Europol: Europe's potential FBI
As the EU discusses boosting Europol's reach to fight terrorism and crack down on organized crime, experts express concerns about civil liberties violations and the security implications of information sharing.
By Brooks Tigner in Brussels for ISN Security Watch (16/04/07)
The EU's goal to strengthen the European Police Office, otherwise known as Europol, could help to maintain the agency's more passive coordinating role vis-à-vis the bloc's 27 nations. But it also could expand investigative powers and create a new legal status that might eventually convert it into a European equivalent of the powerful US Federal Bureau of Investigation.
While most national law enforcement stakeholders support Europol's forthcoming transformation, civil liberty experts, members of the European Parliament (MEPs) and the EU's own data protection watchdog worry about the new kinds of personal data Europol will collect - and whether it will be handled responsibly when shared with other EU agencies, national authorities or non-EU countries.
One of their main concerns is the new freedom Europol would have to collect data from private bodies such as banks, retailers and private security companies. This possibility "calls for a great deal of thought, since such data may not have been obtained by safe, reliable means," says Spanish MEP Agustin Diaz de Mera, in a new draft report for the Euro-parliament's Civil Liberties Committee. "Additional safeguards - including judicial review - must be introduced."
At issue is a European Commission proposal, unveiled in December, to convert the 12-year-old Europol multilateral organization into a bona fide EU agency, paid and staffed from its resources. The proposal would strengthen Europol in three main ways, by:
* Extending its present mandate beyond investigation of organized crime to include other forms of so-called serious crime such as sex trafficking and child pornography, gun-running, terrorist activities and money-laundering
* Enabling it to receive information and intelligence from private bodies
* Authorizing Europol to participate in investigations with individual national authorities or in joint investigative teams.
The proposal would also require Europol to make its data-procession systems, and in particular the Europol Information system, interoperable with those of the 27 member states and with other EU bodies involved in investigative or judicial work. Examples of the latter are OLAF, the union’s anti-corruption watchdog, or Eurojust, the EU agency that coordinates national judicial activities.
"This will create the technical conditions for the smooth exchange of data, provided legal frameworks to allow such an exchange and without prejudice to basic principles of data protection," the European Commission blandly notes in the explanatory memorandum to its proposal.
Civil liberty concerns
Few dispute the need for a more organized pan-European approach to fighting terrorism or money-laundering. The number of terrorism investigations supported by Europol last year, for example, jumped 50 percent from 40 in 2005 to 60 in 2006.
But civil liberty proponents are especially worried about the privacy implications of two aspects in the proposal: allowing Europol to broaden the scope and sources of intelligence it can trawl and retain, and the notion of linking national law enforcement databases into what effectively will function as a super - and supranational - European database of information.
Europol and other public-sector officials argue this is a necessary condition if Europe is to deal with today's proliferating crime networks.
"We need a mandate wider than that for just organized crime. We are seeing more and more networks of criminals. We have to fight traveling hooligans, the distribution of child pornography and the movement of serial killers. The only way to confront these threats is to create networks of law enforcement authorities as a counterweight," Max-Peter Ratzel, Europol’s director, told a 10 April public hearing of the Civil Liberties Committee.
"We need to move from a need-to-know to a need-to-share basis [among law enforcement authorities in Europe]," he said.
Others are not so sure.
The EU's data privacy watchdog in Brussels, known as the European Data Protection Supervisor, say the proposal's requirement that Europol make its data system interoperable with national ones goes far beyond the mere technical challenge of linking the systems together.
In its 10 March opinion on the Commission’s proposal, the EDPS notes that once databases become interoperable "there will be pressure to actually use this possibility. This poses specific risks related to the principle of purpose limitation" since data can easily be used for purposes different from those for which it was collected.
Civil liberty proponents argue that such implications are all the more worrying in view of disparate national rules covering the collection of personal data by commercial entities, individual freedom-of-access rights to police and judiciary dossiers, and the transfer of intelligence to third countries.
Reputation to consider
Though expressing support for the Commission's proposal in general, Willy Bruggemann, professor at Benelux University Centre in Brussels and former senior deputy director of Europol, told the hearing, "I regret that the EU has no global view on security," regarding the way in which police intelligence should be shared and used.
