Intelligence Law and Policies in Europe: A Handbook 9781509926169, 9781509926176

Activities of intelligence agencies have recently moved into the focus of public critical review all over Europe. The pu

260 52 5MB

English Pages [602] Year 2019

Report DMCA / Copyright

DOWNLOAD PDF FILE

Recommend Papers

Intelligence Law and Policies in Europe: A Handbook
 9781509926169, 9781509926176

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Citation preview

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/03_Preface.3d from 30.09.2019 13:44:20 3B2 9.1.580; Page size: 160.00mm  240.00mm

Preface Intelligence Cooperation in Europe is of fundamental and growing importance in view of the various common risks and threats that the European continent and the EU, in particular, are facing. They range from threats by terrorists as well as organised crime, to espionage, sabotage and cyber-attacks by third parties and countries. Most of the latter aim at undermining the democratic systems and shared values of European societies, the European Union and its Member States. Furthermore, the Common Foreign and Security political approach of the European Union requires a functioning cooperation between European intelligence agencies. At the same time – particularly following the Snowdon revelations – European citizens expect intelligence activities to be in line with values of democracy, the rule of law and human rights. So far, there existed no extensive, deep analysis of intelligence work encompassing Europe under these aspects. This book aims to close this gap and offer a solid background for further objective, cross border European discussions. It takes into account the various facets of intelligence activities in Europe in a problem- and taskoriented way. It, thus, spans from general operational chapters on intelligence operations to intelligence cooperation within different policies in Europe, inside the EU but also on a bigger scale (e.g. NATO), to its legal frameworks including its organisational limits as well as those drawn by competence rules and fundamental rights and to expositions of the structures of several selected national intelligence communities. We have been fortunate to win a number of eminent experts from relevant administrations, academia and civil society as authors for different chapters of our book. We are very grateful for their preparedness to take on the research for and drafting of chapters in their field of expertise. European citizens may expect intelligence services of Europe – and particularly within the European Union – to cooperate as much as possible and necessary, in order to counter threats that are becoming increasingly difficult to tackle for each state on her own. It would contribute to jointly defend our democracies, the rule of law and fundamental rights as achievements on which Europe is built. Hence, we submit that European intelligence plays a substantial role. Sincere thanks are due to Dr. Wolfgang Czerny of C.H. Beck Publishers, without whose help and patience the project would not have been completed. Additional help was given by Johannes Sieber and Maximilian Trapp. We are most grateful to them. Jan-Hendrik Dietrich Berlin

Satish Sule Brussels

November 2018

VII

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/03_Preface.3d from 30.09.2019 13:44:20 3B2 9.1.580; Page size: 160.00mm  240.00mm

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/04_About-the-Contrib.3d from 30.09.2019 13:44:23 3B2 9.1.580; Page size: 160.00mm  240.00mm

About the Contributors Felia Allum is senior lecturer in Politics and Italian in the Department of Politics, Languages and International Studies at the University of Bath, UK. Iain Cameron is professor in international law at Uppsala University and director of Uppsala University’s centre for Police Research. Mai’a K. Davis Cross is the Edward W. Brooke Professor of Political Science and Associate Professor of Political Science and International Affairs at Northeastern University, Boston. Jan-Hendrik Dietrich is a Professor of Security Law at Federal University of Administrative Sciences and co-director of the Centre for Intelligence and Security Studies at the University of the German Federal Armed Forces in Munich. Florent Le Divelec is a data protection compliance officer, former Academic Assistant at the College of Europe. Jana Gajdošová is Head of the Programme Justice, Security and Digital Society at the European Union Agency for Fundamental Rights (FRA). Stan Gilmour is a serving police officer and a visiting Policy Fellow in the Institute for Policy Research at the University of Bath, UK. Michael S. Goodman is Professor of Intelligence and International Affairs in the Department of War Studies, King’s College London. He is also Visiting Research Professor at the Norwegian Defence Intelligence School and Visiting Professor at Sciences Po, Paris. Christiane Höhn Dr., LL. M. (Harvard), is the Principal Adviser to the EU CounterTerrorism Coordinator, Council of the European Union. Frederic Ischebeck-Baum is a Fellow of the Sir Michael Howard Centre for the History of War at King’s College London, and former Assistant Director of the latter’s Centre for Defence Studies. He is a Visiting Lecturer at Cambridge University and has worked with the Changing Character of War Centre at Oxford University. Gilles de Kerchove is the EU Counter-Terrorism Coordinator (since 2007), Council of the European Union. He holds an LL.M. from Yale Law School and teaches European law at several Belgian universities. Eric King is a Visiting Lecturer at Queen Mary, University London where he teaches surveillance law. Previously, he was Director of the NGO campaign Don’t Spy On Us, and the Deputy Director at Privacy International. Ian Leigh is Professor of Law at Durham University. Carlo Masala holds a Chair for International Politics at Bundeswehr University Munich. Carly Nyst is a human rights lawyer and independent consultant working on technology and human rights. She was previously the legal director of Privacy International.

IX

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/04_About-the-Contrib.3d from 30.09.2019 13:44:24 3B2 9.1.580; Page size: 160.00mm  240.00mm

About the Contributors

Nicolas von zur Mühlen is head of the section for information law and legal informatics at the Max Planck Institute for Foreign and International Criminal Law in Freiburg. Sir David Omand is Visiting Professor in the War Studies Department King’s College London and at PSIA Sciences-Po Paris. He is a former UK Security and Intelligence Coordinator, Permanent Secretary of the Home Office and Director of the UK signals intelligence and cyber security agency, GCHQ. José-Miguel Palacios is a lecturer of intelligence studies at the College of Europe (Bruge) and the Universidad Rey Juan Carlos/Universidad Carlos III (Madrid). Between 2011 and 2015 he was the Head of the Analysis Division, EU Intelligence Analysis Centre. Christian Rauwolf, Lieutenant Colonel (GS), is currently posted as the German Defence Attaché in Bogotá, Colombia. From 2012 to 2015 he served in the EU Military Staff’s Intelligence Directorate. Alessandro Scheffler Corvaja is a PhD-Student at Bundeswehr University Munich. He has gained much of his professional experience in multinational settings such as the NATO Defense College and the George C. Marshall European Center for Security Studies. Steven J. Ryder is working at the European Union Law Enforcement Agency for Law Enforcement Cooperation (Europol) as a legal officer (Specialist) in EU & International Law. Stefanie Schmahl Dr., LL.M. (Barcelona) is full professor of German and Foreign Public Law, International Law and European Law at the Julius-Maximilians-University of Würzburg. Satish Sule is an official (legal officer) in the Security Directorate of the Directorate General of Human Resources and Security of the European Commission. Tatiana Tropina is senior researcher in the section for information law and legal informatics at the Max Planck Institute for Foreign and International Criminal Law in Freiburg.

X

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/05_Abbreviations.3d from 30.09.2019 13:44:53 3B2 9.1.580; Page size: 160.00mm  240.00mm

Abbreviations and Acronyms ACH ...................................... AD ......................................... ADDNI ................................. AFSJ ....................................... AGI ........................................ AIPAC ................................... Aman ..................................... AOR ....................................... ARA ....................................... ARC ....................................... ATSA ..................................... AWF ...................................... BC .......................................... BfV ......................................... BND ....................................... BoF ......................................... BRIXMIS .............................. BW ......................................... CBRN .................................... CBW ...................................... CCA ....................................... CCP ....................................... CDA ...................................... CEO ....................................... CFSP ...................................... CI ........................................... CIA ........................................ CIARDS ................................ CIG ........................................ CIRAM ................................. CIS ......................................... CJEU ...................................... CMA ...................................... CMC ...................................... CMS ....................................... CNA ...................................... CNE ....................................... COI ........................................ COMINT .............................. COO ...................................... CoOL ..................................... COREPER ............................ COREU ................................. COS ....................................... COSI ...................................... COSPOL ............................... CPC ....................................... CRS ........................................ CRS ........................................ CSDP ..................................... CSIS ....................................... CSRS ...................................... CW ......................................... CYBERINT .......................... D&D ......................................

Alternative competing hypothesis Anno Domini Assistant deputy director of national intelligence Area of Freedom, Security and Justice Advanced geospatial intelligence American Israel Public Affairs Committee Agaf ha-Modi’in (Directorate of Military Intelligence, Israel) Area of responsibility Annual Risk Assessment Analytic Resources Catalog Aviation and Transportation Security Act Analysis Work File Before Christ Bundesamt fuer Verfassungsschutz (Federal Office for the Protection of the Constitution, Germany) Bundesnachrichtendienst (Federal Intelligence Service, Germany) Bits of Freedom British Commander-In-Chief ‘s Mission to the Soviet Forces in Germany Biological weapons Chemical, biological, radiological and nuclear Chemical and biological weapons Crisis Coordination Arrangements Consolidated Cryptographic Program Congressionally directed action Chief executive officer Common Foreign and Security Policy Counterintelligence Central Intelligence Agency CIA Retirement and Disability System Central Intelligence Group Common Integrated Risk Analysis Model Custom Information System Court of Justice of the European Union Community Management Account Central Military Commission (China) Case management system Computer network attack Computer network exploitation Coordinator of information Communications intelligence Chief operating officer Consular Online Committee of Permanent Representatives Correspondence Européenne Chief of station Standing Committee on Operational Cooperation on Internal Security Comprehensive Operational Strategic Planning for the Police Central Point of Contact Congressional Research Service Crisis Response System Common Security and Defence Policy Canada’s Security Intelligence Service (Canada) Counter Surveillance Reconnaissance System Chemical weapons Cyber intelligence Denial and deception

XI

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/05_Abbreviations.3d from 30.09.2019 13:44:54 3B2 9.1.580; Page size: 160.00mm  240.00mm

Abbreviations and Acronyms DARP .................................... DC .......................................... DCI ........................................ DCIA ..................................... DCP ....................................... DDNI .................................... DEFCON .............................. DG ......................................... DGIAP .................................. DGSE ..................................... DHI ........................................ DHS ....................................... DI ........................................... DIA ........................................ DICP ...................................... DIS ......................................... DISTP .................................... DITP ...................................... DNI ........................................ DO ......................................... DOD ...................................... DOE ....................................... DPSD ..................................... DRM ...................................... DS&T .................................... DST ........................................ EC .......................................... EC3 ........................................ ECHO .................................... ECHR .................................... ECIM ..................................... ECTC ..................................... ECtHR ................................... EDA ....................................... EDSP ..................................... EEAS ...................................... EEC ........................................ EIN ........................................ EJN ......................................... ELINT ................................... ENISA ................................... EO .......................................... EOD ....................................... EPC ........................................ ESDP ..................................... ESS ......................................... ETA ....................................... EU INTCEN ........................ EU SITCEN ......................... EU .......................................... EUMS INT ........................... EUMS .................................... EUROPOL ........................... EUROSUR ............................ EUSR ..................................... EXCOM ................................ FAPSI .................................... FASP ......................................

XII

Defence Airborne Reconnaissance Program Deputies Committee (NSC) Director of central intelligence Director of the Central Intelligence Agency Defence Cryptologic Program Deputy director of national intelligence Defence Condition Directorate-General Defense General Intelligence and Applications Program Direction Générale de la Sécurité Extérieure, French Foreign Intelligence Service Defense human intelligence Department of Homeland Security Directorate of Intelligence Defense Intelligence Agency Defense Intelligence Counterdrug Program Defence Intelligence Staff (Britain) Defense Intelligence Special Technologies Program Defense Intelligence Tactical Program Director of national intelligence Directorate of Operations (CIA) Department of Defense Department of Energy Directoire de la Protection et de la Sécurité de la Défense (Directorate for Defense Protection and Security, France) Directoire du Renseignement Militaire (Directorate of Military Intelligence, France) Directorate of Science and Technology (CIA) Direction de la surveillance du territoire (Directorate of Territorial Surveillance, France) European Community European Cybercrime Centre European Community Humanitarian Office European Convention on Human Rights European Criminal Intelligence Model European Counter Terrorism Center European Court of Human Rights European Defence Agency European Defense and Security Policy European External Action Service European Economic Community European Intelligence Communication Network European Judicial Network Electronic intelligence European Union Agency for Network and Information Security Electro-optical; Executive order Entry on duty European Political Cooperation European Security and Defence Policy European Security Strategy Euskadi Ta Askatasuna (Basque terrorist organisation) European Union Intelligence and Situation Centre European Union Situation Centre European Union Intelligence Directorate of the EU Military Staff European Union Military Staff European Agency for Law Enforcement Cooperation European Border Surveillance System European Union Special Representative Executive Committee Fedederalnoe Agenstvo Pravitelsvennoi Svyazi I Informatsii (Federal Agency for Government Communications and Information, Russia) Foreign affairs and security policy

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/05_Abbreviations.3d from 30.09.2019 13:44:55 3B2 9.1.580; Page size: 160.00mm  240.00mm

Abbreviations and Acronyms FBIS ....................................... FCIP ...................................... FIA ......................................... FIPR ....................................... FISA ....................................... FISINT .................................. FRAN .................................... Frontex .................................. FSB ......................................... FSJ .......................................... GAO ...................................... GCHQ ................................... GDIP ..................................... GDP ....................................... GDR ....................................... GEOINT ............................... GESTAPO ............................ GMES .................................... GNP ....................................... GRU ....................................... GSC ........................................ HCLU .................................... HSC ....................................... HSINT ................................... HUMINT ............................. I&W ....................................... IAEA ...................................... IGO ........................................ IMINT ................................... INR ........................................ INTCEN ............................... INTDIV ................................ INTs ....................................... IPCR ...................................... IRA ........................................ IRTPA ................................... ISAA ...................................... ISB .......................................... ISG ......................................... ISR ......................................... ISS .......................................... ISTAR .................................... IT ............................................ IWG ....................................... JCS ......................................... JHA ........................................ JIC .......................................... JICC ....................................... JIOC ....................................... JMIP ...................................... JTAC ...................................... JTTF ...................................... KGB ....................................... KJs .......................................... LIBE ....................................... LQDN ................................... MASINT ............................... MD ......................................... MEP ....................................... MI5 ........................................ MI6 ........................................ MIC .......................................

Foreign Broadcast Information Service Foreign Counterintelligence Program (DOD) Future Imagery Architecture Foundation for Information Policy Reserch Foreign Intelligence Surveillance Act Foreign instrumentation intelligence Frontex Risk Analysis Network Frontières extérieures (European Border and Coast Guard Agency) Federal’naya Sluzba Besnopasnoti (Federal Security Service, Russia) Freedom, security and justice Government Accountability Office Government Communications Headquarters (Great Britain) General Defense Intelligence Program Gross domestic product German Democratic Republic geospatial intelligence Geheime Staatspolizei (Secret State Police, Nazi Germany) Global Monitoring for Environment and Security Gross national product Glavnoye Razedyvatelnoye Upraveline (Main Intelligence Directorate, Russia) General Secretariat of the Council Hungarian Civil Liberties Union Homeland Security Council Homeland security intelligence Human intelligence Indications and warning International Agency for Atomic Energy Intergovernmental Organisation Imagery intelligence Bureau of Intelligence and Research (Department of State) Intelligence Analysis Centre Intelligence Division of the European Union Staff Collection disciplines (HUMIN, IMINT, MASINT, OSINT, SIGINT) Integrated Political Crisis Response Irish Republican Army Intelligence Reform and Terrorism Prevention Act Integrated Situational Awareness and Analysis Intelligence Steering Board Iraq Survey Group Intelligence, surveillance, and reconnaissance Internal Security Strategy Intelligence, surveillance, target acquisition and reconnaissance Information technology Intelligence Working Group Joint Chiefs of Staff Justice and home affairs Joint Intelligence Committee (Britain) Joint Intelligence Community Council Joint intelligence operations center Joint Military Intelligence Program Joint Terrorism Analysis Center (Britain) Joint Terrorism Task Force Komittet Gosudarstvennoi Bezopasnosti (Committee for State Security, Soviet Union) Key Judgments Committee on Civil Liberties, Justice and Home Affairs La Quadrature du Net Measurement and signatures intelligence VII Department for Crisis Response and Operational Coordination Member of European Parliament Military Intelligence Section 5 (Security Service, Great Britain) Military Intelligence Section 6 (Secret Intelligence Service, Great Britain) Monitoring and Information Centre

XIII

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/05_Abbreviations.3d from 30.09.2019 13:44:56 3B2 9.1.580; Page size: 160.00mm  240.00mm

Abbreviations and Acronyms MIP ........................................ MMT ..................................... Mossad .................................. MS .......................................... NAC ...................................... NATO ................................... NCC ....................................... NCIX ..................................... NCPC .................................... NCS ....................................... NCTC .................................... NFIP ...................................... NGA ...................................... NGO ...................................... NHAI .................................... NIC ........................................ NIE ........................................ NILO ..................................... NIM ....................................... NIMA .................................... NIO ........................................ NIP ........................................ NIPF ...................................... NKVD ................................... NOC ...................................... NRO ...................................... NRP ....................................... NSA ....................................... NSC ....................................... NSL ........................................ NSPD ..................................... NTA ....................................... NTM ...................................... OCTA .................................... ODNI .................................... OLAF ..................................... OPHQ ................................... OPS WAN ............................ ORCON ................................ OSC ....................................... OSCE ..................................... OSD ....................................... OSINT ................................... OSS ........................................ P&E ........................................ PC .......................................... PDB ....................................... PFIAB .................................... PHOTINT ............................ PIAB ...................................... PIOB ...................................... PIR ......................................... PLO ........................................ PNR ....................................... PPEWU ................................ PROTINT ............................. PSC ........................................ QFR ....................................... RAU ....................................... RELEX ................................... RESINT ................................. RIPA ......................................

XIV

Military intelligence program Mission monitoring team Ha-Mossad Le-Modin Ule Tafkidim Meyuhadim (Institute for Intelligence and Special Tasks, Israel) Member State North Atlantic Council North Atlantic Treaty Organisation National Coordination Centre National Counterintelligence Executive National Counterproliferation Center National Clandestine Service National Counterterrorism Center National Foreign Intelligence Program National Geospatial-Intelligence Agency Non-Governmental Organisation National High Authority of Intelligence National Intelligence Cell; National Intelligence Council National intelligence estimate National Intelligence Liaison Officer National Intelligence Manager National Imagery and Mapping Agency National intelligence officer National Intelligence Program National Intelligence Priorities Framework People’s Commissariat for Internal Affairs Nonofficial cover National Reconnaissance Office National Reconnaissance Program National Security Agency National Security Council National security letters National security policy directive New Transatlantic Agenda National technical means Organised Crime Threat Assessment Office of the Director of National Intelligence European Anti-Fraud Office Operational Headquarters Operations Wide Area Network Origination controlled Open Source Center Organisation for Security and Co-operation in Europe Office of the Secretary of Defense Open-source intelligence Office of Strategic Services Processing and exploitation Principals Committee (NSC) President’s daily brief President’s Foreign Intelligence Advisory Board Photo intelligence President’s Intelligence Advisory Board President’s Intelligence Oversight Board Prioritised intelligence requirements Palestine Liberation Organization Passenger name record Policy Planning and Early Warning Unit Protected information intelligence Political and Security Committee Question for the record Risk Analysis Unit External Relations Research-originating intelligence Regulation of Investigatory Powers Act

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/05_Abbreviations.3d from 30.09.2019 13:44:57 3B2 9.1.580; Page size: 160.00mm  240.00mm

Abbreviations and Acronyms RG .......................................... RUSI ...................................... RMA ...................................... SALT ..................................... SAR ........................................ SAS ......................................... SATCEN ............................... SBSS ....................................... SCAN .................................... SCUD .................................... SGAC .................................... SGHR .................................... SHAPE .................................. Shin Bet ................................ SIAC ...................................... SIGINT ................................. SIOP ...................................... SIS .......................................... SITCEN ................................. SITINT .................................. SitRoom ................................ SNIE ...................................... SNV ....................................... SOCINT ................................ SOCMINT ............................ SOCTA ................................. SOE ........................................ SOF ........................................ SPA ........................................ SSCI ....................................... START .................................. STASI .................................... SVR ........................................ SWIFT ................................... TECHINT ............................ TEK ........................................ TELINT ................................ TE-SAT ................................. TEU ....................................... TFEU ..................................... TFTP ..................................... TIARA ................................... TOR ....................................... TWP ...................................... U2 .......................................... UAV ...................................... UK .......................................... UN ......................................... UNSCOM ............................. USA ....................................... USDI ...................................... VIH ........................................ VIS ......................................... VoIP ...................................... WAAS ................................... WEU ...................................... WKC ..................................... WMD .................................... WWII ....................................

Reseignements Generaux (Central Directorate of General Intelligence, France) Royal United Services Institute Revolution in Military Affairs Strategic Arms Limitation Talks Synthetic aperture radar Special Air Service EU Satellite Centre Space-based surveillance satellite Scanning, analysis and notification Soviet-made ballistic missile Senate Governmental Affairs Committee Secretary General/High Representative of the EU Supreme Headquarters Allied Forces in Europe (NATO) Sherut ha-Bitachon ha-Klali (General Security Sevice, Israel) Single Intelligence Analysis Capacity Signals intelligence Select Intelligence Oversight Panel Secret Intelligence Service (Great Britain); Schengen Information System Situation Centre Situational intelligence EU Situation Room Special national intelligence estimate Stiftung Neue Verantwortung Socio-cultural intelligence Social media intelligence Serious and Organised Crime Threat Assessment Special Operations Executive Special Operations Forces Special political action Senate Select Committee on Intelligence Strategic Arms Reduction Treaty Staatssicherheit (Ministry for State Security, German Democratic Republic) Sluzhba Vneshnei Razvedki (Foreign Intelligence Service, Russia) Society for Worldwide Interbank Financial Telecommunication Technical intelligence Hungarian Anti-Terrorism Task Force Telemetry intelligence Terrorism Situation and Trend Report Treaty on European Union Treaty on the Functioning of the European Union Terrorist Finance Tracking Program Tactical Intelligence and Related Activities Terms of reference Terrorism Working Party US built spy plane Unmanned Aerial Vehicle United Kingdom United Nations United Nations Special Commission United States of America Undersecretary of defense for intelligence Virtual intelligence hub Visa Information System Voice-over-Internet Protocol Wide area airborne surveillance Western European Union Watch-Keeping Capability Weapon of mass destruction Second World War

XV

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/05_Abbreviations.3d from 30.09.2019 13:44:57 3B2 9.1.580; Page size: 160.00mm  240.00mm

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:23 3B2 9.1.580; Page size: 160.00mm  240.00mm

PART 1 INTRODUCTION Chapter 1 Intelligence in Modern European History Michael S. Goodman/Frederic Ischebeck-Baum Outline A. Introduction ...................................................................................................................... B. Intelligence in ancient Europe ...................................................................................... C. Intelligence in World War One.................................................................................... D. Intelligence in World War Two ................................................................................... E. Intelligence in the Cold War ......................................................................................... F. European Intelligence after the Cold War ................................................................. G. Intelligence, Europe and 9/11........................................................................................ H. The Post-9/11 Era ............................................................................................................ I. European Politics, Edward Snowden, and Spying on Friends............................... J. Intelligence and the European Union ......................................................................... K. Conclusion .........................................................................................................................

mn. 1 4 17 27 46 104 106 114 118 126 138

Bibliography: Adkins, Nelson’s Trafalgar, 2006; Ahmad, The Road to Iraq: The Making of a Neoconservative War, 2008; Aldrich (ed.), British intelligence, strategy and the Cold War 1945–51, 1992; Aldrich, The Hidden Hand – Britain, America and Cold War Secret Intelligence, 2002; Aldrich, GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency, 2011; Aldrich/Cormac, The Black Door – Spies, Secret Intelligence and British Prime Ministers, 2016; Aldrich/Cormac/Goodman, Spying on the World – The Declassified Documents of the Joint Intelligence Committee 1936–2013, 2014; Andrew/Aldrich/Wark (eds.), Secret Intelligence – A Reader, 2009; Andrew, Secret Service: The Making of the British Intelligence Community, 1985; Andrew, KGB – The Inside Story Of Its Foreign Operations from Lenin to Gorbachev, 1990; Andrew, The Defence of the Realm – The Authorized History of MI5, 2010; Andrew, The Sword and the Shield – The Mitrokhin Archive and the secret history of the KGB, 1999; Andrew, The World was going our way: The KGB and the Battle for the Third World, 2005; Andrew, The Secret World – A History of Intelligence, 2018; Bascomb, The Winter Fortress: The Epic Mission to Sabotage Hitler’s Atomic Bomb, 2016; Bassett, Hitler’s Spy Chief: The Wilhelm Canaris Betrayal, 2013; Behling, Spione in Uniform – Die Alliierten Militärmissionen in Deutschland, 2004; Behling/Jüttermann, Berlin Teufelsberg: Outpost in the Middle of Enemy Territory, 2012; Bellany (ed.), Terrorism and Weapons of Mass Destruction – Responding to the Challenge, 2007; Bennett, The Battle of Trafalgar, 2004; Betts/Mahnken (eds.), Paradoxes of Strategic Intelligence – Essays in Honor of Michael I. Handel, 2008; Blake, No other choice – An Autobiography, 1990; Boghardt, The Zimmerman Telegram: Intelligence, Diplomacy, and America’s Entry into World War I, 2012; Born/Leigh/Wills (eds.), International Intelligence Cooperation and Accountability, 2011; Bracken/ Bremmer/Gordon, Managing Strategic Surprise – Lessons from Risk Management and Risk Assessment, 2008; Budiansky, Her Majesty’s Spymaster – Sir Francis Walsingham and the Birth of Modern Espionage, 2005; Bundesnachrichtendienst, Mitteilungen der Forschungs- und Arbeitsgruppe Geschichte des BND, Der Bundesnachrichtendienst und die Kuba-Krise, Nr. 3, Band I, 12. Oktober 2012.1; Bundesnachrichtendienst, Der Bundesnachrichtendienst und der „Prager Frühling“ 1968, http://www.bnd.bund.de/DE/Organisation/ Geschichtsaufarbeitung/MFGBND_Uebersicht/MFGBND_Mitteilungen/Mitteilung_9_node.html (accessed 13 June 2017); Bungert et al (eds). Secret Intelligence in the Twentieth Century, 2003; Chopin, Intelligence Reform and the transformation of the State: the end of a French exception, in Schmitt (ed.), Myths and Realities of the French Way of War, Journal of Strategic Studies, Vol. 40, Issue 4 2017, pp. 532–553; Coll, Directorate S: The C.I.A. and America’s Secret Wars in Afghanistan and Pakistan, 2001–2016, 2018; Corera, The Art of Betrayal – Life and Death in the British Secret Service, 2011; Cradock, Know Your Enemy – How the Joint Intelligence Committee Saw the World, 2002; D’Andrea, Civic Christianity in Renaissance Italy: The Hospital of Treviso 1400–1530, Rochester, 2007; Dover/Goodman (eds.), Learning from the Secret Past – Cases in British Intelligence History, 2011; Drogin, Curveball: Spies, Lies and the Con Man who Caused a

