Select Committee on European Union Minutes of Evidence


Examination of Witnesses (Questions 120 - 133)

WEDNESDAY 18 JUNE 2008

Professor Juliet Lodge and Professor Didier Bigo

  Q120  Lord Dear: I have just one aside on that, and I agree with your premise. Certainly in the UK, information was always graded on a 16-point scale and it went from rumour to absolute rock-solid fact and by the lettering, and it went from A1 to 4, B1 to 4, arithmetically 16 points, you could tell immediately the value of the source and the perceived value of the information, and A1 was obviously the top. I do not know whether that is followed in The Hague. We go to The Hague next week and I want to pose that very question there because it is one thing to capture a mass of information ungraded, but it is a very different thing to put a grading on it because, when you grade, you also are evaluating the source and sooner or later a bad source will be dropped off and not even recognised at all, so I really put that in for the record as an observation. Professor Bigo, you have shown some caution, I know, about mixing up, as you see it, the professional criminal justice approach with one which involves risk anticipation, and I wondered if you could detect, or have detected, a preference for either one of those two approaches within the Europol Decision which has been made recently?

  Professor Bigo: First, we did not have from the research a complete overview of the people in Europol, so, by definition, my answer is partial concerning the amount of data that we have, and the quality of the interview, it was not systematic, so it is always dangerous to over-estimate what came from a couple of interviews. Nevertheless, what we have seen is a tension inside Europol itself. We have the analysts, especially the ones on threat assessment and especially on terrorism, who insist on the role of profiles, the importance of the technology of the database and software which processes raw data into refined data. Their views differ from those of the liaison officers at the headquarters, but also mainly from the Europol officers in the national units. The latter ones insist more on operational measures, on criminal justice necessities and on the importance of information to be processed in order to serve as evidence in a trial, so they are a little bit doubtful about risk-profiling. They are also more often interested in cross-border crime, in serious crime, in corruption, in money-laundering and less in terrorism, and maybe the UK is specific here, so it is very difficult to generalise. We have too small a number of interviews, but I would say that this tension, nevertheless, exists and it is quite coherent to a sociologist, as you see, for example, for the analyst to insist that the role is centred around the software expertise that they have. That they do not have operational capacity is not surprising and, on the contrary, the policeman insists on operational measures and not so much on analytical skills in computing, which is not so surprising either, so maybe what we have discovered is trivial, but sometimes it is not openly said and maybe it is good to know about that.

  Q121  Lord Harrison: Professor Lodge, you say in your evidence, para 27, that the Europol Decision highlights the need for a cross-pillar model of information exchange. Could you explain why this is the case and what form it might take, how it might be achieved?

  Professor Lodge: I think cross-pillar law enforcement means that we are not just talking about policing, and it is too easy to say that policing stops in the organised international crime arena when in fact the JHA pillar deals, as you know, with border management, illegal immigration, trafficking and the associated issues and, therefore, it deals with the identification of individuals and identity documents that may be used for those individuals, and those documents are often the same documents that are used for civil purposes, so we have got a crossover immediately. That means that there is the danger of compromising the principle of purpose limitation, why people enrol their biometrics and all the database issues that we are familiar with. It raises the issue again of the public-private partnership in the outsourcing of data, data management, sale or re-use and the linkage of data, how it is linked, who links it and the legitimacy of linking it. We have incompatible and differential practices on information-processing, whether it is for e-commerce or for e-justice-type issues, and at the same time there is a lot of discussion of having interoperable systems which are not really feasible at the moment, so there is almost a morass of different issues being pulled together without there being a clear understanding of what the implications are for accountability, and what the implications are, not simply for data protection of the individual and the sanctity of that and suddenly insisting that citizens are going to be obliged to access basic local government services as well as at the Passport Office or whatever, but that these systems are being accessed for very different purposes. Since those systems, in principle, will be dealt with according to different decision-making mechanisms under the pillars, as you know, this raises issues about whether there should be one universal rule or accountability which would be applicable to all because it is not really feasible to make a distinction of territoriality when one is talking about digital information that flows around in territorially unbounded digital space. I think that is what I am trying to get at and, if we are looking for a solution, then I think at the supranational level one has to come back to the idea of universal co-decision to make sure there is parliamentary accountability and scrutiny and effectiveness and to stop making these false distinctions between what is internal security, external security and e-business or e-commerce because they all seem to be merged as a result of the application of the subsequent technologies.

