Select Committee on European Union Minutes of Evidence


Examination of Witnesses (Questions 108 - 119)

WEDNESDAY 18 JUNE 2008

Professor Juliet Lodge and Professor Didier Bigo

  Q108  Chairman: Two professors; we are honoured, welcome. It is very good of you to come. As you know, this Committee, which is a Sub-Committee of the main European Union Committee of the House of Lords, is doing an investigation currently on Europol. You may realise that you are on the record. You have sent us written evidence, for which we are grateful. If, at a later stage, you want to supplement anything, we shall be delighted to receive any extra evidence or thoughts in writing; that would be very helpful. I do not know if either of you wants to make an opening statement. We are a little bit against the clock, but, if you would wish to, either of you, you would be welcome. No? Well, let us start. You have both highlighted in your evidence that Europol's potential role is compromised by mistrust, different administrative practices, and variable and inadequately secure information communication technology. I wonder if you could give us an overview of the kind of work that you believe is necessary for effective supranational action in the EU law enforcement and justice domains. I realise that is a broad question, but it would be most helpful if you would start with that one.

  Professor Lodge: Thank you, my Lord Chairman, for the opportunity to comment and make an input. I will try and be brief. I think one of the biggest issues that this raises is the question of having an effective information management system or regime at all levels, not just the supranational, but at all those levels below that because the supranational, particularly where Europol is concerned, depends on Member State input from regional levels, so the supranational level to set standards for technology and policy direction and strategic issues is very important. Very briefly on the technology, I think there is a whole range of issues that needs to be addressed on handling, data-mining, data re-use, in particular, and data degradation, issues surrounding the information management of exchange of information, training and vetting of personnel and again setting standards, privacy and data protection, information acquisition, and the exchange and co-operation within the EU and with third States, particularly where public-private partnerships are concerned, and I think that is an area that seems to be very vague and eludes proper accountability. There are also issues about the outsourcing of information by people who may be providing information, handling it or storing it on behalf of supranational agencies or the participants within them, and trying to establish that there should be an approach towards this regarding justice and home affairs communication technology use based on the first principle of "baking in" security and not then saying, "Well, we're a little bit unsure about how effectively security is going to be guaranteed for data subjects and data-handling", and then adding the idea that there should be privacy-enhancement technologies almost as an afterthought. I think at the political strategy level there is a need to recognise that law enforcement encroaches on domestic policy and that there are linkages of databases, and one has only to think of motor-licensing in the UK and the way in which that is accessible, not just to insurance agencies, but also to the police, and various other law enforcement issues. There is a huge issue of policy trust and trust in personnel, including issues of accountability at the European level and the national parliamentary level, which has to be addressed supranationally, I think, if we are going to have compliance on behalf of all the Member States. We must also deal with another issue which seems to have dropped from the radar which is how one is going to deal with the next generation of information exchange technologies, not just the ambient intelligence and the nano-technological applications, but the way in which mobile phones are going to be used and whether or not information taken from them is going to be admissible, and how automated information exchange, which is not mediated by personnel, is going to be dealt with. That is something again which has to be addressed at the supranational level so that one does not just accept off-the-shelf solutions that the producers already have and which are going to be obsolete, but so that one does not compromise the need for accountability by having rather vague arrangements, given that there is open recognition now of the level of corruption, distrust and compromised security, so I think one needs a very firm steer politically and a very firm steer vis-a"-vis the technological applications that are adopted.

  Q109  Chairman: Professor Bigo?

  Professor Bigo: Thank you, my Lord Chairman. I share a lot of what Professor Lodge has said, but maybe I would insist more on the notion of mistrust and why do we have such a mistrust between the different administrations. I think, firstly, it is the difference between the criminal justice approaches and intelligence approaches which is central. The more Europol is trained to bridge or plug the intelligence approach into its criminal justice approach in search of better information and efficiency, the more it will create trouble as the notion of information has not the same meaning in the two different logics, so that is the first point. We need to ask more about the notion of information when policemen discuss between different traditions, different cultures and different professions together because they use the same terminology, but they do not put the same facts into this terminology, and that is central. The second element is certainly the lack of a clear European approach as to what is relevant information, who has collected the information, for what purpose and with what level of accuracy. Evidence from the judge is different from grounds of suspicion about a specific individual from the police and is clearly far from suspicion towards a risk category created by analysis and applied to an unknown individual which may fit the criteria of a preventative approach and inquiry. The third element is: who is entering this information into the system and for what purpose, especially when you have analysts on one side and European police officers on the other side. It is as crucial as the information itself. The apparent paradox is that the segmentation of information may be a better solution if it creates less uncertainty and less numbers and focuses on a smaller, but more accurate, target. I know that I am challenging a lot of discourse here because all the main discourse is about sharing more and more data in order to have more relevant intelligence. From the interviews we have done, it is not what is said by a large majority of the people who are involved in intelligence, so the idea that the bigger is better is perhaps a mistake and we need to have a better evaluation of the quality of the information which is processed before going on. I think that mistrust is emerging from the idea that people who have different professions do not exactly share the way they receive the information and what is relevant. They receive data, but they do not receive information