Goodman/Ischebeck-Baum

1

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:24 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction War, 2007; Duyvenstein/de Jong/van Reijn (eds.), The Future of Intelligence – Challenges in the 21st century, Studies in Intelligence Series, Routledge 2015; Deutscher Bundestag, Beschlussfassung und Bericht des 1. Untersuchungsausschusses nach Art. 44 des Grundgesetzes – 23.06.2017, http://dip21.bundestag.de/ dip21/btd/18/128/1812850.pdf (accessed on 1st August 2018); Dylan, Defence Intelligence and the Cold War – Britain’s Joint Intelligence Bureau 1945–1964, 2014; Fernandez, Los servicios des intelligencia espanoles, Desde la Guerra civil el 11-M – Historia de una transicion, 2006.; Financial Times, Angela Merkel eyes place for Germany in US intelligence club, 25th October 2013, https://www.ft.com/content/e2492a3a-3d7a-11e39928-00144feab7de (accessed 1st August 2018); Ferris, The British Army and Signals Intelligence in the Field During the First World War, in: Intelligence and National Security 3:4 (2008), pp. 23–48; Foot, An Outline History of the Special Operations Executive, 1940–1946, 1999; Gehlen, Der Dienst – Erinnerungen 1942–1971, 1971; Geraghty, Brixmis – The untold exploits of Britain’s most daring Cold War spy mission, 1997; Gorge/Bruce (eds.), Analysing Intelligence – Origins, Obstacles, and Innovations, 2008; Goodman, The Official History of the Joint Intelligence Committee, Volume I: From the Approach of the Second World War to the Suez Crisis, 2016; Goodman, Spying on the Nuclear Bear – Anglo-American intelligence and the Soviet bomb, 2007; Gibson, The Last Mission behind the Iron Curtain, Sutton Publishing Limited 1997; Gieseke (4th ed.), Die Stasi 1945–1990, 2011; Gill/Marrin/Phythian (eds.), Inteligence Theory – Key Questions and Debates, 2009; Gioe/Scott/Andrew (eds.), An International History of the Cuban Missile Crisis – A 50-year Retrospective, 2014; Glees, The Stasi Files: East Germany’s Secret Operations against Britain, 2003; Grant (ed.), The British Way in Cold Warfare – Intelligence, Diplomacy and the Bomb 1945–1975, 2009; Haslam, Near and Distant Neighbours – A New History of Soviet Intelligence, 2015; Haswell, Spies and Spymasters: A Concise History of Intelligence, 1977; Hennessy, The Secret State – Preparing for the worst 1945–2010, 2010; Hennessy/Jinks, The Silent Deep – The Royal Navy Submarine Service since 1945, 2015; Herman/Hughes (eds.), Intelligence in the Cold War: What Difference did it Make?, 2013; Hermiston, The Greatest Traitor – The Secret Lives of Agent George Blake, 2014; Hess, The British Baltic Fishery Protection Service (BBFPS) and the Clandestine Operations of Hans Helmut Klose 1949–1956, Journal of Intelligence History Vol. 1, no. 2 (Winter 2001); Hess, Intelligence Cooperation in Europe, 1990 to the Present in: The Journal of Intelligence History. Vol 1, no 1 (Summer 2003); Hinsley, British Intelligence in the Second World War, 1993; Independent, The spy who stayed out in the cold: George Blake at 90, http://www.independent.co.uk/news/world/europe/thespy-who-stayed-out-in-the-cold-george-blake-at-90-8290141.html (accessed 12 June 2017); Ischebeck-Baum, Anglo-German intelligence relations and Brexit, in: Journal of Intelligence History, Volume 16, Issue 2, 2017, pp. 95–99; https://www.tandfonline.com/doi/abs/10.1080/16161262.2017.1333694 (accessed 23 February 2018); Jones/Petersen (eds.), Israel’s Clandestine Diplomacies, 2013; Jones, Able Archer 83: The Secret History of the NATO/Exercise that almost Triggered Nuclear War, 2016; Kahn, Hitler’s Spies, 2000; Kalugin, Spymaster – My thirty-two years in intelligence and espionage against the West, 2009; Klein, Striking Back – The 1972 Munich Olympics Massacre and Israel’s Deadly Response, 2005; Keegan, Intelligence in War – Knowledge about the enemy from Napoleon to Al Qaeda, London, 2004; Lord Butler of Brockwell, The Review of Intelligence on Weapons of Mass Destruction, 2004; Laqueur, A World of Secrets – The Uses and Limits of Intelligence, 1985; Larsen, Intelligence in the First World War, in: Intelligence and National Security 29:2 (2012), pp. 282–302; Lewis, Changing Direction: British Military Planning for Post-War Strategic Defence, 1942–7, 2008; Machiavelli, The Prince, 2013; Masterman, The Double-Cross System: The Incredible True Story of How Nazi Spies Were Turned into Double Agents, 2000; May (ed.), Knowing One’s Enemies: Intelligence Assessment Before the Two World Wars, 1996; Miard-Delacroix, Willy Brandt: Life of a Statesman, 2016; Murphy, What Stalin Knew: The Enigma of Barbarossa, 2005; Mußnug, Alliierte Militärmissionen in Deutschland 1946–1990, 2001; Omand, Securing the State, 2010; Scott/Jackson (eds.), Understanding Intelligence in the Twenty-First Century – Journeys and Shadows, 2004; Philby, My Silent War – The Autobiography of a Spy, 2002; Schecter/Deriabin, The Spy who saved the world – How a Soviet Colonel changed the course of the Cold War, 1995; Piffner/Pythian (eds.), Intelligence and national security policymaking on Iraq – British and Amercian perspectives, 2008); Plougin, Russian Intelligence Services: Volume I: The Early Years, 2000; Pillar, Intelligence and US Foreign Policy: Iraq, 9/11 and Misguided Reform, 2011; Porch. The French Secret Services: From the Dreyfus Affair to the Gulf War, 1995; Rankin, Churchill’s Wizards: The British Genius for Deception, 2009; Reuters, Berlin tells CIA station chief to leave in spy scandal, 10th July 2014, https://www.reuters.com/article/us-germany-usaspy-official/berlin-tells-cia-station-chief-to-leave-in-spy-scandal-idUSKBN0FF1GU20140710 (accessed 1st August 2018); Richelson. Foreign Intelligence Organizations, 1988; Rizzo, Company Man – Thirty Years of Controversy in the CIA, 2014; Schecter/Deriabin, The Spy who Saved the World – How a Soviet Colonel changed the course of the world, 1995; Shrimpton, Spyhunter: The Secret History of German Intelligence, 2014; Smith, Royalist Agents, Conspirators and Spies: Their Role in the British Civil Wars, 1640–1660, 2011; Spiegel Online, Key Partners – Secret Links between Germany and the NSA, http://www.spiegel.de/international/world/german-intelligence-worked-closely-with-nsa-on-data-surveillance-a-912355.html (accessed 12 June 2017); Spiegel Online, Snowden Claims: NSA Ties Put German Intelligence in Tight Spot, http://www.spiegel.de/international/world/whistleblower-snowden-claims-german-intelligence-in-bed-withnsa-a-909904.html (accessed 29th July 2018); Spiegel Online, The NSA’s Secret Spy Hub in Berlin, 27th October 2018, http://www.spiegel.de/international/germany/cover-story-how-nsa-spied-on-merkel-cell-

2

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:25 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History phone-from-berlin-embassy-a-930205.html (accessed 1st August 2018); Spiegel Online, Spionage für USA und Russland – Ex-BND Mitarbeiter zu acht Jahren Haft verurteilt, http://www.spiegel.de/politik/deutschland/spionage-ex-bnd-mitarbeiter-zu-acht-jahren-haft-verurteilt-a-1082796.html (accessed 1st August 2018); Telegraph, Russian Spy Agency reveals Philby memorial plaque, http://www.telegraph.co.uk/news/ worldnews/europe/russia/8191989/Russian-spy-agency-unveils-Kim-Philby-memorial-plaque.html (accessed 12 June 2017); Tenet, At the Center of the Storm – the CIA during America’s time of crisis, 2007; Thucydides, The Peloponesian War, a new translation by Martin Hammond, 2009; Trahair/Miller (eds.), Cold War Espionage, Spies, and secret operations, 2012; United Nations Secretary-General: Ruling on the Rainbow Warrior Affair between France and New Zealand, International Legal Affairs, Vol. 26, No. 5 (September 1987), pp. 1346–1373; United States National Commission on Terrorist Attacks, 9/11 Commission Report – Final Report of the National Commission on Terrorist Attacks upon the United States, 2004; Wagner/Uhl, BND contra Sowietarmee – Westdeutsche Militärspionage in der DDR, 2007; Weiße, NATOIntelligence – Das militärische Nachrichtenwesen im Supreme Headquarters Allied Powers Europe (SHAPE) 1985–1989, 2013; Waller, Disciples: The World War II Missions of the CIA Directors Who Fought for Wild Bill Donovan, 2015; Wark, The Ultimate Enemy: British Intelligence and Nazi Germany, 1987; Wolf, Spionagechef im Kalten Krieg – Erinnerungen, 1998; Wolton, KGB en France, 1987.

A. Introduction As much as it is practiced in other parts of the world, intelligence has always been a 1 European profession too. While most modern intelligence services and systems have their origins in the twentieth century, the theory and practice has far deeper roots. To understand the systems of the twenty-first century in Europe, however, it is first necessary to consider the historical underpinnings of the European approach to intelligence. It is only natural that due to the obviously vast number of examples and case-studies, as well as due to the limited scope of this chapter, by far not everything will be covered. In fact, the reader will experience an occasional focus on Anglo-American intelligence as far as Europe is concerned. Such is owed to the fact that intelligence studies as a subject has for long been thought a necessary academic discipline in the United Kingdom and the United States. As a consequence, primary and secondary sources are made accessible in a manner seen in no other countries, the leading example being de-classified governmental material available in the respective national or institutional archives. Based on this there is a vast market of secondary literature, which, again, is not seen in these quantities throughout the rest of the world. Moreover, some things in the history of intelligence simply remain secret. Governments choose to keep some information or background hidden from the public for an indefinite period of time. Hence, the – public – history of intelligence is not linear, which may be irritating at times. It is simply the nature of the subject.1 Still, there is a trend to be observed. Many other governments by now seem to have 2 understood the necessity and importance of historical research into their intelligence machinery. This not only supports academia as such, i. e. research and teaching, but most of all helps provide a public awareness of the subject and creates an understanding of why intelligence services exist, why they do, what they do, and how a government or any other such entity uses intelligence for early warning and decision-making. The point is not to reveal any tradecraft, which, in the public domain, is most of the time left to de-classified autobiographies or fictional writing; in fact, tradecraft is of relatively little interest for the study of intelligence from an academic viewpoint. Here, the higher echelons between intelligence and policy are much more interesting and beneficial. That said, this chapter will give an overview over what can be considered “European 3 Intelligence” as such, i. e. either relating to European Governments, or, at a later point in time, to the European Union (EU). The prime intention is taking the reader through 1

Andrew, The Secret World – A History of Intelligence, 2018, Introduction, p. 4.

Goodman/Ischebeck-Baum

3

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:26 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

historically structured stages of wherever and whenever intelligence played a role. Many of those case-studies or examples are still important for the respective governments, may that be in the form of success or failure.

B. Intelligence in ancient Europe We know from classical times that espionage and intelligence were active parts of both warfare and statecraft. A prime example goes back to the fifth century BC, when the ancient empires of Athens and Sparta found themselves in a conflict. The Peloponnesian War, as it became known, was a ferocious contest, lasting on and off for over twenty-five years. At the heart of the war was a naval contest, ultimately decided by the destruction of the Athenian fleet in 404 BC. In his account of the war Thucydides recreates the battle for naval supremacy. In doing so he refers to “intelligence” being gathered, not only in terms of the locations of the enemy ships, but in terms of the composition and nature of the boats themselves.2 5 During the reign of Julius Caesar in the first century BC it became increasingly important to be able to deliver military messages securely, so that even if the messenger was intercepted and captured, the contents of the message would not be revealed. The rather ingenious solution to this problem was the creation of the “Caesar cipher”. Details come from a Roman historian called Suetonius, writing in the first century AD. In his biography of Caesar he describes the process.3 It was, by all accounts, remarkably straightforward, but given that most individuals were illiterate at that time it was potentially quite successful. The ciphering used a simple substitution code where letters were shifted either to the right or left by a number of places, so A became D, B became E and so on. While the encrypted result might look like gibberish, for anyone who knew the code it was quick to decipher. 6 With the fall of the Roman Empire intelligence, like a great many modern features of its statecraft, vanished. Indeed, it would not be until the sixteenth century that an effective intelligence process was re-established. In the millennia in between, intelligence had often been employed in localised conflicts or in the form of messengers and informers, but these were sporadic and barely resembled an organised system. Notable examples included the role played by informers in events like the Spanish Inquisition, or the way in which influential figures like Machiavelli wrote about the role of intelligence in protecting statecraft.4 7 In the fourteenth century, the Council of Ten was created in the Republic of Venice.5 A hugely secretive organisation, whose role was to protect the Doge (the Venetian leader) and the Republic through the collection of information on potential threats and enemies. To this end, all over Europe, intelligence increasingly became important when, in the mid-sixteenth century the role of the State Inquisitor was created and the crime of treason became punishable by death. At broadly the same time in Elizabethan England, Lord Burghley (Sir William Cecil) and Sir Francis Walsingham were the first to understand that a successful intelligence machinery needed a successful network of field-agents, operating at home and overseas. Different types of intelligence gathering were employed, verbal and in writing, and in Walsingham’s position, officially the 4

2

See Thucydides, The Peloponnesian War, a new translation by Martin Hammond, 2009. Suetonius, The Twelve Caesars, 2007. 4 See Machiavelli, The Prince, 2013. 5 D’Andrea, Civic Christianity in Renaissance Italy: The Hospital of Treviso 1400–1530 Rochester, 2007, p. 136. 3

4

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:26 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

Queen’s Principal Secretary, intelligence was combined with statecraft, which meant it was held against State interest – in other words: strategy.6 Following this period, it would be the never-ending succession of wars in Europe that would highlight the value of intelligence, both in a national and international context. In the English Civil War both the Roundheads and the Cavaliers employed spies to provide details of what the other side was plotting. This period coincided with the creation of the post of “Chief Cryptographer to Parliament and the Court”. Though a short-lived position, its first incumbent was John Wallis (who occupied it from 1643–89), who was a noted mathematician and who used his skills to both create codes and decipher enemy transmissions.7 Despite, or maybe because of, his military genius, the famous British admiral Horatio Nelson (1758–1805) made plenty of use of intelligence too.8 In an age without radar or any electronic communication systems whatsoever, knowledge of the enemy’s position, capability and intent would by no means be less important than today. In the maritime environment, this in fact continues to be a challenge of particular nature, however, during Nelson’s time, dealing with the vastness of the oceans required a long breath and a good amount of patience. Smaller reconnaissance ships were being used to cover long distances swifter than, for example, large, heavy frigates; visual communication systems based on flags made of different colour and shape, being held up or waved in a particular order, were the only option to communicate in daylight. This was replaced by lanterns or torches to signal others at night. Today, in most navies, every sailor has to study and learn the above two methods of communication in case all technology fails, may it be state-of-theart or not.9 The same applies to reading the stars for navigation or forecasting the weather. The weather is in fact an important factor in military campaigns, particularly in naval warfare, and is nowadays considered a discipline in military intelligence in most armies. Intelligence helped Nelson find the French Fleet after he had lost them in the vastness of the sea during the run-up to the Battle of the Nile between 1st and 3rd August 1798.10 The French expeditionary forces under the overall command of Napoleon Bonaparte were on the way to Egypt, and were headed further east in order to conquer the British in the Middle East and India. The Royal Navy was not going to let this happen, and Nelson had order from the Admiralty in London to decisively engage them. However, the French managed to escape Nelson on their way towards Africa. He found himself blind and deaf sailing into nowhere. Through the acquisition and good use of intelligence – what would be called tactical intelligence today – he finally managed to make contact with the French again, being able to engage them in Egypt.11 After all, Nelson did well commanding his ships, defeating Napoleon’s fleet in the Battle of the Nile, and sometime later, on the 21st of October 1805, ultimately engaging them decisively in Trafalgar.12 What Nelson could not know, however, was that London had tried to communicate with him a great deal for some time, wanting to inform him about the whereabouts, capacity and destination of the French. In very simple terms, while Nelson was getting frustrated over having lost his target, Whitehall had managed to acquire and piece together intelligence on the French through British field agents, sophisticated networks 6 For a full account, see Budiansky, Her Majesty’s Spymaster – Sir Francis Walsingham and the Birth of Modern Espionage, 2005. 7 See Smith, Royalist Agents, Conspirators and Spies: Their Role in the British Civil Wars, 1640–1660, 2011. 8 Keegan, Intelligence in War – Knowledge about the enemy from Napoleon to Al Qaeda, 2004, pp. 40–50. 9 Ibid, p. 32. 10 Ibid, pp. 50–51; Ibid, pp. 53–57. 11 Ibid, p. 53. 12 For more information on the Battle of Trafalgar, see Adkins, Nelson’s Trafalgar, 2006; Bennett, The Battle of Trafalgar, 2004.

Goodman/Ischebeck-Baum

5

8

9

10

11

12

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:27 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

13

14

15

16

in France, diplomatic personnel, and not least through open sources such as newspapers or public announcements.13 Today, it can be established that the most accurate intelligence on the French Fleet came from a British businessman who worked in Italy at the time. His professional network reached across the northern Mediterranean, and when he learned about the destination, capability and intention of the French, he passed it through the resident British consul on to Whitehall. This had to be done by courier via Germany and then from Hamburg by boat across the channel to the Admiralty in London. It is estimated today that the delivery took a total of up to five weeks. This meant, that shortly before the battle, the intelligence picture for Nelsons superiors in the Admiralty was much clearer than for Nelson himself. But there was no way that this intelligence could reach him in time. Timeliness is a timeless requirement in intelligence. It must be understood, however, that, what ultimately led to the defeat of the French Fleet, was not intelligence, although Nelson seemed to handle it well.14 It was brute force, combined with Nelson’s ability to lead his men – and, with due regard to the teachings of Clausewitz, due to a certain amount of luck as well. Intelligence can be a force-multiplier on the battlefield, but it is by no means decisive. Knowledge may mean power, but it does not guarantee victory, which is often misunderstood. In signalling to his fleet just before the Battle of Trafalgar that “England expects every man to do his duty”, Nelson let go of all intelligence he had previously used, and granted every of his commanding officers the freedom necessary to engage the enemy. By the 18th century and with the development of the nation state system, intelligence had also become a commonly featured aspect of diplomacy and statecraft: its function was both to protect the leader from internal and external threats, as much as it was to enable a secure means of communication. The expansion of intelligence as an element of national security and foreign policy in the 19th century and beyond was therefore the evolution of a process that had begun several thousand years before. Humankind has always been inquisitive and a covert intelligence service is the perfect means of providing information. As warfare changed and as threats intensified and expanded, it became ever more vital to use whatever means necessary to gather information on the plans of the enemy.

C. Intelligence in World War One 17

Despite its long origins intelligence’, including “European Intelligence”, as we now understand it, is very much a twentieth-century creation. The contemporary British system, for example, can trace its origins to 1909, when the newly-formed Secret Service Bureau split, creating the Security Service (MI5), and the Secret Intelligence Service(MI6), dealing with domestic and foreign targets respectively.15 In France, following the 1870 Franco-Prussian war, an intelligence organisation was founded, though it was disbanded in 1899. In its place an intelligence component was assigned to the Deuxième Bureau of the Army General Staff. This complemented other intelligence organisations, in particular the Foreign Ministry’s Cabinet Noir.16 Keegan, Intelligence in War – Knowledge about the enemy from Napoleon to Al Qaeda, 2004, pp. 50–53. Ibid, p. 73. 15 Andrew, The Defence of the Realm: The Authorised History of MI5, 2009; Jeffery, MI6: The History of the Secret Intelligence Service, 1909–1949, 2010. 16 Porch, The French Secret Services: A History of French Intelligence from the Dreyfus Affair to the Gulf War, 2003. 13 14

6

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:27 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

In Germany, as part of its General Staff, the earlier Intelligence Bureau was reformed in 1912 into a specialised intelligence and counter-espionage division, known as Department IIIb.17 In Italy, the secret services established in the mid-nineteenth century were re-organised many times, and in 1900 the Office of Information was established. The Russian secret police was initially founded in the sixteenth century by Ivan the Terrible. In 1883 the Okhrana was founded, and which remained intact until the Bolshevik revolution of 1917.18 World War I was momentous for many reasons, not least of which was that it demonstrated how useful effective intelligence could be. This was particularly the case given the rapid technological advances that were made, particularly in cryptography. In some instances, intelligence did or could have proved to be possibly decisive. For example, one of the greatest successes for French intelligence was the discovery of the German plans to launch a gas attack on the Allied armies. Despite such information, some British and French commanders rejected the warning, to dire consequences as the Battle of Ypres would show.19 In addition, there were instances of good, close intelligence collaboration. At Folkestone, in south-east England, an Anglo-French base was setup, to conduct agentrunning operations into occupied parts of Western Europe. Perhaps the greatest coup for the French was their spy situated within the German High Command, who provided a stream of valuable information. The British intelligence effort was just as important during the war, especially in the field of code-breaking. A good example of this was the interception of the “Zimmermann Telegram”, which detailed advances made by the Germans in requesting Mexican involvement in the war. Largely as a response to this the United States entered the war in 1917.20 In contrast to the Allied effort, German intelligence at the time was less effective, suffering mixed fortunes. There were some successes, for instance predicting military developments in Russia, but there were also notable failures, including the over-reliance on open source information which was susceptible to British deception efforts. At the same time, the Austro-Hungarian intelligence service did produce good results, especially in codebreaking, and overall fared relatively well, particularly with regard to the Russian army.21 Italy’s introduction to the war in 1915 resulted in an increase in the size and scope of their intelligence effort, with collection stations opened in numerous European cities, including London, Paris, Madrid, Bern and St. Petersburg. Russian intelligence was good, and this was no doubt assisted through collaborative relations with the French. Despite this, the intelligence network was badly structured and organisationally in disarray. This caused great problems, for unlike some of her other allies, Russia had to fight on two fronts. Despite these examples of intelligence success, World War I cannot be considered an “intelligence war” as World War II would be. Rather, intelligence provided a means of gathering information, but in a period where such information was often novel, it was generally believed only when it conformed to existing preconceptions. The successes of intelligence, nonetheless, served to increase its stature and importance, both militarily and diplomatically.

17

Shrimpton, Spyhunter: The Secret History of German Intelligence, 2014. Andrew, KGB – The Inside Story of its Foreign Operations from Lenin to Gorbachev, 1990, p. 21. 19 Ferris, “The British Army and Signals Intelligence in the Field During the First World War”, in Intelligence and National Security 3:4 (2008), pp. 23–48. 20 Boghardt, The Zimmerman Telegram: Intelligence, Diplomacy, and America’s Entry into World War I, 2012. 21 Larsen, “Intelligence in the First World War”, Intelligence and National Security 29:2 (2012), pp. 282–302. 18

Goodman/Ischebeck-Baum

7

18

19

20

21

22

23

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:28 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

In all the major European countries, the intelligence efforts were enlarged. Amongst the victorious powers this was especially true. In Britain, MI5 had grown from 19 members of staff pre-war, to 844.22 The code-breaking effort was increased and in 1919 the Government Code and Cipher School was created. Of perhaps greatest importance however, was the creation in 1936 of the Joint Intelligence Committee (JIC) – a body composed of the various elements of the intelligence system, designed to produce allsource estimates for military and political decision-makers.23 25 France, the other major European victor, also increased its intelligence effort with the introduction of new intelligence organisations, each geared towards different objectives, including code-breaking and combating foreign agents domestically.24 Italian intelligence had evolved, and following Mussolini’s accession to power, it had become a threetiered, loosely organised system. Mussolini, as would become the norm with other authoritarian leaders, considered himself the supreme intelligence analyst and he alone was allowed to see the full range of information available. 26 Of the defeated powers the biggest changes occurred in Germany. The imperial police intelligence system had been dissolved by the Allies, and in its place a new organisation installed, whose primary task was to provide information on any political threats. In addition, the armed forces retained intelligence units, yet these were also directed towards providing information on “parts of the country”. Both areas therefore were directed towards internal and not external threats. 24

D. Intelligence in World War Two With the arrival of the Nazi party in the early 1930s, intelligence in Germany altered irrevocably. The Third Reich attached huge importance to the gathering of information on potential enemies, in many ways reflecting the insecurity that would dominate other authoritarian intelligence communities for so long. Intelligence was, therefore, omnipresent. Like other areas of government, competing intelligence organisations strove to dominate Hitler’s affection, and concentrating on diplomatic targets, military, economic, and social-ideological.25 The establishment of the Nazi Secret State Police or Geheime Staatspolizei (Gestapo), is an example of how past intelligence organisations can have an effect on modern governments. From the mid-1930s, Hitler gave the Gestapo two things, firstly the power and authority to operate throughout Germany, defying the principle of federalism in law-enforcement. Second, the Gestapo were to combine law-enforcement authority, which included the authority to arrest and torture, with clandestine intelligence operations going far beyond mere police investigation techniques. This, in the aftermath, led to post-war Germany’s principle of distinction between law-enforcement and intelligence. For example, neither the German foreign intelligence service, nor the security service have arresting powers. Only the lawenforcement agencies such as state police or federal police are entitled to do so. Today, this principle applies to most modern democratic systems as well. 28 In Russia, intelligence became an effective mode of governance with Lenin’s rise to power. The Tsarist Okhrana was replaced by the Bolshevik Vecheka, a ruthless 27

Andrew, The Defence of the Realm –The Authorized History of MI5, 2010, pp. 20–21. Goodman, “Creating the Machinery for Joint Intelligence: The Formative Years of the Joint Intelligence Committee, 1936–56”, in International Journal of Intelligence and Counterintelligence 30:1 (2016), pp. 66–84. 24 For further information see Jackson, France and the Nazi Menace: Intelligence and Policy Making, 2000. 25 Kahn, Hitler’s Spies, 2000, Preface, pp. x-xi. 22 23

8

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:28 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

organisation designed to suppress internal opposition. By 1919 a covert foreign section had been set-up to organise and spread the worldwide communist revolution. By the 1930s the primary Soviet intelligence agency, now known as the NKVD, had become Stalin’s omniscient tool of terror which, while coercing the populace at home, was remarkably successful at recruiting human agents abroad.26 Since 1918 intelligence had grown to become an integral component of government in all the major European countries. From the mid-1930s onwards, it would become crucial, not least in monitoring the rising German aggression. Traditionally it has been assumed that the Anglo-French appeasement policies of the late 1930s were a characteristic of the intelligence failure to identify the Nazi threat. Yet intelligence records reveal this explanation to be far too simplistic, for there was information on the nature of the German diplomatic and military status, and intelligence was only one cog in policy-makers’ decisions. Instead, the failure of German intelligence to gauge the British and French reactions to their invasion of Poland was far more disastrous than appeasement ever was.27 From the outset, World War II rapidly became an intelligence war. In every major theatre intelligence played a role. Historians have long debated the impact of intelligence on the conduct and duration of the war. While there can be no definitive answer, one simple fact is clear: that without intelligence the war would have been unrecognisably different. One key area was allied intelligence liaison – and in general terms this was effectively maintained in defiance of a common enemy. Polish intelligence and resistance proved to be crucial in this respect, for it was they who provided the first Enigma machine to British intelligence. The implications of this – that the Allies could intercept and decipher German Enigma codes – has, for many, been the greatest intelligence coup of the war.28 Through Ultra – the codename given to the breaking of the German code – the Allies were able to discern enemy plans. Thus, crucial tactical and strategic information was provided and turned out to be decisive in, for instance, the Battle of the Atlantic and the Battle of El Alamein. A corollary of this was the “XX System” or Double Cross system. British intelligence had managed to identify and intercept every single German spy within their shores. In addition, they were able to “turn” many of them so that they began to provide false information back to Germany.29 Through Ultra, the Allies were able to observe the German acceptance of, and reaction to such information. A related war effort was the Allied use of deception. In its simplest sense this involved camouflaging truck and tank movements in the desert so that their tracks could not be observed from the air. At the other end of the scale were the hugely successful campaigns to mislead the Germans into thinking where the invasion of France would occur in 1944, codenamed Operation Overlord. Through the Double Cross system and the fabrication of dummy army bases on the south-east coast of England, the Germans were convinced into believing that the attack would take place at the Pas-de-Calais, when in fact it would take place further along the French coast in Normandy.30 With the German war machine rolling through Europe, British Prime Minister Winston Churchill set-up the Special Operations Executive (SOE) with the task to “set 26 Andrew, KGB – The Inside Story of its Foreign Operations from Lenin to Gorbachev, 1990, pp. 173–232. 27 Wark, The Ultimate Enemy: British Intelligence and Nazi Germany, 1987, p. 73. 28 For a comprehensive account, see Winterbotham, The ULTRA Secret: The Inside Story of Operation Ultra, Bletchley Park and Enigma, 2000. 29 Masterman, The Double-Cross System: The Incredible True Story of How Nazi Spies Were Turned into Double Agents, 2000, p. 11. 30 A useful account can be found in Rankin, Churchill’s Wizards: The British Genius for Deception, 2009.

