Parliamentary oversight of security and intelligence agencies in the EU

One of the reasons for the lack of posts on this blog the past months is that I co-authored this large study (446 pages), together with Aidan Wills, for the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE). The study came out today, and also includes a number of attachments written by national intelligence oversight bodies.

Abstract: This study evaluates the oversight of national security and intelligence agencies by parliaments and specialised non-parliamentary oversight bodies, with a view to identifying good practices that can inform the European Parliament’s approach to strengthening the oversight of Europol, Eurojust, Frontex and, to a lesser extent, Sitcen. The study puts forward a series of detailed recommendations (including in the field of access to classified information) that are formulated on the basis of indepth assessments of: (1) the current functions and powers of these four bodies; (2) existing arrangements for the oversight of these bodies by the European Parliament, the Joint Supervisory Bodies and national parliaments; and (3) the legal and institutional frameworks for parliamentary and specialised oversight of security and intelligence agencies in EU Member States and other major democracies.

We will present the study at the LIBE Committee at 15h on Monday the 3d of October. An Interparliamentary Committee Meeting on  “Democratic Accountability of the Internal Security Strategy and the Role of Europol, Eurojust and Frontex” will be held on Wednesday 5 October from 15.00 to 18.30 and on Thursday 6 October from 9.00 to 12.30 in the Hemicycle of the Paul-Henri Spaak building of the European Parliament as well, which is open to the public. You can register for this meeting until the 29th of September.

MI5 short of surveillance officers says minister

The BBC reports that the UK government has revealed MI5 does not have enough spies to allow it to abolish control orders immediately. Security Minister Baroness Pauline Neville-Jones said the  Security Service needed to recruit and train more surveillance officers.

Ministers want to introduce a lighter touch regime, which depends on more surveillance, by the end of the year. Parliament approved control orders until New Year’s Eve, with ministers saying the replacement will be ready.That revised system, known as Terrorism Prevention and Investigation Measures (TPIMs) includes many of the aspects of control  orders but allows greater use of phones and freedom of movement.

But security chiefs want the new freedoms to be balanced by greater secret surveillance of the suspects.
The admission that the Security Service does not yet have enough surveillance officers came on Tuesday evening in a Parliamentary debate on renewing control orders until the end of the year.
The government needs to legislate to introduce TPIMs – but Baroness Neville-Jones told peers that even if the “looser regime” were in place, there was not yet enough manpower “to give the necessary security to the public”.

US Director of National Intelligence disclosed budget request

For Fiscal Year 2012, “The aggregate amount of appropriations requested for the National Intelligence Program is $55 billion,” according to a February 14 ODNI news release. The new disclosure was required by the FY2010 intelligence authorization act (sec. 364).  That legislation permitted an optional Presidential waiver of disclosure if necessary on national security grounds, but no waiver was asserted. The Office of the DNI is being reduced in size and budget,” DNI Clapper said.

Secrecy news has more intelligence related CRS reports:

“Director of National Intelligence Statutory Authorities: Status and Proposals,” January 12, 2011.

“Intelligence, Surveillance, and Reconnaissance (ISR) Acquisition: Issues for Congress,” January 20, 2011.

“Intelligence Authorization Legislation: Status and Challenges,” January 20, 2011.

“Satellite Surveillance: Domestic Issues,” January 13, 2011.

“The National Intelligence Council: Issues and Options for Congress,” January 10, 2011.

“Intelligence Estimates: How Useful to Congress?”, January 6, 2011.

Newly Released Documents Detail FBI’s Plan to Expand Federal Surveillance Laws

EFF just received documents in response to a 2-year old FOIA request for information on the FBI’s “Going Dark” program, an initiative to  increase the FBI’s authority in response to problems the FBI says it’s  having implementing wiretap and pen register/trap and trace orders on new communications technologies. The documents detail a fully-formed and  well-coordinated plan to expand existing surveillance laws and develop
new ones. And although they represent only a small fraction of the  documents we expect to receive in response to this and a more recent FOIA request, they were released just in time to provide important background information for the House Judiciary Committee’s hearing tomorrow on the Going Dark program. (HT Georgetown SLB)

Russian Federation Invests in Enhanced Surveillance

On January 28, 2011, Russian media outlets reported that on January 11, 2011, the government had issued a resolution approving a two-year program of investing in high technology in the field of security. The program, which was recommended by the President’s Commission on Modernization and Technological Development, entrusts the FSB with the responsibility of spending 633 million RUB (approximately US$30 million) in order to develop methods and equipment for advanced surveillance.

