Examination of Witnesses (Questions 120
- 133)
WEDNESDAY 18 JUNE 2008
Professor Juliet Lodge and Professor Didier Bigo
Q120 Lord Dear:
I have just one aside on that, and I agree with your premise.
Certainly in the UK, information was always graded on a 16-point
scale and it went from rumour to absolute rock-solid fact and
by the lettering, and it went from A1 to 4, B1 to 4, arithmetically
16 points, you could tell immediately the value of the source
and the perceived value of the information, and A1 was obviously
the top. I do not know whether that is followed in The Hague.
We go to The Hague next week and I want to pose that very question
there because it is one thing to capture a mass of information
ungraded, but it is a very different thing to put a grading on
it because, when you grade, you also are evaluating the source
and sooner or later a bad source will be dropped off and not even
recognised at all, so I really put that in for the record as an
observation. Professor Bigo, you have shown some caution, I know,
about mixing up, as you see it, the professional criminal justice
approach with one which involves risk anticipation, and I wondered
if you could detect, or have detected, a preference for either
one of those two approaches within the Europol Decision which
has been made recently?
Professor Bigo: First, we did not have
from the research a complete overview of the people in Europol,
so, by definition, my answer is partial concerning the amount
of data that we have, and the quality of the interview, it was
not systematic, so it is always dangerous to over-estimate what
came from a couple of interviews. Nevertheless, what we have seen
is a tension inside Europol itself. We have the analysts, especially
the ones on threat assessment and especially on terrorism, who
insist on the role of profiles, the importance of the technology
of the database and software which processes raw data into refined
data. Their views differ from those of the liaison officers at
the headquarters, but also mainly from the Europol officers in
the national units. The latter ones insist more on operational
measures, on criminal justice necessities and on the importance
of information to be processed in order to serve as evidence in
a trial, so they are a little bit doubtful about risk-profiling.
They are also more often interested in cross-border crime, in
serious crime, in corruption, in money-laundering and less in
terrorism, and maybe the UK is specific here, so it is very difficult
to generalise. We have too small a number of interviews, but I
would say that this tension, nevertheless, exists and it is quite
coherent to a sociologist, as you see, for example, for the analyst
to insist that the role is centred around the software expertise
that they have. That they do not have operational capacity is
not surprising and, on the contrary, the policeman insists on
operational measures and not so much on analytical skills in computing,
which is not so surprising either, so maybe what we have discovered
is trivial, but sometimes it is not openly said and maybe it is
good to know about that.
Q121 Lord Harrison:
Professor Lodge, you say in your evidence, para 27, that the Europol
Decision highlights the need for a cross-pillar model of information
exchange. Could you explain why this is the case and what form
it might take, how it might be achieved?
Professor Lodge: I think cross-pillar
law enforcement means that we are not just talking about policing,
and it is too easy to say that policing stops in the organised
international crime arena when in fact the JHA pillar deals, as
you know, with border management, illegal immigration, trafficking
and the associated issues and, therefore, it deals with the identification
of individuals and identity documents that may be used for those
individuals, and those documents are often the same documents
that are used for civil purposes, so we have got a crossover immediately.
That means that there is the danger of compromising the principle
of purpose limitation, why people enrol their biometrics and all
the database issues that we are familiar with. It raises the issue
again of the public-private partnership in the outsourcing of
data, data management, sale or re-use and the linkage of data,
how it is linked, who links it and the legitimacy of linking it.
We have incompatible and differential practices on information-processing,
whether it is for e-commerce or for e-justice-type issues, and
at the same time there is a lot of discussion of having interoperable
systems which are not really feasible at the moment, so there
is almost a morass of different issues being pulled together without
there being a clear understanding of what the implications are
for accountability, and what the implications are, not simply
for data protection of the individual and the sanctity of that
and suddenly insisting that citizens are going to be obliged to
access basic local government services as well as at the Passport
Office or whatever, but that these systems are being accessed
for very different purposes. Since those systems, in principle,
will be dealt with according to different decision-making mechanisms
under the pillars, as you know, this raises issues about whether
there should be one universal rule or accountability which would
be applicable to all because it is not really feasible to make
a distinction of territoriality when one is talking about digital
information that flows around in territorially unbounded digital
space. I think that is what I am trying to get at and, if we are
looking for a solution, then I think at the supranational level
one has to come back to the idea of universal co-decision to make
sure there is parliamentary accountability and scrutiny and effectiveness
and to stop making these false distinctions between what is internal
security, external security and e-business or e-commerce because
they all seem to be merged as a result of the application of the
subsequent technologies.