Goodman/Ischebeck-Baum

9

29

30

31

32

33

34

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:29 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

35

36

37

38

Europe ablaze”.31 This was intelligence in its covert action sense and it proved to be extremely useful. Through SOE, European resistance efforts to German occupation were co-ordinated and extended. To take one example, Norwegian workers had provided the Allies with information regarding German attempts to build an atomic bomb, and the fact that a plant in Norway was being used to make heavy water, a crucial stage of the process. Liaising with British intelligence, SOE and the Norwegian resistance were able to severely disrupt these efforts, eventually sinking a ferry laden with all the German stocks in a Norwegian fjord.32 Despite such efforts however, intelligence was not always as omniscient or effective. There is still debate as to the extent to which the Japanese attack on Pearl Harbor could have been avoided, given the quantity and quality of Japanese messages intercepted. A similar, yet more clear-cut case, is that of the German invasion of the Soviet Union – Operation Barbarossa – in June 1941. Stalin, as the self-appointed supreme authority on intelligence, could not and would not believe that Hitler would dishonour the 1939 Nazi-Soviet Non-Aggression Pact. As a result, he chose to ignore the plethora of good, reliable intelligence, which indicated that this was precisely what Hitler intended to do. Such an error was only rectified by the German miscalculation as to their pace of advance, culminating in their defeat in the 1942 Battle of Moscow.33 As a whole, it is possible to observe that Allied intelligence was exceptionally good during World War II. With the exclusion of the Soviet Union, there were efficient chains of command, and intelligence data could flow freely both nationally and internationally. In the Soviet Union this passage was not as simple, and often depended on whether intelligence confirmed existing beliefs. Yet where the Soviet Union did excel, as indeed they did in the 1930s and would continue to do so post-war, was in the recruitment of human agents. On the Axis side, intelligence, and in particular intelligence exchange, was more limited, and this can perhaps be seen as an outcome of the more fragmentary relationship between the Axis powers. German intelligence remained divided and beset by internal competition.34 Given their ideological stance, far more people offered their services to the Allies than they did to the Axis powers, yet there were some notable exceptions. In Britain, the American William Joyce, more commonly known as “Lord Haw-Haw”, provided a stream of pro-German propaganda, which he was eventually executed for. An Abwehr officer, Major Nikolaus Ritter, recruited various agents in Britain, Belgium and America. Despite Admiral Canaris (its head) calling Ritter the “rising star of the Abwehr”, Ritter was also its biggest failing for he inadvertently revealed all of its agents to an American spy in 1941.35 The Germans managed to break several of the Turkish codes, which revealed some brief details of British-American-Soviet discussions. Other intercepted signals in 1943 revealed to the Nazi High Command the attempts by the Spanish to distance themselves from Germany. Militarily, in general terms German intelligence was better at the tactical level – individual military situations – than it was on the larger strategic level, and this may have been a direct result of the German inability to penetrate the higher echelons of Allied decision-making.36 31 The entire and comprehensive history can be found in Foot, An Outline History of the Special Operations Executive, 1940–1946, 1999. 32 See Bascomb, The Winter Fortress: The Epic Mission to Sabotage Hitler’s Atomic Bomb London, 2016, Part One. 33 Murphy, What Stalin Knew: The Enigma of Barbarossa, 2005. 34 Kahn, Hitler’s Spies, 2000, p. 79. 35 Bassett, Hitler’s Spy Chief: The Wilhelm Canaris Betrayal, 2013. 36 Kahn, Hitler’s Spies, 2000, pp. 81–83.

10

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:29 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

The Italians, before their surrender, had also maintained a network of foreign agents, in particular in North Africa and undoubtedly a remnant of former colonial presence. By the middle part of the war, the Italian Military Information had a large code-breaking service. Despite collecting a vast amount of information, often through theft as opposed to interception, the Italians seem to have succumbed to Allied deception efforts.37 In summary, intelligence during World War II was therefore tantamount to the dayto-day running of the war. The accuracy and importance of such intelligence is something which can only effectively be considered in hindsight, yet what is crucial is the importance on which such information was placed. While we may know today that some things were correct while others were false, what is more important is that such material was acted upon at the time. There is a stark contrast between the relative intelligence successes on the Allied side, and the intelligence failings on the Axis side. While it is extremely difficult to gauge this difference and impact qualitatively, it is possible to state, as for example the official history of British intelligence in the war does, that but for intelligence the war would have taken a very different course.38 Ultimately, if intelligence had no greater effect during the war, it was the manner in which it paved the way for a monumental increase in the post-war period, and arguably this in part was due to the introduction of the United States as a major intelligence force. Taking its lead from the British system, the Americans in 1941 had instigated the Office of the Coordinator of Informationreplaced the following year by the Office of Strategic Services which, in 1947, became the Central Intelligence Agency (CIA). If there had been a nylon curtain separating the powers during the inter-war period, then the iron curtain that separated them post-1945, was far more impenetrable, and this had a direct impact on the importance of intelligence liaison.39 Before the end of hostilities, the British and Americans had identified that the Soviet Union would become the “new Germany”, and intelligence efforts were re-directed accordingly.40 The subsequent crystallisation of this East-West division meant that former military enemies were now intelligence partners. Through several formal and informal agreements, the Anglo-American intelligence partnership flourished, bringing into its coalition several other European nations.41 To those countries in the West, considerable American assistance was offered, and this ensured that friendly intelligence organisations could be created, particularly in West Germany. Initially, a CIA-controlled intelligence network was created – the Gehlen Organisation42. General Reinhard Gehlen, Hitler’s then Chief of the “Foreign Armies East”, discovered some time before the end of the war that once Nazi Germany had been defeated his expert knowledge on Russia and the Eastern Flank could save his life. In a secret effort, he started preparing his transition to peacetime Germany. He secretly collected material, maps, classified correspondence and information on secret sources in the East and hid them deep in the Bavarian woods. When the war was over, 37

An interesting account can be found in Conti, Mussolini’s Spies, 2017. Plausible assumptions can be found in Hinsley, British Intelligence in the Second World War [Five Volumes](London, HMSO, 1979–90). 39 For more information, see Waller, Disciples: The World War II Missions of the CIA Directors Who Fought for Wild Bill Donovan, 2015. 40 Interesting insight can also be found in Lewis, Changing Direction: British Military Planning for PostWar Strategic Defence, 1942-7, 2008. 41 For further information, see Aldrich, GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency, 2011. 42 For a first-hand account, see Gehlen, Der Dienst – Erinnerungen 1942–1971, 1971. 38

Goodman/Ischebeck-Baum

11

39

40

41

42

43

44

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:30 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

he used this treasure of wisdom as a bargaining chip for negotiating his future with the Americans. The latter soon appreciated Gehlen’s wit and sharp intellect and made further plans to work with him. 45 The Americans understood that, in order to make an effective stronghold against the Soviets, Germany needed a foreign intelligence service. It so happened that under the guidance and supervision of the CIA the first steps were taken to establish a German post-war intelligence organisation, run as a rather private entity: the Gehlen Organisation. Within Berlin, various military missions were established to observe conventional Soviet forces.

E. Intelligence in the Cold War By the end of the war the Russians were one of four main victors and therefore represented an important negotiating party for the future of continental Europe and Germany in particular, but it was clear that common strategic interests in this case would not produce a long-term partnership or repeat of the war’s Grand Alliance. Managing the bumpy road from war to peace was one thing, but the long-term global strategic interests and the pursuit of political or ideological goals was quite another. This was clear to all stakeholders. From the western point of view, particularly from the 1949 established North Atlantic Treaty Organisation’s (NATO), the major concern was undoubtedly the Soviet nuclear capability,43 what it could or could not do, and when and in which circumstances they were willing and able to use it.44 In other words, intelligence was very much focused on Soviet post-war capabilities and intentions. Alongside all concerns around the Soviet nuclear programme, conventional capabilities also played an important role. Military intelligence made a large part of multilateral or unilateral assessments along with the economic or political equivalent.45 47 Largely due to their geographical proximity to the Soviet Union, several European countries had particular strategic relevance. Norway became the ideal spot to monitor Soviet missile and nuclear tests from the 1950s onwards, and the Baltic as a whole once again became an arena of clandestine military operations such as secret submarine surveillance missions or air reconnaissance.46 Turkey, too, became crucial for capturing Soviet missile telemetry. Italy, with its initial large communist elements, was a useful base to disseminate propaganda, mainly through the sponsorship of terrorist attacks which could be blamed on the communists. In Germany, radio stations were used to spread information, and in many countries large military bases were established. In the East, with the vast and all-pervasive KGB at its heart, intelligence became synonymous with internal policing. As had been its stable tradecraft, the Soviet bloc nations excelled in the recruiting of western agents, and this continued right up until the end of the Cold War. The Soviet signals intelligence effort, about which very little is known, was vast in 46

43 See Weiße, NATO-Intelligence, pp. 63–72; Goodman, Spying on the Nuclear Bear, 2007, Chapter One; moreover Goodman, Joint Intelligence Committee, 20015, Vol. I, Chapter 9; see also Aldrich, Origins of the Soviet Threat; and Estimating Soviet Capabilities, in Spying on the World – The Declassified Documents of the Joint Intelligence Committee, 2014, pp. 121–147; pp. 208–223. 44 Ibid; see also Hennessy, The Secret State, 2010, pp. 46–80; as well as Goodman, Spying on the Nuclear Bea. 45 For the development of British Defence Intelligence and related institutional culture, see Dylan, Defence Intelligence and the Cold War, 2014, particularly pp. 184–220. 46 For top secret submarine missions in the Cold War and related naval strategy, see Hennessy, The Silent Deep, pp. 127–387; see also Heuser in Aldrich, British Intelligence, Strategy and the Cold War 1945–51, 1992 pp. 65–84.

12

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:30 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

scale and scope, and included amongst its triumphs the bugging of numerous foreign Embassies in Moscow, including the USA.47 Western intelligence efforts during the Cold War were endless; they had to be. World War II might have been over but the great intelligence war was just about to begin. As an outcome of World War II and the UK-USA agreement of 17th May 1943, Great Britain was the only European nation to become founding member of the so-called “Five Eyes” group: an intelligence sharing consortium furthermore consisting of the US, Canada, Australia and New Zealand.48 To this day, these five English-speaking nations are an important and exclusive intelligence-sharing platform relying on a unique and unprecedented agreement. Though primarily built around signals intelligence (SIGINT), Five Eyes is much more than that, and encompasses also other forms of intelligence, such as human intelligence (HUMINT), policing, and other areas of collaboration. In the early 1950s, western nuclear science and the exploration of nuclear strategic capabilities were greatly damaged due to the spying activities of Klaus Fuchs, a Germanborn nuclear scientist working on the Top Secret Manhattan Project in Los Alamos, USA.49 Klaus Fuchs was an ideologist. Having studied Physics at the universities of Leipzig, Kiel and Bristol up to PhD level, he turned to Communism half way through his academic career. Travelling back and forth between Canada and the UK, in August 1942 Fuchs became a British citizen and was employed by Her Majesty’s Government following his signing of the Official Secrets Act. Shortly thereafter, he joined the US-based Manhattan Project. In 1943, Fuchs was recruited by the KGB, and started providing the Kremlin with classified material on the development of atomic and hydrogen bombs.50 He was caught in the UK in 1950 and sentenced to 14 years in prison. After his release for good conduct on the 23rd of June 1959, he immigrated to East Germany and took up a position at the Institute of Nuclear Research near Dresden. Today, it is estimated that the material Fuchs provided to the Russians saved them about two years of scientific research.51 When studying Western European intelligence during the Cold War, it is important to understand that although there were respective national agendas, most efforts were along Anglo-American lines, which included NATO intelligence and objectives.52 There was economic and political intelligence, but the underlying focus, initially at least, was on military capabilities, as well as related science and technology. Oftentimes strategic or political objectives would be the same for all western parties, and so some efforts were carried out jointly too. Trying to establish intelligence on the Soviets and finding out what they were up to, after all, was in everyone’s interest. The US Administration still kept a close eye on West German intelligence, its political directive and doctrine, and, in fact, had done well establishing permanent joint elements from the very start, particularly in the realm of SIGINT, as they still exist today despite all political debate.53 German intelligence turned out to be useful to allied services and NATO during all stages of the Cold War. Despite Germany’s Nazi past and internationally agreed limitations for future Germany, western Allies by now very much understood that whatever happened in Germany would affect the future of Europe. An 47

Andrew, KGB, pp. 422–477. See Andrew, Secret Intelligence, pp. 24, 119, 140, 143, 145, 151. 49 See Goodman, Spying on the Nuclear Bear, pp. 3, 59, 60, 66, 68–69, 76, 79, 83, 85, 210. 50 See Andrew, KGB, pp. 312–315, 377, 379, 398. 51 Ibid. 52 For more information on Anglo-American strategy related to intelligence during the Cold War, see Grant, The British Way in Cold Warfare, Part III, pp. 127–196. 53 See Key Partners – Secret Links between Germany and the NSA, http://www.spiegel.de/international/ world/german-intelligence-worked-closely-with-nsa-on-data-surveillance-a-912355.html (accessed 12 June 2017). 48

Goodman/Ischebeck-Baum

13

48

49

50

51

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:31 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

52

53

54

55

independent, democratic Germany also needed its own intelligence organisation and defence; not without foreign guidance, but politically and legally speaking, solely controlled by the newly established government. Hence, still under Anglo-American patronage, the German Government under its first Chancellor Konrad Adenauer was given permission to go ahead with the establishment of its armed forces, the Bundeswehr. But, just as with the Gehlen Organisation, there was nobody there who could do it, except for the veterans. It was a delicate issue for German policy and public, that, with the consent of the allied victors, many of the former Nazi military and intelligence personnel were now being employed by government. Under the codename CASCOPE, on the 1st April 1956, the Gehlen Organisation was now transformed into today’s Bundesnachrichtendienst (BND). The newly established BND was crucial in the gathering of intelligence on East Germany, as for many it became a “window on the east.”54 But also it gained prominence through its networks in the Arab world, which, in most cases, went back to the war. Moreover, hidden from the public eye and against all historical odds, the BND managed to establish a close intelligence relationship with the Israeli foreign intelligence service Mossad from 1957, when bilateral liaison was negotiated between Reinhard Gehlen and Isser Harel, thendirector of Mossad and survivor of the holocaust. The first contact was made by one of Gehlen’s top men through the Israeli Embassy in Paris. What followed was a top-secret visit to Reinhard Gehlen’s villa in the BND headquarters in Pullach, Bavaria, by Isser Harel and his delegation.55 This should be the first step to a truly unique intelligence relationship spreading all over Europe and beyond. Altogether, the early Cold War era of European intelligence saw the emerge and intensifying of joint intelligence operations, usually under the auspices of the CIA. Operation “Jungle” is a good example for such early joint operations. It took place between 1949 and 1955, and involved the intelligence services and armed forces of the US, UK, West Germany, Sweden and Denmark. Its objective was to infiltrate western agents into Warsaw Pact Member States via the Baltic Sea route. These agents had the nationalities of or were born in the target nations, and were mainly drawn from Estonia, Poland and Lithuania. They were trained in espionage tradecraft by SIS (Security and Intelligence Services), who, in cooperation with British Naval Intelligence, had established headquarters for this particular operation in one of its outposts in the London Borough of Chelsea. The agents were infiltrated through German fast patrol boats stationed in Kiel, a large naval base on the shores of the Baltic Sea. In the cover of darkness and with stops in Denmark and Sweden, western agents frequently infiltrated the Warsaw Pact via this route throughout the following years. Given that these fast patrol boats would undoubtedly be spotted by Soviet Naval Intelligence at some point, they were officially assigned to the “British Baltic Fishery Protection Service”, a cover organisation with the mission to protect civilian fishing vessels against harassment by the Soviet Navy, as it occasionally happened.56 There were many such operations on both sides, not only restricted to continental Europe but conducted across the globe, basically wherever there was a chance to penetrate the other side, either through covert operations or through proxies. This global approach and strategy intensified and deepened throughout the forthcoming decades. Wherever these intelligence operations took place, whether within the Warsaw Pact or in western Europe, the cat-and-mouse-game between East and West would remain the same everywhere. 54

See Gehlen, Der Dienst, p. 151–226. For more information, see Jones/Petersen, in Israel’s Clandestine Diplomacies, 2013, pp. 169–188. 56 Hess, The British Baltic Fishery Protection Service (BBFPS) and the Clandestine Operations of Hans Helmut Klose 1949–1956 Journal of Intelligence History Vol. 1, no. 2 (Winter 2001). 55

14

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:31 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

Universities have always been a place for controversial political debate, where it is 56 tolerated and in fact encouraged. In the history of intelligence, academia have and continue to have an important role. During the Cold War, the UK saw arguably its biggest spy scandal, which originated from Cambridge University. The so-called “Cambridge Five” were a group of students who had turned to Communism from the 1930s onwards.57 Kim Philby, Donald Maclean, Anthony Blunt, Guy Burgess and John Cairncross, all disliked the establishment. They looked down upon the rich (despite all (other than Cairncross) coming from upper class families), and pitied them for not leading a purposeful but rather pretentious life. All five hated the idea of pursuing predictable and boring career as lawyers or bankers in the City of London, where sons and daughters with a Cambridge degree usually ended up working. Their provocative academic papers, the public statements they made during debates in the Student Union, and the conversations they had with colleagues over drinks in the Cambridge pubs, did not go unnoticed. One after another got “tapped on the shoulder” by the KGB.58 Suddenly, life for the five students had become very serious. They were given the order from their handler Arnold Deutsch to act against their inner beliefs and enter the British establishment.59 Indeed, all five had remarkable careers in the aftermath: in the Foreign Office, in the Security Service MI5, and even in the higher echelons of SIS.60 The Cambridge Five provided secret intelligence to the Soviets throughout World 57 War II and the Cold War until 1963. With British authorities hot on his heels Philby defected to the Soviet Union, where he had been promised the rank of a colonel. Much like Burgess and Maclean had discovered, Philby’s life turned out to be less glamorous than he had hoped. He died on 11th May 1988, having spent much of the intervening time in his Moscow flat. Nonetheless, the Kremlin did appreciate his work and in 2010 a Kim Philby memorial plaque was unveiled outside the main building of Russia’s foreign intelligence service SVR in Moscow. The ceremony was led by the then director Mikhail Fratkov and attended by Philby’s widow, Rufina Pukhova-Philby.61 Philby was not the only high ranking SIS officer to work for the Russians. Born in 58 1922 in Rotterdam, and with British family ties, George Blake joined the Royal Navy in the early 1940s, before being recruited by SIS in 1944. Because he spoke German, due to his Dutch upbringing, he was posted to Hamburg in order to interrogate German Prisoners of War. After some time, he was put through Russian language training and sent to Seoul where his mission was to spy on North Korea. When the Korean War broke out in 1950, Blake was taken prisoner and spent three years in North Korean captivity, where he developed a taste for Communism.62 After his release in 1953 he returned to London a hero. He was sent off by SIS again in 1955, this time to Berlin, where he was to recruit Soviet double-agents.63 In reality he did the exact opposite and provided the Soviets with details of British and American intelligence operations including the names of an estimated forty agents. The biggest 57 See Andrew, The Defence of the Realm – The Authorized History of MI5, 2010, pp. 167–168, 172, 420, 438, 854. 58 For recruitment of the Cambridge Five, see ibid, pp. 169–172, 420; see also Philby, My Silent War, Introduction. 59 See Andrew, The Defence of the Realm, pp. 169–173. 60 See for example Philby, My Silent War, pp. 144–159. 61 Russian Spy Agency reveals Philby memorial plaque, http://www.telegraph.co.uk/news/worldnews/europe/russia/8191989/Russian-spy-agency-unveils-Kim-Philby-memorial-plaque.html (accessed 12 June 2017). 62 See his own account in Blake, No other choice, Chapter Six, pp. 121–149. 63 See Andrew, The Defence of the Realm, pp. 488, 489–491, 492, 503, 509, 537–538, 587, 716, 718, 720; see also Hermiston, The Greatest Traitor, pp. 174–191.

Goodman/Ischebeck-Baum

15

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:32 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

59

60

61

62

blow-back to western intelligence Blake committed was undoubtedly related to “Operation Gold”, a secret tunnel between East and West Berlin, operated by SIS and CIA to wiretap Soviet Army communications. Interestingly, the Soviets decided not to blow “Gold” in order to protect their source. Instead, being very cautious about what was fed to western eavesdropping, they let the operation run, not wanting to give away any knowledge of its existence. Blake fell under suspicion in 1961 due to revelations by Warsaw Pact defectors, notably Michael Goleniewski, the former Deputy Head of Polish Counter-Intelligence. When Blake was arrested he confessed, though he rejected the accusation that he was a traitor, stating that he had never identified with the British: “To betray, you first have to belong. I never belonged”64. He was sentenced to forty-two years in prison by the British courts. During his imprisonment he managed to escape and flee to Russia via East Germany in 1966, where he started living on a KGB pension. When he turned eightyfive in 2007, Blake was awarded the Order of Friendship by Vladimir Putin.65 Of all Soviet spies in the British system it was the Cambridge Five that caused the most damage to British intelligence; indeed, it has been argued that they were the most able group of spies in KGB history.66 Until 1963, Her Majesty’s Government lost hundreds of crucial operations and sources in continental Europe and behind the Iron Curtain. For the overall operational capability of British Intelligence, however, this period of great set-backs meant that for the time being and until strong networks would have been re-established, they had to rely on their partner services, the CIA most of all, but also services in continental Europe. Until then, British intelligence had played a leading role in Europe, which, eventually, it would manage to regain. However, this turning point in the 1950s is important to note in the context of European intelligence, because it had an important impact on how European powers would strive to liaise and cooperate in the realm of intelligence. The UK now had to intensify its efforts with France, Germany, and other regional services.67 For all European intelligence services, one of the great strategic concerns was a possible breakthrough of the Soviet Army through the Fulda Gap, resulting in the invasion and occupation of Western Europe. Together with the respective intelligence services and representatives of the Special Operations Forces (SOF), NATO leaders had been dealing with this scenario from the very earliest stages of the Cold War. Drawing on lessons from World War II, from SOF, guerrilla tactics and underground resistance movements, a truly European operation codenamed “Gladio” was launched. Under the guidance of CIA and SIS, and under the auspices of NATO, paramilitary units were established in Belgium, Denmark, France, Greece, the Netherlands, Norway, Portugal, Austria, Finland, Spain, Sweden, Switzerland and Turkey. The mission of these units was not to fight the Soviets upon arrival; but to penetrate and sabotage them by clandestine means throughout the occupation, slowly marauding their capabilities.68 Winston Churchill had had plenty of experience with this type of operations during World War II, particularly though Special Operations Executive (SOE) and the Special Air 64 See Independent, The spy who stayed out in the cold: George Blake at 90, http://www.independent.co.uk/news/world/europe/the-spy-who-stayed-out-in-the-cold-george-blake-at90-8290141.html (accessed 12 June 2017). 65 See The Times, Vladimir Putin honours traitor George Blake with tit-for-tat birthday medal, https:// web.archive.org/web/20080517023556/http://www.timesonline.co.uk/tol/news/world/europe/article 2865969.ece (accessed 12 June 2017). 66 See Andrew, KGB, Chapter 6, pp. 173–232. 67 Whatever the situation in the field, the UK always held on to their own style in dealing with intelligence, see Goodman, in Grant, The British Way in Cold Warfare – Intelligence, Diplomacy and the Bomb 1945-1975, 2011, pp. 127–140. 68 See Weiße, Nato-Intelligence, pp. 40–43.

16

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:32 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

Service (SAS),69 and so had many others of the participating countries. In Germany, former elite troops of the Wehrmacht were used, along with personnel of the young BND. All over Europe, secret weapons caches and covert communications networks were established, and all members had to maintain a deep, highly secretive cover. Public opinion and bad press were not an issue since this was a top-secret operation. In the end, the Soviet invasion never happened; however, the NATO stay-behind operation remained active until 1990, after which it was publicly acknowledged for the first time.70 All operational efforts were coordinated by NATO’s Supreme Headquarters Allied Powers Europe (SHAPE), and more precisely by its embedded “Clandestine Planning Committee”. Albeit led and coordinated by NATO, hence not entirely a European effort as such, “Gladio” stands as one of the prime examples of transatlantic – and regional – intelligence and security cooperation from the early stages of the Cold War onwards. In intelligence terms, however, one important lesson of World War II was that, as politically risky as it may be, intelligence including covert and paramilitary operations, full-on sabotage and the targeting of individuals, have their place in foreign and security policy, may that be peace or in war. With everything that was happening across continental Europe, from the closure of the East German border on 13th October 1961 and the establishment of the Berlin Wall, over the race in technology and strategic weapons capabilities, to the cruel and merciless intelligence war in the shadows, Europe was not at peace at all. The Soviets, and most remarkably the KGB, were doing very well in infiltrating western security and intelligence organisations. This affected not only the Anglo-American intelligence world but the post-war years were a struggle for almost every intelligence organisation on the European continent.71 The French found themselves undermined by the KGB,72 while the Spanish, who had founded an intelligence service in 1936, did not manage to have an effective organisation until the mid 1970s.73 From the 1960s, the BND was getting more active and found itself in a very particular situation; a situation unique to any European intelligence service. Under the auspices of the US Administration, and CIA in particular, it mostly focused on Soviet and East German Intelligence (Stasi)74 on its doorstep. Until then, Reinhard Gehlen’s network had stretched from Russia to the Middle East to Latin America, where partner services could greatly gain from. However, with the enemy literally just on the other side of the wall, the BND already had its hands full with semi-domestic operations, targeting the highest political echelons of the GDR. Military intelligence on the Soviet and East German Army remained of great importance at all times, and made a major contribution to any western intelligence operation in East Germany. Often overlooked in the study of Cold War intelligence are the Allied Military Liaison Missions between 1946 and 1990 in this context.75 These were legitimate military missions set up in the Soviet sector by the UK, the US and France, with Soviet 69 See Aldrich/Cormac, The Black Door – Spies, Secret Intelligence and British Prime Ministers, 2016, pp. 90–1136; 161–181. 70 See Weiße, NATO-Intelligence, pp. 40, 43. 71 For further detail see Andrew, The Sword and the Shield – The Mitrokhin Archive and the Secret History of the KGB1999, Chapter One, pp. 1–22. 72 See for example Wolton, KGB en France, 1987. 73 See for further information, Fernandez, Los servicios des intelligencia espanoles. Desde la Guerra civil el 11-M – Historia de una transicion, Alianza Editorial 2006. 74 For general information on the Stasi, see Gieseke (4th ed.), Die Stasi 1945–1990, 2011; for Stasioperations against the UK, see Glees, The Stasi Files: East Germany’s Secret Operations against Britain, 2003. 75 See Behling, Spione in Uniform – Die alliierten Militärmissionen in Deutschland, 2004; Mußgung, Aliierte Militrämissionen in Deutschland 1946–1990, 2001.

Goodman/Ischebeck-Baum

17

63

64

65

66

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:33 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

military missions in their respective sectors. Each mission was based on a bilateral agreement, the British “Robertson-Malinin Agreement” of 1946 being the first.76 The missions worked along the lines of classic military diplomacy, comparable to military attachés, keeping in close touch with the Soviet and East German forces. However, there was a hidden side to them, namely that they also made excellent intelligence operations under diplomatic cover. Not only during diplomatic receptions could they spy on the other side, but most of all while touring the Soviet sector looking out for any military equipment. They established intelligence on the latest Soviet tank models; they knew the capacity of hospitals in East Germany; they knew the maximum weight every strategically important bridge could carry; they identified the first Soviet SCUDs and other missiles arriving from the Soviet Union; they managed to steal state-of-the-art radar technology from a Soviet fighter jet that had crashed in the British sector in 1966, which saved British defence technology an estimated two years of research; they reported on suspicious troop movements shortly before the Soviet invasion of Czechoslovakia; their intelligence played an important role during NATO’s 1983 “Able Archer” exercise because they closely monitored every move by the Soviet and East German armies, and so on.77 Additionally, due to Soviet moles, western intelligence services frequently suffered operational set-backs. It was the military liaison missions that would fill the gaps during these times, often under life-threatening circumstances and at Soviet gunpoint. 67 Throughout the years, American, British and French intelligence services and SOF developed a particular interest in the military liaison business. Partway through the missions they started embedding intelligence officers under the cover of Army, Navy or Air Force, usually in the rank for Lieutenant Colonel. The British SAS, for example, established a permanent undercover-presence in the “British Commander-in-Chief’s Mission to the Soviet Forces in Germany”, also known as BRIXMIS.78 Its primary task was to join the reconnaissance tours through the Soviet sector, however, they also were to scrutinise and map the landscape and infrastructure in order to identify possible drop-zones for parachutists, landing sites for helicopters, or high-value targets for an air raid in case war broke out again. 68 From the early 1960s, western intelligence made significant progress with eavesdropping on the Warsaw Pact. The main listening post for East Germany and wider Eastern Europe, nick-named Teufelsberg or “Devil’s Mountain”, was operated by the National Security Agency (NSA) and located on top of an artificial hill in Berlin Grunewald, inside the British sector. Covering the beginnings of Albert Speer’s Wehrmacht Faculty for Technology, the hill consisted of World War II debris and had a height of about eighty metres. From there, the allied powers would target Eastern Europe with SIGINT operations between 1963 and 1990.79 69 Though NSA, GCHQ and other intelligence agencies had their outposts and fixed installations, oftentimes, intelligence was collected from the air, such as through the famous American U-2 spy-planes, by submarine or other seagoing platforms, or, sometime later, from space via cutting-edge satellite technology.80 Intelligence was being collected all the time and by many different means and not only in continental Europe but also around the globe and in the proxy battlefields between East and West. 76 Printed in Geraghty, BRIXMIS – The Untold Exploits of Britain’s most daring Cold War Spy Mission, 1996, Appendix III, pp. 329–331. 77 Ibid; furthermore see Gibson, The Last Mission behind the Iron Curtain, 1997. 78 Geraghty, BRIXMIS, pp. 6–7, 14, 204, 286. 79 For a complete history of the “Teufelsberg”, see Behling/Jüttermann, Berlin Teufelsberg: Outpost in the Middle of Enemy Territory, 2012. 80 For the development of underwater intelligence gathering, see Hennessy, Silent Deep, pp. 94–97; for particular operations in the Cold War, see pp. 200–387.