EU member states are still doing "intelligence shopping," he said. "Sometimes they use Europol, sometimes Interpol [the global equivalent to Europol] and sometimes their own national and regional networks and databases. There's no consistency."
Paul de Hert, a law and criminology expert at the University of Brussels, pointed to another problem: Europol's lack of a proper "adequacy process" for evaluating whether the privacy/confidentiality rules and judicial procedures of third-countries are sufficient to justify sharing data with them. The European Commission applies adequacy procedures when dealing with third countries, for instance.
De Hert noted that EU member states still did not want Europol to have very much power, despite the proposal's provisions.
"If member states bear down too much on Europol [in terms of restricting what it can do with information] but not on themselves, then you may see Europol simply handing over requests from third countries for investigative data to those EU countries whose [less strict] rules allow them to meet the request. This could harm the reputation of the EU as a whole regarding data protection."
Europol officials admit they have an "adequacy problem."
Dietrich Neumann of Europol's legal affairs unit told the hearing that the organization's legal foundation "does fall a little short" of the adequacy criterion. "This is a legal gap," he said, but added that adequacy provision "are not very clear in other EU legal instruments and bodies either."
Calling for the Commission's adequacy process to be incorporated into Europol, de Hert went even further, suggesting that "maybe it would even be a good idea to let Europol handle and evaluate requests for transfers of data to third countries on behalf of all member states."
Another potential risk for personal privacy is Europol's forthcoming absorption of information and intelligence from private entities. In Europol's vastly expanded database "there is no way to separate data collected for counterterrorism purposes from data that citizens will have provide to private companies for other reasons. I repeat: no way to do this. We must address the issue of databases that are created for one purpose but mined for another," said Juliet Lodge, who works at the University of Leeds' Jean Monnet Centre.
"I see another problem, too, with divergent terminology. We need standard, common intelligence terms that everyone understands the same way," she said. "Take biometrics, for example. The US government considers that this includes information about behavior. That opens the door to profiling. Do we want that here in Europe? There must be EU rules on governance in this regard. I see an urgent need for a universal EU code on access to networked intelligence databases."
By Brooks Tigner in Brussels for ISN Security Watch (16/04/07)
The EU's goal to strengthen the European Police Office, otherwise known as Europol, could help to maintain the agency's more passive coordinating role vis-à-vis the bloc's 27 nations. But it also could expand investigative powers and create a new legal status that might eventually convert it into a European equivalent of the powerful US Federal Bureau of Investigation.
While most national law enforcement stakeholders support Europol's forthcoming transformation, civil liberty experts, members of the European Parliament (MEPs) and the EU's own data protection watchdog worry about the new kinds of personal data Europol will collect - and whether it will be handled responsibly when shared with other EU agencies, national authorities or non-EU countries.
One of their main concerns is the new freedom Europol would have to collect data from private bodies such as banks, retailers and private security companies. This possibility "calls for a great deal of thought, since such data may not have been obtained by safe, reliable means," says Spanish MEP Agustin Diaz de Mera, in a new draft report for the Euro-parliament's Civil Liberties Committee. "Additional safeguards - including judicial review - must be introduced."
At issue is a European Commission proposal, unveiled in December, to convert the 12-year-old Europol multilateral organization into a bona fide EU agency, paid and staffed from its resources. The proposal would strengthen Europol in three main ways, by:
* Extending its present mandate beyond investigation of organized crime to include other forms of so-called serious crime such as sex trafficking and child pornography, gun-running, terrorist activities and money-laundering
* Enabling it to receive information and intelligence from private bodies
* Authorizing Europol to participate in investigations with individual national authorities or in joint investigative teams.
The proposal would also require Europol to make its data-procession systems, and in particular the Europol Information system, interoperable with those of the 27 member states and with other EU bodies involved in investigative or judicial work. Examples of the latter are OLAF, the union’s anti-corruption watchdog, or Eurojust, the EU agency that coordinates national judicial activities.
"This will create the technical conditions for the smooth exchange of data, provided legal frameworks to allow such an exchange and without prejudice to basic principles of data protection," the European Commission blandly notes in the explanatory memorandum to its proposal.