  Q122  Lord Harrison: I take it from your answer that you think it is right and proper to explore the opportunity to find that model, that template?

  Professor Lodge: Yes, I think one has to make sure that there is proper political accountability in order to ensure legitimacy and to overcome citizen distrust which may be very well-founded, but, if one has this morass, then I do not think one is going to attain it. Also, I think it is detrimental overall to the whole political legitimacy of the Member States and the national systems as well as the supranational system, and it does not really do a service to the citizen who is supposed to be being brought closer to the EU or to government or to feel more consulted and involved and participate in the decision-making and in trusting government and good governance.

  Q123  Lord Harrison: My Lord Chairman, while I have the floor, could I just return to an item that Professor Lodge, I think it was, spoke about earlier, and I will perhaps ask Professor Bigo to answer this as well, but I think you said that we may have to contemplate exceptionally moving into one language in dealing with this specific area which, I think, most people would assume would be English rather than French. Would you like to say a bit more as to why you think that is the case and whether, in your conversations that you both have with those who are involved in all this panoply of interest, there is a build-up of a feeling that really it is common sense at the end of the day?

  Professor Lodge: I think people have very different viewpoints on that and some will be very assertive in insisting on every language being used, but it is not financially viable. If we are talking about automated information exchange which relies on a very tight definition of a particular term, then we have to have precision in understanding that term, otherwise, we are not sure that the information is there. As I said, I am not an advocate normally of a single language, but I think one needs to find one which is precise and universally understood. That again would lead to other training issues for personnel as well. Without that, I think it is going to be very difficult to get the legal certainty and the precision that is often essential if one is going to be successful in prosecuting international organised crime.

  Professor Bigo: I think that the key element is certainly the legal certainty, so I will go further and say that in cultural anthropology and sociology what is essential is to be sure that the meaning of the terminology is captured. Very often it is not the case because people jump from their preliminary logic, the one they have in mind in their national country as if the others have the same, and it is especially the case when we discuss between accusatory and inquisitorial procedures. Each time we are discussing between French magistrates and English magistrates, and you know that better than me, there is a common misunderstanding about, "What does that mean?", and we have seen that even with the notion of what is indefinite detention, and the parallel with détention provisoire, for example. I would say that it is not the language, as such, which is the problem, it is to capture what is the meaning we want at the European level and what is the coherence between one terminology and the other one, so it is to have the relations between the concept which is central and, if we have that, then I think the language will not be so much of a problem if we have accurate translation, and be aware that, if it is only in one language, you will not solve the problem because you will have 27 versions of English!

  Q124  Lord Harrison: So few!

  Professor Bigo: And, just listening to me, you can understand what could be the problem!

  Chairman: I am conscious of the clock and I am conscious that we have another witness to appear before us, so I am afraid I must ask for brevity because we must give our next witness a fair chance.

  Q125  Lord Hodgson of Astley Abbotts: Professor Bigo, could we return to the pillars. I think in your evidence you suggest that the cross-pillar approach has posed particular issues because of the internal and external security questions. Perhaps you could give us some examples of this and how they might be addressed. It may be, and this is a question for you both really, that the whole issue would fall away if the Lisbon Treaty were to come about and the pillars were to disappear. Presumably that would provide an answer and is that what you think would be a desirable outcome?