  Q110  Lord Mawson: Your map shows a highly complex landscape of EU security agencies, and your written evidence speaks of competition, control issues, rivalries and fierce struggles in Europol's relationships with other EU agencies in the field of justice and home affairs. Are such power struggles inevitable in the current institutional landscape?

  Professor Bigo: I would say that, yes, the struggles are inevitable, but they are also a sign of a lively democracy with divergence of opinion and analysis even with the same evidence or grounds of suspicion at the beginning. However, if it exists in any case at the national level, it is nevertheless aggravated at the transnational level—so I am not saying that it is bad to have struggles, because it can give to the professional and to the politician a different view on the same subject by different organisations, and we have to remember that. When you have only unique information coming from all the police and intelligence services, it may be misleading. So the idea that we have diversity and struggle is not bad in itself, but of course it is aggravated at the transnational EU level as the national interests of the States, the cultural and bureaucratic culture of the different services and the way they pride their relationship on law and law enforcement is slightly different, the UK from the Continent, for example, and different also inside the Continent between federal Germany and unitary France. Only the non-democratic regimes have, at least at the surface, a unanimous point of view often organised around what they want more than around the possible rationale of action and behaviour of the target of their research. Nevertheless, we have to try to reduce it, and I suppose it was the sense of your question, by a better articulation of task between the agencies. We have seen that it was possible after discussion to find agreements, for example, on counterfeiting the euro, an agreement was found between OLAF and Europol which had both good claims. Both agencies may pretend to deal with counterfeiting of the euro, but, nevertheless, they succeeded to define clearly who would be in charge. What we have seen from the US is that the notion of lead agency is not a real solution. We have done some research in the US and we have seen that the notion of lead agency has created more competition in fact than it has reduced the level of competition, and maybe we need to be aware of not going too easily with this solution and saying, "We will have a pool of agencies with one lead agency". It is perhaps better to have a clear mark of one agency only and not to have a pooling of competence without a clear definition of who is in charge, and then maybe can reduce the level of struggle. It will not disappear, but at least it will be more clear.

  Q111  Lord Mawson: If you have been involved in running a business, you will know that it is not just about the structure that you create, but it is about the people and relationships, and senior people in government seem to think that, if they get the structure right, something will magically happen, but my experience is that it does not. When we listened to Europol, we were told that about 10 per cent of their budget investment was in training and how you actually enabled staff to operate in complex environments. Do you think there is enough investment going in actually in enabling staff in organisations to operate in this complex world that they have to operate in? Do you think that they are understanding what the complex partnership is actually about or what the relationship is or is there not enough investment in that?

  Professor Bigo: It is difficult to answer with accuracy because we do not have enough elements about the different allocations of budget and value for money of the different agencies inside the agency itself. For example, in Europol, what is the part of the allocation of the budget for analysts and what is the part of the allocation of the budget for the liaison officers? Maybe you have here the elements, but we did not get these elements. We were surprised that a lot of work seems to be done by the police liaison officers both at the headquarters and in the different national Member States; they are in charge of a high level of current information, on the contrary you have a lot of analysts with not so many work files, but, as we did not have of course access to these work files, maybe they are huge, maybe they are very important, very interesting, but it is quite difficult to know, so I would say that it is very important to look at this allocation of resources inside the agencies. The second element is that we need to be aware, and I think it will be part of other questions, of the relation between putting a lot of money into software and providing results. It is said that because of the large amount of information, you need to have expert software, but sometimes maybe the human mind could be just as efficient as some expert software. Replacing human beings by so-called "advanced technology", which may cost a lot of money, will not always create more efficiency, so we have to be very aware that of course it is a case-by-case study and we cannot answer in general.

  Q112  Chairman: Professor, I looked at your map and you have various out-of-Europe organisations, particularly in the United States, on it. I could not find where you had Interpol in all of this. Did I miss it or where does it fit in, if it is not in?

