw data that constitute Signals Intelligence (SIGINT), and are otherwise involved in the implementation of the surveillance programmes.16 The private sector’s role in surveillance requires a separate study.

While the premise of this report is the existence of an interference, since the “secret monitoring of communications” interferes with privacy rights from a fundamental rights point of view,17 the report focuses on analysing the legal safeguards in place in the EU Member States’ legal frameworks, and therefore on their approaches to upholding fundamental rights.

“Assuming therefore that there remains a legal right to respect for the privacy of digital communications (and this cannot be disputed (see General Assembly Resolution 68/167)), the adoption of mass surveillance technology undoubtedly impinges on the very essence of that right.” UN, Human Rights Council, Emmerson, B. (2014), para. 18

The report’s analysis of EU Member States’ legal frameworks tries to keep law enforcement and intelligence services separate. By doing so, the report excludes the work of law enforcement from its scope, while recognising that making this division is not always easy.

As stated by Chesterman, “Governments remain conflicted as to the appropriate manner of dealing with alleged terrorists, the imperative to detect and prevent terrorism will lead to ever greater cooperation between different parts of government”.18 The EP resolution recognises this and called on the Europol Joint Supervisory Body (JSB) to inspect whether information and personal data shared with Europol have been lawfully acquired by national authorities, particularly if the data were initially acquired by intelligence services in the EU or a third country.19

The Snowden revelations have also shed light on cooperation between intelligence services. This issue, important for the oversight of intelligence services’ activities, has been addressed by the EP resolution (Paragraph 22), by oversight bodies,20 by the Venice Commission,21 and by academia.22

This aspect, however, proved impossible to analyse in a comparative study, since, in the great majority of cases, cooperation agreements or modalities for transferring data are neither regulated by law nor public. This in itself creates a fundamental rights issue linked to the rule of law and, more particularly, regarding the importance of the existence of a law that is accessible to the public, as well as regarding the rules governing the transfer of personal data to third countries.

Though this report could not deal with this aspect beyond referencing the lack of proper control by over-sight bodies, it does raise important questions under relevant legal standards.

Fundamental rights and safeguards Continue reading “Fundamental Rights Agency :  Surveillance by intelligence  services: fundamental rights safeguards and remedies in the EU.  Mapping Member States’ legal frameworks”

Attentats terroristes de Paris : “fluctuat nec mergitur”, envers et contre tout

ORIGINAL PUBLISHED ON CDRE SITE ON NOVEMBER 15 2015

 par Henri Labayle

Le carnage abominable commis dans les rues de Paris, ce vendredi soir, fait resurgir nombre d’interrogations déjà posées dans ces mêmes colonnes et restées sans réponses, il y a dix mois à peine.

Semblables et pourtant différentes, ces questions interpellent la société européenne autant que la société française. Elles obligent à ne pas laisser notre émotion prendre le pas sur ce qu’il reste de notre raison, à conserver deux convictions : celle d’un destin commun commandant que ne soit pas sacrifiés les principes d’une Communauté de droit .

1. Un destin commun

L’image donne souvent à la réalité l’apparence du spectacle. Les sociétés européennes se sont ainsi habituées au feuilleton médiatique de la violence terroriste, de ces attentats aux multiples formes allant de l’assassinat aveugle aux explosions meurtrières. Des rues d’Israël à celles de Beyrouth, hier encore, la relation de ces vies fauchées et de ces corps démembrés conservait jusqu’alors un caractère passablement artificiel pour les opinions publiques européennes. En tous cas pour celles qui n’avaient pas eu à en connaître dans leur chair comme en Irlande ou en Espagne. Loin et donc irréel …

Brutalement, l’attentat le plus violent que la France ait eu à connaître depuis plus d’un demi siècle ramène à la vérité. Les quatre vingt morts du Bataclan et la vision d’un corps de kamikaze devant le Stade de France donnent soudain une réalité tragique à des propos alarmistes que nous n’entendions pas, au sens premier du terme.

Nous ne comprenions pas en effet que l’on ne peut prétendre agir à l’extérieur de nos frontières sans conséquences. Nos sociétés n’ont pas davantage assimilé l’interdépendance dans laquelle nos destins particuliers se lient. De l’exode des réfugiés à travers le continent jusqu’aux attentats de Paris, toute lecture autocentrée ou hexagonale des évènements en cours est sans issue. Désormais, la libre circulation de la période contemporaine ne concerne pas seulement les individus mais elle intègre aussi la violence.

Or, là est le risque de voir le débat public s’égarer sans issue, dans la prétention qu’existerait une solution exclusivement nationale au défi que les sociétés démocratiques doivent relever. Au prétexte à peine dissimulé qu’à la pêche aux voix, l’argument fait recette.

Certes, l’Europe et ses constructions sécuritaires demeurent des boucs émissaires faciles et cette attitude présente, au demeurant, l’avantage d’éviter la question des responsabilités nationales. L’espace de libre circulation de Schengen constitue l’archétype de ces procès en sorcellerie, ceci avant même que les progrès des investigations policières nous fournissent un tableau plus précis des choses et de leur exacte dimension, internationale ou européenne. Il est donc mis à profit pour essayer de persuader qu’à l’heure d’Internet, guérites et képis seraient une protection imparable. Incapables de gérer hier Sangatte et aujourd’hui Calais, nous serions à même de garantir la sécurité nationale en nous privant de la seule échelle pertinente qui vaille, l’échelle européenne…

Que les inspirateurs et les commanditaires des attentats soient établis à l’étranger ne dissimule en rien la dimension nationale du crime, depuis l’implication de ses auteurs matériels jusqu’au lieu de sa réalisation. Le vieux fantasme de l’ennemi de l’étranger ne résiste guère à l’analyse et celle-ci doit nous conduire à l’introspection. Impossible de réduire ou d’oublier la nationalité française de plusieurs des terroristes. De même, si les yeux se tournent actuellement vers la Belgique, pays voisin, c’est là encore parce que des ressortissants français y auraient séjourné.

Dès lors et comme hier à propos des attentats de janvier, il se confirme malgré nos réticences à l’admettre lucidement que nos propres sociétés ont enfanté des monstres criminels. Une prise de conscience est donc indispensable, avant tout anathème et tout discours guerrier.

Prise de conscience, d’abord, de l’extrême vulnérabilité des sociétés modernes face à une criminalité atypique et asymétrique. Ni ses motivations ni ses modes opératoires ne sont encore pleinement assimilés par le corps social. Les sacrifices humains y sont délibérément assumés par ceux qui en sont à la fois auteurs et victimes. Dans l’histoire du terrorisme en Europe, que 7 des 8 assaillants répertoriés à ce jour se soient fait exploser avec leurs explosifs est une première, absolument terrifiante et sur les ressorts de laquelle nous devrions nous interroger en priorité. Elle exprime une détermination et une radicalisation extrêmes qui condamnent largement l’action policière à l’impuissance, malgré tous ses efforts et ses qualités.