  Professor Bigo: Clearly, what we have seen from 2001 and especially 2004 is in any case a trans-pillarisation of the different groups of experts, but nevertheless, the legal basis of the different agencies differs and are grown into different pillars and now it may be the case for quite a while, so it does not matter so much if the missions and the pillars are coherent. If you think about Europol, it is quite clear why Europol is on the third pillar. My thoughts are that, on the contrary, if Frontex, which is on the first pillar, has more and more capacity about policing and surveillance, and even with the future of Frontex, some capacity which is going through the second pillar in some way—in the way that they are treating raw data, military intelligence and so on—then we have to be very aware about what are the legal bases and how they fit or not with the missions. The discrepancy is dangerous. I have kept that very brief, but of course we can develop more than that the capacity of the different organisations. I just want to add one word on the relationship between Europol and Sitcen, it is clearly something central to ask in The Hague, and it is not because the two organisations say that now they find agreement that it is clear how they deal with the question of threat assessment on terrorism.

  Professor Lodge: Yes, I agree with that entirely. I think there is a big issue surrounding the different objectives and the different competencies of the various organisations that have to feed each other with information in order to have a satisfactory and efficient outcome.

  Q126  Lord Marlesford: I really want, if I may, to ask Professor Lodge on this question of the technological capabilities defining agendas which give the bureaucrats more influence than the elected politicians, how do you see that parliamentary oversight and scrutiny can improve that situation?

  Professor Lodge: I think the parliaments, the national parliaments in particular, but the national parliaments together, possibly through a development within COSAC, need to become more proactive in stating what they want before technology is adopted and to see technology as the tool and not the answer. I think at the moment things are inverted, so that implies that parliaments need to be better organised in relation to making inputs on proportionality checks, insisting on them having control, insisting on the Chairman of Europol, for example, appearing publicly possibly before the European Parliament's Civil Liberties Committee or at the same time as the relevant Minister from the JHA and the Commissioner, and also the national parliaments or COSAC taking on the role of looking for proportionality in the solutions that are being advanced so that they effect a proportionality check on the implementation of the political strategy. The way in which the support operations are supposed to run within Europol and national forces can very easily become a way by which certain States start to initiate investigating roles which have implications for strategy and the political leadership. Political accountability then becomes rather muddy, so there is a role there for national parliaments. I think there is a role also for national parliaments in being very vigilant in defining the objectives and the competencies of Europol relative to the other agencies that we have mentioned, and the role of Eurojust, which national parliaments might look at because it may just be the precursor to having a specific role for the European Public Prosecutor and, in relation to Europol's operational remit, there are things which national parliaments might want to investigate. In addition to that, the national parliaments might want to have some oversight over the output from joint investigation teams, so I think what the national parliaments' primary role has to be is to be very critical and indeed to launch investigations into, and establish rules for, what the role of technology is in all these operations which are associated with the remit that Europol has.

  Q127  Chairman: Professor, you have more confidence in COSAC than very many of us in this room.

  Professor Lodge: Not necessarily. I just think that logically, if the national parliaments are to have any impact outside of those parliaments which are known to be very effective in the quality of the information they provide, such as the Lords in particular, then they have to be better organised and they are going to have to be organised among themselves, among the 27, in a way that they are not accustomed to being.

  Chairman: We shall see.

  Q128  Lord Mawson: You say that the principles of data protection and data security in international information exchange are implemented in a political reality that relies on bilateral understanding and mutual recognition. This, you believe, results in patchy safeguards for citizens and all concerned. Do you know of any other areas of e-governance where a more coherent approach has led to improved efficiency and accountability?