  Professor Bigo: Next year, we will develop the map and you will have Interpol in it and you will have also the Police Chief Task Force, but we tried first to map the European Union internal security agencies: Europol, Eurojust, Frontex and to have not only their formal agreement, but interviews with the people inside both agencies at their headquarters and at some Member State levels. For the moment, we have investigated their relations with third parties in the US, Norway, and Switzerland, but not their relations with other institutions such as Interpol, United Nations agencies, and NATO. That is why this mapping is still a preliminary mapping, but the idea was just to show that, if you look at one agency, you loose the point of what is a European information system.

  Q113  Baroness Garden of Frognal: Professor Lodge, you welcome the proposal to modernise Europol in your evidence, but you are concerned about the impact on good governance of dissolving administrative boundaries. I wondered what procedures introduced by the Decision may, in your view, impact on, or alter, practices within Member States' agencies?

  Professor Lodge: I think there are some critical issues surrounding the work files and the management of the work files and the information that goes into the work files, and part of this would come out of what Didier has just said. The information exchange processes and the ability to co-opt parties to input intelligence, I think, will have a significant impact at all different levels on how this is managed and the accountability for it. I think there are also results that will occur as a consequence of implementing the principle of data availability and that requires both legal minds and personal trust. There are also arrangements which permit the continuation of the bilateral accords instead of having commonality within the Decision, and bilateral accords are often a very effective way for police forces to liaise and take steps forward, but, if one is going to respect the principle of equality of treatment of citizens or suspects and the equality of personnel in the individual forces, then that is eroded by the lack of commonality, and I think different States with different resources are going to be more adept or more influential as a result and this will have implications for the process management in individual Member States. I think overall there is the danger of a weakening of political accountability which will aggravate distrust. There is also a lack of legal certainty as to what definition of a biometric is going to be used for identity management and for verification and authentication. Now we accept it as a measurement of a particular feature, an iris or a fingerprint or whatever, but other States, and certainly the United States, associate it with behaviour and with profiling. When one is exchanging information and creating a work file or recreating a work file, which definition is being applied and how can we rely on it? If it is a hunch and the definition is of vague, loose intelligence and we are not sure of the agency who has provided it, what are the implications of that as opposed to information and its classification and, crucially, its indexation? Furthermore, the role of the Europol Director and Chair in defining strategy and the supposition of the claim that this will not necessarily have much implication for operational activities, I think, is likely to be challenged because of the intelligence-led policing model that is embedded within this Decision, so that is a further problem. I think also that the issue over a lack of common terms, which we have already touched on, will be problematic in creating the indices, regarding where you put the information, how you exchange it, whether it is legitimate or cannot be exchanged and in the development of a European criminal records information system. Again, we have got a multiplicity of different systems, a multiplicity of codes and rules for accessing those systems and I think that is bound to have myriad consequences for personnel, for work practices, for audit trails and for everything associated with proper information management within the agencies.

  Q114  Baroness Garden of Frognal: Do you see a way forward for getting a common understanding of these things and a common interpretation of the definitions?

  Professor Lodge: With common definitions and common terms, I think one has almost got to insist on a single language, and this runs counter to everything, but, without that precision, the term is not going to appear in the index and, if it does not appear in the index, then the investigating officer who is trying to find out about the existence of a certain section of a file when he has access to a certain portion of it is not going to be able to find it is there, even though it is, because it has not been indexed and classified, and we have all the political, administrative and cultural problems that we have already alluded to which, I think, will make these even more difficult. Whilst I would not normally want to be an advocate of one language, I think here there is a very strong case for arguing for possibly making that a universal language.

  Q115  Lord Dear: Could I pose a short question to each of you, and perhaps to Professor Lodge first of all, but the question is the same. When Europol was set up, there was envisaged, I think, a fairly rigid structure of the traffic of information and who did what and it was all envisaged to be fairly well-compartmentalised and on well-trodden routes. There has been a decision, as I understand it, recently to encourage a policy of ad hoc bilateral exchanges on a needs-must basis, I suppose, between some of the EU law enforcement agencies based on judicial investigation. I can see that there is a way forward to speed things up on that, but it does throw into disarray what the original model envisaged. I wonder if you would both like to address that point and tell us what you think the longer-term effects of that might be.

  Professor Lodge: I think, firstly, that the ad hoc-ism can be very valuable, but, as you are pointing out, it is based on mutual trust and, the more that Europol, Eurojust and all the associated agencies move towards automated information exchange, the more they are relying on the technology rather than analysis by the individual. If you cannot trust technology, and we cannot trust technology, then this issue of trust has further ramifications for the political accountability and legitimacy of the whole system which then impacts on the citizen. I think too rigid rules within the Decision will make certain States opt for bilateralism and ad hoc-ism because it is the soft route, the easy route to circumvent some delays which may be inherent in the system and some delays which may be a consequence of not being able to understand the language, not being able to access the work file and so on because it is done more on an automated basis. I think it implies in the longer term that there must be much closer co-operation between Europol and Eurojust, and they are establishing automated information exchange systems between the two of them to ensure that there is greater operational effectiveness. Now, that has implications for this concept of Europol basically being a forum where there is high-quality analytical material, and what we are saying really is that you cannot separate, in the longer term, the analytical function from the repercussions it may have on operational strategies and operational steps that are taken along with the financing that has to be associated with making this efficient.