Q122 Lord Harrison:
I take it from your answer that you think it is right and proper
to explore the opportunity to find that model, that template?
Professor Lodge: Yes, I think one has
to make sure that there is proper political accountability in
order to ensure legitimacy and to overcome citizen distrust which
may be very well-founded, but, if one has this morass, then I
do not think one is going to attain it. Also, I think it is detrimental
overall to the whole political legitimacy of the Member States
and the national systems as well as the supranational system,
and it does not really do a service to the citizen who is supposed
to be being brought closer to the EU or to government or to feel
more consulted and involved and participate in the decision-making
and in trusting government and good governance.
Q123 Lord Harrison:
My Lord Chairman, while I have the floor, could I just return
to an item that Professor Lodge, I think it was, spoke about earlier,
and I will perhaps ask Professor Bigo to answer this as well,
but I think you said that we may have to contemplate exceptionally
moving into one language in dealing with this specific area which,
I think, most people would assume would be English rather than
French. Would you like to say a bit more as to why you think that
is the case and whether, in your conversations that you both have
with those who are involved in all this panoply of interest, there
is a build-up of a feeling that really it is common sense at the
end of the day?
Professor Lodge: I think people have
very different viewpoints on that and some will be very assertive
in insisting on every language being used, but it is not financially
viable. If we are talking about automated information exchange
which relies on a very tight definition of a particular term,
then we have to have precision in understanding that term, otherwise,
we are not sure that the information is there. As I said, I am
not an advocate normally of a single language, but I think one
needs to find one which is precise and universally understood.
That again would lead to other training issues for personnel as
well. Without that, I think it is going to be very difficult to
get the legal certainty and the precision that is often essential
if one is going to be successful in prosecuting international
organised crime.
Professor Bigo: I think that the key
element is certainly the legal certainty, so I will go further
and say that in cultural anthropology and sociology what is essential
is to be sure that the meaning of the terminology is captured.
Very often it is not the case because people jump from their preliminary
logic, the one they have in mind in their national country as
if the others have the same, and it is especially the case when
we discuss between accusatory and inquisitorial procedures. Each
time we are discussing between French magistrates and English
magistrates, and you know that better than me, there is a common
misunderstanding about, "What does that mean?", and
we have seen that even with the notion of what is indefinite detention,
and the parallel with détention provisoire, for
example. I would say that it is not the language, as such, which
is the problem, it is to capture what is the meaning we want at
the European level and what is the coherence between one terminology
and the other one, so it is to have the relations between the
concept which is central and, if we have that, then I think the
language will not be so much of a problem if we have accurate
translation, and be aware that, if it is only in one language,
you will not solve the problem because you will have 27 versions
of English!
Q124 Lord Harrison:
So few!
Professor Bigo: And, just listening to
me, you can understand what could be the problem!
Chairman: I am conscious of the clock and I
am conscious that we have another witness to appear before us,
so I am afraid I must ask for brevity because we must give our
next witness a fair chance.
Q125 Lord Hodgson of Astley Abbotts:
Professor Bigo, could we return to the pillars. I think in your
evidence you suggest that the cross-pillar approach has posed
particular issues because of the internal and external security
questions. Perhaps you could give us some examples of this and
how they might be addressed. It may be, and this is a question
for you both really, that the whole issue would fall away if the
Lisbon Treaty were to come about and the pillars were to disappear.
Presumably that would provide an answer and is that what you think
would be a desirable outcome?