  Professor Lodge: I think the big problem is that there is ad hoc-ism which is pervasive across e-government services and it is because one has this very patchy, piecemeal approach which creates difficulties, which means that we have got a proliferation of incompatible technological systems quite often with very different rules on "need to know" principles and caveats on data protection, very imprecise terms which bar legitimate access by the data subject sometimes, whether it is to do with paying one's council tax or whether it is to do with accessing other information, but other people have that kind of access. I think there are a couple of examples in countries that I do not know in detail, but where I think their political approach is somewhat different, which would be France with the model on identity documents being used for tracking purposes where people have a loyalty card or an Oyster card, those sorts of things, and Scandinavia where the model that, I understand, they adopt is much more based around the principle of purpose limitation, so, if one has a particular ID or a particular electronic document used for one purpose, it cannot be linked or used for other purposes. I think what we are seeing across the board here is that they are linked to all kinds of purposes for which they were not originally intended and additional data is collected which is irrelevant for the particular purpose. My impression is that in Austria, to some extent, and certainly in the Scandinavian countries they seem to be more dogmatic on trying to insist that that principle is applied. The political culture and the acceptability of this sort of technology is based within their own political cultures of transparency and openness which seem to be far more concerned with ensuring that the technological and the semantic aspects of e-governance do not lead them down the path of adopting whatever happens to be the generic solution to a particular problem which the industry wants to provide, but saying, "No, wait a minute. What is the purpose that we are trying to achieve? What do we need on that document?" and then limiting it to that and not going down the route of too many linked-up databases and systems which are vulnerable to a level of attack as well as to function creep.

  Q129  Lord Mawson: There was only one other issue I wanted to raise about whether you feel there need to be more market forces within some of this, that actually the outcomes need to be specified, but maybe the actual forces needed to drive to that conclusion need to be more business-led?

  Professor Lodge: I think, possibly, within government, but the first principle, before any system is ever bought or any additional part of a system is bought, should be that there should be baked-in security, not that the suppliers who supply the same system to countries all around the world say: "This is what we have got; you can use; you can use it for this purpose"—it should be round the other way. We want security of access and security for the identity of the individual and security for the data. That is our first principle. Then we want the system to deliver certain types of operations that we want to perform, whereas, I think, at the moment, it is much more the case that the industry is saying: "We have got all these things, we have sold it to country X, Y and Z—you can have it." That is not value for money and it is not efficient because it means that one is getting an obsolete system to start with and then one is constantly having to upgrade it, if one wants to do something else with it, and it costs more and it costs more time as well.

  Q130  Lord Teverson: If I could put two questions together. Professor Lodge, in many ways we have asked a lot of questions about systems. My question was that Europol and Eurojust need to set gold standards in terms of their technical architecture. We have talked about that a fair bit, so if there is anything you want to sweep up on that I am sure we would like to hear it. Professor Bigo, in terms of Europol gaining new operational capabilities, a legality check from Eurojust may become indispensable, was part of your argument. I am particularly interested in that relationship, if you could develop that slightly.

  Professor Bigo: I think we need to come back to the notion of Eurojust. At the very beginning Eurojust was considered by some as a justice counterpart at the EU level of Europol, which was police orientated. In this vision Eurojust has also to be correlated with the corpus juris, creating a legal base on Euro crime for the European prosecutor, but we know that Eurojust has evolved along different lines, especially with the influence of those Schengen magistrates and with the success of mutual recognition as a model for Justice and Home Affairs or the area of Freedom, Security and Justice. This intergovernmental trend has been welcomed by some Member States (and I see UK as one of them). It has limited Europol for taking too much autonomy from sovereign states, but the mutual recognition has also limited the idea that some agencies may control other agencies, and that justice agencies may have their say on what police agencies are doing. I think we need to draw the analogy with the continental model of the supervision by investigating magistrates of the role of the police but at the EU level. Now Eurojust is more (and perhaps I am a little bit harsh in saying that) the auxiliary of Europol than the reverse. Eurojust is on prosecution, and it has created a disequilibrium in the idea of justice in Europe especially if we look at the rights of defense that occur at EU level and the place of magistrates coming from the Courts and their absence in the functioning of Eurojust. Judges are sovereign in European courts (ECJ, ECHR) but they are not present in Eurojust: why? Maybe if some judges were involved in the earlier routine of policing through investigations—especially when the role of Europol is expanding—it may be a good idea in that case to really re-discuss the relation between Europol and Eurojust with a different quality of judges coming into Eurojust. I think there will also be a question about the organisation of the EU Commission itself, and we have a unique DG for JLS, which is Justice, Liberty and Security. It has to be remembered that is not the way national governments function, and therefore you have at the national level a division between the work on security and police in one ministry and in another ministry the question of justice and freedom. Maybe to have only one commissioner for the three activities has created destabilisation, and there, maybe also, the role of the different parliaments to discuss a little bit more about that and to see if a solution cannot be there, lying at the heart of the organisation, in order to split the DG and to reframe the organisation of the Commission, as it would have many effects on the new balance between the two concepts: security and liberty.