The program consists of two parts: voice biometrics, which is focused on voice synthesis and identification and better understanding of vocal messages transmitted by technical means; and automatic video recognition aimed at mechanical discerning of targets in real time. A database of targets, associated personal images, and identified voices must be created by 2012. Placing the FSB in charge of this program was viewed by Russian commentators as a further expansion of this secret service’s authority, in line with allowing it to conduct independent genetic analysis of remains allegedly belonging to terrorists and of those who have been identified as relatives of terrorists (id.). At present, independent forensic centers are performing these tasks. A relevant amendment to the FSB Law was introduced in the State Duma. (Bill No. 493009-5 (submitted on Jan. 27, 2011)

House Republicans seek to extend Patriot Act

On Friday, the House of Representatives scheduled a vote next week on legislation that would extend the provisions of the so-called Patriot Act, without modification, until Dec. 8, instead of letting them expire at the end of this month. The move is designed to give the House Judiciary Committee, now under Republican management, time to hold hearings on the law, according to an aide to the committee’s new chairman, Representative Lamar Smith of Texas.

The expiring provisions allow investigators to get “roving wiretap” court orders for targets who switch phone numbers or providers; to seize “any tangible things” deemed relevant to an investigation, like a business’s customer records; and to get wiretap orders against terrorism suspects who are not connected to any foreign terrorist group or government.

Federal judge dismisses government surveillance suit for lack of standing

[JURIST] A judge for the US District Court for the Northern District of California granted summary judgment Monday in favor of the government in CCR v. Obama, ruling that the Center for Constitutional Rights (CCR) lacked standing to challenge the legality of information obtained by Bush-era warrantless surveillance programs. CCR argued that the Terrorist Surveillance Program (TSP) and Protect America Act (POA), which allowed the National Security Agency (NSA) to wiretap suspected terrorists without a warrant, chilled the CCR’s ability to speak freely with its clients and probably intercepted communications that were subject to the attorney-client privilege. Judge Vaughn Walker, noting that the TSP was discontinued in 2007 and the POA expired in 2008, ruled that CCR lacked standing to challenge the programs since it could not show its communications had actually been intercepted as required to state a claim under the Foreign Intelligence Surveillance Act (FISA) or that it had suffered any harm.

Walker explained:

“In short, plaintiffs have not shown that they personally have suffered some actual or threatened injury as a result of the putatively illegal conduct, especially in light of the clear precedent requiring that the allegations of future injury be particular and concrete. Plaintiffs have therefore failed to establish standing for their First Amendment claim” [citations omitted]. CCR Senior Attorney Shayan Kadidal expressed displeasure with the ruling, saying [press release], “It is astonishing that President Obama’s administration continues to fight to hold on to the fruits of a patently illegal surveillance program, even where that surveillance was directed at attorneys engaged in suing the government.”

NGO report claims that data retention in Germany is not effective

According to the report:

With data retention in effect, more serious criminal acts (2009: 1,422,968) were registered by police than before (2007: 1,359,102), and serious offences were cleared less often (2009: 76.3%) than before the retention of all communications data (2007: 77.6%).

User avoidance behaviour can explain the counterproductive effects of blanket data retention on the investigation of crime: In order to avoid the recording of sensitive information under a blanket data retention scheme, users begin to employ Internet cafés, wireless Internet access points, anonymization services, public telephones, unregistered mobile telephone cards, nonelectronic communications channels and such like. This avoidance behaviour can not only render retained data meaningless but also frustrate more targeted investigation techniques that would otherwise have been available to law enforcement. Blanket data retention can thus be counterproductive to criminal investigations, facilitating some, but rendering many more futile.

New Study Documents Growing Role for Private Companies in Policing Online Communications

A new EDRI study finds that powers traditionally employed by law enforcement agencies and the judiciary “are silently being delegated by governments to ISPs and corporations under the guise of industry “self-regulation”. The report details significant efforts to entrust intermediaries with policing powers, surveys the impact of “voluntary ‘self-regulation’” on online content and draws attention to its repercussions for openness of the Internet and for innovation.