Prise de conscience, ensuite, de ce que ce mal n’est pas propre à une société nationale mais qu’il frappe l’ensemble de l’Union européenne. De façon quasiment identique, avec ou sans usage du principe de laïcité ou du respect de la diversité culturelle et religieuse, la société européenne s’avère incapable de dégager une réponse audible et convaincant dans un combat d’idées qui conduit à perdre celui des valeurs.

Le juge de ses consciences lui-même, la Cour européenne des droits de l’Homme, vient de témoigner récemment en Grande Chambre de son impuissance à dessiner clairement les frontières de la liberté d’expression. Stigmatisant avec facilité les insanités de Dieudonné ou la négation de la Shoah, il tolère de façon passablement discutable la marge d’appréciation des Etats en matière de génocide arménien … Sans curseur, comment imaginer alors de façon efficace et incontestable un encadrement législatif de cette liberté en Europe, face aux discours radicaux ?

Prise de conscience enfin de ce que l’abandon des questions sécuritaires au fond de commerce des partis extrémistes est une erreur couteuse. Elle alimente à la fois un sentiment désormais injustifié de quiétude civile mais elle risque aussi de nourrir la surenchère et l’excès dans la réaction politique, une fois la menace concrétisée. L’unanimité du pessimisme des services de sécurité français quant à la vraisemblance d’attentats graves contraste ici depuis de longues semaines avec le discours public aseptisé et politiquement correct.

De ce destin commun, manifestement, nombre d’acteurs politiques n’ont pas pris la mesure, préférant évaluer les avantages politiciens qu’ils en escomptent dans les échéances à venir.

Passe encore que l’effet d’aubaine ravisse les tenants des partis extrêmes. Il est moins normal que les représentants de certains Etats membres, comme la Pologne, se saisissent de la situation pour y trouver prétexte à habiller leur refus d’une politique commune d’asile et d’immigration actée à Lisbonne. Et il n’est pas davantage explicable que le souhait « d’une nouvelle politique européenne d’immigration » fasse irruption dans l’allocution d’un ancien Président de la République à un instant de l’enquête où la seule nationalité connue des criminels est française …

A bon escient, Jean Claude Juncker a donc raison d’inciter à ne pas confondre les victimes, que sont l’immense majorité des syriens fuyant l’Etat islamique, et les criminels, que sont leurs tortionnaires.

2. La guerre et le droit

L’outrance des propos tenus ici et là peut s’expliquer par la gravité et l’émotion du moment. Si elle n’a qu’un mérite, c’est de signifier à quel point les attentats de Paris trouvent leurs racines à l’extérieur du territoire de l’Union.

A user d’un mot, la « guerre », qu’il faudrait manier avec précaution face à ce qui est avant tout un crime au sens de la loi pénale, comme y incitent justement Bertrand Badie ou un ancien premier ministrefrançais, les autorités françaises n’ont pas réalisé à quel point les conséquences en étaient prévisibles. Le droit ne peut y être indifférent et le respect du principe de légalité doit demeurer l’axe de notre réaction.

Passons sur le fait que les juristes demeurent interrogatifs sur certaines formes de l’action militaire sur les théâtres d’opération extérieurs, à commencer par l’élimination physique de l’adversaire. N’en restons qu’aux suites de l’abus des postures martiales, inversement proportionnelles à la réalité concrète de trois bombardements aériens en trois mois.

Il ne fallait guère être devin pour comprendre que la propagande terroriste s’en nourrirait pour désigner ses objectifs opérationnels, en toute indifférence pour la subtilité de nos positionnements diplomatiques. « Faire la guerre » implique de se placer sous le feu de l’adversaire et s’il n’est pas certain que l’opinion française en ait eu conscience, il est sûr en revanche que nul ne le lui a expliqué franchement …

Quitte à le faire, sans doute fallait-il introduire alors une cohérence plus grande dans la conduite de cette diplomatie. Par exemple envers les Etats qui sont les soutiens à peine déguisés de l’Etat islamique en Syrie et contribuent dans le même temps à équilibrer notre commerce extérieur, à notre grande satisfaction. Peut-être était-il bon aussi de déployer toute l’énergie nécessaire pour faire le jour sur les circuits de financement et de commercialisation de ses rapines par le même Etat islamique, au vu et au su de tous, au besoin en s’intéressant aux ambiguïtés du comportement des autorités turques et de ses voisins …

Par ailleurs, les outils juridiques et opérationnels de la réponse au terrorisme qui avaient fait l’objet de sévères mises en cause, au plan européen comme national, appellent immédiatement un examen attentif. Gérer la crise en termes militaires n’empêchera pas de se livrer à l’évaluation de ce qui a été fait ou pas depuis 10 mois et les attentats de Charlie Hebdo.

La mise en cause de l’entraide répressive européenne à l’époque a eu, au moins, des effets visibles. Les autorités allemandes ont ainsi immédiatement fait état de l’arrestation d’un suspect, muni d’armes et apparemment à destination de la France. Les prolongements de l’enquête vers la Belgique sont plus significatifs encore de la parenté des inquiétudes et de la qualité des coopérations. A la fois parce que la Belgique s’avère être un centre névralgique de l’action radicale islamique en Europe, comme en témoignent les affaires Nemmouche ou celle du Thalys, mais aussi comme l’illustre le nombre sidérant de « combattants étrangers » qui en partent.

L’impuissance des autorités publiques belges à y faire face, 6 services de police et 19 municipalités différentes y concourent en vain (!!!) dans la banlieue bruxelloise, démontre si besoin en était la nécessité d’une action concertée. Deux des kamikazes français identifiés n’y résidaient-ils pas ? La qualité des échanges et des contrôles Schengen est une réponse avérée en ce sens. Le partage d’expérience aussi.

Précédant le point d’étape qui devait être effectué en tout état de cause en Conseil au mois de décembre, les constats du coordinateur de la lutte contre le terrorisme devraient être instructifs de ce point de vue quant au degré d’engagement des Etats membres dans la lutte contre le terrorisme. Des indicateurs communs de risques positivés par la Commission à l’alimentation des fichiers tels que le SIS II ou le fichier Europol consacré aux « combattants étrangers » ou à l’entraide judiciaire au sein d’Eurojust, l’ambiance a changé. Elle semble, en tous cas, différente, au regard de ce qu’elle était au lendemain des attentats de Charlie Hebdo.