  Q116  Lord Dear: Do I understand what you are saying correctly, which is, in a nutshell, that you appreciate that there will always be people seeking to take a quick route to a solution, they know somebody or they know a system at the other end of the telephone and they would use that ad hoc basis, that informal basis, and that is all right, in your view, is it, so long as the information that is exchanged eventually gets fed through to the databank? Is that what you are saying?

  Professor Lodge: I think what I am saying is possibly slightly subtler in that operationally people often need information very fast, and it may be that they can obtain sufficient general information by their bilateral exchanges face-to-face through humanly trusted relationships to enable them to be very effective in the prosecution of serious organised crime and, on that basis, one can see there is a role for that. It is where you then say, "This does not matter" and one can do it because it eludes accountability, that is not adequate.

  Q117  Lord Dear: Professor Bigo?

  Professor Bigo: I agree with what Professor Lodge has just said, but just one caveat is that of course it works to have an ad hoc information system if you have already a network of trusted people, therefore, it is an advantage for the oldest Member States in comparison to the other ones. So, maybe it is also a strategy by the oldest EU member states to go on an ad hoc information system in a way to restrict the others member states access to some level of intelligence or information that they prefer not to spread too much. So maybe the preference for an ad hoc system is not just a functional question of what it is more efficient and has a better speed, but it is a question of politics.

  Q118  Lord Hodgson of Astley Abbotts: Could I just come back to mutual trust, you use the phrase "high-quality analytical material", and the interplay. In your memoranda, which are most interesting, I read about the importance of proper input, proper control and proper safeguards, but what are we going to do about making sure that information, when put in, is accurate? I am much involved with the Rendition Programme and certain people have been picked up on the basis that the information is wrong. The approach was fine, the analysis was fine, but the fundamental information database was inaccurate. How are we going to ensure, as the database gets bigger and bigger and bilateral exchanges and Europol operate to a greater extent, that the information that goes in is accurate and remains accurate through the passage of time?

  Professor Lodge: I suppose at one level, assuming that the information that is provided to the data-inputter is accurate, there is a big issue, I think, on the vetting and training of the data-inputters who may be outsourced to countries anywhere, who may not have had the kind of training that one would hope they have had and who may have different objectives in having sometimes jobs which are very poorly paid. There are issues, I know from talking to people about this, about who is sitting there doing the typing or managing the system and the upkeep of the system, so, in that sense, I think there is a real issue at that level, but it is also one that comes back to these problems of definition, terminology, what is information, how we classify it, what is intelligence and the reliability of that source and maybe whether or not there has been a group discussing it, and I am not really sure how one gets round that.

  Q119  Lord Marlesford: Can I just follow up because there seems to be a theme which has come through from your answers to all the questions and I just want to check whether I am right in identifying the theme. It is that, whilst you have no problem with the sort of database approach to the identity of people, there is a serious question as to forming very big databases on very limited information, almost like having, as it were, too many suspects with insufficient discipline as to who is on the list. For example, last week we had the Serious Organised Crime Agency come to see us and they have a database which has been formed from the suspicious activity reports which are filed, many of which have been shown in the press to be totally trivial, and we assumed that these had been ignored, but we were told no, they have now got over a million on that database alone. Are you saying really it would be much better to have a better discipline on who is on a database, a suspect of any sort rather than where none of us minds being on the database as to who we are?

  Professor Bigo: Yes it is my view , and this point is a central one. Perhaps to come back to the previous question, each time we have information, it is important to know who has given the information. And, if I may, in this period of Euro football, I have proposed as a policy recommendation about four years ago to give a kind of yellow card or red card to those providing incorrect information. If you want to improve the quality of information, you can perhaps have a review of who has given inaccurate information at the level of the individual and at the level of the services in order to diminish their ranking of valuable information and then, not immediately, but in the future, they will think twice about sending dubious information. If we do not have that, we will continue to have trouble, but, if we have that, we can change the behaviour of the organisation so that they will send less information, but more accurate information, and maybe that is not a perfect solution, but it will resolve perhaps part of the problem.


 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2008