Professor Bigo: Clearly, what we have
seen from 2001 and especially 2004 is in any case a trans-pillarisation
of the different groups of experts, but nevertheless, the legal
basis of the different agencies differs and are grown into different
pillars and now it may be the case for quite a while, so it does
not matter so much if the missions and the pillars are coherent.
If you think about Europol, it is quite clear why Europol is on
the third pillar. My thoughts are that, on the contrary, if Frontex,
which is on the first pillar, has more and more capacity about
policing and surveillance, and even with the future of Frontex,
some capacity which is going through the second pillar in some
wayin the way that they are treating raw data, military
intelligence and so onthen we have to be very aware about
what are the legal bases and how they fit or not with the missions.
The discrepancy is dangerous. I have kept that very brief, but
of course we can develop more than that the capacity of the different
organisations. I just want to add one word on the relationship
between Europol and Sitcen, it is clearly something central to
ask in The Hague, and it is not because the two organisations
say that now they find agreement that it is clear how they deal
with the question of threat assessment on terrorism.
Professor Lodge: Yes, I agree with that
entirely. I think there is a big issue surrounding the different
objectives and the different competencies of the various organisations
that have to feed each other with information in order to have
a satisfactory and efficient outcome.
Q126 Lord Marlesford:
I really want, if I may, to ask Professor Lodge on this question
of the technological capabilities defining agendas which give
the bureaucrats more influence than the elected politicians, how
do you see that parliamentary oversight and scrutiny can improve
that situation?
Professor Lodge: I think the parliaments,
the national parliaments in particular, but the national parliaments
together, possibly through a development within COSAC, need to
become more proactive in stating what they want before technology
is adopted and to see technology as the tool and not the answer.
I think at the moment things are inverted, so that implies that
parliaments need to be better organised in relation to making
inputs on proportionality checks, insisting on them having control,
insisting on the Chairman of Europol, for example, appearing publicly
possibly before the European Parliament's Civil Liberties Committee
or at the same time as the relevant Minister from the JHA and
the Commissioner, and also the national parliaments or COSAC taking
on the role of looking for proportionality in the solutions that
are being advanced so that they effect a proportionality check
on the implementation of the political strategy. The way in which
the support operations are supposed to run within Europol and
national forces can very easily become a way by which certain
States start to initiate investigating roles which have implications
for strategy and the political leadership. Political accountability
then becomes rather muddy, so there is a role there for national
parliaments. I think there is a role also for national parliaments
in being very vigilant in defining the objectives and the competencies
of Europol relative to the other agencies that we have mentioned,
and the role of Eurojust, which national parliaments might look
at because it may just be the precursor to having a specific role
for the European Public Prosecutor and, in relation to Europol's
operational remit, there are things which national parliaments
might want to investigate. In addition to that, the national parliaments
might want to have some oversight over the output from joint investigation
teams, so I think what the national parliaments' primary role
has to be is to be very critical and indeed to launch investigations
into, and establish rules for, what the role of technology is
in all these operations which are associated with the remit that
Europol has.
Q127 Chairman:
Professor, you have more confidence in COSAC than very many of
us in this room.
Professor Lodge: Not necessarily. I just
think that logically, if the national parliaments are to have
any impact outside of those parliaments which are known to be
very effective in the quality of the information they provide,
such as the Lords in particular, then they have to be better organised
and they are going to have to be organised among themselves, among
the 27, in a way that they are not accustomed to being.
Chairman: We shall see.
Q128 Lord Mawson:
You say that the principles of data protection and data security
in international information exchange are implemented in a political
reality that relies on bilateral understanding and mutual recognition.
This, you believe, results in patchy safeguards for citizens and
all concerned. Do you know of any other areas of e-governance
where a more coherent approach has led to improved efficiency
and accountability?
Professor Lodge: I think the big problem
is that there is ad hoc-ism which is pervasive across e-government
services and it is because one has this very patchy, piecemeal
approach which creates difficulties, which means that we have
got a proliferation of incompatible technological systems quite
often with very different rules on "need to know" principles
and caveats on data protection, very imprecise terms which bar
legitimate access by the data subject sometimes, whether it is
to do with paying one's council tax or whether it is to do with
accessing other information, but other people have that kind of
access. I think there are a couple of examples in countries that
I do not know in detail, but where I think their political approach
is somewhat different, which would be France with the model on
identity documents being used for tracking purposes where people
have a loyalty card or an Oyster card, those sorts of things,
and Scandinavia where the model that, I understand, they adopt
is much more based around the principle of purpose limitation,
so, if one has a particular ID or a particular electronic document
used for one purpose, it cannot be linked or used for other purposes.