Pour autant, les résistances du passé ne sont pas entièrement dépassées. S’il est trop tôt pour en évaluer l’impact dans le schéma criminel qui a conduit aux attentats de Paris, il conviendra de les confronter aux conclusions des diverses commissions d’enquête ayant fait suite aux attentats de janvier, à l’Assemblée nationale comme au Sénat.

La tonalité du discours des autorités françaises n’est guère encourageante de ce point de vue, à écouter les propos pontifiants de leur ministre de l’Intérieur. Lecture purement intergouvernementale de cette coopération, silence sur les organes intégrés que sont Eurojust ou Europol et la valeur ajoutée que pourrait fournir une coordination européenne de la poursuite, impasse sur le caractère obligatoire que devrait présenter cette coopération au regard du traité de Lisbonne et sur la sanction des Etats défaillants, il semble que le logiciel de nombre d’Etats membres, dont le nôtre, n’ait guère été mis à jour depuis Maastricht.

Ont-ils pris conscience que le monde et ses dangers ont changé et que le besoin de sécurité de ses citoyens est pourtant le moteur le plus fort de l’intégration européenne ?

A new wideranging EP resolution on mass surveillance in the “post Snowden” (and Schrems ) era.

Below the provisional text voted yesterday 29 October by the European Parliament on mass surveillance and violation of fundamental rights to privacy and data protection. The press has already highlighted that  the EP voted by 285 to 281 to call on the member states to “drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties, in recognition of his status as whistle-blower and international human rights defender”. Moreover  the EP  calls on the Commission to give consideration to the impact of the Court of Justice Safe Harbor ruling of 6 October on any other instruments for the transfer of personal data to the US and to report on the matter by the end of 2015.  Very rightly the Strasbourg plenary acknowledges that the Court ruling “has confirmed the long-standing position of Parliament regarding the lack of an adequate level of protection under this instrument” so that the Commission has to “immediately take the necessary measures to ensure that all personal data transferred to the US are subject to an effective level of protection that is essentially equivalent to that guaranteed in the EU”.

But here is the point : bulk collection of personal data (as foreseen by several US practices agreed with the EU in the PNR and TFTP cases) are not themselves threatening the “essence” of data protection under EU law as protected by the art.52 of the EU Charter of fundamental rights so that they are no negotiable even with the best friend and ally such the USA? 

Passed by 342 votes to 274 , with 29 abstentions, this is a center-left resolution where liberals and socialists voted together but (not surprisingly) EPP and ECR voted against. In this legislature where socialists and conservatives have created a sort of “grosse Koalitionen” the text risks to be only a political gesture before the public opinion if not followed by consistent votes on the legal binding texts currently on the EP table such as the data protection reform or the transatlantic negotiations on the so called “umbrella agreement” and on “Safe Harbor”.

Moreover the text even if criticizes the European Commission as “inadequate” and evokes the possibility of a “fail to act” against it does not triggers it. The risk is then this very inspired and solid text remains a toothless tiger.. The coming weeks will show if this tiny majority will be confirmed when the post-Lisbon data protection reform will be voted.

Emilio De Capitani

European Parliament resolution of 29 October 2015 on the follow-up to the EP resolution of 12 March 2014 on the electronic mass surveillance of EU citizens (2015/2635(RSP)) Continue reading “A new wideranging EP resolution on mass surveillance in the “post Snowden” (and Schrems ) era.”

The law enforcement challenges of cybercrime: are we really playing catch-up?

FULL STUDY ( 68 pages) ACCESSIBLE HERE

Abstract : This study was commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the LIBE Committee. With a number of high-profile criminal cases, such as ‘Silk Road’, cybercrime has been very much in the spotlight in recent years, both in Europe and elsewhere. While this study shows that cybercrime poses significant challenges for law enforcement, it also argues that the key cybercrime concern for law enforcement is legal rather than technical and technological. The study further underlines that the European Parliament is largely excluded from policy development in the field of cybercrime, impeding public scrutiny and accountability. AUTHOR(S): Dr. Ben Hayes, Dr. Julien JeandesbozDr. Francesco Ragazzi, Dr. Stephanie Simon, and Prof. Valsamis Mitsilegas.

EXECUTIVE SUMMARY

Cybercrime has become one of the key priorities for EU law enforcement agencies, as demonstrated by the establishment of the European Cybercrime Centre (EC3) in January 2013 and the development of specific European threat assessment reports in this field. High-profile criminal investigations such as the ‘Silk Road’ case, major data breaches or particularly nefarious hacks or malware attacks have been very much in the spotlight and widely reported in the media, prompting discussions and debates among policymakers and in law enforcement circles. Over the last few months, the cybercrime debate has specifically evolved around the issue of encryption and anonymisation.

In this context, this Study argues that debates on the law enforcement challenge of cybercrime in the EU should steer clear both of doomsday scenarios that overstate the problem and scepticism that understates it, and that the key cybercrime concern for law enforcement is legal in nature rather than simply technical and technological. Indeed, the Study finds that the key challenge for law enforcement is the lack of an effective legal framework for operational activities that guarantees the fundamental rights principles enshrined in EU primary and secondary law.

In order to address this core argument, this Study starts by analysing claims and controversies over the Internet ‘going dark’ on law enforcement (Section 2). It shows that these claims have been made for quite some time and should be considered as moral panics rather than accurate reflections of the challenges posed by cybercrime to law enforcement. Moreover, current controversies rehash older ones, conflating law enforcement concerns with intelligence-gathering and surveillance concerns. Without denying the fact that criminal activities do take place online, pose technical difficulties to law enforcement services and require the availability of specific capabilities, this section demonstrates that these difficulties do not impede criminal investigation to such an extent that exceptional means should be envisaged. While these technical aspects need to be considered, they raise issues related to policy and law rather than technology as such. The policy and law-related challenges are made greater by the fact that defining cybercrime is not an easy task. Very broad definitions have been adopted at the EU level, often leading to overlapping and sometimes conflicting mandates.