18

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:33 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

When the world seemed on the verge of mutual nuclear destruction during the 70 Cuban Missile Crisis between the 14th and 28th of October 1962, intelligence – including European intelligence services – again played an important role. Khrushchev attempted to station nuclear ballistic missiles in Cuba, ninety miles away from the American mainland.81 This would have made all early warning mechanisms of the US Military redundant overnight, because a launch could only be noticed once it was too late. Even though the US Navy’s submarines armed with nuclear ballistic missiles ensured a second-strike capability, Kennedy saw the Soviet armament of Cuba as an immediate threat and utterly unacceptable. The great question, however, was whether the Soviets were really going to strike first. For the first time in the Cold War the Pentagon issued “Defence Readiness Condition Two” (DEFCON TWO), during which the Armed Forces were to be ready to deploy and engage within six hours. After the Bay of Pigs disaster in April 1961, leading to even more closeness between the Kremlin and Havana, anything was possible.82 Intelligence on the shipping of material to Cuba and ongoing installation works on 71 what looked like launch sites could be collected by US U-2 spy-planes, operated by the US Air Force and other means of US Central Intelligence. However, most European intelligence services also monitored and analysed the situation. The BND, for example, had been analysing Cuba for some time and in 1960 assessed that the Soviets would most probably not want to risk a full-on war.83 However, as a political posture, the Kremlin could nevertheless threaten the White House with doing exactly that. Moreover, in the following months, BND-reports pointed out increasing Soviet shipments across the Atlantic, while in Cuba itself the arrival of Soviet missile experts and commencing establishment of missile launch capabilities was reported.84 Founded in 1936 and already mentioned above, the JIC is the UK’s primary body for 72 intelligence analysis. It converts all processed intelligence into all-source assessments that are then disseminated amongst the decision-makers.85 The JIC works both ways, though: during the Cold War it was also responsible for the tasking of all intelligence services. It has often acted as a key element between policy and the operational level. Before, during and after the Cuban Missile Crisis, the JIC frequently issued analysis on the Soviet threat.86 Traditionally, intelligence was provided by all services, but mainly came from SIS, GCHQ, Defence Intelligence (including BRIXMIS), and general diplomatic correspondence. Its observations are largely comparable to the ones of other European services, however, the JIC’s first substantial assessment was issued on 26th October 1962.87 Along with rather general information on Soviet capabilities, it stated quite clearly that Khrushchev maintained a desire to avoid war with the West, which meant that despite the deployment of nuclear missiles the Kremlin was not likely to risk a preventive strike by the Americans. However, the JIC also concluded over the forthcoming months that the Americans too would want to avoid an escalation at all 81 See Andrew, The Sword and the Shield, pp. 180–184, 348, 349–350, 354, 363, 442; a good account of events can also be found in Trahair/Miller, Encyclopedia of Cold War Espionage, pp. 99–100. 82 See original JIC assessment J.I.C. (62) 99, UK EYES ONLY, provided in Aldrich/Cormac/Goodman, Spying on the World, p. 261. 83 See Bundesnachrichtendienst, Mitteilungen der Forschungs- und Arbeitsgruppe Geschichte des BND, Der Bundesnachrichtendienst und die Kuba-Krise, Nr. 3, Band I, 12. Oktober 2012. 84 Ibid. 85 A useful introduction to the JIC can be found in Goodman, The Official History of the Joint Intelligence Committee, Volume I, Introduction, pp. 1–8. 86 See original JIC assessments in Aldrich/Cormac/Goodman, Spying on the World, pp. 251–266. 87 See Goodman, in Gioe/Scott/Andrew (eds.), An International History of the Cuban Missile Crisis – A 50-year retrospective, 2015, p. 103.

Goodman/Ischebeck-Baum

19

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:34 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

73

74

75

76

cost. The great danger, the JIC’s Assessments Staff warned, would therefore lie in possible mistakes and misconceptions on either side.88 An important piece of intelligence on Soviet intentions helping in analysis and early warning had arrived in the form of HUMINT via SIS, and originated from a top-secret source deep inside the Soviet system. No European intelligence service had managed to get that close, but the British had. Oleg Penkovsky, codenamed “Hero” by the Americans and “Yoga” by the British, arguably is the most significant Cold War example of a joint HUMINT operation, some argue even in the history of espionage.89 A colonel in Soviet Military Intelligence (GRU), Penkovsky was jointly run by SIS and the CIA. He first approached American students in Moscow, then British businessmen, until finally his request was transported through the US Embassy to CIA headquarters in Langley, Virginia. It took the CIA rather long to establish his credibility.90 During a visit to Langley, in order to follow up on the case of George Blake, an SIS officer by the name of Harold Taplin Shergold (Shergy) was briefed on current developments regarding Penkovsky as a potential source. He later criticised the fact that the CIA had taken too long with the decision, which had also irritated Penkovsky himself. During a visit to London, Penkovsky again attempted to contact the British and offered to work for both sides, which ultimately was put to practice through the first joint meetings in London.91 A so-called “walk-in” versus a recruited agent is naturally more suspicious, and looking at the case of Penkovsky today it is clear that the CIA initially had their doubts.92 The British, on the other hand, seemed to have more faith in him and his material, given his prominent position in Soviet Military Intelligence. In order to ensure proper handling not only in continental Europe but also in Moscow, SIS used the British businessman Greville Wynne. Almost every foreigner travelling to Moscow at the time for business purposes was under surveillance, and it was no other than Penkovsky himself who, from the Soviet side, was put in charge of Wynne, staging as a representative of the so-called State Committee on Science and Technology. SIS made the most logical use of this fact, with turning the game around and making Wynne one of Penkovsky’s contacts. Through the eyes of Soviet counterintelligence it was not suspicious that the two could be seen together. Through Wynne, Penkovsky later clandestinely met the SIS Moscow Head of Station’s wife, who would become his prime contact to forward any of his material to SIS through the diplomatic post. More meetings followed in London and Paris.93 Despite running Anglo-American intelligence operations in continental Europe, the French Intelligence was not involved at all. The Americans, in particular, feared that sharing anything with the French was too dangerous because their services, the Direction de la Surveillance du Territoire (DST) and the Direction Générale de la Sécurité Extérieure (DGSE), were infiltrated by the KGB. While maintaining a generally good relationship with French intelligence regardless of the fact that Charles de Gaulle had decided to leave NATO in 1958, in the 88 See in this context Scott, in Learning from the Secret Past – Cases in British Intelligence History, 2011, pp. 239–264. 89 Gioe, in An International History of the Cuban Missile, p. 135–138. 90 Ibid, pp. 138–140; see furthermore Trahair/Miller, Encyclopedia of Cold War Espionage, p. 406. 91 A full and very informative account of how the “tradecraft” was managed between SIS and CIA is provided by Gioe, in: An International History of the Cuban Missile Crisisp. 135. 92 Ibid, pp. 160–163. 93 See Corera, The Art of Betrayal – Life and Death in the British Secret Service, 2011, p. 163; see also Schecter/Deriabin, The Spy who Saved the World – How a Soviet Colonel changed the course of the world, 1995.

20

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:34 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

case of Penkovsky, however, the British too assessed the operational value of their source higher than the political damage in case they were found out by the French. In other words, the risk was tolerable. In 1962, the year of the Cuban Missile Crisis, things became more and more difficult. The Soviet services were not sleeping and Penkovsky increasingly warned his handlers about Soviet counter-intelligence.94 He even suggested his own exfiltration out of the Soviet Union. The mounting pressure also led to bilateral tensions between the CIA and SIS, including considerations to terminate the operation because it had become too risky.95 Penkovsky was arrested by the KGB on 22 October 1962. Before that, he had agreed means of secret communication with his handlers, should he learn anything about a planned first strike against the US. Had such an event occurred, however, he never would have been able to give any indication whatsoever. Instead, he spent the peak of the Cuban Missile Crisis in KGB custody. Shortly thereafter, the British businessman Greville Wynne was arrested in Budapest. While Wynne was sentenced to eight years in prison and made it back to the UK in 1964 after a spy exchange, Penkovsky was sentenced to death and executed on 16 May 1963. Although the case of Penkovsky is primarily an example used in Anglo-American intelligence history, it is nevertheless important in the context of European intelligence too. This is particularly for two reasons: first, the intelligence Penkovsky provided on Soviet capabilities and intentions found its way to British analysis, the JIC, to be precise. Some of the assessments were shared with European partners or NATO, even though the provenance of the intelligence would have been concealed.96 Second, a thorough look at the joint operation in Paris and the fact that the French were deliberately not involved reveals that, whatever bilateral relations between French and British Intelligence may have looked like at the time, as it should, operational security and the protection of one’s own source outweighed the risk of political upset. Ultimately, Khrushchev decided to withdraw his missiles from Cuba, which led to a downscaling of the overall tension. His demand, however, and the price Kennedy had to pay, was that American missiles would be withdrawn from Turkey and Italy. Overall, due to its politico-strategic significance, the Cuban Missile Crisis had been equally important to the United States and Europe.97 Intelligence analysis in the aftermath of the Cuban Missile Crisis showed that most of the assessments on Soviet intentions were, in fact, not so far from the truth. To this day it remains an almost impossible task to assess the correct point in time at which the other side will take rational – or irrational – action; as the JIC assessed correctly at first, one of the most dangerous elements in such situations are misconceptions or accidents on either side.98 During the Cold War and the following decades, this key element and momentum of the burden of command with all accompanying difficulties and risks, stands as a constant companion of the intelligence consumer, and most of all as a challenging task for the political decision-maker. Presuming that the other side will act rationally always comes with considerable risk. In possibly the most important assessment of the crisis, dated 6th December 1962, the JIC reviewed all evidence (i. e. intelligence) available in the aftermath, including its own previous assessments. The intention was “to determine, in the light of events 94

See Gioe, in: An International History of the Cuban Missile Crisis, p. 163. Ibid, pp. 160–163. 96 See Aldrich/Cormac/Goodman, Spying on the World, JIC (62) 101, p. 264. 97 A good summary and discussion of Penkovsky’s overall impact can be found in Gioe, An International History of the Cuban Missile Crisis, pp. 136–138. 98 See Aldrich/Cormac/Goodman, Spying on the World, p. 253. 95

Goodman/Ischebeck-Baum

21

77

78

79

80

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:35 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

to date, the motives underlying recent Soviet actions in Cuba”.99 The main conclusion of this analysis was that Cuba should be looked at strategically, and should be considered in relation to Berlin and other places important to the Kremlin. The JIC concluded that Khrushchev knew the Americans were not interested in nuclear war, and so he used his good will to strengthen his position as Communist world leader. This, according to the JIC, did not mean that any escalation elsewhere should be ruled out.100 81 The next years and decades remained dynamic for all European Intelligence Services and saw no relaxation in the difficulties in operations despite occasional political initiatives towards a peaceful co-existence. The Soviet invasion of Czechoslovakia in 1968 took most European Governments by surprise. According to declassified records, the problem was not a lack of intelligence on the Soviets as such, but difficulties in the assessment of their political intentions. The BND had done quite well collecting military intelligence in wider Eastern Europe including Moscow, and also in the GDR. It issued the last warning to the German Government including its Ministry of Defence five hours before the invasion saying that it was very probable and likely to take place in the immediate future.101 This very last assessment was based on HUMINT, namely a loose conversation between a Soviet Commandant and his subordinate which had been picked up by a BND informant in the field. 82 Moreover, the Military Liaison Missions of the US, UK and France played an important role once again. Prior to the invasion they were already able to report unusual Soviet troop movements towards the Czech border that, to them, did not exactly look like an exercise: “We knew they were going into action. We could not convince our higher authority of that. They believed this was an exercise. We knew that was not the case. There is a vast difference between a unit going to exercise and one that goes to war. (…) We said ‘they are going to fight!’ Higher Command said: ‘You don’t invade in the Sixties.’ They dismissed this as manoeuvre and nothing more.”102 83 All the field reports – or “raw intelligence” – made their way to analysts in their respective countries and some from there to NATO. In the UK for example, the JIC received plenty of classified warnings about an imminent Soviet Army operation, which was in addition to diplomatic cables from Moscow, Prague and elsewhere behind the Iron Curtain. But the JIC’s Assessments Staff struggled to believe that something was really going to happen.103 In a period where, six years after Cuba, East and West seemed to enter peace agreements in the light of détente, and where they finally seemed able to come to a compromise on strategic weapons, known as Strategic Arms Limitation Talks (SALT I and later SALT II), it was hard to believe that the Kremlin was going to conduct such an operation and risk it all again. Clearly, Moscow was seeing the Prague Spring and the uprising around Alexander Dubcek with great concern, but would they really go in with military force while the West was watching? West European assessments later concluded that the Kremlin sought to avoid an intervention if they could, however, once it had taken place there was no sign that further events would result in a 99

See Aldrich/Cormac/Goodman, Spying on the World, JIC (62) 101, p. 257. Ibid, p. 254. 101 See Mitteilungen der Forschungs- und Arbeitsgruppe “Geschichte des BND”, Der Bundesnachrichtendienst und der “Prager Frühling” 1968’, http://www.bnd.bund.de/DE/Organisation/Geschichtsaufarbeitung/MFGBND_Uebersicht/MFGBND_Mitteilungen/Mitteilung_9_node.html (accessed 13 June 2017). 102 See unpublished interview by Tony Geraghty with BRIXMIS-member Lieutenant Colonel Roy Giles on Czech Invasion 1968, 26 May 1995, King’s College London, Liddell Hart Archives, BRIXMIS, File 10.9. 103 See Aldrich/Cormac/Goodman, Spying on the World, p. 296. 100

22

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:35 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

real threat to the West or to NATO. The Kremlin’s strategy in this case seemed more about containment.104 The 1970s largely were a decade of global proxy-wars between East and West, 84 which most naturally included intelligence operations overseas.105 Regions such as Latin America, Central- and South-East Asia, or Africa were arenas for clandestine activities, for espionage and covert action, for arranged coups and revolutions. The 1970s were also the decade of left-wing and anti-imperialist terrorism in Continental Europe, all of which became obvious concerns for the intelligence services. For Germany, it was the Red Army Faction (supported by the Stasi), for the UK the Irish Republican Army (IRA), and, although a decade old by then, for France and Spain it was the nationalist-separatist movement Euskadi Ta Askatasuna (ETA). These and other groups had ties to the Middle East, mainly with the Palestine Liberation Organisation (PLO). When the world witnessed the assassination of members of Israel’s Olympic team by 85 the PLO in Munich 1972, the BND and the German Security Service Bundesamt für Verfassungsschutz (BfV), were harshly criticised, most of all by Israeli Intelligence. Mostly without public knowledge, the BND had established good relations with Israel’s foreign intelligence service Mossad since the early 1960s,106 however, the early 1970s were a difficult time. What followed was operation “Wrath of God” all across Europe during which Israel pursued and eliminated the PLO hit team as well as the masterminds behind the operation, including Ali Hassan Salameh.107 Overall, this was not necessarily to the liking of European intelligence services; however, they had little choice but show a considerable degree of tolerance. The terrorist threat continued through the 1980s, seemingly blurring the lines 86 between national and international security. Nonetheless, the fact that European intelligence services were trying to tackle the terrorist threat did not signify that the Cold War had become any less intense; in fact the case was reverse. In 1983 it was a NATO exercise that led to another crisis. From 7th November NATO conducted “Able Archer”, a command post exercise simulating “Defense Readiness Condition 1” (DEFCON 1), the highest of escalation levels in a nuclear scenario where an attack is imminent. Although NATO had of course conducted large-scale exercises before, this one was different. For the first time, “Able Archer” involved active participation of governments, as well as the use of unprecedented ciphering and strategic radio silence. To a paranoid Kremlin this was highly suspect and supported the hypothesis that the Americans were planning a nuclear first strike. This view had been around the Kremlin for a while and the NATO exercise served to confirm it. The imminent delivery of American Pershing II nuclear missiles to Europe, as well as rising tensions in general, exacerbated the mood of tension in Moscow. The foundation of the 1983 Soviet assessment, however, had been laid two years earlier when the Kremlin mounted the most widespread operation in the history of Soviet intelligence. At the very heart of “Operation Ryan” was western nuclear readiness.108 KGB and GRU 104

Ibid, p. 297. For a Soviet perspective, see entirely Andrew, The World was going our way: The KGB and the Battle for the Third World, 2005. 106 A very informative account is provided again by Shpiro, Shadowy Interests: West-German-Israeli Intelligence and Military Cooperation 1957–82, in: Jones/Tore, Israel’s Clandestine Diplomacies, (eds.), 2013, pp. 169–188. 107 According to a former senior member of the Mossad, one of the most authentic accounts is Klein, Striking Back – The 1972 Munich Olympics Massacre and Israel’s Deadly Response, Random House 2005. 108 Jones, Able Archer 83: The Secret History of the NATO/Exercise that almost Triggered Nuclear War (2016). 105

Goodman/Ischebeck-Baum

23

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:36 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

87

88

89

90

agents overseas were collecting intelligence on western authorities, infiltrating respective governments and governmental organisations in order to establish whether there was any real intent to launch a nuclear attack in the form of a first strike. The broad details of “Ryan” were known to the West thanks to the two HUMINT sources run by SIS and CIA, who were able to enlighten analysts in the early 1980s. Colonel Oleg Gordievsky was the highest-ranking KGB official ever to defect to the west.109 Gordievsky had been recruited by SIS shortly after the 1968 Soviet invasion of Czechoslovakia. Disgusted with how the Soviets had dissolved the Prague Spring, he had turned to Britain. Serving as KGB officer at the Soviet Embassy in Copenhagen, he had expressed his dislike of the Kremlin policy to SIS, who, some time later, made the pitch. He was already a high value asset, but for SIS the situation became even more beneficial when Gordievsky was posted to London as the resident KGB Station Chief in 1982, one year before “Able Archer”.110 He provided valuable intelligence saying that the Soviets truly believed “Able Archer” was a cover-up for a real first-strike. De-classified records show that his HUMINT was a priceless contribution to overall assessments.111 Without doubt, having such a highranking source in their capital, SIS had to handle him with utmost care, applying the fine art of tradecraft, making sure not to be detected by the Soviets. But Soviet counterintelligence was not sleeping. In May 1985 Gordievsky was ordered back to Moscow where he was interrogated and then kept under close surveillance. In a life-threatening operation, SIS managed to exfiltrate him via Finland and Norway, and finally return him to London.112 After immense diplomatic efforts by the British Government, his family were able to join him six years later. Meanwhile, he had been sentenced to death in absentia by Soviet courts. Following the assassination of Alexander Litvinenko, a former officer in the Federal Security Service of the Russian Federation (FSB) by Russian Intelligence in 2006 in a London hotel, when Gordievsky suddenly fell very ill and spent days in hospital unconscious, he claimed that this too had been an assassination attempt. However, the case was never pursued and to this day there is no public evidence. On 10th July 1985, France witnessed a major intelligence scandal through what would become known as “Operation Satanique”. It took place in the port of Auckland, New Zealand. At the time, France was planning to conduct a nuclear test in Murora, part of French Polynesia. The “Rainbow Warrior” ship operated by the environmental organisation Greenpeace, but registered under Dutch flag, was going to sail to Murora in order to block the nuclear test. On 10th July a team of French intelligence operatives sunk the “Rainbow Warrior” in a paramilitary covert operation by setting off two limpet mines that had been attached to the hull. The “Rainbow Warrior” had been the target of French Intelligence some time before, and in fact some of the team were posing either as tourists during open ship events or as environmentalists interested in joining the crew. In the incident, a Dutch-Portuguese photographer drowned with the ship. Shortly thereafter, two members of the French team were arrested by New Zealand Police. It did not help that they were carrying Swiss passports. Two other members of the team made it to Australia on a yacht, were arrested there but later released. The case caused international outrage, severely damaged the reputation of French Intelligence, and ultimately ended up before the United Nations. 109

For a full account, see Trahair/Miller, Encyclopedia of Cold War Espionage, pp. 162–164. For the whole personal account, see Gordievsky, Next Stop Execution (1995); Trahair/Miller, Encyclopedia of Cold War Espionage, pp. 165. 111 Jones, Able Archer 83. 112 Trahair/Miller, Encyclopedia of Cold War Espionage, p. 165. 110

24

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:36 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

In the ruling, France was given full responsibility for what happened.113 This had several consequences. Not only were bilateral relations with New Zealand severely affected, moreover until then the New Zealand authorities had labelled the incident as a “terrorist attack”. Now with official French governmental responsibility, for diplomatic reasons it was described merely as “criminal act”. France argued the case of preventive action due to the fact that the “Rainbow Warrior” had been about to violate French sovereignty by entering French Polynesia with hostile intentions. However, it was also established that the operation had violated domestic and international law, being severe but below the threshold of an armed attack. The ruling shed light on how international law saw such interventions short of an act of war and how it held France responsible, however, it was mostly silent on espionage and intelligence activities as such. Intelligence activity, including espionage and covert action, remains a dangerous and risky business, most of the time exposing individuals to the criminal law of the state they are operating in if the operation fails. Only in time of armed conflict the “spy” is individually recognised by international law.114 However, even then all activity is at his own risk.115 Although the Rainbow Warrior incident concentrated French intelligence, for the rest of Europe the big question facing them was the evolving situation in the Soviet bloc. Many European intelligence services knew that the political leadership of the GDR was going through a deep crisis and increasingly losing public support in the late 1980s, yet none of them could really assess the exact outcome and consequence. While the Kremlin’s new leader Michael Gorbachev implemented political reforms, the leadership of the GDR held on to their old Communist concepts and beliefs. The ultimate breakdown of the GDR caused significant challenges for western intelligence services in many regards, most of all for the BND who now had to decide what to do with former Stasi personnel, and also who had to review their inner-German doctrine since all of Germany from now on would fall under domestic security rather than foreign intelligence. Collecting intelligence on the GDR had been the BND’s prime task until then. The Stasi, on the other hand, had heavily infiltrated West Germany’s society and political echelons.116 One of the most famous Stasi operations later became to known as the “Guillaume Affair”.117 This operation is not only an account of how severely the West was infiltrated by the Stasi, it is also an example of the fact that East German Intelligence had not always been in line with what the Kremlin wanted which, even on the operational level, affected the bilateral relationship greatly. By order the GDR’s head of foreign intelligence, Markus Wolf, Guenther Guillaume emigrated to West Germany together with his wife in 1956.118 He quickly managed to rise through the ranks of the Social Democratic Party and gained the trust of 113 Sunday Times Insight Team, Rainbow Warrior: The French Attempt to Sink Greenpeace (London: Century Hutchinson, 1986); for the ruling see United Nations Secretary-General: Ruling on the Rainbow Warrior Affair between France and New Zealand, International Legal Materials, Vol. 26, No. 5 (September 1987), pp. 1346-1274. 114 See Additional Protocol I, Article 46 (1), Geneva Conventions; for other laws and regulations, see https://ihl-databases.icrc.org/customary-ihl/eng/docs/v1_rul_rule107 (accessed on 02 July 2017). 115 For further discussion on the legal situation of spies and espionage, Schmahl, Intelligence and Human Rights, Part 4 Chapter 1, mn. 7 in this volume; Sule, National Security and EU Law restraints on Intelligence Activities, Part 4 Chapter 2, mn. 10–11 in this volume. 116 A good account of the Stasi-operations can be found in Wolf, Spionagechef im Kalten Krieg – Erinnerungen 2003; see also Dennis/Laporte, Stasi: Myth and Reality, 2003, p. 194. 117 Trahair/Miller, Encyclopedia of Cold War Espionage, pp. 175–176. 118 Ibid, p. 175.

Goodman/Ischebeck-Baum

25

91

92

93

94

95

96

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:37 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

Chancellor Willy Brandt. When he was made personal secretary of the Chancellor, his handlers were pleasantly surprised because this had not exactly been part of the plan. However, now the Stasi had a HUMINT source as close to the West-German Government as one could possibly get. The Kremlin, however, did not appreciate this for one particular reason. Willy Brandt had always been a good partner of Moscow, seeking diplomatic solutions and wanting to avoid any large disputes.119 He was regarded as a Russia-friendly man. Thus, the political risk of running an agent so close to him was estimated too high in Moscow vis-à-vis the secret intelligence possibly gained. Indeed, when West-German counter-intelligence found out in 1974 that Guillaume had been spying for the GDR, he was arrested and sentenced to thirteen years in prison. Willy Brandt stepped down in the same year, succeeded by his fellow party member Helmuth Schmidt. Having served his sentence to the full, Guillaume and his wife went back to the GDR. They never fully adjusted to the communist lifestyle again. 97 The basic issue for the GDR leadership in the late 1980s was that they did not agree with Gorbachev’s reforms. Consequently, they tried to establish their own Socialist course, which meant political divorce from the current Kremlin leadership. Declassified BND-files today show that the GDR Government was influencing the results of the 1989 general elections in their favour.120 This did not work out, however, particularly because the GDR population had already embarked on Russian reforms and Gorbachev was being celebrated as a political hero leaning towards the West. Western intelligence services were aware of what was happening and that the GDR Government would be facing serious problems in 1989, but they did not see coming what was going to take place on 9th November 1989.121 98 Events were impossible to foresee for several reasons. One of them was a press conference in East Berlin during which Political Secretary Guenther Schabowski read out a note that had been given to him by the then leader of the Party and successor of Erich Honecker, Egon Krenz. It contained a statement on the freedom of movement and the lifting of all travel bans for GDR citizens in principle, due to political pressure from Moscow.122 Being asked by a journalist when this regulation would enter into force, Schabowski hesitated but then remarked that to his understanding this would be the case immediately. This was not at all what the GDR leadership had had in mind but it was too late because the citizens of the GDR were already marching towards the borders. No intelligence agency in the world would have been able to predict such a misunderstanding. 99 For western intelligence agencies, not to mention for the political leadership, the question was what would the political and operational consequences of the collapse of the GDR be? The BND in particular, saw itself confronted with an enormous challenge. Despite any political direction and further planning, the immediate question was what to do with the many Stasi personnel and networks. The exact handling procedures remain classified, however, for obvious reasons no Stasi personnel could be incorporated into the BND itself.123 It is known that some former Stasi 119

See Miard-Delacroix, Willy Brandt: Life of a Statesman, 2016. See Mitteilungen der Forschungs- und Arbeitsgruppe “Geschichte des BND”, Jahre Mauerfall, http://www.bnd.bund.de/DE/Organisation/Geschichtsaufarbeitung/MFGBND_Uebersicht/MFGBND_pdf_ Dateien/MFGBND8_Dokument1.pdf?__blob=publicationFile&v=1 (accessed 13 July 2017). 121 CIA, At Cold War’s End: US Intelligence on the Soviet Union and Eastern Europe, 1989–1991. (Available at www.cia.gov). 122 See von Plato, The End of the Cold War? Bush, Kohl, Gorbachev and the Reunification of Germany, 2016, Chapter 4. 123 Other than in the German Federal Armed Forces, where many former GDR military personnel found a new employer. 120

26

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:37 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

officers joined East German constituencies, others were recruited by the Russian private sector, and so on. For them, literally everything changed overnight, especially their political ideals. The identity of Markus Wolf, who was frequently described as one of the greatest spymasters who ever lived and nicknamed “the man without face”, was only revealed in 1978 during a visit to Sweden, where the Swedish security service managed to take a picture of him. His identity was later confirmed by an East German defector called Werner Stiller. Wolf fled the GDR shortly before it collapsed and sought asylum in Russia and Austria. Being denied both he went to West Germany, where, after the reunification, he was tried for treason.124 Wolf died in Berlin in 2006. On trial, he stated that he had earlier refused an offer by the CIA to move to the United States under a new identity. In summary, intelligence became the stable ingredient of the Cold War, with everincreasing budgets and ever-advancing technological means. Just like in World War II, it is extremely difficult to measure the impact of intelligence, although substantive efforts have been made.125 Clearly, at the operational level, intelligence often played a decisive role. At the political level, however, intelligence tended to be helpful but rarely decisive. The Cold War was very much an era of military intelligence; operations were about the adversary’s military capabilities and political intentions – and in many cases, they still are. The former has always been – and continues to be – easier to establish than the latter. Although over time western assessments of Soviet intentions seemed to improve, to this day “Kremlinology” remains one of the hardest subjects.126 It is not at all exclusively about the collection of secret intelligence; most of all it is about understanding the other side. It is the epistemological challenge of attributing rationality (the essence of prediction) to a subject that is inherently irrational.127 American and European intelligence agencies never managed to place a long-lasting source close to the Soviet centre of power. Hence, one major effect of western assessments was to confirm existing views and conceptions rather than help establish the probability of events. In that respect, US and European agencies struggled to establish any real strategic intelligence on Soviet intentions. Intelligence on overall Warsaw Pact capabilities, which also included other eastern European nations than Russia, however, did help in the overall arms race, as well as in the planning and conduct of military campaigns; but the ultimate intelligence picture was never really satisfying from the western perspective.128 Famously, western intelligence failed to foresee the implosion of the Soviet Union, as indeed it seems, did Soviet intelligence.129 The initial post-Cold War environment was a strange one, as for the first time since 1900 there was no easily discernible enemy or threat. Growing throughout the Cold War, but really only evident afterwards, was the rising threat of terrorism. This had moved from its Cold War state-sponsored existence 124

A detailed account of the trial can be found in Wolf, Spionagechef im Kalten Krieg,pp. 12, 456. For instance, see the Special Issue of Intelligence and National Security (26:6, 2011) dedicated to this question. 126 In a 1939 radio broadcast, Winston Churchill already remarked that “Russia is a mystery wrapped in a riddle inside an enigma”. 127 See Kuhns, Intelligence Failures: Forecasting and the Lessons of Epistemology, in Betts/Mahnken (eds.), Paradoxes of Strategic Intelligence – Essays in Honor of Michael I. Handel, 2008, pp. 80–100. 128 A good analysis of the situation can be found in Trahair/Miller, Encyclopedia of Cold War Espionage, pp. IX–XIII. 129 For more elaboration on this subject, see Herman, What Difference Did It Make?, in Herman/ Hughes (eds.), Intelligence in the Cold War: What Difference did it Make?, 2013, pp. 132–147. 125

Goodman/Ischebeck-Baum

27

100

101

102

103

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:37 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

to a post-Cold War non-state sponsored form. As it did so, it can be said that the threat had diversified, culminating in the attacks in America in 2001.