I think what we are seeing across the board here is that they
are linked to all kinds of purposes for which they were not originally
intended and additional data is collected which is irrelevant
for the particular purpose. My impression is that in Austria,
to some extent, and certainly in the Scandinavian countries they
seem to be more dogmatic on trying to insist that that principle
is applied. The political culture and the acceptability of this
sort of technology is based within their own political cultures
of transparency and openness which seem to be far more concerned
with ensuring that the technological and the semantic aspects
of e-governance do not lead them down the path of adopting whatever
happens to be the generic solution to a particular problem which
the industry wants to provide, but saying, "No, wait a minute.
What is the purpose that we are trying to achieve? What do we
need on that document?" and then limiting it to that and
not going down the route of too many linked-up databases and systems
which are vulnerable to a level of attack as well as to function
creep.
Q129 Lord Mawson:
There was only one other issue I wanted to raise about whether
you feel there need to be more market forces within some of this,
that actually the outcomes need to be specified, but maybe the
actual forces needed to drive to that conclusion need to be more
business-led?
Professor Lodge: I think, possibly, within
government, but the first principle, before any system is ever
bought or any additional part of a system is bought, should be
that there should be baked-in security, not that the suppliers
who supply the same system to countries all around the world say:
"This is what we have got; you can use; you can use it for
this purpose"it should be round the other way. We
want security of access and security for the identity of the individual
and security for the data. That is our first principle. Then we
want the system to deliver certain types of operations that we
want to perform, whereas, I think, at the moment, it is much more
the case that the industry is saying: "We have got all these
things, we have sold it to country X, Y and Zyou can have
it." That is not value for money and it is not efficient
because it means that one is getting an obsolete system to start
with and then one is constantly having to upgrade it, if one wants
to do something else with it, and it costs more and it costs more
time as well.
Q130 Lord Teverson:
If I could put two questions together. Professor Lodge, in many
ways we have asked a lot of questions about systems. My question
was that Europol and Eurojust need to set gold standards in terms
of their technical architecture. We have talked about that a fair
bit, so if there is anything you want to sweep up on that I am
sure we would like to hear it. Professor Bigo, in terms of Europol
gaining new operational capabilities, a legality check from Eurojust
may become indispensable, was part of your argument. I am particularly
interested in that relationship, if you could develop that slightly.
Professor Bigo: I think we need to come
back to the notion of Eurojust. At the very beginning Eurojust
was considered by some as a justice counterpart at the EU level
of Europol, which was police orientated. In this vision Eurojust
has also to be correlated with the corpus juris, creating
a legal base on Euro crime for the European prosecutor, but we
know that Eurojust has evolved along different lines, especially
with the influence of those Schengen magistrates and with the
success of mutual recognition as a model for Justice and Home
Affairs or the area of Freedom, Security and Justice. This intergovernmental
trend has been welcomed by some Member States (and I see UK as
one of them). It has limited Europol for taking too much autonomy
from sovereign states, but the mutual recognition has also limited
the idea that some agencies may control other agencies, and that
justice agencies may have their say on what police agencies are
doing. I think we need to draw the analogy with the continental
model of the supervision by investigating magistrates of the role
of the police but at the EU level. Now Eurojust is more (and perhaps
I am a little bit harsh in saying that) the auxiliary of Europol
than the reverse. Eurojust is on prosecution, and it has created
a disequilibrium in the idea of justice in Europe especially if
we look at the rights of defense that occur at EU level and the
place of magistrates coming from the Courts and their absence
in the functioning of Eurojust. Judges are sovereign in European
courts (ECJ, ECHR) but they are not present in Eurojust: why?