Section 3 thus analyses the institutional architecture of EU cybercrime policy. It shows that the complexity of cybercrime measures and the expansive mandates and number of actors involved in their implementation make it difficult to ascertain and circumscribe the full scope of EU cybercrime policy. Whereas the Council of Europe (CoE) sought to codify cybercrime powers into an international convention, much of the EU’s policy to fight cybercrime is based on non-legislative measures, including operational cooperation and ad hoc public-private partnerships. Furthermore, important distinctions and restrictions designed to ensure a ‘separation of powers’ between state agencies concerned with law enforcement (cyber-policing), civil protection (cybersecurity), national security (cyber-espionage) and military force (offensive cyber capabilities) are harder to distinguish in the area of cybercrime, at both national and EU level. Section 3 underlines that, within this complex architecture, and with the blurring of the boundaries between those responsible for policing the Internet, for gathering intelligence from it, for conducting cyber-espionage against foreign targets, and for ensuring the safety of critical internet infrastructure, the European    Parliament    and    civil    society    are    largely    excluded    from    policy development, impeding public scrutiny and accountability. This compounds the EP’s existing problems in ensuring that fundamental rights and data protection are diligently protected in the area of justice and home affairs.

In light of these gaps in oversight and accountability, Section 4 analyses in particular the challenge of jurisdiction, cooperation and fundamental rights safeguards. This section argues that operational challenges in cybercrime law enforcement do not change the obligation of EU institutions and Member States to ensure the safeguarding of EU fundamental rights in any operating framework of internal or transnational cooperation in law enforcement and criminal justice. Cybercrime law enforcement frequently cites the challenge of accessing and transferring data through existing Mutual Legal Assistance agreements. Yet practices taken outside of established legal channels cannot guarantee rights protections and run the risk of raising mistrust in the general public, the private sector and in transatlantic relations. Furthermore, across the spectrum of cybercrime prevention, investigation, and prosecution, the particular geography of the digital environment is said to complicate the traditional territorial foundations of law. Law enforcement bodies make continuous reference to the ways in which traditional legal structures stand in the way of operations. However, an updated legal framework designed to overcome these challenges should foreground fundamental rights concerns, which are essential to ensure due process and a necessary condition for the successful prosecution of cybercriminal offences.

In light of these findings, the Study concludes with key recommendations for the European Parliament.

In particular, to ensure that the Parliament is not marginalised altogether with respect to the implementation and review of EU cybercrime policies by the exercise of delegated   powers,   EU   agency   discretion   and   non-legislative   decision-making   bodies, further monitoring of EU council structures, Europol and international cooperation agreements is required (Recommendation 1).

Moreover, the EP should ensure that the development of any cooperation/information-sharing framework guarantees the respect of fundamental rights (Recommendation 2).

In light of the current discussions on a revised CoE Cybercrime Convention, the European Parliament should, further, ensure that the Conventions obligations are consistent with EU law and fundamental rights protections (Recommendation 3).

The EP must also ensure that cybercrime is not used as a justification to undermine new information security protocols and the right to privacy in telecommunications, both of which are fundamental components of the functioning of the Internet (Recommendation 4).

Finally, if European law enforcement agencies need to keep pace with technological change, it is imperative that training courses on cybercrime forensics and digital evidence include an applied fundamental rights component (Recommendation 5).

Continue reading…

Cybersecurity in the European Union and Beyond: Exploring the Threats and Policy Responses

FULL STUDY ( 152 pages) ACCESSIBLE HERE 

This study was commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the LIBE Committee. It sets out to develop a better understanding of the main cybersecurity threats and existing cybersecurity capabilities in the European Union and the United States. The study further examines transnational cooperation and explores perceptions of the effectiveness of the EU response, pinpointing remaining challenges and suggesting avenues for improvement. AUTHORS : Dr Nicole van der Meulen, Eun A Jo and Stefan Soesanto (RAND Europe)

EXECUTIVE SUMMARY

The European Commission published the European Union Cyber Security Strategy along with the accompanying proposal for a Network and Information Security (NIS) Directive in 2013. Since the proposal was published, the cybersecurity landscape has continued to evolve, leading to questions regarding the nature and seriousness of the cyberthreats faced by the European Union (EU), the capabilities of Member States to manage these threats and respond to incidents, and the effectiveness of these capabilities. At the time of writing, discussions about the content and scope of the proposed NIS Directive are continuing. This study of cybersecurity threats in the EU was commissioned by the European Parliament (EP). It has five objectives:

  • To identify key cyberthreats facing the EU and the challenges associated with their identification.
  • To identify the main cybersecurity capabilities in the EU.
  • To identify the main cybersecurity capabilities in the United States (US).
  • To assess the current state of transnational cooperation.
  • To explore perceptions of the effectiveness of the current EU response.

Defining cybersecurity

Any study of cybersecurity must reflect on the challenges introduced by the different meanings of the term. There is no consensus on a standard or universally accepted definition of cybersecurity. The term cybersecurity has roots in information security but is now used to refer to a broader range of issues, linked to national security. The observation that cybersecurity means different things to different people is not without its consequences. How the issue is framed influences what constitutes a threat as well as what counter-measures are needed and justified.

Mapping cybersecurity threats

The study team’s analysis of six threat assessments1 and an existing meta-analysis carried about by Gehem et al. (2015) highlight the difficulty with systematically comparing threat assessments and gauging the reliability of data and findings on the basis of which threat assessments are conducted. The challenge rests in part in the absence of a commonly accepted definition of what constitutes a threat and the variation in the methodology and metrics used for threat assessments. Moreover, some threat assessments reference or are based on other threat assessments, rather than original sources, leading to potential duplication of findings and lack of clarity about the evidence underlying threat assessments. As a result, there is no clearly established framework to classify and map threats.

The study team created a framework for mapping threats. The framework distinguishes:

  • Threat    actors:    states,    profit-driven    cybercriminals,    and    hacktivists   and extremists.
  • Threat tools: malware and its variants, such as (banking) Trojans, ransomware, point-of-sale malware, botnets and exploits.
  • Threat   types:   unauthorised   access,   destruction,   disclosure,   modification   of information and denial of service.

The mapping of the cyberthreat landscape through the review of the six threat assessments was complemented by a discussion on the varying perceptions of the severity of threats and the concept of‘threat inflation’.

Cybersecurity capabilities in the EU

To respond to the evolving threat in the area of cybersecurity, the EU has aimed to provide an overarching response through the publication of the EU Cyber Security Strategy together with the proposed NIS Directive. The Strategy identifies five objectives including:

  • Achieving cyberresilience.
  • Drastically reducing cybercrime.
  • Developing   cyberdefence   policy  and   capabilities  related  to  the  Common Security and Defence Policy (CSDP).
  • Developing the industrial and technological resources for cybersecurity.
  • Establishing   a   coherent   international   cyberspace   policy  for  the   EU   and promote core EU values.

This study focuses on providing a descriptive overview of capabilities for the first three objectives. Capabilities for the purposes of this study have been operationalised as institutional structures, such as agencies and departments.