  Professor Lodge: Yes, I would endorse the idea that really one ought to have a commissioner responsible for justice. Eurojust is very much the poor relation in the link between Europol and Eurojust, but perhaps I can provide a bit more technical material separately.

  Q131  Lord Dear: I think I know the answer to this, so I am sure we can be brief. There is a need for Europol to exchange data with third parties, as it were, outside the system. I wonder whether you thought that was a good or a bad thing and whether it enhances or impedes their operations. It is something we have to look at.

  Professor Lodge: Yes. I think at one level it will enhance it but it depends, again, as we have been saying all the way through, on the reliability and, also, on the definitions, whether one is taking intelligence—

  Q132  Lord Dear: It is about data and material coming in and whether one can take it at face value or one needs to check.

  Professor Lodge: Yes, because there is a risk of group think in the determination and the analysis of the data that has come in. One may be prone to rely on certain outside or third states because of traditional patterns, and so on, and to doubt contrary evidence. The objective would surely be to improve efficiency and to add value to what Europol is doing. So it is a fine judgment and one that needs to be, really, very seriously probed by those who engage in it already.

  Professor Bigo: I think the relevant question is how you circulate information concerning a specific individual from one dot—i.e. one agency—to another dot—i.e. another agency, either inside the EU or related to third parties, and how the citizen can trace where their data is and who has processed that and for what reason. It raises the question of the conception of to whom the information and personal data pertains. In the EU it is quite clear: to the citizen. In other countries, including the US, the information pertains to the service which has processed the information through the personal data. So it is a commercial product. Protection exists, but along different bases. When we send data beyond the EU, or where we have more and more, even, construction through raw data to information, together we have a very serious problem of conception which needs to be addressed, because if we discuss about the US relation with the EU we have seen that they want to impose their point of view with a very strong asymmetry of relation. If I may, we will have the colloquium in Paris on 10/11 October especially about this question of exchange of data. It will be about the asymmetry of relations between the EU and the US; the role of companies in processing the data and the relation to the data protection. I think that what has been done until now is that we have too much separation between data protection by lawyers and discussion about sovereignty by political scientists, and discussion about economic competition by economists. What we want to do is to connect the three elements together because we will never have a good answer if we are not doing that.

  Professor Lodge: May I come back on that because when we have talked to the ICT providers about what they understand about the commodification of their data. They say it is legitimate commerce, as I am sure you know, but there is a rider to that when one is talking about accountability. They always seem to say it is satisfied because one has an audit trail or because one sets up a manual of best practice, but they do not seem to realise precisely the point that comes out here, which is, ultimately, political accountability and legal certainty.

  Q133  Chairman: That is very helpful. Thank you both very much for coming. We have enjoyed enormously hearing your views. As I said at the beginning, if there is something that either of you would like to add which you think would be helpful to us we would welcome that very much indeed. I have given a note to our Clerk during the proceedings to ensure that when the Committee visits The Hague and Brussels next week we shall have the transcript, hopefully, of the evidence that you have given us because I think if we have that beside us as we have our meetings in those two cities it will be a great help. Thank you very much.

  Professor Bigo: Thank you.






 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2008