F. European Intelligence after the Cold War For some time, it was thought that, now that the Cold War was “over”, the need for intelligence would almost cease to exist. Some believed that with the end of the Soviet era, intelligence services had become obsolete. This proved to be a wrong assumption. A growing characteristic since 1991 has in fact been the increasing importance of liaison with those countries that were previously considered hostile targets, in particular those in the Middle East and Africa.130 Silent and unofficial back-door channels had played a role in the past, but were now increasingly important. In addition, internal policing and security had gained prominence, as had the exchange of information between intelligence and law enforcement agencies. This has become especially crucial in Europe, as many of the terrorist targets travel through and frequent European cities. 105 In many of the former communist states the intelligence services strove to abandon their authoritarian past and the key for many was to reform their intelligence structures and embrace myriad forms of oversight and accountability. The great problem for some, such as in the case of the Czech Republic, Romania or Poland, was that the advisors employed to help reform their intelligence structures were, themselves, mostly working for Russian intelligence. 104

G. Intelligence, Europe and 9/11 When the New York Twin Towers were attacked by Al Qaeda in 2001, intelligence organisations around the world but particularly those in the Anglo-American sphere, which includes the Five Eyes community, had a hard time. The big question was whether the attacks could have been avoided by the proper acquisition of and informed decision-making based on intelligence.131 Usama bin Laden had been on the radar of several intelligence services some time before “9/11”, but in 2001, the US Administration seemed too focused on the proliferation of Weapons of Mass Destruction (WMD).132 What immediately followed was the war in Afghanistan by the “Coalition of the Willing”, and US-led Operation “Enduring Freedom”.133 107 On 12th September 2001, just after the horrific attacks on the Twin Towers, the entire American airspace was shut, no flights from overseas were allowed to enter US airspace – with one exception. A single aeroplane from London was headed for Washington DC. On board was a team of senior British intelligence officers, among them Sir Richard Dearlove, then “C” and head of SIS. They came to discuss with their American counterparts what the immediate next steps would have to be and in how far the national security landscape would have to be reformed. The Americans did not 106

130 Albeit not a European one, but still an excellent account on this challenge is to be found in Rizzo, Company Man – Thirty Years of Controversy in the CIA, 2014). 131 The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks upon the United States: The Full Final Report of the National Commission on Terrorist Attacks upon the United States, 2004). 132 Ibid. 133 Coll, Directorate S: The C.I.A. and America’s Secret Wars in Afghanistan and Pakistan, 2001–2016, 2018.

28

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:38 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

want to speak to anyone else. Despite occasional political turmoil between Great Britain and the United States, this shows that the “special relationship” is of particular meaning in the sphere of security and intelligence in the west, which well includes European security as such.134 The US Administration around President George W. Bush, however, had also something else in mind. Saddam Hussein had long been an object of political debate in Capitol Hill, and his possible removal had already been discussed during the Clintonera. Shortly after “9/11” his file was again on the President’s desk. This time the plan should be implemented, resulting in one of the biggest intelligence scandals of all time. Rafid Ahmed Alwan al-Janabi was in his early thirties when he immigrated to Germany, seeking asylum upon arrival in Munich in 1999. He told the German authorities that he was an Iraqi chemical engineer who had been working in one of Saddam Hussein’s WMD development programmes. It did not take long for the BND to contact him during his stay at an asylum centre in the Bavarian town of Nuremberg. With his profile, he would make an interesting source. Over the course of one year alJanabi was questioned about twice a week by the BND officers. He told them about mobile laboratories and a secret installation in Iraq where he used to work.135 The Germans believed him, although this HUMINT could not be verified. When they informed SIS and the US intelligence community, the US Defence Intelligence Agency, to be precise, about what they had heard, al-Janabi was run as a so-called “blue source”, which means that despite sharing his intelligence only the Germans had direct access to him. For the US Administration, however, intelligence on Secret Iraqi WMD-programmes was exactly what they had been looking for. They gave al-Janabi the operational name “Curveball”. Tony Blair had already sworn allegiance to George W. Bush in the immediate aftermath of “9/11”. When the Germans developed doubts about “Curveball’s” integrity, however, they informed the British and the Americans. British intelligence sounded a warning towards the Prime Minister,136 while US central intelligence expressed severe concerns to the White House. But there was nothing that could be done from the operational viewpoint, the British Prime Minister and the US President had already decided that this single intelligence source would make the justification for an invasion and regime change in Iraq.137 US Secretary of State Colin Powell gave “evidence” before the United Nations Security Council on how Saddam Hussein was building mobile chemical laboratories while claiming to the world that he had no access to WMD.138 During the invasion of Iraq in 2003 al-Janabi’s files were found. It was then that he became very nervous and increasingly non-cooperative. With the help of former colleagues and acquaintances of his, it could be established that al-Janabi had been lying. He had never been a very gifted engineer, nor had he ever done serious work for Saddam Hussein, and most of all everything about the mobile laboratories was made up. The latter point was confirmed by the international WMD inspectors who were sent to 134 For a US perspective, see Rizzo, Company Man, pp. 155–170; an account on the UK’s Tony Blair era and perspective can be found in Aldrich/Cormac, The Black Door, pp. 410–434. 135 See Ahmad, The Road to Iraq: The Making of a Neoconservative War, 2008; Drogin, Curveball: Spies, Lies and the Man Behind Them: The Real Reason America Went to War in Iraq, 2008; Piffner/Pythian (eds.), Intelligence and national security policymaking on Iraq – British and American perspectives, 2008; Pillar, Intelligence and US Foreign Policy: Iraq, 9/11 and Misguided Reform, 2011. 136 Ibid. 137 Lord Butler of Brockwell, The Review of Intelligence on Weapons of Mass Destruction, 2004. 138 Report of the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction, (2005), available at http://www.wmd.gov/report/wmd_report.pdf.

Goodman/Ischebeck-Baum

29

108

109

110

111

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:38 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

Iraq.139 They were not able to find any of the installations that had been described in the intelligence reports. This ultimately left the invasion of Iraq without political justification. In the aftermath “Curveball” was granted German citizenship and today lives in Bavaria under a new identity. 112 Particularly British intelligence saw a political inquiry after what happened. The major question to be discussed was whether this had been a classic example of the “push-pull” issue between intelligence and policy, referring to the dynamics of the intelligence cycle.140 Policy, in this case Tony Blair and George W. Bush, needed political justification for the military operation against Saddam Hussein. The intelligence services were simply told to deliver instead of being listened to. 113 The British Parliament saw the need for an investigation. The outcome was what today is known as the 2004 Butler Review141 and the 2016 Chilcot Report.142 Both state that the democratic collaboration of intelligence and policy had failed and hence should see internal review. Despite the political discussion around the Iraq invasion as such, for British Intelligence the lesson was that there should be more care in the validation of sources (it can be observed throughout history that there is great temptation to rely on a single source if the intelligence offered is attractive enough), better regulations for intelligence liaison and sharing, as well as an improvement of political oversight.

H. The Post-9/11 Era On 11th March 2004, several suicide attacks hit Madrid. The attacks were primarily carried out on trains during morning rush hour. Spain had not seen such a large-scale attack with so many fatalities before. In the aftermath, it was established by the authorities that there were several flaws in the national security system, for example regarding responsibility and investigatory powers of law-enforcement, which meant police and security services.143 Although Al Qaeda claimed responsibility for the attacks, there was little evidence to be found to underline such a claim. Instead, there was a suspected connection with the known ETA.144 However, as later found out, Spanish police informants who had helped under-cover investigations against Al Qaeda and terrorist groups in Northern Africa had been involved in the attacks. Whatever the condition of the national security apparatus at the time, however, the question for the Spanish authorities was why the attacks could not have been avoided. Relatively quickly, allegations against ETA were dropped, and traces to Islamist militant groups in Northern Africa were further pursued. To this day it has not been possible for the Spanish authorities or European organisations such as the European Union Agency for Law Enforcement Cooperation (EUROPOL) to find out who really was behind the attacks. 115 The fact that Spain was partaking in operations in Iraq was reason enough for the public to believe that this was an act of retaliation. In fact, this element caused political debate to the extent that the Spanish Government decided to terminate its mission in 114

139 See again for the whole narrative Ahmad, The Road to Iraq; Drogin, Curveball; Piffner/Pythian (eds.), Intelligence and national security policymaking on Iraq; Pillar, Intelligence and US Foreign Policy. 140 Butler, Review of Intelligence. 141 Ibid. 142 The Report of the Iraq Inquiry (2006). Available at: http://webarchive.nationalarchives.gov.uk/ 20171123122743/http://www.iraqinquiry.org.uk/the-report/. 143 Rose/Murphy, “Does Terrorism Ever Work? The 2004 Madrid Train Bombings”, International Security Vol. 32, No. 1 (Summer 2007), pp. 185–192. 144 Ibid.

30

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:39 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

Iraq.145 Ultimately, the attacks achieved political change, which is exactly what terrorism seeks to achieve. One outcome of the Madrid bombings was that Spain, Germany, Austria, Belgium, 116 France, Luxembourg, and the Netherlands signed the so-called Prüm-Convention in May 2005, also known as the Schengen III Agreement. Open to all Member States of the European Union, this agreement seeks to enhance cross-border cooperation against terrorism and organised crime. It originates from a German initiative reaching back to the year 2003, and was incorporated in an EU Council Decision in 2008, by which it became part of the EU’s counter-terrorism effort.146 On 7th July 2005, the UK was struck by multiple suicide attacks in central London.147 117 Despite all intelligence and security efforts, the attack could not be prevented. Just as it had happened before with the US Government, the question now was what had gone wrong in the security apparatus. In the aftermath, once again there was a parliamentary inquiry. The UK’s overseeing body, the Intelligence and Security Committee (ISC) issued its findings on 6th May 2009, stating that as difficult as it may be to accept, but the attacks could not have been prevented. The report makes unmistakably clear that the UK’s security service MI5 as well as the Metropolitan Police had done everything in their power to prevent attacks such as these from happening, and in fact looking at the statistics they had been quite successful in foiling others. The report also states what is well-known among those who study or work in the field of intelligence, namely that, as tragic as it may be, occasional failure is in fact something very natural.148 That said, the public yet had to learn this hard lesson while the intelligence community had known it long before.

I. European Politics, Edward Snowden, and Spying on Friends When the US intelligence contractor Edward Snowden shook the world in 2013 by 118 revealing a mass of classified material stolen from US intelligence through the onlineplatform wikileaks, nobody could guess the real impact. Only the aftermath made it possible to understand the scope of his doing. For the intelligence services, not only American but others as well, this was a disaster. Snowden’s revelations of surveillance programs such as “PRISM” and the – publicly very much misinterpreted – handling of mass data presented a welcome target for politicians and journalists.149 Operationally, the revelations meant the exposure of many intelligence sources and methods in the field. Not only US intelligence was deeply affected, but also intelligence agencies in continental Europe. The BND saw great criticism from the German public and the Federal German Government, particularly because of its collaboration with the US NSA.150 145

Ibid. Coolsaet, “EU Counterterrorism Strategy: Value Added or Chimera?”, International Affairs 86: 4 (2010) 857–873. 147 See Hewitt, The British War on Terror: Terrorism and Counterterrorism on the Home Front since 9/11, 2008. 148 ISC, Report into the London terrorist attacks on 7 July 2005 (2006). Available at: https://assets. publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/224690/isc_terrorist_ attacks_7july_report.pdf (accessed on 29th July 2018). 149 Anderson, A Question of Trust: Report of the Investigatory Powers Review, Available at: https:// terrorismlegislationreviewer.independent.gov.uk/wp-content/uploads/2015/06/IPR-Report-Print-Version. pdf (accessed on 29th July 2018). 150 Spiegel Online, Snowden claims: NSA Ties Put German Intelligence in Tight Spot http://www.spiegel. de/international/world/whistleblower-snowden-claims-german-intelligence-in-bed-with-nsa-a-909904.html (accessed on 29th July 2018). 146

Goodman/Ischebeck-Baum

31

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:40 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction 119

120

121

122

123

Reference will be made to the German laws governing intelligence and surveillance operations at a later stage in this book, however, politically speaking of respective historical events, anything to do with state surveillance tends to spark an emotional debate in Germany. In light of the NSA activities, the German government established a parliamentary inquiry in 2014 to ensure appropriate political oversight over the German services, operating domestically and overseas.151 On 28th June 2017, the fact finding commission handed its final report to the German Parliament. The outcome is still causing political debate. It did, however, contribute to the overall discussion around what the intelligence services should and should not do.152 It did not help that the Snowden-revelations also brought to light the NSA-hacking of Angela Merkel’s phone in 2009. As much as it can be discussed whether it is wise or not for the German Chancellor to communicate sensitive state business on an open line, finding itself the target of a friendly nation was considered somewhat of a hostile act within the German Government. Espionage and “spying on friends” are mainly considered a “don’t ask, don’t tell” issue. However, the political damage that was done, once again outweighed the potential value of intelligence gained. The definite low-point of German-US relations appeared through a – presumably – unprecedented HUMINT-case when a middle-ranking member of the BND was found to be spying on the above parliamentary inquiry for the Americans in 2014. It was later discovered that he had been passing classified material to his American handlers since 2008. This led to the expulsion of the CIA Station Chief in Berlin in 2014.153 The role of the UK’s GCHQ and whether it was actively involved in any of the operations remains unclear. The BND-member had been a rather adventurous character who found himself frustrated in his current position. In a court hearing he stated that his main motivation was to experience “something different” in his life. Reports show that he was working in the middle-ranks of the BND, dealing with archival work and internal administration regarding overseas postings, which is considered a rather unexciting and monotonous activity. Per his own account, he craved recognition, which was hopeless to find in the grey corridors of the German agency. Only the Americans were able to really appreciate his existence – at least they made him believe so. Ultimately though, for him that was not enough. After some six years of espionage activity for the Americans he approached the Russians in Berlin, offering his services in an email, attaching classified material to prove his value as a source. Presuming that he had made a good pitch, the correspondence was intercepted by the German security service and he was arrested shortly thereafter. Only then it was discovered that in fact he was an American spy. He was prosecuted for treason and sentenced to eight years in prison.154 Interestingly, years before in 2008 he had also 151 See Spiegel Online, The NSA’s Secret Spy Hub in Berlin, 23.06.2017, available at http://www.spiegel. de/international/germany/cover-story-how-nsa-spied-on-merkel-cell-phone-from-berlin-embassy-a-930205. html (accessed on 1st August 2018). 152 An unclassified version of the final report can be found at Deutscher Bundestag, Beschlussfassung und Bericht des 1. Untersuchungsausschusses nach Art. 44 des Grundgesetzes – 23.06.2017, http://dip21. bundestag.de/dip21/btd/18/128/1812850.pdf (accessed on 1st August 2018). 153 Reuters, Berlin tells CIA station chief to leave in spy scandal, 10th July 2014, https://www.reuters.com/ article/us-germany-usa-spy-official/berlin-tells-cia-station-chief-to-leave-in-spy-scandal-idUSKBN0FF1GU 20140710 (accessed 1st August 2018). 154 See Generalbundesanwalt, Anklage wegen Landesverrats und anderer Straftaten, 25.08.2015 – 33/ 2015, http://www.generalbundesanwalt.de/de/showpress.php?newsid=563 (accessed 1st August 2018); Spiegel Online, Spionage für USA und Russland – Ex-BND Mitarbeiter zu acht Jahren Haft verurteilt, http://www.spiegel.de/politik/deutschland/spionage-ex-bnd-mitarbeiter-zu-acht-jahren-haft-verurteilt-a1082796.html (accessed 1st August 2018).

32

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:41 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

approached the US Embassy in Berlin through an email as well, which had worked. Some time after that he was contacted by US Embassy staff.155 Because the operational risk was estimated too high in Berlin, US Intelligence decided to run this operation out of the US Embassy in Vienna – which, together with Berlin, was one of the espionagehubs during the Cold War and to this day is a popular conduit for intelligence operations in continental Europe.156 This BND-member makes an interesting profile, proving that there is in fact some- 124 thing timeless about traitors and double-agents. Throughout decades and centuries of intelligence history, the drivers for turning against one’s own government seem only a handful: frustration, greed, adventure, blackmail, and so on. Most of them tend to be of surprisingly basic and utterly human nature. As a consequence of the above, the German Government decided to enter negotia- 125 tions with US intelligence and its British counterparts. The intention was to establish non-spy agreements on the one hand and improve regulations for future intelligence liaison on the other. A German effort to join the Five Eyes consortium failed, however.157 It remains a very exclusive club. Instead, the German Government managed to negotiate agreements that nowadays serve as a solid basis for intelligence liaison with the Five Eyes community. “Spying on friends ‘remains’ don’t ask, don’t tell”, it seems.

J. Intelligence and the European Union When continental Europe saw multiple terror attacks by so-called Islamic State (or 126 “Daesh”) in recent years, European Governments realised how vulnerable the European security landscape actually was in the twenty-first century, despite all advanced technology and defence mechanisms. Europe and the EU had seen terror before, of course, but this was something new. Several of the EU Member States saw themselves confronted with most appalling gaps in their systems, leading to public accusations of either intelligence or political failure. A traumatic experience. Despite their good intelligence relations in the Maghreb and other regions influenced 127 by Islamic beliefs, particularly the French and their national security system seemed to suffer greatly from institutional weakness and a massive decrease in public trust. This became most obvious through the so-called “Charlie Hebdo Attacks”. In fact, following institutional failure (policy or intelligence, that is), the French Government has seen a parliamentary ruling on the immediate need for intelligence sector reforms.158 One of the outcomes was the initiative for a reform of the national intelligence machinery, which meant a review of the relationship and mechanisms between collection, analysis and consumer.159 Most naturally, this also meant assessing France’s contribution to and liaison with EU intelligence. 155 Ibid; Reuters, Berlin tells CIA station chief to leave in spy scandal, 10th July 2014, https://www. reuters.com/article/us-germany-usa-spy-official/berlin-tells-cia-station-chief-to-leave-in-spy-scandalidUSKBN0FF1GU20140710 (accessed 1st August 2018). 156 For example, see Andrew, KGB, p. 102; Kalugin, Spymaster, pp. 174–175, 180, 183, 184, 194, 289. 157 See Financial Times, Angela Merkel eyes place for Germany in US intelligence club, 25th October 2013, https://www.ft.com/content/e2492a3a-3d7a-11e3-9928-00144feab7de (accessed 1st August 2018). 158 See Chopin, Intelligence Reform and the transformation of the state: the end of a French exception, in Schmitt (ed.), Myths and Realities of the French Way of War, Journal of Strategic Studies, Vol. 40, Issue 4 2017, pp. 532–553. 159 Mueller/Stewart, “How French Intelligence Missed the Charlie Hebdo Terrorists”, Time Magazine (2015). Available at: https://politicalscience.osu.edu/faculty/jmueller/TNIcostsurveilTIMEfinlarger.pdf.

Goodman/Ischebeck-Baum

33

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:41 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction 128

129

130

131

132

The need for pooled and shared intelligence is nothing foreign or new to European Member States or the EU. Despite the respective national objectives, there has always been a basic common strategic interest. It is therefore only natural that the EU has been striving for its own intelligence for almost twenty years. Oftentimes in the recent past, political will and operational need for closer cooperation among member states has been expressed publicly but even today it remains a substantial operational and legal challenge. Intelligence and security services see themselves confronted with the dilemma of having to preserve a considerable and indeed very necessary degree of secrecy on the one hand, and the need to share with partner agencies on the other. The EU has been making a substantial effort in representing a platform for this rather sensitive undertaking, abiding by the principles of and following EU objectives. May it be in cyber-security, counter-terrorism, the fight against organised crime, counterproliferation of WMD, counter-intelligence or defence and conventional military operations: existing EU intelligence and security agencies have been seeking to overcome cultural obstacles and combine the effort. A major underlying principle, however, is the fact that the EU does not run its own intelligence operations as such. There is no EU tradecraft, there are no EU-led intelligence operations; there is only common analysis and distribution to EU political entities. The leading EU intelligence body is the “European Union Intelligence and Situation Centre” (EU INTCEN). INTCEN is responsible for analysis, general situational awareness and early warning, and serves the EU High Representative as well as other EU entities including Members of Parliament, as the main intelligence provider for informed decision-making.160 INTCEN’s institutional and legal roots lie in the Treaty of Lisbon, which in the year 2007 in principle amended two other major treaties, the 1957 Treaty of Rome, and the 1993 Maastricht Treaty. INTCEN’s general legal basis remains disputed, however, it is safe to say that the intelligence initiative as such is mentioned in the EU Council Decision of 26th July 2010, and is therefore officially recognised. INTCEN’s predecessor until 2012 was SITCEN, the EU Situation Centre, which, in its latest version, was established under the auspices of the then High Representative, Dr. Javier Solana in 2002. In fact, the initiative to provide the EU with intelligence goes back to 1999 and is closely linked with the development of the EU’s Defence and Security Policy (EDSP). Early days only saw the establishment and analysis of Open Source Intelligence (OSINT), but in the aftermath of “9/11”, the High Representative Solana initiated that member states should also contribute secret intelligence. In 2002, this also included the establishment of a counter-terrorism cell, staffed by security services personnel from respective member states. Additionally, INTCEN is supported by the “Satellite Centre” providing IMINT. Together with the EU’s Military Staff (EUMS), which also includes the EUMS Intelligence Directorate responsible for the support of EU military operations and early warning, INTCEN is nowadays part of the EU’s External Action Service (EEAS).161 In 2007, both the EU’s civilian and military intelligence bodies entered formal agreements for closer cooperation, and were subordinated to the EEAS in January 2011. Today, this machinery is known as the Single Intelligence Analysis Capacity (SIAC), ensuring that most reports and briefings issued to member states or EU entities. SIAC operates under the overall authority of the High Representative of 160 For more information, see de Franco/Meyer (eds.), Forecasting, Warning and Responding to Transnational Risks 2011. 161 For more information on the EEAS, see https://eeas.europa.eu/headquarters/headquarters-homepage_en (accessed 1st August).

34

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:42 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

the European Union for Foreign Affairs and Security Policy, who, at the same time, is also the Vice President of the European Commission. Most of INTCEN’s staff are EU officials complimented by subject matter experts from respective EU member states. INTCEN does not have its own budget but is being funded through the overall EEAS budget instead. Additionally to INTCENT’s institutional and legal foundations, there are furthermore two fora that play a significant yet almost unofficial role in the history of EU intelligence, namely the Club of Berne and the Club of Madrid. Not much is known about the Club of Berne, let alone published. What is in the public domain, however, is the fact that it is an informal forum founded in 1971 and, according to a press-statement by the Swiss Federal Police dated 28th April 2004, consisting of the EU member states as well as Norway and Switzerland.162 The rare press-statement was released due to the fact that in this particular year the Club of Berne launched the Counter-Terrorist Group as an off-shoot, which, in a similarly informal manner, was to support EU counter-terrorism strategy through intelligence sharing. The Counter-Terrorist Group acts as the link between the Club of Berne and EU INTCEN, and today is a permanent and reliable body in the EU security landscape. The Club of Madrid, in comparison, is a similar non-profit, yet much more public organisation. It was founded in the year of 2001 and, according to its website, mainly consists of former heads of state and ministers form sixty-five nations around the globe. Its purpose is to foster mutual understanding on the policy level, and it stands as an informal yet well-known forum for the exchange of political views. Although not as secretive as the Club of Berne, the Club of Madrid serves the EU as a strong platform in the realm of defence and security policy making. Based on official and mostly open policy documents, INTCEN has a hybrid Fusion well analysing hybrid threats since 2016. In summary, EU intelligence so far shows a more or less solid structure, which in other words means it is mostly effective despite occasional criticism. However, not least due to cultural differences between its member states and sometimes bulky administration and laws, challenges remain. At the time of writing, the most significant challenge in this regard is without doubt the departure of the United Kingdom from the EU, commonly known as “Brexit”. A precedent in the history of the EU, this case most naturally concerns the full range of European interests from economy, to law, to health-care, to security. Contemplating national security and intelligence, it remains to be seen how both the EU and the United Kingdom manage to survive this “divorce” in the best possible manner. Looking at the EU’s intelligence and security structure (i. e. the EEAS, the European Union Agency for Law Enforcement Cooperation or EUROPOL, and other information hubs), and the United Kingdom’s contribution to it, as well as her benefit from it, the core question is not whether there will be future cooperation at all; common strategic interest and common threat perception will without doubt lead to a form of liaison and long-term engagement. Instead, the issue of Brexit seems to be of more administrative nature, which, in a way, should not necessarily concern the operational level too much. After all, existential fears around Brexit seem to be mainly rooted in the economic sector, rather than in security and intelligence.163 162 Federal Office of Police, Club de Berne meeting in Switzerland, Press Release, fedpol, 28.04.2014, https://web.archive.org/web/20110510110856/http://www.ejpd.admin.ch/ejpd/en/home/dokumentation/ mi/2004/ref_2004-04-28.html (accessed 28th February 2018). 163 For further elaboration on EU Intelligence and Brexit, see Ischebeck-Baum, Anglo-German intelligence relations and Brexit, Journal of Intelligence History, Volume 16, Issue 2, 2017, pp. 95–99; https:// www.tandfonline.com/doi/abs/10.1080/16161262.2017.1333694 (accessed 23 February 2018).

Goodman/Ischebeck-Baum

35

133

134

135

136

137

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:42 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

K. Conclusion When looking at intelligence in Europe and the EU, addressing related challenges does not exclusively refer to mere national patterns of behaviour but also to institutional culture. Contemplating present and future intelligence in the European or any other context, it is often forgotten how beneficial it can be looking back and studying the history of things. Only then one should be able to understand the full context, requirements and challenges. The latter is not so much about predicting what will happen, but more about awareness for flaws in analysis within the system itself. It is, however, also about understanding that some things – such as an occasional failure on all levels and sides – cannot be avoided. Europe or the EU are subject to these conditions just as any other entity or nation. After all, history and the study of intelligence as a subject from different angles does have operational value. Analysing the history of European Intelligence including defence intelligence, one comes to realise maybe the profoundest thing of all, namely that, most naturally, liaison and cooperation are possible to a certain extent, but contributions do have their limits. Most of all, with more than one nation around the table there will always be more than one agenda. This is the classic and well-known dilemma of intelligence liaison, and it will be no different in the case of the EU. 139 For the last century, intelligence has grown to become the cornerstone of governmental decision-making and policy. Whereas its initial goal had been military, this scope has diversified to reflect the nature of the international scene, for as the target changes, so too must the intelligence organisation. In the twenty-first Century, intelligence is as vital as it has ever been. The proliferation of threats and the interconnectedness of the world, together with the information revolution that has taken place, may have altered the methods of spying but, at the same time, its core role and nature has remained undiminished. The evolution of the internet and the reliance upon technology for everyday life means that technical intelligence gathering has risen in importance, and while this is useful for targeting some threats and advances in technology are, of course, invaluable, it can be safely said that they cannot replace the spy on the ground. 140 The vulnerabilities of systems and human beings remain the same today, and whether they are exploited by human or technical means, the role of intelligence in modern European nations and the EU has remained the same: to discover and make use of information that the recipient wants to keep secret. By processing and using intelligence on others, the EU will remain an intelligence target itself. It therefore seems advisable when contemplating past, present and future of EU intelligence from a doctrinal or an institutional point of view, to take into account measures of counter-intelligence as well; for the latter should be a natural element in any mind-set related to intelligence, security and resilience whatsoever. The fact that the EU does not actively acquire intelligence but is only on the consuming side does not provide any real protection in this regard. 141 Is there “European Intelligence” after all? Not quite, but rather a European way of intelligence when it comes to SIAC. What could make intelligence European, however, could be the way it is understood and used according to geo-political concerns. Although we may not be too far from it, until now the United States of Europe do not exist. As a consequence, most tradecraft methods and means in intelligence remain classified at the national level, based on domestic doctrine and laws, first and foremost serving national interest. Be that as it may, from the international perspective, such 138

36

Goodman/Ischebeck-Baum

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:42 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. Intelligence in Modern European History

should not be seen as a problem; in fact, trying to gain more insight in the national business from an EU perspective for example, could be counter-productive. It must be understood that secrecy is vital. It can be established, that, after all, what makes intelligence European, should be the dedication to European goals and strategy. For it is the European political leader who has the burden of decision-making. That is, wellinformed decisions, in the best case. How the knowledge has been acquired, however, will remain an individual and sovereign secret – sovereignty itself being at the very core of the European idea.