  • In the area of cyberresilience, the European Network and Information Security Agency (ENISA) is the primary player at the EU level. ENISA is tasked with addressing the existing fragmentation in the European approach to cybersecurity, namely by bridging the capability gaps of its Member States. In the cybercrime domain, the European Cyber Crime Centre (EC3) serves as a European cybercrime platform. Besides combatting cybercrime, EC3 also gathers cyberintelligence and serves as an intermediary among various stakeholders, such as law enforcement authorities, Computer Emergency Response Teams (CERTs), industry and academia.
  • In the area of cyberdefence, the European Defence Agency (EDA) supports the capability development necessary to implement the Strategy. Its most apparent activities remain in research and development and designing a common crisis response platform. Given that foreign and defence policies have conventionally been areas of domestic competence, it is understandable that EU-wide cyberdefence capabilities have developed at a different pace compared to the other two objectives, cyberresilience and cybercrime.

Cybersecurity capabilities in the US

Cybercapabilities in the US are challenging to map in a comprehensive manner. The tendency to layer initiatives and agencies makes navigating the different components difficult. For the purposes of a high-level comparison with the EU cyber capabilities, the study focuses on key institutional players and their roles in relation to three strategic priorities: cyberresilience, cybercrime and cyberdefence.

  • In the area of cyberresilience, the Department of Homeland Security (DHS) is the formal leader. The DHS is responsible for securing federal civilian government networks, protecting critical infrastructure and responding to cyberthreats.
  • In the area of cybercrime, the US has not designated any lead investigative agency. Instead, numerous federal law enforcement agencies combat cybercrime in their own capacity. These include the US Secret Service (USSS) and the US Immigration and Customs Enforcement (ICE) Cyber Crimes Center, which are both  agencies  within  the  DHS.  The  Federal   Bureau  of Investigation  (FBI)’s cyberdivision is also involved.
  • In cyberdefence, the Department of Defence (DoD) plays a leading role. It is readily apparent from the DoD’s multiple publications that the US has become more open about its capabilities and willing to name its adversaries. The DoD is also increasingly encompassing in its response to cyberthreats over time, investing in both defensive as well as offensive cybercapabilities, as detailed in its cyberdefence strategy published in April 2015. Commentators note that deterrence is a key characteristic of the US cyberdefence strategy.

Transnational cooperation

The necessity to engage in transnational cooperation to counter the complex challenge posed by cybercrime is widely recognised both inside and outside the EU. Transnational cooperation exists at both the strategic and the operational level. The EU-US Working Group on Cybersecurity and Cybercrime is an example of strategic cooperation and is the first transatlantic dialogue to tackle common challenges in the area of cybercrime and cybersecurity. On an operational level, transnational cooperation has manifested through a range of activities, from botnet takedown to disruption of underground forums.

Challenges, however, remain in the area of combatting cybercrime as identified by the study team through the interviews. Mutual Legal Assistance Treaties (MLATs) are widely regarded as outdated and obstacles to effective and timely information sharing. Further, the importance of acquiring data for investigations is debated among law enforcement agencies and civil society groups. Deconfliction – avoiding the duplication or conflict of efforts – is another challenge. Due to the involvement of various stakeholders, cooperation is essential to avoid potentially disrupting others’ efforts. The draft Europol Regulation contains provisions that interviewees have reported could complicate the attainment of information from the private sector, possibly obstructing future operations.2

Effectiveness of the EU response

Ideally, capabilities respond directly to threats and the effectiveness of the EU response can be measured by noticeable changes in the threat landscape. However, such an assessment is not feasible; there is not enough information available in the public domain and measurement problems persist. Moreover, the EU response is still very much in development and geared towards addressing fragmentation in its approach to cybersecurity, as well as the approach taken by the 28 Member States. This consists of harmonising strategies and standards and coordinating regulatory interventions, as well as facilitating (or more precisely, requiring) information sharing and gap closures between Member States. Due to the inherently relative nature of cybersecurity and the challenges associated with attaining cyberresilience, it is difficult to state whether the new initiatives have been successful. Given these challenges to measuring effectiveness, the study team explored perceptions about the effectiveness of the EU response based on existing commentary and supplemented with interviewees’ responses.
 
The first key finding in relation to the perceived effectiveness of the EU response is that while there is still fragmentation, there is also discernible improvement. Particularly noteworthy is the strategic cooperation agreement between ENISA and EC3, which aims to facilitate closer cooperation and the exchange of expertise. However, questions remain about fragmentation, especially with respect to the proposed NIS Directive. Various points of dissension remain as the trilogue negotiations between the European Commission, European Parliament and the Council of the European Union continue. Moreover, fragmentation is notable not only in terms of operational capabilities but also in terms of Member States’ understanding of the cyberdomain. Bridging these gaps will therefore require technical support as well as strategic guidance.

The second finding is that differences in opinion persist as to whether the overall approach to cybersecurity should be voluntary and informal or mandatory and formal. For example, the CERT community, which has conventionally relied on voluntary participation and cooperation between private and public entities, appears less willing to move to a system in which information sharing is mandatory. In contrast, other security agencies favour law enforcement and support more stringent requirements, for instance in information sharing, as they believe voluntary reporting has failed.

Third, as the new approach proposed through the Strategy and the draft NIS Directive is largely regulatory in nature, the issue of scope – in terms of the entities formally included as having a role in cybersecurity – is heightened and contested. One issue is whether Internet service providers (ISPs) should be included. These scoping challenges are likely to exacerbate existing contentions surrounding the NIS Directive and call into question whether the present regulatory approach is appropriate to secure European cyberspace.

Policy options

Based on this study’s findings the research team suggests the following policy options for the European Parliament’s consideration in terms of EU action on cybersecurity. Each option is elaborated in the Conclusion.

  1. Encourage ENISA, EC3 and others involved in European cyberthreat assessments to investigate further harmonisation of threat assessments, which can effectively incorporate information from Member States and other EU agencies and provide clearer indications of the evidence base for the assessment. This recommendation follows from the findings from the review of threat assessments undertaken for this study.
  2. Make use of existing structures as much as possible. One of the concerns identified by the study team – from a review of existing literature and in interviews with experts – was the tendency of the Commission to develop new structures and exclude existing initiatives and agencies.
  3. Consider reinserting law enforcement in the Network and Information Security (NIS) Directive. The attempt to overcome fragmentation at the EU level is hampered by the exclusion of law enforcement from provisions in the proposed NIS Directive.
  4. Ensure Europol has speedy and more direct access to information from the private sector. Speedy access to relevant information from the private sector is essential for Europol to combat transnational cybercrime. There is potential for this access to be hindered by having to go through the Member States, which may reduce the effectiveness of Europol’s operations, especially as Europol cooperates with partners at the transnational level.
  5. Assess what capability gaps actually exist between the Member States and measure progress. Despite the claims about gaps between Member States, our research suggests that there is very little empirical evidence to indicate which States are more advanced than others and in what areas. To improve this situation and to develop a better understanding of these gaps, ranking Member States and identifying areas of improvement could be made more explicit.