The study found that the term “self-regulation” is being inappropriately used to designate what amount to appeals to monitor, judge and sanction allegedly illegal websites and consumer behaviour. Proposed legislation and “non-binding guidelines” are forcing intermediaries into a position in which they can no longer avail themselves of legal protections — where they are obliged, in effect, “to police private online communications, often in blatant disregard of legal safeguards and even to impose sanctions for alleged infringements”.

“This fundamental change in the concept of “self-regulation” represents a danger for the core values of the Internet and the benefits that these values provide to society.” Should Internet intermediaries become “privatized enforcement systems”? Companies “come under intense pressure in relation to individual incidents that attract the interest of politicians and/or the press”. The measures recently taken by Visa, Mastercard, PayPal and Everydns against Wikileaks are a case in point.

The author catalogues international proposals that aim to persuade industry to engage in a vigilante system of monitoring and sanctioning, and include:

  • a series of ongoing ‘public-private dialogues’ organized by the European Commission to encourage hosting providers to engage in “extra-judicial rulings of illegality”
  • a 2010 European Commission funding proposal incentivising companies to engage in “self-regulatory” Internet blocking of allegedly illegal online material
  • discussions launched by the Council of Europe’s Assembly in 2010 whose “intention appears to be to increase the legal obligations of intermediaries” despite the fact that this would be “contrary both to the letter and the spirit of the 2003 Declaration on freedom of communication on the Internet”
  • 2010 OECD discussions, which aim to increase the responsibility of Internet intermediaries in advancing “public policy objectives”
  • the Anti-Counterfeiting Trade Agreement (ACTA), whose draft contains provisions that would encourage or coerce ISPs into policing their networks and enforcing extra-judicial sanctions, where they deem it to be appropriate
  • EU/India and EU/Korea bilateral free trade agreements, whose provisions would change the EU acquis on intermediary liability

The encouragement of extra-legal measures to limit access to information, proactive policing of the Internet and the exclusion of law enforcement authorities in investigating serious crimes are factors that contribute to the weakening of the rule of law and democracy.

While these appear to be regressive steps away from freedom, the NGO’s study found, for instance, that “the European Commission appears far from perturbed by the dangers for fundamental rights of this approach and appears keen to export the approach”.

“This process is gradually strangling the openness that is at the core of the Internet. This openness has enhanced democracy, has shaken dictatorships and has boosted economies worldwide. This openness is what we will lose through privatised policing of the Internet by private companies – what will we gain?”

UK’s review of counter-terrorism and security powers

The redacted review considered six key counter-terrorism and security powers:

  • The detention of terrorist suspects before charge, including how we can reduce the period of detention below 28 days
  • Section 44 stop and search powers and the use of terrorism legislation in relation to photography
  • The use of the Regulation of Investigatory Powers Act 2000 (RIPA) by local authorities and access to communications data more generally
  • Measures to deal with organisations that promote hatred or violence
  • Extending the use of ‘Deportation with Assurances’ in a manner that is consistent with our legal and human rights obligations
  • Control orders (including alternatives)

The review found that in some areas the UK’s counter-terrorism and security powers were “neither proportionate nor necessary”. It proposed:

  • A return to 14 days as the standard maximum period that a terrorist suspect can be detained before they are charged or released
  • An end to the indiscriminate use of terrorism stop and search powers provided under Section 44 of the Terrorism Act 2000
  • The end to the use of the most intrusive RIPA powers by local authorities to investigate low level offences and a requirement that applications by local authorities to use any RIPA techniques are approved by a magistrate
  • A commitment to rationalise the legal bases by which communications data can be acquired and, as far as possible, to limit that to RIPA
  • A stronger effort to deport foreign nationals involved in terrorist activities in this country fully respecting our human rights obligations
  • The end of control orders and their replacement with a less intrusive and more focused regime. Additional resources will be provided to the police and security agencies to ensure the new measures are effective not only in protecting the public but in facilitating prosecution

A new version of the Government’s counter terrorist strategy, CONTEST, will be published within a few months.