Civil liberty concerns
Few dispute the need for a more organized pan-European approach to fighting terrorism or money-laundering. The number of terrorism investigations supported by Europol last year, for example, jumped 50 percent from 40 in 2005 to 60 in 2006.
But civil liberty proponents are especially worried about the privacy implications of two aspects in the proposal: allowing Europol to broaden the scope and sources of intelligence it can trawl and retain, and the notion of linking national law enforcement databases into what effectively will function as a super - and supranational - European database of information.
Europol and other public-sector officials argue this is a necessary condition if Europe is to deal with today's proliferating crime networks.
"We need a mandate wider than that for just organized crime. We are seeing more and more networks of criminals. We have to fight traveling hooligans, the distribution of child pornography and the movement of serial killers. The only way to confront these threats is to create networks of law enforcement authorities as a counterweight," Max-Peter Ratzel, Europol’s director, told a 10 April public hearing of the Civil Liberties Committee.
"We need to move from a need-to-know to a need-to-share basis [among law enforcement authorities in Europe]," he said.
Others are not so sure.
The EU's data privacy watchdog in Brussels, known as the European Data Protection Supervisor, say the proposal's requirement that Europol make its data system interoperable with national ones goes far beyond the mere technical challenge of linking the systems together.
In its 10 March opinion on the Commission’s proposal, the EDPS notes that once databases become interoperable "there will be pressure to actually use this possibility. This poses specific risks related to the principle of purpose limitation" since data can easily be used for purposes different from those for which it was collected.
Civil liberty proponents argue that such implications are all the more worrying in view of disparate national rules covering the collection of personal data by commercial entities, individual freedom-of-access rights to police and judiciary dossiers, and the transfer of intelligence to third countries.
Reputation to consider
Though expressing support for the Commission's proposal in general, Willy Bruggemann, professor at Benelux University Centre in Brussels and former senior deputy director of Europol, told the hearing, "I regret that the EU has no global view on security," regarding the way in which police intelligence should be shared and used.
EU member states are still doing "intelligence shopping," he said. "Sometimes they use Europol, sometimes Interpol [the global equivalent to Europol] and sometimes their own national and regional networks and databases. There's no consistency."
Paul de Hert, a law and criminology expert at the University of Brussels, pointed to another problem: Europol's lack of a proper "adequacy process" for evaluating whether the privacy/confidentiality rules and judicial procedures of third-countries are sufficient to justify sharing data with them. The European Commission applies adequacy procedures when dealing with third countries, for instance.
De Hert noted that EU member states still did not want Europol to have very much power, despite the proposal's provisions.
"If member states bear down too much on Europol [in terms of restricting what it can do with information] but not on themselves, then you may see Europol simply handing over requests from third countries for investigative data to those EU countries whose [less strict] rules allow them to meet the request. This could harm the reputation of the EU as a whole regarding data protection."
Europol officials admit they have an "adequacy problem."
Dietrich Neumann of Europol's legal affairs unit told the hearing that the organization's legal foundation "does fall a little short" of the adequacy criterion. "This is a legal gap," he said, but added that adequacy provision "are not very clear in other EU legal instruments and bodies either."
Calling for the Commission's adequacy process to be incorporated into Europol, de Hert went even further, suggesting that "maybe it would even be a good idea to let Europol handle and evaluate requests for transfers of data to third countries on behalf of all member states."
Another potential risk for personal privacy is Europol's forthcoming absorption of information and intelligence from private entities. In Europol's vastly expanded database "there is no way to separate data collected for counterterrorism purposes from data that citizens will have provide to private companies for other reasons. I repeat: no way to do this. We must address the issue of databases that are created for one purpose but mined for another," said Juliet Lodge, who works at the University of Leeds' Jean Monnet Centre.
"I see another problem, too, with divergent terminology. We need standard, common intelligence terms that everyone understands the same way," she said. "Take biometrics, for example. The US government considers that this includes information about behavior. That opens the door to profiling. Do we want that here in Europe? There must be EU rules on governance in this regard. I see an urgent need for a universal EU code on access to networked intelligence databases."
posted by Marko at 4/16/2007 07:56:00 AM
<< Home