…continue reading

NOTES

1  (ACSC: Threat Report; BSI: State of IT Security Germany; ENISA: Threat Landscape (ETL); Europol: Internet Organised Crime Threat Assessment (iOCTA); NCSC: Cyber Security Threat Assessment the Netherlands (CSAN); Verizon: Data Breach Investigations Report (DBIR).
2 European Parliament. 2014b. Legislative resolution of 25 February 2014 on the proposal for a regulation of the European Parliament and of the Council on the European Union Agency for Law Enforcement Cooperation and Training (Europol) and repealing Decisions 2009/371/JHA and 2005/681/JHA. P7_TA(2014)0121 (COM(2013)0173 – C7-0094/2013 – 2013/0091(COD)). As of 12 October 2015: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&reference=P7-TA-2014-0121&language=EN&ring=A7-2014-0096

 

“Foreign Fighters” and EU implementation of the UNSC resolution 2178. Another case of “Legislate in haste, repent at leisure…” ? (2)

by Dalila DELORENZI (FREE Group Trainee – Original in Italian)

1. Foreword
As the hostilities in Syria and Iraq continue and terrorism activities worldwide seem to be on the rise, EU Member States are increasingly confronted with the problem of aspiring and returning ‘foreign fighters’ as described already in this blog HERE. More precisely, in the EU the term is used to indicate European citizens who, after leaving to join jihadist groups, may have become further radicalised and acquired combat experience, and therefore be capable of carrying out deadly terrorist attacks once they return to Europe.

Such phenomenon is anything but new; however, its scale certainly is: as illustrated by the rise of the terrorist group calling itself “Islamic state”, the phenomenon has acquired an entirely new dimension – according to the EU intelligence sources 19% of the total fighters originated from the EU.

It explains then the wide perception of these individuals as a serious threat to the security of both individual Member States and the EU as a whole – especially in the aftermath of the recent terrorist attacks occurred in Brussels[1], Paris[2], Copenhagen[3].

Broadly speaking , a different way to envision human mobility and checks at external borders of Schengen has come to light. Whereas initially, they were rather conceived to protect the Schengen area from threats coming from country outside the Schengen zone, now such threat to security is deemed to be already inside the EU, due to the fact that most of the time militants returning to Europe possess the nationality of a Member State.

2. EU response Continue reading ““Foreign Fighters” and EU implementation of the UNSC resolution 2178. Another case of “Legislate in haste, repent at leisure…” ? (2)”

Some notes on the relations between UNSC Resolution 2240 (2015) fighting smugglers in Mediterranean and the EUNAVFOR Med “Sophia” operation

by Isabella Mercone  (Free Group Trainee – Original Version in Italian)

  1. INTRODUCTION

On 9 October 2015, the Security Council of the United Nations adopted Resolution 2240 (2015), authorizing Member States to intercept vessels off  Libyan coast, suspected of migrant smuggling.

The resolution was adopted in a short time, without much discussion and ahead of schedule, with 14 votes in favour and just one abstention (Venezuela). “Incredible!” – Someone could say – “For once, the Security Council succeeded in adopting a resolution on time.” However, the true is that the adopted resolution is not the one imagined in May by the High Representative for Foreign Affairs and Security Policy of the European Union, Federica Mogherini, when operation EUNAVFOR Med was launched. But let’s go one step at a time: let’s see first where the idea of ​​EUNAVFOR Med came from and what is its goal, and let’s try to understand why the EU should have required a resolution by the Security Council, allowing it to intervene in the Mediterranean and dismantle the smuggling of migrants.

  1. THE OPERATION EUNAVFOR MED (now renamed “SOPHIA”)

Continue reading “Some notes on the relations between UNSC Resolution 2240 (2015) fighting smugglers in Mediterranean and the EUNAVFOR Med “Sophia” operation”

EU-US Umbrella Data Protection Agreement : Detailed analysis by Douwe Korff

14 October 2015 (NOTA BENE : This text is more than 60 pages)

by Douwe KORFF (FREE GROUP MEMBER)

About the Fundamental Rights Europe Expert Group (FREE): The Fundamental Rights European Experts Group (FREE Group : http://www.free-group.eu)  is a Belgian non governmental organisation (Association Sans But Lucratif (ASBL) Registered at Belgian Moniteur: Number 304811. According to art 3 and 4 of its Statute ( see below *) the association focus is on monitoring, teaching and advocating in the European Union freedom security and justice related policies. In the same framework we follow also the EU actions in protecting and promoting EU values and fundamental rights in the Member States as required by the article 2, 6 and 7 of the Treaty on the European Union (risk of violation by a Member State of EU founding values)

About the author: Douwe Korff is a Dutch comparative and international law expert on human rights and data protection. He is Emeritus Professor of International Law, London Metropolitan University; Associate, Oxford Martin School, University of Oxford (Global Cybersecurity Capacity Centre); Fellow, Centre for Internet & Human Rights, University of Viadrina, Frankfurt/O and Berlin; and Visiting Fellow, Yale University (Information Society Project).

Acknowledgments: The author would like to express his thanks to Mme. Marie Georges and Prof. Steve Peers, members of FREE Group, for their very helpful comments on and edits of the draft of this Note.

OVERALL CONCLUSIONS

We believe the following aspects of the Umbrella Agreement violate, or are likely to lead to violations of, the Treaties and the EU Charter of Fundamental Rights:

  1. The Umbrella Agreement appears to allow the “sharing” of data sent by EU law enforcement agencies to US law enforcement agencies with US national security agencies (including the FBI and the US NSA) for use in the latter’s mass surveillance and data mining operations; as well as the “onward transfer” of such data to “third parties”, including national security agencies of yet other (“third”) countries, which the Agreement says may not be subjected to “generic data protection conditions”;
  2. The Umbrella Agreement does not contain a general human rights clause prohibiting the “sharing” or “onward transfers” of data on EU persons, provided subject to the Agreement, with or to other agencies, in the USA or elsewhere, in circumstances in which this could lead to serious human rights violations, including arbitrary arrest and detention, torture or even extrajudicial killings or “disappearances” of the data subjects (or others);
  3. The Umbrella Agreement does not provide for equal rights and remedies for EU- and US nationals in the USA; but worse, non-EU citizens living in EU Member States who are not nationals of the Member State concerned – such as Syrian refugees or Afghan or Eritrean asylum-seekers, or students from Africa or South America or China – and non-EU citizens who have flown to, from or through the EU and whose data may have been sent to the USA (in particular, under the EU-US PNR Agreement), are completely denied judicial redress in the USA under the Umbrella Agreement.