Goodman/Ischebeck-Baum

37

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:43 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2 Means and Methods of Modern Intelligence and their wider implications David Omand Outline A. The case for secret intelligence ..................................................................................... B. Means and methods of secret intelligence ................................................................. I. Human intelligence................................................................................................. II. Signals and communications intelligence.......................................................... III. Imagery...................................................................................................................... IV. Technical intelligence............................................................................................. V. Social media intelligence ....................................................................................... VI. Digital intelligence .................................................................................................. VII. Open source intelligence ....................................................................................... C. Intelligence in the service of a wider definition of national security................... D. The Requirement for pre-emptive intelligence ......................................................... E. The interaction of new demands and new sources of supply for pre-emptive intelligence ......................................................................................................................... F. Future developments in digital intelligence gathering............................................. G. Regulating the dynamic interaction between the demand for and supply of digital information ........................................................................................................... H. How law enforcement and intelligence agencies must respect privacy and other human rights .......................................................................................................... I. Modern intelligence processes and the intelligence cycle....................................... J. Organisational challenges for modern intelligence communities ......................... K. The need for greater international intelligence cooperation.................................. L. Conclusion .........................................................................................................................

mn. 1 3 3 7 15 16 17 18 19 20 25 32 37 41 45 50 53 73 76

Bibliography: Aldrich, GCHQ, London: HarperCollins, 2012; Anderson, Bulk Powers Review, London, August 2016; Andrew and Gordievsky, KGB, London: Hodder and Stoughton, 1990; Andrew, Aldrich and Wark (eds.) Secret Intelligence: A Reader, London: Routledge, 2008; Bingham, The Rule of Law, 2011 London: Penguin Books; Dover, Goodman and Hillebrand (eds.) Routledge Companion to Intelligence Studies, 2015; European Convention on Human Rights; Gomez, The Targeting Process: D3A and F3EAD, Small Wars Journal, 2011; Herman, Intelligence Power in Peace and War, London: RIIA, 1996; UK Regulation of Investigatory Powers Act 2016; Grey, Ghost Plane, London: St Martin’s Griffin, 2007; Home Office, Code of Practice for the Acquisition and Retention of Communications Data under the UK Regulation of Investigatory Powers Act, 2016; Johnson, The Oxford Handbook of National Security Intelligence, Oxford: OUP, Lowenthal, Intelligence: From Secrets to Policy Washington, DC: Congressional Quarterly Press, 2005;2012; Omand, Securing the State, London: Hurst, 2010.

A. The case for secret intelligence 1

Most of the information needed to make sense of the world around us, whether by governments, private companies or citizens, comes from sources that are open to our scrutiny if we know where to look. The Internet and the World Wide Web that it carries have revolutionised the ease and speed with which we can acquire and share information, and cheap storage and powerful cloud computing has made processing of big data an economic proposition. Of course we also need to apply the intellectual effort to understand the sources of the data and the limitations of any quantitative methods

38

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:43 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

being applied in order to judge the reliability of inferences being drawn (such as the representativeness of past information on which algorithms being applied to today’s conditions were constructed). But, stubbornly, when it comes to the areas of national security and law enforcement there remains vital information that the authorities in democratic nations need to complete the picture but cannot easily obtain since those with the information take steps – sometimes extraordinary steps – to prevent anyone knowing their secrets. These others include dictators, terrorists and insurgents, cyber attackers, proliferators, people traffickers, child abusers, money launderers and criminal gangs of all types. Their common characteristic is that they either actively mean to harm us or are capable of creating serious threats to our national security and well-being. The purpose of secret intelligence is to obtain such information, overcoming the obstacles that the owners of the information place in the way1. Obtaining secret intelligence on the plans of a military opponent threatening invasion 2 or the subversives seeking the overthrow of legitimate authority is a defensive State activity as old as history. Information is gathered, preferably without the knowledge of the target analysed and understood, and then, hopefully, used to pre-empt the threat. This activity has become over the centuries a distinct specialization for the military and for law enforcement and a unique branch of civil government in the form of security and intelligence agencies. Modern national security still includes deterring and defending against external threats and when necessary countering domestic subversion of democratic institutions. For most European nations there is the added strength that comes from belonging to a North Atlantic collective defence and deterrence structure in addition to the security solidarity implicit in membership of the European Union. Supporting such arrangements will feature high up in lists of approved intelligence requirements for European nations. Examples today would include gathering intelligence to understand North Korean flouting of UN Resolutions and Russian behaviour in Crimea and Ukraine that has attracted censure and sanctions from the European Council. Another would be the provision of intelligence to address the growing concerns over subversive and criminal activities on the Internet, including the activities of Russian criminal groups and their interference in democratic elections in a number of European States following the exposure of cyber meddling in the US Presidential election. There are many other examples of continuing legitimate demands for intelligence to support national and collective diplomacy, military planning and cyber security.2

B. Means and methods of secret intelligence I. Human intelligence To meet the demands for intelligence from government, the armed forces and law 3 enforcement a range of methods are available. Traditionally these methods could be divided into those that involve the use of human beings as agents to steal information, and the use of technical devices to obtain the information from wireless communications and electronic emissions, audio signals, and other forms of sensor. A convenient acronym for the former is HUMINT, in which intelligence officers belonging to an intelligence agency recruit and run agents in order to penetrate the organisations or groups holding the secrets being sought. The agents are normally (but not exclusively) 1 2

Omand, Securing the State, London: Hurst, 2010, p. 22. Herman, Intelligence Power in Peace and War, London: RIIA, 1996, chapter 1.

Omand

39

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:44 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

nationals of the target country, such as military officers and government officials who have become disaffected with the regime, or for some other reason can be persuaded to conduct espionage. Intelligence officers are often posted overseas as part of a diplomatic mission and have the benefit of diplomatic status if their agent running operations are exposed or operate undeclared (“illegals”), requiring the time consuming manufacture and the maintenance of a suitable cover inside the country (a tactic therefore used sparingly but notably by the Russian services against Western nations). With friendly governments it is often the case that intelligence officers within diplomatic missions are declared to the government of the country in which they are stationed in order to facilitate intelligence exchanges and liaison. 4 The historical record shows that the well-placed human agent is in a unique position to provide information on the intentions of a potential adversary, and to assist in understanding of decision-making within the target nation, whilst more technical sources can often fill in the gaps and more easily provide intelligence on military, industrial and scientific capabilities. An example of the former during the later Cold War can be seen in the case of Oleg Gordievsky, an agent of the British Secret Intelligence Service (SIS) (including being run as an agent whilst acting as head of the KGB residency in London) who was able to reveal much about the paranoia exhibited by the leadership in Moscow over their fear of a US first strike attack and who, through his reporting and personal meetings with Margaret Thatcher and Ronald Reagan, influenced their views of the new Soviet leader Mikhail Gorbachev.3 On the other hand, we now know how thoroughly the wartime US nuclear weapons programme, and the British intelligence community itself, had been penetrated by communist sympathisers passing information to the KGB.4 Today the search for well-placed agents in foreign governments of interest continues on the part of all HUMINT services. 5 Another use of human agents of considerable antiquity is to facilitate technical access to targets, such as giving access to codes and cyphers used by diplomatic representatives to protect their despatches. Today, a well-placed human agent may be able to provide access to computer systems and assist in planting bugging devices to assist in interception. As the spread of strongly encrypted messaging systems spreads it must be expected that such human assistance will be increasingly sought in trying to penetrate terrorist, proliferation and other serious criminal networks including the planting of bugging and tracking devices. 6 Law enforcement has also a long tradition of running human sources as informants, often referred to as CHIS (covert human intelligence sources) specifically within known criminal organisations and within the wider criminal milieu in the domestic community as a whole in order to be tipped off about impending criminal conspiracies. National legislation normally provides for evidence from such sources to be used in court under specified conditions of admissibility5. Running agents within the most violent criminal gangs involves high risk to the individuals and their families, and that is certainly the case with terrorist and violent extremist groups, and may for that reason be practically impossible. Even where a recruitment of an informant may be achieved there may well be significant dangers of the authorities ending up colluding in criminal wrongdoing, 3

Andrew and Gordievsky, KGB, London: Hodder and Stoughton, 1990 chapter 13. US Department of Energy Manhattan Project, https://www.osti.gov/opennet/manhattan-project-history/Events/1942-1945/espionage.htm accessed 5 Feb 2018. 5 For example Law Report: Bugged recording is admissible: Regina v Khan – Court of Appeal (criminal Division)(Lord Taylor of Gosforth, Lord Chief Justice, Mr Justice Hutchison and Mr Justice Pill), 27 May 1994, accepting the relevance of the Home Office guidelines of 1984 on Covert Listening Devices and Visual Surveillance (Private Place). 4

40

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:44 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

particularly if to maintain cover the individual is required to operate as an active member of the terrorist network or criminal gang.

II. Signals and communications intelligence Turning to technical sources, the most significant of these is still SIGINT, the acronym for signals intelligence. The most important branch of SIGINT is COMINT, or communications intelligence, although for military intelligence customers ELINT, or electronic intelligence (such as can be obtained from studying the characteristics of radar and other electromagnetic emissions) has a specialized but essential role. The interception of telegraph links using undersea cables was common by the early 20th century, a notable example being the interception in 1917 of the Zimmermann telegram, whose disclosure by the British to the US President helped to bring United States into the First World War on the side of the Allies. SIGINT was then obtained from the interception of radio communications of military headquarters and forces, diplomatic missions, governments and defence facilities and intelligence agencies including their illicit radio communications with their secret agents. Collection of SIGINT was by ground stations equipped with specially designed aerials for the purpose, or from ships and aircraft, and in some cases by covert sites within diplomatic missions. Longer-range high frequency (HF) radio transmissions were gradually replaced by microwave signals sent over long distances using line of sight relays, often from highly distinctive microwave towers or by using communication satellites to relay the signals. The development of compression algorithms meant that very many separate channels of communication could be sent on a single bearer (land cable or microwave link). Intercepting such links became a common part of SIGINT operations, and specialist SIGINT satellites in geo-stationary orbits were also used to intercept otherwise inaccessible major microwave links by capturing line of sight signals as they passed into space due to the curvature of the earth.6 Most recently, in the 2013 Snowden material7, there is much made of the access that the United States and her close intelligence allies have to the modern global digital communications network that carries Internet traffic, including that part carried by undersea fibre-optic cables. The volumes of Internet traffic are, however, truly vast and any interception agency however large and well-placed will only be able technically to access a small proportion of the global total and on practical grounds to retain and store a fraction of that accessed (figures of total access and store are not available but the National Security Agency in 2013 estimated that its analysts look at 0.0004 % of the world’s traffic in conducting their mission and since then the volume of global communications has continued to grow rapidly)8. A traditional part of SIGINT activity is DF (short for direction finding from the triangulation of radio signals) to locate the position of a transmitter. DF has largely been replaced by the modern LOCINT, or location intelligence, derived from data transmitted by mobile or other Internet enabled devices and the applications (apps) carried on them. Communications data from mobile devices showing who called whom, where, when and how can be a valuable source of LOCINT for military operations (such as the 6

Aldrich, GCHQ, London: HarperCollins, 2012. An indexed site of the material stolen by Edward Snowden from the US National Security Agency can be found at https://www.lawfareblog.com/snowden-revelations, accessed 5 Feb 2018. 8 https://www.theatlantic.com/politics/archive/2013/08/nsa-better-data-collection-math/311998/, accessed 5 Feb 2018. 7

Omand

41

7

8

9

10

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:45 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

11

12

13

14

allied operations in Iraq and Syria against the so-called Islamic State, NATO operations in Afghanistan and the current NATO forward deployments in the Baltic States). LOCINT is also proving essential for counter-terrorist operations in Europe and elsewhere. LOCINT is used routinely in many criminal investigations both to eliminate suspects from inquiries and to identify suspects for further investigation. A classic example would be the identification of a suspect for a murder with no witnesses whose mobile device was active both at the scene/estimated time of death of the victim and also at the waste-ground/time when it is believed that the body was dumped some kilometres away. Communications data from the communications company concerned, normally later admissible in court, can show whether there was the same mobile device present at the two places/times of interest and thus provide a lead for further investigation. Radio communication networks still exist, particularly for military units that require mobility, flexibility and independence from fixed systems that may not be available during hostilities, such as mobile phone networks. But by far most of today’s communications of interest are carried on the Internet including the strongly encrypted virtual private networks (VPN) of diplomatic services. An important distinction for the purposes of legal regulation of SIGINT activity is between Internet based communications data and communications content (which can be defined as information which discloses the meaning or part of the meaning of a communication). Communications data in turn can be divided into that which is required for the accurate transmission of the communication from sender to recipient (technical data about which device called which device, when, where and by what means) and information about the owner of the device such as their subscriber details, billing address and so on9. Another important distinction often made in law is between the direct interception by a telecommunications company at the request of the authorities of the communications of an identified subscriber who is a suspect, or where the address of the subscriber is known, often called “targeted surveillance”, and the interception of the sought for communications through so-called “bulk access” to data streams then using filtering and selection algorithms to whittle down to the required communications (a task often colloquially referred to as finding the wanted needle in the haystack). SIGINT agencies in the past had to devote significant effort to long-range technical search across the spectrum of radio communications to seek new transmissions and types of transmission, to classify them and identify whether they could be of intelligence interest in relation to their statement of priorities and requirements. The equivalent today is the mapping of patterns of communication and sampling of communications over global networks, seeking to identify how packets of data are likely to be directed by the servers making up the network, programmed to direct traffic so as to minimise cost at that instant, a cost that is itself governed by volumes of traffic between those nodes at that time. Packets of data that comprise a single communication may well end up taking different routes from sender to recipient complicating the interception task. Understanding such traffic flows is necessary to a SIGINT agency in order to optimise the chances of intercepting wanted traffic – noting that this can never be guaranteed and is a probabilistic matter. How bulk access, filtering and selection are managed so as to respect privacy rights is examined later in this chapter. SIGINT agencies also have to be centres of cryptographic expertise. Military and diplomatic communications have always been protected by some form of encryption, 9 Convenient definitions can be found in the Code of Practice for the Acquisition and Retention of Communications Data under the UK Regulation of Investigatory Powers Act, 2016, London: Home Office, March 2015 available at https://www.gov.uk/government/consultations/investigatory-powers-act2016-codes-of-practice, accessed 5 Feb 2018.

42

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:45 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

posing a challenge for the intercepting agency. Internet security relies upon public key cryptographic systems and these can be designed so as to be unbreakable in any feasible time even by the fastest specialist cryptographic computers. The Snowden disclosures about some of the ways in which SIGINT agencies had nevertheless got round the problems of traffic encryption led to an acceleration of the introduction of end-to-end strong encryption by most Internet companies. The result has been rapid adoption by terrorists of secure apps on their mobile devices, such as WhatsApp and Telegraph, effectively preventing intelligence and law enforcement agencies from eavesdropping on their conversations and messaging, including notably when terrorists are being directed from overseas to conduct an attack. Manufacturers of mobile devices have also increased the security of the devices themselves so that even when a suspect is arrested and their devices seized it may not be possible for the authorities to access evidence on the device. A number of Western leaders have called for the tech companies to work with the governments of the democracies to find new technological solutions compatible with privacy rights to this shutting out of law enforcement, and consequent failure to uphold the rule of law in cyberspace, but no solution has yet been volunteered.

III. Imagery A branch of intelligence work of growing importance is IMINT, short for imagery or 15 visual intelligence. Originally conducted by cameras carried by manned reconnaissance aircraft, such as the US U2 spy plane, the use of low earth orbiting satellites carrying high-resolution visual sensors became a major part of Cold War intelligence. Today multi-spectrum sensors can detect recently disturbed earth that might indicate the placing of roadside bombs on routes being used by military convoys. Remotely piloted drones can loiter for long periods, virtually undetectable, whilst providing real-time battlefield imagery for force protection and in support of special force raids and armed drones. The technology of visual recognition using artificial intelligence combined with powerful cloud computing will allow IMINT operations over public events to identify known terrorist or criminal suspects. Other powerful new techniques include the fusion of digitised mapping and geographic information (GEOINT) and imagery into threedimensional representations of terrain as they would be seen by a pilot or military unit on the ground, thus enabling routes to be planned that evade enemy defences and minimise the likelihood of detection.

IV. Technical intelligence By extension, other specialised forms of intelligence gathering have their own “INT” 16 acronyms. So, for example, MASINT refers to the branch of scientific and technical intelligence devoted to detecting, tracking, identifying and classifying the distinctive signatures that are emitted by intelligence targets, particularly in areas such as missile telemetry, nuclear weapons development and chemical and biological weapons detection. Forensic intelligence (which does not yet have its own INT acronym) has become ever more important as fingerprint and DNA recovery improves and trace analysis is possible from residues left at a crime scene, along with the recovery of information from digital devices found at the scene. US Special Forces are now being specially trained in forensics to obtain intelligence from the scenes of their operations and raids, such as that against the hideout of Osama Bin Laden, under the general heading of 3FAD (Find, Omand

43

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:45 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

Fix, Finish, Analyse and Disseminate) a variant on the well-known intelligence cycle, described later in the chapter10. ACCINT is another specialist term referring to the intelligence acquisition of acoustic noise signatures from submarines and other vessels so that they can be identified, crucial for distinguishing friend from foe underwater and civilian from naval surface vessels in conflict. The most recent addition to the lexicon is cyber forensics, the analysis of the computer code used in cyber attacks to establish the sophistication of the attack, the origins and reuse of the various sections of code and any clues from date-time stamps, language and other indicators that may assist in the attribution of the attack to a state or non-state group.

V. Social media intelligence 17

The very rapid global expansion in the use of social media has created its own subbranch of intelligence gathering, known as SOCMINT, in order to try to derive information about targets from their social media use. Sources range from open Twitter feeds to closed Facebook groups, comparable to SIGINT, and therefore the level of legal authority necessary to conduct SOCMINT will vary according to the degree of privacy intrusion involved. Police services around the world are increasingly investing in social media monitoring equipment that, combined with computerised sentiment analysis, can provide tactical intelligence on the mood of crowds and demonstrators at public events. Widely reported use of social media to communicate between demonstrators in the socalled Arab Spring has led to attempts to use SOCMINT to anticipate mass movements by deriving strategic intelligence about public mood and discontents, although the value of this work as a predictive tool is still uncertain.

VI. Digital intelligence 18

Another specialized and growing branch of intelligence, often known under the general heading of DIGINT, or digital intelligence, involves sophisticated data mining and crossreferencing (often known as layering) of information contained in bulk databases containing personal information (an alternative term is PROTINT (Personal Protected Intelligence) to act as a reminder of the fact that the main source of information is personal data covered by data protection legislation11). By definition, most of the information in such databases will relate to ordinary citizens or users of service, of no legitimate interest to intelligence or law enforcement services. Information relating to legitimate intelligence targets, if it exists in the database, will therefore comprise a very small proportion indeed of the total data being examined. For that reason, the holding of bulk personal databases by intelligence agencies should require careful legal regulation to ensure respect for the privacy rights of all those whose data is contained in the database12.

VII. Open source intelligence 19

Finally, as the introduction to this chapter showed, secret intelligence is best seen as a small and highly specialised subset of the very much bigger everyday activity of open 10 Gomez, The Targeting Process: D3A and F3EAD, Small Wars Journal, 2011, available at http://www. dtic.mil/dtic/tr/fulltext/u2/a547092.pdf accessed 5 Feb 2018. 11 Omand, pp. 32–33. 12 As has now been introduced in the UK under Part 7 of the Investigatory Powers Act 2016.

44

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:46 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

information gathering and analysis. Where the topic being studied relates to an intelligence requirement, the term OSINT, or open source intelligence, is commonly used. The derivation of intelligence from open sources is now a mainstream activity for national intelligence communities. Its characteristic feature is that these are sources that can be accessed without special legal authority and without the application of the methods of secret intelligence described earlier in the chapter. Some at least of what would, for previous generations, might have had to be found out by secret methods, if it could have been found at all, can now be obtained from sophisticated Internet searches. Specialist websites, for example, provide the real-time location of merchant shipping and fishing vessels, valuable for counter-proliferation and counter-narcotics work. A notable use of open source analysis of aircraft numbers and sightings was the uncovering of the pattern of secret flights transporting the victims of the special rendition programs run by the Bush administration.13 Another was the confirmation of chemical weapon use by Assad’s forces in Syria from examination of fragments of weapons posted on social media. Crowdsourcing can identify individuals, for example from media or surveillance photographs (although the misidentification and public hounding of an individual wrongly suspected of the Boston bombing also shows the dangers of this approach).

C. Intelligence in the service of a wider definition of national security Increasingly, in more recent times, governments have had to be concerned not just 20 with the safeguarding of the national territory and its democratic institutions but also the direct protection of the public from a variety of threats to their everyday life. Today that tendency is most obvious from the risks to the public in Europe and elsewhere from both jihadist and extreme-right terrorism. Organised criminal gangs conduct narcotics and people trafficking, sanctions evasion, counterfeiting, money laundering, and other serious crimes. International child abuse networks exploit the Internet. Such forms of serious international criminality also are creating demands for greater government involvement including the rising tide of cyber attacks, both criminal and State-sponsored. It would not be an exaggeration today to say that a European State can only maintain that it enjoys fully the benefit of national security when the authorities have the trust of the public that they are capable of managing the full range of serious threats so that people can get on with normal life freely and with confidence. The methods for obtaining human and technical intelligence, including those made 21 possible by the modern digital world, can be applied to obtain intelligence on the traditional national security targets as well as on the modern threats from terrorism and criminality, including in cyberspace. This commonality of method can lead to conflation of secret intelligence work and surveillance, which is a specialised subset involving persistent observation of the target. Traditionally, surveillance activity by Western intelligence services was confined to the shadowing of naval submarines and warships and counterintelligence work, such as following suspected spies and intercepting their communications. Today, however, many European security and intelligence agencies have as a major priority the surveillance of violent extremists suspected of planning or supporting acts of terrorism. 13

Grey, Ghost Plane, London: St Martin’s Griffin, 2007.

Omand

45

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:46 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

Such surveillance should not be confused with “mass surveillance”, as conducted by the security and intelligence services of authoritarian states as seen in the past Cold War practices of Warsaw Pact countries. “Mass surveillance” involves persistent observation of either the population as a whole or a very significant part of the population in a way that is indiscriminate. The objective of security agencies such as the East German Stasi, for example, was to establish patterns of behaviour of the population at large, by mass surveillance, so that exceptional activity that might pose dangers to the State, such as contact with Westerners, could be more easily identified. 23 Western police services and other law enforcement branches, on the other hand, routinely engage in targeted surveillance of criminal suspects with intrusive methods including de visu observation and shadowing, the placing of tracking devices in vehicles and bugging devices in vehicles and premises. The degree of interference with personal privacy and the privacy of family is likely to be considerable given the persistent intrusiveness of the measures. Additionally, such measures, although targeted, are almost certain to intrude on family members and innocent contacts with others. 24 The complexity of modern global communications and apps, and the use of secure voice and video Internet communications such as Skype and iChat, has led to law enforcement today routinely seeking technical support from intelligence and security agencies. The use of intelligence techniques developed for national security purposes has had some notable successes such as the joint operation between US and European services to uncover and disrupt major child abuse networks using the Dark Net and the uncovering of previously unknown terrorist networks. 22

D. The Requirement for pre-emptive intelligence Public concerns have built up over the last few years over the effectiveness of the management of serious threats to normal life, as seen in the media criticism of governments after terrorist incidents and cyber attacks. There is natural public and Parliamentary concern that the rule of law be upheld with terrorists and criminals able to be brought before a Court so that they answer for the crimes they have committed. Much of the criticism is, however, directed at perceived failures of law enforcement and intelligence agencies to prevent the incidents in the first place, particularly in cases where the authorities turn out to have had some knowledge of the perpetrators beforehand. There is a public expectation that government will do what is necessary to protect them and their property from serious harm, that is to pre-empt threats whenever this can lawfully be done. To have any chance of succeeding in that objective, governments need access to adequate pre-emptive intelligence to enable them to forestall and thus prevent the harms to the public. But, as already noted, those who intend harm have no interest in allowing government to know in advance their intentions and capabilities, and every interest in frustrating them in doing so. 26 Two important conclusions follow for the legitimate collection and analysis of secret intelligence. The first implication of gathering such secret intelligence is that very special methods will have to be used to overcome the will of the person with the secret who is determined to prevent the authorities knowing it, methods that inevitably carry ethical risk. These methods are not ones that would be ethically acceptable as part of the general moral code for society. Secrets have to be stolen. Plainly, family members, friends or associates of the holder of the secret will have to be persuaded that they 25

46

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:46 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

should betray confidences. The right to privacy of communications will have to be interfered with, and even the privacy of family life intruded upon by the use of bugging, hacking or other techniques (as allowed by the European Convention on Human Rights when provided for in law and necessary in the interests of national security, public safety or the economic well-being of the nation, for the prevention of disorder or crime, fort he protection of health or morals or for the protection of the rights and freedoms of others)14. If such ethically risky methods cannot be used then it becomes next to impossible to acquire a secret, and thus to prevent the harm. As seen after the terrorist attacks in Europe of the last few years the public holds government and its law enforcement and intelligence agencies firmly to account for, as they see it, failures to prevent these atrocities. So from the point of view of the authorities, society has to accept that there is an inevitable ethical risk involved in acquiring secret intelligence, whether by recruiting human sources or by technical operations to intrude on privacy. As will be discussed later in this chapter, it is nevertheless necessary – and possible – in a democracy to regulate by law the application of intrusive intelligence gathering methods and thus place strict bounds on the ethical risks involved (such as intrusion into the privacy of the innocent, so-called collateral intrusion) and to introduce strong safeguards such as independent judicial and Parliamentary oversight so that any danger of abuse of these powers under future governments can be safeguarded against. There is, additionally, a second inevitable implication that flows from the definition of secret intelligence that complicates the legal regulation of ethical risk, and that is the inherent need for secrecy over intelligence operations. Which intelligence sources and methods are being employed against which targets, and thus which ethical risks are being run on society’s behalf, must remain a deep secret of the State. Parliaments can legislate to regulate in general the type of techniques that can lawfully be authorized and employed, for what general purposes, and set down limits on their use (such as special provisions for authorizing surveillance of elected representatives, lawyers, journalists and clergy when suspected of criminal offences). But the targets can easily dodge attention if they know which methods are to be specifically directed against them. Without that essential core of secrecy over the use of sources and methods any efforts to gather intelligence would quickly become self-defeating, and certainly pose the risk of harm to human sources and their families if their existence became suspected. These two obvious implications of acquiring pre-emptive secret intelligence – the ethical risks inherent and the need for secrecy about the application of sources and methods – make hard, but not impossible, the construction of a sound regulatory framework to govern secret intelligence work, and to have independent oversight of it. Progress has been made over the last few years by a number of European nations rethinking their approach to the regulation of intrusive methods of intelligence gathering, and redefining accordingly the boundaries of desirable transparency and necessary secrecy. A particular concern in that respect for the European Commission (EC), the Council of the European Union and the European Parliament (EP) was the 2013 and 2014 global media allegations concerning bulk intelligence access operations15. These disclosures drew on highly classified material stolen from the US National Security Agency (NSA) by the US contractor Edward Snowden and its close partner the UK’s 14 15

ECHR, Art. 8, http://www.echr.coe.int/Documents/Convention_ENG.pdf. Discussed in Cameron, The Problem of Oversight, Part 4 Chapter 3, in this volume.

Omand

47

27

28

29

30

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:47 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

Government Communications Headquarters (GCHQ). Those disclosures brought to public and Parliamentary attention, in many cases for the first time, the increasing use of advanced techniques for bulk collection, analysis and storage of digital communications involving personal data and led to allegations from civil society groups that legal powers were being exceeded. The European institutions expressed particular concern that given the reach of the digital intelligence gathering and the volumes of data involved such activity might amount to mass surveillance that would breach the European Convention on Human Rights and the Charter of Fundamental Rights of the European Union16. Following legal challenges and much public debate, clarification has been obtained from US authorities and from European States that use such methods of much of what is actually involved and of how procedures and processes take account of privacy rights. The governments concerned have as a consequence had to make unparalleled disclosures and to avow of much that was previously secret, a major contribution to greater transparency, itself making possible clearer and stronger national legal regulation. Work also continues on issues surrounding the protection of the personal data of European citizens and its processing when held by US companies or transferred to the United States.17 31 The accusations by the media and civil society groups against several European security and intelligence agencies included that they were conducting unlawful surveillance18. Most of these allegations have subsequently been dealt with by the greater transparency referred to earlier, clarification of what legal powers were being used, and in some cases by fresh legislation. Also included in the Snowden material was information about previously secret intelligence cooperation arrangements between the United States intelligence community and many European security and intelligence agencies (outside the longstanding US/UK SIGINT cooperation). The scale of the revelations shook the trust of many EU citizens in their national intelligence services and the systems for their regulation. This in turn has created great concern within national law enforcement and intelligence communities that the necessary social compact over the use of the powers of the State had been weakened between the public and Parliament and national government and its secret agencies.