Maybe if some judges were involved in the earlier routine of policing
through investigationsespecially when the role of Europol
is expandingit may be a good idea in that case to really
re-discuss the relation between Europol and Eurojust with a different
quality of judges coming into Eurojust. I think there will also
be a question about the organisation of the EU Commission itself,
and we have a unique DG for JLS, which is Justice, Liberty and
Security. It has to be remembered that is not the way national
governments function, and therefore you have at the national level
a division between the work on security and police in one ministry
and in another ministry the question of justice and freedom. Maybe
to have only one commissioner for the three activities has created
destabilisation, and there, maybe also, the role of the different
parliaments to discuss a little bit more about that and to see
if a solution cannot be there, lying at the heart of the organisation,
in order to split the DG and to reframe the organisation of the
Commission, as it would have many effects on the new balance between
the two concepts: security and liberty.
Professor Lodge: Yes, I would endorse
the idea that really one ought to have a commissioner responsible
for justice. Eurojust is very much the poor relation in the link
between Europol and Eurojust, but perhaps I can provide a bit
more technical material separately.
Q131 Lord Dear:
I think I know the answer to this, so I am sure we can be brief.
There is a need for Europol to exchange data with third parties,
as it were, outside the system. I wonder whether you thought that
was a good or a bad thing and whether it enhances or impedes their
operations. It is something we have to look at.
Professor Lodge: Yes. I think at one
level it will enhance it but it depends, again, as we have been
saying all the way through, on the reliability and, also, on the
definitions, whether one is taking intelligence
Q132 Lord Dear:
It is about data and material coming in and whether one can take
it at face value or one needs to check.
Professor Lodge: Yes, because there is
a risk of group think in the determination and the analysis of
the data that has come in. One may be prone to rely on certain
outside or third states because of traditional patterns, and so
on, and to doubt contrary evidence. The objective would surely
be to improve efficiency and to add value to what Europol is doing.
So it is a fine judgment and one that needs to be, really, very
seriously probed by those who engage in it already.
Professor Bigo: I think the relevant
question is how you circulate information concerning a specific
individual from one doti.e. one agencyto another
doti.e. another agency, either inside the EU or related
to third parties, and how the citizen can trace where their data
is and who has processed that and for what reason. It raises the
question of the conception of to whom the information and personal
data pertains. In the EU it is quite clear: to the citizen. In
other countries, including the US, the information pertains to
the service which has processed the information through the personal
data. So it is a commercial product. Protection exists, but along
different bases. When we send data beyond the EU, or where we
have more and more, even, construction through raw data to information,
together we have a very serious problem of conception which needs
to be addressed, because if we discuss about the US relation with
the EU we have seen that they want to impose their point of view
with a very strong asymmetry of relation. If I may, we will have
the colloquium in Paris on 10/11 October especially about this
question of exchange of data. It will be about the asymmetry of
relations between the EU and the US; the role of companies in
processing the data and the relation to the data protection. I
think that what has been done until now is that we have too much
separation between data protection by lawyers and discussion about
sovereignty by political scientists, and discussion about economic
competition by economists. What we want to do is to connect the
three elements together because we will never have a good answer
if we are not doing that.
Professor Lodge: May I come back on that
because when we have talked to the ICT providers about what they
understand about the commodification of their data. They say it
is legitimate commerce, as I am sure you know, but there is a
rider to that when one is talking about accountability. They always
seem to say it is satisfied because one has an audit trail or
because one sets up a manual of best practice, but they do not
seem to realise precisely the point that comes out here, which
is, ultimately, political accountability and legal certainty.
Q133 Chairman:
That is very helpful. Thank you both very much for coming. We
have enjoyed enormously hearing your views. As I said at the beginning,
if there is something that either of you would like to add which
you think would be helpful to us we would welcome that very much
indeed. I have given a note to our Clerk during the proceedings
to ensure that when the Committee visits The Hague and Brussels
next week we shall have the transcript, hopefully, of the evidence
that you have given us because I think if we have that beside
us as we have our meetings in those two cities it will be a great
help. Thank you very much.
Professor Bigo: Thank you.
|