In addition:

  1. The Umbrella Agreement in many respects fails to meet important substantive requirements of EU data protection law;
  2. The Umbrella Agreement also fails to meet important requirements of EU data protection law in terms of data subject rights and data subjects’ access to real and effective remedies; and
  3. In terms of transparency and oversight, too, the Umbrella Agreement falls significantly short of fundamental European data protection and human rights requirements.

The Agreement should therefore, in our view, not be approved by the European Parliament in its present form.

FULL TEXT OF THE ANALYSIS 

  1. Introduction / Background

Continue reading “EU-US Umbrella Data Protection Agreement : Detailed analysis by Douwe Korff”

UNSC RESOLUTION 2240(215) (NB:fighting smugglers and traffickers in the Mediterranean Sea)

NOTA BENE : After UNSC Resolution 2178(2014) on Foreign Fighters aiming to address a problem raised notably by the EU, UNSC Resolution 2240(2015) paves now the way for a strenghtened  EU intervention against smugglers and traffickers in the South Mediterranean currently conducted in the framework of the Operation EUNAVFOR -Sophia. Emphasis have been added to the original text and comment will follow in the coming days 

UNITED NATIONS 

Resolution 2240(2015) Adopted by the Security Council at its 7531st meeting, on 9 October 2015

The Security Council,

Recalling  its press statement of 21 April on the maritime tragedy in the Mediterranean Sea,

Reaffirming its strong commitment to the sovereignty, independence, territorial integrity and national unity of Libya,

Recalling that international law, as reflected in the United Nations Convention on the Law of the Sea of 10 December 1982, sets out the legal framework applicable to activities in the ocean,

Reaffirming also the United Nations Convention against Transnational Organized Crime (UNTOC Convention) and its Protocol against the Smuggling of Migrants by Land, Air and Sea, as the primary international legal instruments to combat the smuggling of migrants and related conduct, and the Protocol to Prevent, Suppress and Punish Trafficking in Persons,

Especially Women and Children, supplementing the UNTOC Convention, as the primary international legal instruments to combat trafficking in persons,

Underlining that, although the crime of smuggling of migrants may share, in some cases, some common features with the crime of trafficking in persons, Member States need to recognise that they are distinct crimes, as defined by the UNTOC Convention and its Protocols, requiring differing legal, operational, and policy responses,

Deploring the continuing maritime tragedies in the Mediterranean Sea that have resulted in hundreds of casualties, and noting with concern that such casualties were, in some cases, the result of exploitation and misinformation by transnational criminal organisations which facilitated the illegal smuggling of migrants via dangerous methods for personal gain and with callous disregard for human life,

Expressing grave concern at the recent proliferation of, and endangerment of lives by, the smuggling of migrants in the Mediterranean Sea, in particular off the coast of Libya and recognizing that among these migrants may be persons who meet the definition of a refugee under the 1951 Convention relating to the Status of Refugees and the 1967 Protocol thereto,

Emphasizing in this respect that migrants, including asylum-seekers and regardless of their migration status, should be treated with humanity and dignity and that their rights should be fully respected, and urging all States in this regard to comply with their obligations under international law, including international human rights law and international refugee law, as applicable, stressing also the obligation of States, where applicable, to protect the human rights of migrants regardless of their migration status, including when implementing their specific migration and border security policies,

Reaffirming in this respect the need to promote and protect effectively the human rights and fundamental freedoms of all migrants, regardless of their migration status, especially those of women and children, and to address international migration through international, regional or bilateral cooperation and dialogue and through a comprehensive and balanced approach, recognizing the roles and responsibilities of countries of origin, transit and destination in promoting and protecting the human rights of all migrants, and avoiding approaches that might aggravate their vulnerability,

Further recalling the International Convention for the Safety of Life at Sea and the International Convention on Maritime Search  and Rescue,

Expressing further concern that the situation in Libya is exacerbated by the smuggling of migrants and human trafficking into, through and from the Libyan territory, which could provide support to other organised crime and terrorist networks in Libya,

Mindful of its primary responsibility for the maintenance of international peace and security under the Charter of the United Nations,

Underlining the primary responsibility of the Libyan Government to take appropriate action to prevent the recent proliferation of, and endangerment of lives by, the smuggling of migrants and human trafficking through the territory of Libya and its territorial sea,

Mindful of the need to support further efforts to strengthen Libyan border management, considering the difficulties of the Libyan Government to manage effectively the migratory flows in transit through Libyan territory, and noting its concern for the repercussions of this phenomenon on the stability of Libya and of the Mediterranean region,

Welcoming support already provided by the most concerned Member States, including Member States of the European Union (EU), taking into account inter alia the role of FRONTEX and the specific mandate of EUBAM Libya in support of the Libyan Government, and by neighbouring States,

Acknowledging the European Council statement of 23 April 2015 and the press statement of the African Union Peace and Security Council of 27 April, which underlined the need for effective international action to address both the immediate and long-term aspects of human trafficking towards Europe,

Taking note of the Decision of the Council of the European Union of 18 May 2015 setting up ‘EUNAVFOR Med’ which underlined the need for effective international action to address both the immediate and long-term aspects of migrant smuggling and human trafficking towards Europe,

Taking further note of the ongoing discussions between the EU and the Libyan Government on migration related issues,

Expressing also strong support to the States in the region affected by the smuggling of migrants and human trafficking, and emphasizing the need to step up coordination of efforts in order to strengthen an effective multidimensional response to these common challenges in the spirit of international solidarity and shared responsibility, to tackle their root causes and to prevent people from being exploited by migrant smugglers and human traffickers,

Acknowledging the need to assist States in the region, upon request, in the development of comprehensive and integrated regional and national strategies, legal frameworks, and institutions to counter terrorism, transnational organised crime, migrant smuggling, and human trafficking, including mechanisms to implement them within the framework of States’ obligations under applicable international law,

Stressing that addressing both migrant smuggling and human trafficking, including dismantling smuggling and trafficking networks in the region and prosecuting migrant smugglers, and human traffickers requires a coordinated, multidimensional approach with States of origin, of transit, and of destination, and further acknowledging the need to develop effective strategies to deter migrant smuggling and human trafficking in States of origin and transit,

Emphasizing that migrants should be treated with humanity and dignity and that their rights should be fully respected, and urging all States in this regard to comply with their obligations under international law, including international human rights law and international refugee law, as applicable,