E. The interaction of new demands and new sources of supply for pre-emptive intelligence To explain how serious this situation has come about, and the implications for the regulation of intelligence activity by European nations, it is necessary to understand an extraordinary historical coincidence of two sets of circumstances that has unfolded over the last 20 years. The first set of developments is in the changing demands for intelligence specifically about people; and the second set of developments involves the ability of advances in Internet and digital technology to be able to supply information about people to meet those demands. 33 Although, as earlier noted, traditional intelligence requirements continue to be placed on agencies to gather intelligence on the Armed Forces and the capabilities of potentially hostile States and to support traditional arms control and diplomacy, a 32

16 For discussion of the EU institution’s reactions and relevant case law by the CJEU see Schmahl, Intelligence and Human Rights, Part 4 Chapter 2 and Sule, National Law and EU Law Restraints on Intelligence Activities, Part 4 Chapter 3, in this volume. 17 FRA (2014a), p. 81 and following; FRA (2015). 18 See Nyst and King, Intelligence and Civil Society, Part 4 chapter 6, in this volume.

48

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:47 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

marked post-Cold War emphasis has been on managing the harms that individual actors or non-state groups pose to our societies. Faced with terrorist and serious criminal groups it is information about their leading personalities and individual members that is urgently sought. For example, intelligence is being urgently sought today to establishing their identities (the use of aliases and multiple identities is of course commonplace), locations and movements, communications, associates, financing, capabilities and intentions (including identifying today which of the comparatively large number of Al Qaeda and Daesh sympathisers in Europe, including fighters returned from the so-called Islamic State in Syria following its being over-run by coalition forces in 2017, and in surrounding nations are actually contemplating taking violent terrorist action themselves). That increase in demand for intelligence about individuals who intend harm has coincided, remarkably, with the transformation in everyday life wrought by the private sector as it developed the digital technology that has powered the Internet and the massive use of mobile devices. A striking example of the convergence of these trends is the use by Russia of advanced social media manipulation to interfere with the 2016 US Presidential election against candidate Hillary Clinton and in favour of Donald Trump.19 Digitised information has become the common currency of the modern world. This 34 can be seen in the high stock market valuation of Internet companies with few employees, minimal fixed capital but huge intellectual assets in the shape of skilled people and innovative ideas and the massive investments being made into the exploitation of big data. It can be seen too in the transformation of much of warfare through the application of advanced command, control and information management systems and the introduction of the armed drone. And in the forensic science now applied to a crime scene filled with sources of data ranging from DNA traces to that held by the smart sensors on a mobile device. Some countries now go to extraordinary lengths to try to hack into government and private sector databases to steal intangible wealth in the form of intellectual property. Hacking attacks have also been conducted by Russian intelligence agencies to steal information as part of campaigns to influence events, including the US 2016 Presidential election and the 2017 French Presidential election. In those cases personal emails were stolen and then released publicly to try to embarrass candidates, examples of “weaponizing” genuine information20. Disinformation, that is information known to be false or documents that had been forged, has also featured in recent covert Russian influence operations over events in Ukraine, NATO deployments in the Baltic states. Intelligence agencies see themselves helping decision-makers to make sense of what is going on and what may happen next by reducing their ignorance of important aspects of the world. Increasingly, the ability in that respect of even the most skilled human analyst is being enhanced by the application of various forms of artificial intelligence, enabling ever larger quantities of data to be managed and inferences to be drawn that would have been simply infeasible before the advent of high speed cloud computing and advanced data science. The application of modern intelligence methods is in the process of transforming our understanding of the world around us. The business model of the Internet involves the gathering, processing and storage of 35 digitized information about users so that their data can be monetised and used for 19 Details of the alleged interference are set out in the Justice Department Indictment of the Russian Internet Research Agency, of 18 February, available at https://www.justice.gov/file/1035477/download. 20 See the US Director of National Intelligence Assessment, Background to “Assessing Russian Activities and Intentions in Recent US Elections: The Analytic Process and Cyber Incident Attribution”, available at https://www.dni.gov/files/documents/ICA_2017_01.pdf.

Omand

49

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:47 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

marketing purposes, replacing much of the pre-existing advertising industry. That personal data comes directly from their use of modern communications and apps, social media, games, search engines, payment systems and on-line purchases, airline, train and hotel enquiries and booking systems and all the other applications that have become so much of our daily life. The traces of our Internet activity, and the records of our real world activity that government and private sector alike keep in digitized form, represent an “Electronic exhaust” as it has been called that we all leave behind us. It should have come as no surprise therefore that there has been this dynamic interaction between the demand for, and supply of, intelligence about people of interest. 36 The targets of intelligence activity and law enforcement investigation have themselves quickly taken full advantage of the digital Internet revolution. In the early years of the First World War there was a rapid take-up of the then new technology of radio by warships and military units revolutionising command and control, and an equally rapid exploitation of that fact by the new intelligence techniques of radio direction finding and interception (the world’s first signals intelligence interception station was set up in 1914 by the Royal Navy in Scarborough on the north-east coast of England to monitor the movements of the German Grand Fleet). In a comparable way we can see in recent years the rapid take-up of digital technologies by terrorists exploiting the advantages of Internet anonymity, the security provided by public key encryption and the ability to have their communications hidden amidst the vast volumes of global communications in order to plan and direct operations and instruct followers in new techniques of bomb-making. Both AQ and Daesh provide their followers with instruction on security and evading digital surveillance, having learnt from the Snowden material how the US and other nations were able to access and exploit Internet communications21. Terrorist movements such as Daesh have become expert at using digital technology to spread their ideology to gather new recruits and motivate them to conduct attacks. Similarly criminals are able to use the Internet to plan and communicate securely, and in particular to acquire and use tools for conducting cyber-crime at scale. So it is to be expected that in pursuit of their targets the major intelligence powers outside and inside Europe will continue to try to develop advanced methods to access the digital communication networks used by their suspects and to examine their Internet usage.

F. Future developments in digital intelligence gathering 37

The digital revolution is transforming other forms of intelligence gathering as well. Imagery from high-resolution digital cameras (now ubiquitous in every mobile device) can be collected and analysed in ways not before possible. Drones with such cameras can conduct surveillance over long periods (and criminals are now using such techniques to “case the joint” before they strike). Telemetry and other technical intelligence are now available in digital form and can be analysed very quickly (including “lab on a chip” devices to monitor for counter-proliferation purposes). Even human intelligence agent recruitment has been affected since obtaining the services of technicians and others with access to adversary networks may pay much higher dividends than recruiting the classic 21 Examples of such OPSEC advice can be found in Zetter, Security Manual Reveals the OPSEC Advice ISIS Gives Recruits, Wired Magazine, 19 Nov 2015, https://www.wired.com/2015/11/isis-opsec-encryption-manuals-reveal-terrorist-group-security-protocols/, accessed 5 Feb 2018.

50

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:48 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

20th century diplomat as a spy. In that respect at least, human intelligence has regained its salience as a vital component of national intelligence communities. The spread of strong end-to-end encryption (a trend accelerated by the publicity 38 given to digital intelligence following the reporting of Edward Snowden’s accusations) has, on the other hand, made it harder for SIGINT agencies to acquire the actual content of digital communications. Intelligence agencies have therefore recognised the value of being able to get closer to their targets, including having access directly to the devices they are using for communication. This has led to the development of sophisticated malware and network exploitation tools, often known under the general heading of “equipment interference”. Other close-access methods include placing bugs in devices such as printers or computer cables and exploiting the microphones and cameras within modern devices including Internet enabled televisions to eavesdrop on conversations. Many of these methods used by Western intelligence services have been exposed by Edward Snowden and WikiLeaks22. In parallel with the development of digital communications, governments and private 39 sector enterprises now routinely digitise their financial and other transactions with citizens and customers, both to increase the attractiveness of the service and to save back-office staff costs. Search engines have rapidly improved over the last few years and now are able to respond intelligently to queries for information, including spoken commands. Applications such as Google Maps and Google Street View, and their competitor services, provide any user with an unparalleled reconnaissance ability, one that terrorists and criminals have certainly exploited – but in turn one that can provide leads for the authorities to follow up after crime has been committed. Digitised information is cheap to store, at least relative to the old days of paper or analogue recordings, and has the enormous advantage that stores of data can be searched and compared, and advanced algorithms applied, in ways and at speeds simply not feasible before. Digital science is one of the fastest growing areas of technology with huge applications in such areas of civil life as varied as personalised medicine to the running of efficient transport systems. Artificial intelligence with neural and Bayesian learning programmes has already led to the development of advanced facial recognition systems that could pick out the terrorist suspect in a crowd and handwriting recognition algorithms that can or beat any human analyst. One of the most striking examples – of considerable and obvious interest to law 40 enforcement as well as intelligence today – follows from the digitisation of mapping. Mobile devices that we all carry around are routinely broadcasting our location, required if there is to be a seamless handover from one mobile cell tower to another as we move about, and for those who wish to call us to be able to have our communications directed to our device wherever on the planet we are. Even where users try to disable such functionality, the many apps which for convenience we have on our phones may well also be sending location data (without which the usefulness of the app would be sharply reduced if not removed altogether).

G. Regulating the dynamic interaction between the demand for and supply of digital information In short, a great deal of information about our daily lives and habits can be inferred 41 from digitized data, knowledge that in the past could only have been obtained, if at all, 22

For example see the Vault 7 disclosures, https://wikileaks.org/ciav7p1/, accessed 5 Feb 2018.

Omand

51

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:48 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

with major expenditure of time and effort through old-fashioned “shoe leather” investigations. Faced with the urgent demands for information about people, and all these digital supply opportunities, there is no sign of slowing down of the dynamic interaction as intelligence communities around the world make efforts to meet the former through the exploitation of the latter. For the democracies (but alas only for them) how far this dynamic interaction between demand and supply should be restricted and regulated has become a major public policy issue. The very power of these digital methods creates ethical and legal issues for any democratic government that wishes to employ them. 42 In the days of analogue technology a police service could request a wiretap on a criminal suspect, or an intelligence agency on a suspected spy, and, given the appropriate warrant, the national telephone company would deliver the product of interception from a single line to the authorities. Compare and contrast with the situation today where there is a multiplicity of competing providers of mobile telecommunication services and a variety of apps that allow voice or video communication over the Internet. Strong encryption protects the content of many of these communications. Communications data can provide useful intelligence about who is in contact with whom and when but is often only accessible in bulk, meaning that the data relating to suspects is mixed up with that of the general population. The same point applies to bulk personal data bases which the intelligence agencies and law enforcement may wish to query, which by definition contain mostly information of no interest to the authorities. With global packet switched networks, foreign interception is not straightforward either and to access the desired communications may involve complex filtering and selection from a stream of data (much of which is global market trading, commercial on-line film streaming services, pornography sites and on-line multi-player games most of which is of no interest to the intercepting agency). 43 A more comprehensive approach to regulation of intrusive intelligence gathering is as a result now beginning to be applied in a number of European countries, including the UK, France, Germany, Sweden and the Netherlands. The starting point has had to be the acceptance by their national intelligence communities that their digital intelligence gathering and intrusive investigative powers have to be governed by the modern rule of law. In particular, all the relevant methods have to be avowed and covered by legal regulation. Most legislatures have statutes that provide for the regulation of interception of communications and access to communications data (who called whom, when, and where and in what way). Ideally, regulation should also be introduced governing access by intelligence agencies to databases of personal information, and the use of the techniques of equipment interference such as hacking and network exploitation. In its 2016 Investigatory Powers Act the UK has taken that step, placing all the known methods of digital intelligence gathering under a strict legal framework23. 44 A second important implication of placing secret intelligence gathering under the modern rule of law is that legislation must be sufficiently transparent as to be understandable by the individual (or more exactly by the lawyers advising the individual) on how the law bears on them. So no secret law, and no hiding behind the absence of law or obscure provisions of law passed by Parliaments for different purposes with other purposes in mind or to cover past circumstances where the interception possibilities were very different from those of today, as had happened in the past in several European nations. Criticism of the failure to consolidate and update the different pieces 23

52

Leigh, Intelligence Law and Oversight in the UK, Part 5 Chapter 3, in this volume.

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:48 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

of UK legislation bearing on interception to take account of developments in digital intelligence gathering was a prime motivation for the comprehensive 2016 Investigatory Powers Act24.

H. How law enforcement and intelligence agencies must respect privacy and other human rights25 There will be amongst the mass of digital data collected in bulk in a modern 45 intelligence gathering operation specific personal information (either as directly observed data points, or information capable of being inferred from them) that an individual would wish to be kept private. There may also be personal information an individual does not want to be retained in digital form whether by a commercial company or a government agency. In most cases those individual preferences should be respected, and European data protection legislation can often be used to enable that to be enforced. But there will be circumstances where a democratic decision is taken by a parliament that in the interests of society, for the purposes of national security including national economic well-being and the detection and prevention of serious crime, (or for the other reasons set out in the European Convention on Human Rights, in particular its Article 8) it is necessary to take bulk powers that intrude on privacy. An example in the case of the UK is the provision in the 2016 Investigatory Powers Act to give the government the power to require an Internet service provider to retain for a reasonable period of time Internet connection records. The necessity for using such bulk powers, including whether alternative means could have been as effective in achieving useful results, was examined in detail by David Anderson QC, then the independent Reviewer of UK Counterterrorism Legislation in a major report for the British Parliament in 2016.26 His conclusion was that there is indeed a clear operational case for the powers he examined but also that given the pace of change strong independent oversight will be needed on a properly informed basis. Apart from accepting the rule of law itself, national intelligence communities should 46 therefore recognize that in the modern era if they wish to use these powerful digital techniques then they must accept they will be regulated in ways that provide for independent oversight, both Parliamentary and judicial27. For previous generations of intelligence officers, and even for several intelligence services in Europe today, this requirement for regulation of their activity may be seen as onerous and a threat to their security and freedom of action. On the other hand, it is increasingly recognised by the major Western intelligence powers that an effective service capable of gathering intelligence on hard targets will in the long run have to be one that commands public confidence. Oversight is an important part of demonstrating that intelligence communities exhibit the necessary integrity, and that the public need not fear misuse of their powers. The public must therefore be convinced through oversight that whilst operating 24 Another example was the now superseded UK Interception of Communications Act 1985 that was criticized for not making clear the extent to which provisions for warrants for the interception of foreign communications in practice authorized bulk access to cable traffic. 25 See Schmahl, Intelligence and Human Rights, Part 4 Chapter 2 and Sule, National Security and EU Law Restraints on Intelligence Activities, Part 4 Chapter 3, in this volume. 26 David Anderson, Bulk Powers Review, London, August 2016. https://terrorismlegislationreviewer. independent.gov.uk/bulk-powers-review-report/. 27 See Cameron, The problem of oversight, Part 4 Chapter 3, in this volume.

Omand

53

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:49 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

effectively and efficiently to keep them safe the secret agencies will act with restraint in the use of the coercive and intrusive powers of the state. 47 Internal regulation within law enforcement and intelligence agencies, including the necessary training of staff, must be such as to demonstrate the application of wellknown legal tests such as right authority, necessity and proportionality in intrusive intelligence gathering operations. The methods used to choose bearers and communications channels, and to filter and select data accessed in bulk, must be capable of reasonable discrimination between the search for legitimate suspects and the avoidance of prying into the communications of the innocent in whose affairs the intelligence agencies and law enforcement have no legitimate interest. These principles should apply equally to intelligence gathering activity domestically and overseas. It has become clear to European intelligence agencies that the only safe legal approach is for them to recognise that they are at all times bound by the provisions of Article 8 of the European Convention of Human Rights, where appropriate the Treaty of European Union and of national constitutions. They must, therefore, from the outset in planning and conducting such operations respect the privacy rights of all those whose communications they come into contact with, however virtually or briefly. Privacy rights are nevertheless not absolute and there will, as the European Convention recognizes, be circumstances in which interference is justified for reasons including national security and the prevention and detection of serious crime. A reasonable demand from law enforcement and intelligence agencies is for greater clarity on the application of European and national law as it applies to that balancing judgement within the basket of human rights so that they are not unnecessarily exposed to public criticism and legal hazard. 48 A substantive ethical issue that arises is how far it is acceptable to access and retain Internet accessed data in bulk so as to be able to search for patterns of communications and other behaviour that might point to previously undetected or unlocated terrorist or other threats. Searching for communications of legitimate intelligence interest, when inevitably suspect communications are mixed with those of the public at large, involves careful consideration of privacy. If the methods of selection were insufficiently powerful so there was not a reasonable likelihood of obtaining a result of proportionate value then there would be the risk of breaching the legal prohibition against indiscriminate interception and “mass surveillance”, a rightly condemned practice of totalitarian regimes. And were that to become a regular occurrence then, as civil liberties campaigners have argued, that perception of indiscriminate surveillance may in turn chill innocent everyday behaviour for fear of privacy intrusion. Such a privacy intrusion would represent also an attack upon rights to freedom of speech if there are sentiments that cannot be expressed for fear of being overheard28, sadly a feature of crackdowns on dissidents by authoritarian regimes. 49 Considerable technical skill is likely to be needed on the part of the intercepting agency to ensure that the algorithms being used in search activity provide sufficient likelihood of success based both on the methods used and the “seeds” or starting points for searches of the data. As all criminal investigators know it is necessary in most cases to investigate and eliminate from further inquiries a number of suspects prior to identifying and charging the likely perpetrators of a serious crime. In addition, collateral intrusion into the communications of the innocent is likely, even in targeted interception intelligence operations. A tap on a telephone, or a bugging device in a dwelling 28 An argument advanced by UK Supreme Court judge, Lord Neuberger, Hong Kong Foreign Correspondents’ Club, “The Third and Fourth Estates: Judges, Journalists and Open Justice”, 26 August 2014, as well as by the European Court of Justice in its decision of case C-293/12 – Digital Rights Ireland and Seitlinger and Others, 8 April 2014, para. 37.

54

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:49 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

place or vehicle, is quite likely to pick up innocent conversations with family members or between other innocent parties that are not the warranted subject of the investigation and which those monitoring should not record or which should be deleted as soon as their nature is established. Similarly, a suspect’s computer being monitored may well be used by other family members or friends. Any intrusion to gather intelligence must therefore be justified by a consequentialist argument of the balance of public good in terms of harms to be prevented. The key for the future to remaining within Article 8 rights will be the extent to which sufficient discrimination can be built in to the algorithms (and especially those using artificial intelligence systems that are trained on test data) to enable access, searches and pattern recognition to have a sufficiently high likelihood of returning information on legitimate suspects as to pass the “necessity” and “proportionality” tests. When it comes to collateral intrusion Article 8 right to respect for family and private life is therefore, in the words of the former UK Lord Chief Justice Lord Bingham being qualified by what may be called a community exception – a recognition that the rights of the individual may properly be restricted in the interests of the community at large, if certain fairly demanding conditions are met’29.

I. Modern intelligence processes and the intelligence cycle The interaction between the urgent demands for pre-emptive intelligence to prevent 50 harm and the novel supply opportunities of the modern digital world has already reshaped the way that many intelligence processes are now organised and carried out. The traditional way of characterising intelligence activity was as a set of separate linear processes, starting with the central setting of statements of requirements for intelligence, the subsequent management of intelligence collection by intelligence agencies, the processing, analysis and assessment of the resulting take, and the dissemination of finished intelligence products to customers, with this process then wrapped around into a circle by the provision of feedback on the value of intelligence products into the next iteration of intelligence requirements30. Such a conceptualisation of “the intelligence cycle” brings together three important but contested ideas: – Looking at intelligence as a “production process” not as a single analytical or research activity – The linking of the stages involved in producing intelligence in an fixed and orderly sequence – The provision of a feedback loop from customers on the value of intelligence received to refine the requirements for intelligence and thus improve the effectiveness of intelligence work Today, for most of the world of secret intelligence, the intelligence cycle has become a 51 network of interacting processes, with the user of intelligence at the centre, as illustrated below31.The skills of the intelligence analyst in elucidating the meaning of information that has been accessed have become much more akin to those of the criminal detective, who is responsible for obtaining relevant information (such as accessing a suspect’s bank accounts or seized electronic devices) as well as assessing their significance as evidence. The modern analyst may, for example, be able to test a hypothesis about a 29

Bingham, T. The Rule of Law, (2011) London: Penguin Books, Chapter 10. Omand, Is it time to move beyond the Intelligence Cycle, in: Phythian (ed), Understanding the Intelligence Cycle, London: Routledge, 2013. 31 The diagram is taken from Omand, Securing the State, p. 119. 30

Omand

55

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:49 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

potential terrorist suspect (and possibly eliminate the individual from further inquiries) by posing structured queries directly to a database of previously accessed information, by mining and layering information from several such sources of personal data or by setting collection parameters directly for an algorithm to apply to communications data. 52 The user of intelligence, be they military commander, senior police officer, immigration officer or security investigator is likely to be interacting directly with the intelligence analysts during ongoing operations. Of course strategic intelligence assessment is still needed on an all source basis, such as that carried out by the British Joint Intelligence Committee (JIC) and written assessments at an operational level issued by bodies such as, for example, the British Joint Terrorism Analysis Centre (JTAC). The product of much intelligence work today is, however, more usually a fragment of a jigsaw puzzle relating to a suspect group or individual, a problem where the analysts cannot be sure that there are not the elements of several puzzles mixed up together and where there is, of course, no picture on the lid of the box to guide them as how to put the pieces together to provide the most convincing explanation consistent with the intelligence as so far known. Diagram: The modern ‘cycle’: more an intelligence network than an intelligence cycle

Acon-on

Direcng

Disseminate User Interacon

Elucidang

Accessing

J. Organisational challenges for modern intelligence communities 53

The modern challenge to conventional thinking about secret intelligence work is not confined to rethinking the ethics of intelligence and the working of the intelligence cycle. There are other powerful tensions to be managed by national authorities in meeting today’s urgent demands for pre-emptive intelligence. A simple model to demonstrate the nature of the choices involved is illustrated in the spiders web diagram

56

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:50 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

below, structured around a series of a dozen antinomies, or tensions. Of course, different Member States operating in different strategic environments at different stages of development will have webs of different shapes, at different times, reflecting where on each axis the centre of gravity of effort lies (the diagram can be read as zero at the centre and maximum at the rim of the decagon). Diagram: Intelligence reforms

Individual agencies

Evidence

Human Sources

Open Source Partner/ private sector

Domestic

Own sources

Overseas Technical sources

Closed Source

Intell. community

Intelligence

A modern government that seeks to respond to legitimate demands from the public 54 for protection from terrorism, serious criminality and cyber attacks also has to decide whether it will create and foster a genuine intelligence community worthy of the name. Within such an intelligence community it would be expected that different security and intelligence agencies, specialising in the different branches of intelligence gathering and analysis, would come together to combine forces to tackle hard targets, within a common ethical as well as legal framework. A good starting point, therefore, is with the axis in the diagram with end points labelled as domestic and external effort. Terrorism and serious crime, not least cyber crime, do not respect international 55 borders and cases for investigation that arise domestically will very likely turn out to have external dimensions and vice versa. The terrorist attacks that have affected many countries in Europe in the last five years illustrate this vividly. In the same way, the same cyber malware (such as the 2017 WannaCry ransomware attacks) is liable to target victims abroad as well as domestically. Any accurate attribution of cyber attacks that have affected domestic targets may well depend upon foreign intelligence gathering on the country within which the attackers have refuge. Convergence between domestic and external dimensions of intelligence gathering is evident more generally given the trends in target behaviour such as that posed by jihadist fighters returning to Europe from Syria and Iraq.

Omand

57

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:51 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

Nevertheless, for reasons largely historical, most nations that invest significantly in intelligence activity have chosen to maintain separate domestic and external services, often reporting to different Cabinet ministers. There are exceptions, such as Canada, where such human agent activity as is permitted by law is carried out by a single domestic security service, CSIS, and Finland, where the domestic service, SUPO, has recently been given the external responsibility. But most nations have found it convenient to have separate services, not least to mirror a distinction between the greater perceived political sensitivity of domestic as against external espionage. It is also not fanciful to imagine that most governments would feel understandable nervousness about the accumulated influence (not to mention power) that a head of a single secret security and intelligence agency might be able to wield. 57 There are practical advantages too in being able to recruit separately for an external service where officers can expect to spend the majority of their services overseas and exceptional language skills and self-reliance would be especially valued. On the other hand, service in a domestic security agency would be more likely to suit those with some legal or investigatory training. The external environment will at times be highly nonpermissive with declared intelligence officers kept under close surveillance by the host government and subject to harassment, with the threat of extreme sanctions being meted out to any agent that is exposed. The domestic scene can also have its difficulties, for example intelligence work in Northern Ireland during the “Troubles”, but as a general rule the home life of a domestic service intelligence officer and their family will be more settled than their foreign service counterpart. 58 When it comes to the legal environment in which agencies work every nation finds a way of regulating intelligence activity against its own citizens or on its own territory to a greater extent than the rules applying to foreign nationals or overseas nations. There are two basic models. The first model privileges citizens wherever they are in the world. The United States is perhaps the leading nation to adopt this approach so that traditionally there have been higher hurdles to be overcome to obtain authority to intercept the communications of US persons in comparison to those applying to citizens of other nations. Other jurisdictions such as the United Kingdom make the distinction a geographical one so that within the territory of the Member State there is one set of rules governing domestic communications interception (whether of citizens or noncitizens), with a different set of requirements to be met for foreign communications. For example, for the United Kingdom, the distinction is geographical (between the communications of all those within the British Islands and communications that have at least one end overseas). 59 All European citizens share the same Charter of Fundamental Rights of the European Union, but the Member States have always insisted that national security remains a national not an EU competence, and Member States have typically applied different thresholds domestically than they do outside their borders, even to their fellow Europeans in the rest of the world32. Within a domestic jurisdiction it is not unreasonable to have a system of warrants to provide legal authority for interception or intrusive investigation in which the police or intelligence agency concerned are required to be able to provide for scrutiny the names of their suspects (or the address of the premises to be targeted). Such precision is most unlikely to be available for most intelligence operations outside the country (for example to know such detail about terrorists fleeing Syria and Iraq after the collapse of the so-called Islamic State and seeking to re-establish 56

32 On the notion of “national security” in this context see Sule, National Security and EU Law Restraints on Intelligence Activities, Part 4 Chapter 3, in this volume.