Bearing in mind the obligations of States under applicable international law to exercise due diligence to prevent and combat migrant smuggling and human trafficking, to investigate and punish perpetrators, to identify and provide effective assistance to victims of trafficking and migrants and to cooperate to the fullest extent possible to prevent and suppress migrant smuggling and human trafficking,

Affirming the necessity to put an end to the recent proliferation of, and endangerment of lives by, the smuggling of migrants and trafficking of persons in the Mediterranean Sea off the coast of Libya, and, for these specific purposes, acting under Chapter VII of the Charter of the United Nations,

  1. Condemns all acts of migrant smuggling and human trafficking into, through and from the Libyan territory and off the coast of Libya, which undermine further the process of stabilisation of Libya and endanger the lives of thousands of people;
  1. Calls on Member States acting nationally or through regional organisations, including the EU, to assist Libya, upon request, in building needed capacity including to secure its borders and to prevent, investigate and prosecute acts of smuggling of migrants and human trafficking through its territory and in its territorial sea; in order to prevent the further proliferation of, and endangerment of lives by, the smuggling of migrants and human trafficking into, through and from the territory of Libya and off its coast;
  1. Urges Member States and regional organisations, in the spirit of international solidarity and shared responsibility, to cooperate with the Libyan Government, and with each other, including by   sharing   information about acts of migrant smuggling and human trafficking in Libya’s territorial sea and on the high seas off the coast of Libya, and rendering assistance to migrants and victims of human trafficking recovered at sea, in accordance with international law;
  1. Urges States and regional organisations whose naval vessels and aircraft operate on the high seas and airspace off the coast of Libya, to be vigilant for acts of migrant smuggling and human trafficking, and in this context, encourages States and regional organisations to increase and coordinate their efforts to deter acts of migrant smuggling and human trafficking, in cooperation with Libya;
  2. Calls upon Member States acting nationally or through regional organisations that are engaged in the fight against migrant smuggling and human trafficking to inspect, as permitted under international law, on the high seas off the coast of Libya, any unflagged vessels that they have reasonable grounds to believe have been, are being, or imminently will be used by organised criminal enterprises for migrant smuggling or human trafficking from Libya, including inflatable boats, rafts and dinghies;
  1. Further calls upon such Member States to inspect, with the consent of the flag State, on the high seas off the coast of Libya, vessels that they have reasonable grounds to believe have been, are being, or imminently will be used by organised criminal enterprises for migrant smuggling or human trafficking from Libya;
  1. Decides, with a view to saving the threatened lives of migrants or of victims of human trafficking on board such vessels as mentioned above, to authorise, in these exceptional and specific circumstances, for a period of one year from the date of the adoption of this resolution, Member States, acting nationally or through regional organisations that are engaged in the fight against migrant smuggling and human trafficking, to inspect on the high seas off the coast of Libya vessels that they have reasonable grounds to suspect are being used for migrant smuggling or human trafficking from Libya, provided that such Member States and regional organisations make good faith efforts to obtain the consent of the vessel’s flag State prior to using the authority outlined in this paragraph;
  1. Decides to authorise for a period of one year from the date of the adoption of this resolution, Member States acting nationally or through regional organisations to seize vessels inspected under the authority of paragraph 7 that are confirmed as being used for migrant smuggling or human trafficking from Libya, and underscores that further action with regard to such vessels inspected under the authority of paragraph 7, including disposal, will be taken in accordance with applicable international law with due consideration of the interests of any third parties who have acted in good faith;
  1. Calls upon all flag States involved to cooperate with respect to efforts under paragraphs 7 and 8, and decides that Member States acting nationally or through regional organisations under the authority of those paragraphs shall keep flag States informed of actions taken with respect to their vessels, and calls upon flag States that receive such requests to review and respond to them in a rapid and timely manner;
  1. Decides to authorise Member States acting nationally or through regional organisations to use all measures commensurate to the specific circumstances in confronting migrant smugglers or human traffickers in carrying out activities under paragraphs 7 and 8 and in full compliance with international   human   rights   law,   as applicable, underscores that the authorizations in paragraph 7 and 8 do not apply with respect to vessels entitled to sovereign immunity under international law, and calls upon Member States and regional organisations carrying out activities under paragraphs 7, 8 and this paragraph, to provide for the safety of persons on board as an utmost priority and to avoid causing harm to the marine environment or to the safety of navigation;
  1. Affirms that the authorisations provided in paragraphs 7 and 8 apply only with respect to the situation of migrant smuggling and human trafficking on the high seas off the coast of Libya and shall not affect the rights or obligations or responsibilities of Member States under international law, including any rights or obligations under UNCLOS, including the general principle of exclusive jurisdiction of a flag State over its vessels on the high seas, with respect to any other situation, and further affirms that the authorisation provided in paragraph 10 applies only in confronting migrant smugglers and human traffickers on the high seas off the coast of Libya;
  1. Underscores that this resolution is intended to disrupt the organised criminal enterprises engaged in migrant smuggling and human trafficking and prevent loss of life and is not intended to undermine the human rights of individuals or prevent them from seeking protection under international human rights law and international refugee law;
  1. Emphasises that all migrants, including asylum-seekers, should be treated with humanity and dignity and that their rights should be fully respected, and urges all States in this regard to comply with their obligations under international law, including international human rights law and international refugee law, as applicable;
  1. Urges Member States and regional organisations acting under the authority of this resolution to have due regard for the livelihoods of those engaged in fishing or other legitimate activities;
  1. Calls upon all States, with relevant jurisdiction under international law and national legislation, to investigate and prosecute persons responsible for acts of migrant smuggling and human trafficking at sea, consistent with States’ obligations under international law, including international human rights law and international refugee law, as applicable;
  1. Calls for Member States to consider ratifying or acceding to, and for States Parties to effectively implement the Protocol against the Smuggling of Migrants by Land, Sea and Air, supplementing the United Nations Convention against Transnational Organized Crime, and as well as the Protocol to Prevent, Suppress and Punish Trafficking in Persons, Especially Women and Children;
  1. Requests States utilising the authority of this resolution to inform the Security Council within three months of the date of adoption of this resolution and every three months thereafter on the progress of actions undertaken in exercise of the authority provided in paragraphs 7 to 10 above;
  1. Requests the Secretary-General to report to the Security Council eleven months after the adoption of this resolution on its implementation, in particular with regards to the implementation of paragraphs 7 to 10 above;
  1. Expresses its intention to review the situation and consider, as appropriate, renewing the authority provided in this resolution for additional periods;
  1. Decides to remain seized of the matter.