58

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:51 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

themselves in countries such as Mali and Libya). This chimes in with the practical argument that has arisen in military operations that States can only reasonably be expected to exercise a full duty of care to those within their own jurisdictions or in territory over which they have a degree of control. The next axis also involves getting the balance right within an intelligence community and is labelled as human intelligence/technical intelligence. After the experience of the 20th-century World Wars the lesson was learned that SIGINT when done well is capable of providing a breadth and reliability of coverage of national security issues that cannot be matched by other branches of intelligence. Investment in SIGINT by the major European nations has been considerable, exploiting radio signals, other forms of electromagnetic emission such as radar, and most recently digital communications. Nations differ however, in how they organise the cryptanalytic expertise needed and provide for access to the communications transmissions of interest themselves, whether as separate services such as the UK’s GCHQ or Sweden’s FRA or within another intelligence agency, such as is the case in France with the DGSE and with Germany with the BND, services that also provide their external HUMINT capability. In some countries a hybrid model is operated, with much of the collection activity being conducted by specialist staff and units within the Armed Forces. What seems clear is that domestic and external HUMINT services, and technical services where they are organized separately, have increasingly to plan priorities and operations together and make use of each others’ capabilities to leverage their own (socalled SIGINT-enabled HUMINT where a potential recruitment is illuminated by the knowledge of the subject that comes from interception; and HUMINT-enabled SIGINT where the human agent is able to help with equipment interference operations or access to a target network). Moving round the diagram, a further set of organizational issues arises from the value in today’s digital world of having better access to open sources as well as the traditional closed secret sources of the intelligence agencies. A longstanding example is provided by the work of the BBC Monitoring Service that openly accesses and records TV and radio broadcasts overseas (and now some web use) and provides not just the BBC itself but a wider set of customers with a service of news updates about much of the world. Rare language expertise is often a constraint for intelligence agencies and such expert external monitoring frees up those within the circle of secrecy to focus on the work that only they can do. Much the same argument applies to use by government agencies of academic and private sector products derived from open sources such as the Global Terrorism Data Base maintained by the University of Maryland, supported by the US Department of Homeland Security. The growing prevalence of social media use provides another good example where intelligence can be derived from open monitoring. Europeans who had gone to Syria to fight for the so-called Islamic State were identified by their clothing and other indicators seen in their social media posts. Counter-proliferation work has also benefited from open source examination of scientific literature, relevant company and university websites and other open sources. Finding and interpreting open source information for such purposes is becoming a specialized activity for which special training is needed, raising an organizational issue for national intelligence communities as to whether to create specialised single agencies for the purpose such as the United States Open Source Enterprise (formally the FBIS) or to provide each agency with the necessary experienced personnel. The ethical issues of more traditional intelligence gathering will be lessened if more organized use can be made of sources of information which are either openly available, Omand

59

60

61

62

63

64

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:51 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

65

66

67

68

especially nowadays through Internet searches, or that can be accessed lawfully with the appropriate permissions. Ethical dilemmas will still arise over the circumstances in which the desire that most people have for privacy for Internet use should be overridden. But intelligence gathering that involves the theft of secrets, or equivalent deceptive measures such as planting malware on suspects’ devices, are bound to be ethically more problematic. As already mentioned, in addition to human and technical sources of secret intelligence there is already a large body of personal digitised information legitimately held by governments and private companies such as immigration, passport and driver licence databases and including access to data from other EU Member States such as provided for by the Schengen III arrangements. These data sets are rapidly growing in number and scale. Although statutory privacy rights apply, these datasets can be lawfully accessed for a variety of purposes, ranging from checking that taxes have been paid through to checking that an airline passenger has not previously been identified as a potential terrorist and placed on a watch list. Moving clockwise round the diagram, we reach the point where the differing worlds of national security and law enforcement interact – and at times collide – when it comes to intelligence activity. For some European States the fear of any future recreation of “a secret police” has led to legal barriers being created between the domains of overseas intelligence, security and policing, both national and regional. The UK Parliament when it first legislated in 1989 to provide a statutory basis for the operation of the Security Service did not give that service powers of arrest, no doubt similarly wary of the historical taint of a secret police. But Parliament did lay down that one of the three statutory purposes that could justify secret intelligence activity should be the detection and prevention of serious crime (along with national security and the economic wellbeing of the nation from threats overseas). Unusually amongst European nations there has been no legal bar in the UK to the development of close relationships and full information exchange on investigations between the worlds of law enforcement and intelligence, not least to gather and prepare admissible evidence for trial. Joint counter-terrorism investigations have become the norm in the twenty-first century with the intelligence primacy lying with the Security Service but primacy for decisions bearing on public safety resting with the police. A close police relationship with all the national intelligence agencies has great advantages in supporting operations. Such integrated effort makes easier resolution of issues such as whether to play an investigation into a terrorist group long in the hope of identifying all its members and any links back to instigators overseas, or to act quickly in the interests of public safety to frustrate a budding attack even at the expense of not having the evidence on which a prosecution can be mounted. The final tension shown in the diagram is between cyber security and cyber intelligence gathering, and whether these functions should be exercised by a single body or kept separate33. Modern SIGINT may well involve hacking and computer network interference, precisely the techniques that an adversary would use against one’ s own nation. On the principle expressed by the old adage that former poachers make the best gamekeepers the skills and experience of a modern SIGINT agency can usefully be applied to understanding and countering cybercrime and defending against cyber attacks, for example protecting critical national infrastructure. Attribution of cyber attacks can also benefit from their being analysed in the context of an overall intelligence assessment of the likely perpetrators. Bulk access to global data streams 33

60

See Tropina/von zur Mühlen European Intelligence in Cyberspace, Part 2 Chapter 3, in this volume.

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:52 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

also allows the detection and classification of malware. That is the approach taken by the US and the UK where the national centre of cyber security expertise is part of the intelligence community whilst France and Germany on the other hand have created separate cyber security agencies to manage the defensive role. A specific example of the need to balance offensive intelligence gathering and defensive cyber security interests arises from the existence of so-called “zero day” flaws in software in general use. The Internet was never designed to be fully secure and the complexity of modern software, and the difficulty of establishing in advance how different programs will interact when uploaded to a mobile device, makes it inevitable that flaws in security that can be exploited by attackers will be uncovered. The issue then is whether they should be retained for future use on the intelligence side for penetrating target networks and devices, or declared to the software manufacturers so that remedial patches can be issued. Each case has to be examined carefully on its merits (what the US calls a Vulnerabilities Equities Process) that involves examining both a full risk analysis and an assessment of the potential value of a “zero day” exploit against the highest priority threats. The national cyber priority should be (as it is in the UK) a safe and secure Internet and that should guide the process accepting that governments cannot also ignore their primary duty to safeguard the public from hostile states, terrorism and serious crime. These considerations do not always pull in opposing directions. Improving national cyber security technical capability and public awareness will make it harder for hostile states to mount disinformation campaigns and to spread false and misleading information on the Internet including the part played by automated “bots”34. Dealing with cyber crime is likely also to give rise to tension between action to disrupt plots and the due process of bringing suspects before the Courts, especially when the suspects concerned are hiding in jurisdictions that do not care to, or are not in a practical position to, enforce the law. Disruptive actions in the interests of the safety of the public may well carry ethical risks but would normally be expected to take priority over the important but abstract value of upholding the law through prosecution. That takes us finally to establishing the optimum balance for today’s conditions between military and civilian intelligence activity. Since the 19th century military staffs have included an intelligence function, most armed forces today have specialist equipment or units for collecting and interpreting battlefield intelligence. There are peacetime constraints on such intelligence gathering: international law governs innocent passage for warships on the high seas and recognises territorial waters into which intelligence gathering ships and aircraft should not penetrate; humanitarian law lays down conditions such as the wearing of uniform and the treatment of spies found in civilian clothes (and restrictions on the use of encrypted communications from vessels flying the red cross or red crescent). Intelligence gathering for force protection has become an integral part of military deployments, including today the use of observation satellites and reconnaissance drones and aircraft. Well trained and led military forces will exhibit an institutional concern for minimising harm to civilians and will act within international law in their use of their weapons systems. It is obviously important that this ethos should also apply to circumstances where intelligence is being used to target kinetic action such as might follow the geo-location of an insurgent leader. Military intelligence capabilities can be 34 “Bots” sometimes called “chatbots” are programs employed in social media networks to generate or promote messages supporting particular information campaigns automatically (such as tweets) by acting as a “follower” to boost apparent popularity or even as a fake account that gathers followers itself.

Omand

61

69

70

71

72

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:52 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 1. Introduction

enhanced by those of national civilian agencies to supply both human and technical intelligence (as was done to support NATO operations in Afghanistan).

K. The need for greater international intelligence cooperation Each of the axes in the diagram therefore represents a direction of choice for national intelligence communities, where a new balance of effort and investment may be needed in the light of the circumstances of the day and of the nation concerned. In the first instance the responsibility to manage these issues is national since, as we have seen, matters of national security are regarded as at the heart of the responsibilities of the nation state. But for each of the sets of issues represented by the axes in the diagram there is an overarching question for the national intelligence authorities which is how far they can reasonably seek to achieve their objectives using only national means, and how far to seek international cooperation with partners and allies. 74 It became apparent, for example, after terrorist attacks in 2016 and 2017 that European intelligence agencies were not sharing information with one another fast enough. Europe’s porous borders also have allowed terrorists to cross the continent without being detected. Continental European governments are in response developing capabilities and legal frameworks for digital intelligence gathering, and trying to promote more effective cooperation between their many agencies. Having the equivalent of the UK’s Joint Terrorism Analysis Centre (set up in 2002) in each Member State would simplify the process of connecting together in a virtual network with those engaged in analysing the threat and issuing national alert states and threat warnings in addition to the many bilateral and multilateral links that exist between those investigating terrorist activities. 75 The creation of international networks to promote security and intelligence reform has to be seen as a key development for European Union Member States, not least taking account of the British vote to leave the EU. Cooperation has to be based on earned trust to protect the sensitive intelligence that can lead to shared leads and joint operations. The Club of Berne, a non-EU body where the heads of the internal security services of the EU countries, Norway, and Switzerland meet regularly and oversee the Counter Terrorist Group, which liaises with the EU, provides the main vehicle for coordinating such efforts. Governments also need to establish good relationships with the U.S. technology companies that may hold data vital to stopping future attacks. 73

L. Conclusion 76

In the light of the current threats to European security, the collection, analysis, assessment and sharing of intelligence will remain a strategic priority not just for the European nations themselves but for their NATO allies, the US and Canada. Whilst the contribution of open source intelligence is set to grow in the Internet age, there will always be vital information that the enemies of free societies will try to prevent the authorities knowing and for which therefore the methods of secret intelligence will be needed. In particular, the effective protection of the citizen from terrorist or criminal harm requires access to digital intelligence sources and to various forms of bulk personal data. Such tools using advanced search algorithms are powerful, and increasingly ubiquitous. In the hands of authoritarian regimes they can be misused to detect

62

Omand

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:52 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. Means and Methods of Modern Intelligence and their wider implications

and suppress legitimate dissent. In the democracies it is essential that all the intrusive methods of digital intelligence are brought under the rule of law and regulated and overseen in judicial and Parliamentary terms in order to provide confidence to the public in their proper use that they are being used lawfully and with proper restraint. The Snowden affair for a time at least diminished public trust in the effective 77 regulation of intelligence activity. The European public has, however, sadly also been reminded in recent years of the rationale for such activity to protect society. Intelligence professionals now look to their political leaders to explain to the public and to their legislatures the important role that pre-emptive intelligence plays in modern national security and to defend their methods as essential to public safety, while respecting the privacy and other rights of the citizen.

Omand

63

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 1.3d from 30.09.2019 13:47:52 3B2 9.1.580; Page size: 160.00mm  240.00mm

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:10 3B2 9.1.580; Page size: 160.00mm  240.00mm

PART 2 THE EUROPEAN INTELLIGENCE AGENDA Chapter 1 The Fight against Organised Crime and its proliferation in the European Union Felia Allum/Stan Gilmour Outline A. Introduction ...................................................................................................................... B. The EU and its organised crime-police cooperation agenda ................................. C. What is organised crime in the EU? Citizens’ perceptions.................................... D. The reality of organised crime and its fight in the EU ........................................... E. The fight against organised crime: Is a “European Criminal Intelligence Model” the only way forward?...................................................................................... F. Conclusions .......................................................................................................................

mn. 1 6 26 40 52 58

Bibliography: Academic Advisors, European Union Serious and Organised crime Threat Assessment, 2017, Europol, 1, available at https://www.europol.europa.eu/activities-services/main-reports/europeanunion-serious-and-organised-crime-threat-assessment-2017 [accessed 1 June 2017]; Alfano, Introduzione, in: Alfano & Varrica (eds.) Per un contrasto Europeo al crimine organizzato e alle mafie: La risoluzione del Parlamento Europeo e l’Impegno dell’Unione Europea, Milan: Franco Angeli, (2012), 11; Allum. & Den Boer, United we Stand? Conceptual Diversity in the EU strategy against Organised Crime, Journal of European Integration, 35 (2) (2013), 132; Allum, “Godfathers, dark glasses, and pasta”: Discussing British perceptions of Italian Mafias, Sicurezza e scienze sociali, 3EN, FrancoAngeli (2013) 1–68; Anderson, European Police cooperation, history and theory, in: Longo (ed.) The European Union and the Challenge of Transnational Organised Crime, Towards a Common Police and Judicial Approach, (2002), 9; Bigo, EU Police Cooperation: National Sovereignty Framed by European Security, in: Guild & Geyer (eds) Security versus Justice? Police and Judicial Cooperation in the European Union, Routledge, (2016), 93; Block, Bilateral Police Liaison Officers: Practices and European Policy, Journal of European Research, vol 6, n. 2, (2010), 194–210; Brady, The EU and the fight against organised crime, Working Paper, Centre for European Reform, Brussels, (2011) 17, available at http://cer-live.thomas-paterson.co.uk/sites/default/ files/publications/attachments/pdf/2011/wp721_org_crime_brady-1484.pdf [accessed 1 March 2017]; Bullock, Chowdhury and Hollings, Home Office, Research Report 16, Public Concerns about Organised Crime, Key implications, The Report, Summary (2009), pp. 1–17; available at https://www. gov.uk/government/uploads/system/uploads/attachment_data/file/116623/horr16-report.pdf [accessed 10 March 2017]; Calderoni, La decisione quadro dell’Unione Europea sul contrasto alla criminalità organizzata e il suo impatto sulla legislazione degli Stati membri, in: Alfano & Varrica (eds.) Per un contrasto Europeo al crimine organizzato e alle mafie: La risoluzione del Parlamento Europeo e l’Impegno dell’Unione Europea (2012), 40, Milan: Franco Angeli; Calvanese, Criminalità Organizzata in Basilicata: La Percezione Sociale da parte dei Giovani Lucani, in Rassegna Italiana di Criminologia. 2010 (1), pp. 35–58, available at http://www.rassegnaitalianadicriminologia.it/home/item/42-criminalit%C3% A0-organizzata-in-basilicata-la-percezione-sociale-del-fenomeno-da-parte-dei-giovani-lucani [accessed 1 March 2017]; Carrera, Cassarino, El Qadim, Lahlou, Den Hertog, EU-Morocco Cooperation on Readmission, Borders and Protection: A model to follow? (2016); Den Boer, Bruggeman, Shifting gear: Europol in the contemporary policing era, Politique Européenne (2007) 3/23; De Buck, Joint Investigation Teams, ERA Forum, (2007), 8: 253–264; EUROPOLs EU Serious and Organised Crime Threat Assessment (SOCTA 2013), available here: https://www.europol.europa.eu/activities-services/main-reports/eu-serious-and-organised-crime-threat-assessment-socta-2013, 2013, 6, [accessed 12 March 2017]; EUROPOL’s European Union Serious and Organised Crime Threat Assessment 2017, available here https:// www.europol.europa.eu/activities-services/main-reports/european-union-serious-and-organised-crimethreat-assessment-2017, 7 [accessed 12 March 2017]; Fijnaut, The European Parliament and organised crime: the impending failure of the Alfano Committee, Eur. J. Crime Crim. L. & Crim. Just,(2013), 21,

Allum/Gilmour

65

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:11 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda 1; Goold, Mind the (information) Gap: making sense of the European Union’s strategic approach to transnational organised crime, in Allum, and Gilmour, (eds.) Routledge Handbook of Transnational Organised Crime, 2012, Routledge, Abingdon, UK; Goold, Development of The Organised Crime Threat Assessment (OCTA) and Internal Security Architecture European Parliament (LIBE) PE 410.682, (2009) Brussels. http://www.europarl.europa.eu/RegData/etudes/etudes/join/2009/410682/IPOL-LIBE_ET (2009)410682_EN.pdf [Accessed 3 February 2018]; Heidensohn, Crime and Policing, in: Littlewood, Symes, and Levy (eds.), The future of Europe: problems and issues for the twenty-first century, (2016), 89, Springer; HM Government, Security, law enforcement and criminal justice: A future partnership paper (2017), 13, UK Government, London, available at: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/645416/Security__law_enforcement_and_criminal_justice_-_a_future_partnership_paper.PDF [Accessed February 2018]; La Spina, Il mondo di mezzo. Mafie e antimafie, (2016), 181 Bologna: Mulino; Malins, La Costruzione dello Spazio giuridico Europeo contro il crimine Organizazzato, Verso la Conferenza ONU di Palermo del 12–15 dicembre 2000, Seminario organizzato dalla Commissione Parlamentare d’inchiesta sul fenomeno della mafia e delle altre associazioni criminali similari, Roma 2–3 novembre 2000, Camera dei Deputati, Roma, 113; Martill, and Staiger, (eds) Brexit and Beyond: Rethinking the Futures of Europe, UCL Press (2018) 150; Marotta, Role and Action of EUROPOL in combatting organised crime, in: Longo, (ed.) The European Union and the Challenge of Transnational Organised Crime, Towards a Common Police and Judicial Approach (2002) 113–114, Milano; Sciarrone, Dagnes, Storti, Presentation, Criminalità organizzata, contesto di legalità, e sicurezza urbana; un’indagine tra gli operatori economici di Torino, Dipartimento di Culture, Politica e Società Università degli Studi di Torino (2014), Italy; Scherrer, Jeandesboz, Guittet, Developing an EU Internal Security Strategy, fighting terrorism and organised crime, PE 462.423, European Parliament, Brussels, Belgium (2011), 63; Scottish Government, Public Perceptions of Organised Crime in Scotland, Ipsos MORI Scotland, Crime and Justice, Social Research (2013), available at https://www.ipsos-mori.com/researchpublications/researcharchive/3273/Public-Perceptions-of-Organised-Crime.aspx [accessed 12 August 2016]; Papademetriou, Global Legal Monitor, European Union: Parliamentary Committee on Organised Crime and Money Laundering, 19/10/2012, available at: http://www.loc.gov/law/foreign-news/article/europeanunion-parliamentary-committee-on-organised-crime-and-money-laundering/(accessed 10/8/2016); Procura di Napoli, Procidemento penale n. 54548/2008 RGNR del RG della Procura di Napoli – Richiesta di scambio informative preliminare tra autorità giudiziarie. Art. 18 Convenzione ONU sul Crimine Organizzato, Riferimento per Eurojust n. 4991/2008, 15/12/2008; Vigna, La Costruzione dello Spazio Giuridico europeo control il crimine organizzato, Verso la conferenza ONU di Palermo del 12–15 dicembre 2000, Camera dei Deputati, Roma (2001), 30.

A. Introduction 2016 will become a landmark year in EU history books for the challenges that were posed to this developing political international organisation. It was not only the year that the UK voted to leave the EU (“Brexit”) but it was also the year when EU leaders finally had to take stock of the migrant and refugee crisis and tackle it head on. 2 For the last decade, there had been a developing migrant crisis in the EU: a constant flow of migrants crossing the Mediterranean on small dinghies often landing on the Island of Lampedusa and makeshift shanty towns around Calais, full of people hoping to make it to the UK, are two of the strongest images of this situation. The traffic of people across the Mediterranean by organised crime networks is another, still not really understood, dimension to this question1. 3 But in 2015–2016, the migrant and refugee movement from war-torn zones (such as Syria, Afghanistan and Iraq) into the EU took on mammoth proportions: it was estimated by the International Organisation for Migration (IOM) that in 2015, more than 1,011,700 migrants arrived by sea, and almost 34,900 by land, FRONTEX estimated that 1,800,000 arrived at EU borders2. The photograph of a drowned three-year old 1

1 Cf. http://europe.newsweek.com/mastermind-evil-genius-behind-migrant-crisis-328471 [accessed 5 August 2016]. 2 Cf. Migrant crisis: Migration to Europe explained in seven charts, http://www.bbc.com/news/worldeurope-34131911 [accessed 5/8/2016].

66

Allum/Gilmour

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:12 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. The Fight against Organised Crime and its proliferation in the European Union

Syrian-Kurdish boy on the beaches of Turkey in September 2015 awoke public opinion and meant that this movement of populations became a recognised political problem which could no longer be ignored and one that needed to be tackled collectively. Moreover, the military intervention by some EU States in Syria and Afghanistan has 4 added a further ingredient to this political cocktail: a new wave and form of terrorist attacks in mainland Europe, targeting in particular France, characterised by random attacks on civilians in any place at any time, with perhaps links to criminal networks. These crises have challenged the very nature of the EU’s integration project in 5 particular, on how to respond to these external security issues as a collective community with its own internal security regimes. National sovereignty, accountability, police cooperation and EU-wide security governance have been the issues for various Members States who have not fully signed up to the idea of the EU being the main driver of internal security rather than the State. In this chapter, it is the challenge that serious and organised crime poses EU internal security and policing which will be analysed. In order to do this, the questions that will be discussed are: (1) what is the nature of organised crime in the EU? how does the discourse – perception – reality debate of organised crime play out in this international organisation? And, (2) what type of strategy has the EU developed to counter organised crime?

B. The EU and its organised crime-police cooperation agenda The founding fathers of the Common Market in 1958 did not include references to 6 police cooperation nor did they make explicit what their approach to organised crime was, for this was not part of their remit: they were interested in integrating the Coal and Steel industries, creating an internal market and perhaps, developing in time, a European defence community, but nothing to do with Member States’ internal security regimes. It could therefore be argued that it was only in the 1990s that the EU turned its attention to police cooperation through its Justice and Home Affairs (JHA) policies because of the insecurities, which completion of the new internal Single Market and its dismantling of borders would produce as well as a new post-Cold war environment. However, as Anderson has pointed out “[…] this view lacks historical depth and 7 perspective. An examination of a much longer period of history shows that some contemporary questions are not new”3. Indeed, he argues that throughout the whole of the twentieth century, and even as early as 18984, there were moves towards greater police co-operation because of the politically motivated violence that some states were facing. He believes that these developments should be seen as similar to the setting up by Member States of the TREVI (Terrorism, Radicalism, Extremism, and Violence International) Group in 1975 that was “established […] to co-ordinate action against politically motivated violence which had by that time been given the name of ‘international terrorism’”5. Despite the existence of TREVI, Members States during the 1970–80s, although 8 formally articulating good intentions6, were often reluctant and slow in practice to co3 Cf. Anderson, ‘European Police cooperation, history and theory’ in: Longo (ed.) The European Union and the Challenge of Transnational Organised Crime, Towards a Common Police and Judicial Approach, 2002, Milan, 9. 4 In 1898, there was the first Anti-Anarchist Conference in Rome which was considered to be one of the first major moves towards multilateral police co-operation (Anderson, ibid, 10). 5 Anderson, supra, 11. 6 European police cooperation developed during the 1980s, Scherrer, A., Jeandesboz J., & Guittet, Developing an EU Internal Security Strategy, fighting terrorism and organised crime. PE 462.423. European Parliament, Brussels, Belgium, 2011, 63.

Allum/Gilmour

67

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:12 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

9

10

11

12

operate7 because these issues fundamentally encroached upon a State’s sovereignty. As Anderson underlines: for there to be any real progress in these matters, especially police cooperation, “abandoning sensitivities about sovereignty in a domain which has been regarded as central to the regalian powers of the state and agreeing with partners a concept of a European security interest in cases of political violence”8 is of paramount importance. To establish ‘a European judicial space’, as suggested by Giscard d’Estaing in 19779, or “a European Police force” as articulated by Helmut Kohl in 199110, strikes at the heart of the European debate on state sovereignty. These projects would mean transferring judicial or police powers to a European authority, which would in turn signify a move towards a Federal state, one in which the individual State is downgraded and power transferred to the collective centre. The decision of handing over powers to a body outside and not controlled by a sovereign state becomes a political decision, one which might be seen as controversial by a country’s electorate, especially in countries like the UK and Denmark where the EU is not perceived as a positive organisation11. Although organised crime was formally included in the TREVI discussions it was not until the 1990s that it became a concrete policy priority for Member States: “the EU started to respond and counter the emergence of organised crime as a general security threat in parallel with its ‘Single Market’ integration project”12. The 1990s represent a concrete and significant, if not a difficult, move forward in European police cooperation and the fight against organised crime as these policies were included in the major EU treaties. The Maastricht Treaty in 1992 which established the European Union re-organised cooperation into three pillars13, the third being to establish “cooperation in the fields of Justice and Home Affairs”14. More specifically, it clearly stated “common action in the field of police co-operation (Article 30, ex Article K. 24)” with “the common evaluation of particular investigative techniques in relation to the detection of serious forms of organised crime” (Article 30, ex Article K. 2515). In this treaty, there was also the first reference and formal agreement of establishing a European police office, EUROPOL16. The convention setting up EUROPOL was signed in 1998 and it became operationally active in 1999. At first, it had the limited remit of gathering and analysing intelligence on transnational organised crime: “EUROPOL officers cannot make arrests or initiate investigations but they can assist during investigations and be present during the questioning of suspects if required by a Member State”. Thus, “it has focused mainly on developing the analytical abilities that

7 There are examples of extradition procedures or financial crime investigations were there is a lack of collective thinking. 8 Anderson, supra, 13. 9 Vigna, La Costruzione dello Spazio Giuridio europeo control il crimine organizzato, Verso la conferenza ONU di Palermo del 12–15 dicembre 2000, Camera dei Deputati, Roma, 2001, 30. 10 Heidensohn, ‘Crime and Policing’ in: Littlewood, J., Symes, V. and Levy, C. (eds.), The future of Europe: problems and issues for the twenty-first century. Springer, 2016, 89. 11 Cf. https://www.opendemocracy.net/can-europe-make-it/tam-s-ibolya/vote-of-no-confidence-explaining-danish-eu-referendum [Accessed February 2018]. 12 Allum and Den Boer, “United we Stand? Conceptual Diversity in the EU strategy against Organised Crime,” Journal of European Integration, 35 (2) (2013), 132. 13 The first two pillars were the single market (the old European Communities) and foreign and security policy. 14 Under title VI and it was placed in Pillar III of the EU treaties (entitled ‘Provisions on Police and Judicial Cooperation in Judicial and Criminal Matters’). 15 Allum and Den Boer, supra, 140. 16 See Ryder, European Criminal Intelligence, Part III Chapter 3, in this volume.

68

Allum/Gilmour

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:13 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. The Fight against Organised Crime and its proliferation in the European Union

it needs in order to add value to national investigations”17. However, by 2010, thanks to the insistence of some member states, it has become a full EU law enforcement agency18, accountable to the European Parliament (EP) with more investigative powers. The Amsterdam Treaty in 1997 is seen as a key stage for police cooperation as it established “a European judicial area” and “an area of Freedom, Security and Justice”. This new area corresponded to the Schengen space which became a pass-free travel zone. JHA became Police and Judicial Co-operation in Criminal Matters and decisions were still made unanimously by Member States although the Commission was given, for the first time, the right to introduce legislative proposals in this area. Parallel to the Amsterdam discussions, various “Action Plans”19 and decisions were elaborated, which demonstrated the EU’s seriousness about developing this area: in 1997, the first EU Action Plan to Combat Organised Crime20, a Joint Action (adopted by Council) making it a criminal offence to participate in a criminal organisation in the Member States of the EU in 199821, the Vienna Action Plan in 199822 and a Council Framework-Decision on the fight against organised crime in 200823. The 2008 Council Framework Decision was considered as particularly ground breaking as it laid out a common definition and approach of organised crime which should be applied in all Member States. However, in retrospect, this Framework Decision, was “limited”24 and “totally inefficient”25; as ‘it is mostly left up to Member States to interpret what they understand by “predicate offences”, “serious crime” and “organised crime”. This meant that actors could easily have different preferences, perceptions and interpretations about what organised crime really was26. This led to competing perspectives and confusion. These general developments were also helpful for Member States in the run up to the United Nations’ Palermo Convention on Transnational Organised Crime in 2000, as it 17 Brady, The EU and the fight against organised crime, Working Paper, Centre for European Reform, Brussels, 17. Available at http://cer-live.thomas-paterson.co.uk/sites/default/files/publications/attachments/ pdf/2011/wp721_org_crime_brady-1484.pdf [accessed 1 March 2017]. 18 See https://www.europol.europa.eu/[accessed 25/4/18]. 19 The EU have developed various tools to implement collective rules. For example, ‘Action plans’ and/ or ‘Decisions’. In the EU generally, ‘action plans’ set a defined target while EU Decisions are legally binding tools addressed to Members States or individuals, i. e. citizens or associations. 20 Cf. “Action plan to combat organised crime” (97/C251/0,1 Adopted by the Council on 28 April 1997). Available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A51997XG0815 [accessed 7 January 2018]. 21 Cf. “98/733/JHA: Joint action of 21 December 1998 adopted by the Council on the basis of Article K.3 of the Treaty on European Union, on making it a criminal offence to participate in a criminal organisation in the Member States of the European Union”. Available at https://publications.europa.eu/en/publicationdetail/-/publication/63c93028-6fe8-494c-a805-c061ad3058df/language-en [accessed 7 January 2018]. 22 Cf. “Action Plan of the Council and the Commission on how best to implement the provisions of the Treaty of Amsterdam on an area of freedom, security and justice – Text adopted by the Justice and Home Affairs Council of 3 December 1998”, available at http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1519643196581&uri=CELEX:31999Y0123(01) [accessed 7 January 2018]. 23 Cf. “Council Framework Decision 2008/841/JHA of 24 October 2008 on the fight against organised crime”. Available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32008F0841 [accessd 7 January 2018]. 24 Calderoni, “La decisione quadro dell’Unione Europea sul contrasto alla criminalità organizzata e il suo impatto sulla legislazione degli Stati membri”, in: S. Alfano and A. Varrica (eds.) Per un contrasto Europeo al crimine organizzato e alle mafie: La risoluzione del Parlamento Europeo e l’Impegno dell’Unione Europea, 2012, Milan: Franco Angeli, 40. 25 Alfano, “Introduzione”, in: Alfano and Varrica (eds.) Per un contrasto Europeo al crimine organizzato e alle mafie: La risoluzione del Parlamento Europeo e l’Impegno dell’Unione Europea, 2012, Milan: Franco Angeli, 11. 26 Allum and Den Boer, supra, 145.

Allum/Gilmour

69

13

14

15

16

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:14 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

17

18

19

20

enabled them to understand what their approach to organised crime was to be. All EU Member States were signatories of the Palermo Convention and agreed on its definition of Transnational Organised Crime27. But it is clear from the start that there have always been very different positions: for example, Humfrey Malins, a British MP, declared in 2000 “a common policy against the illegal traffic of human beings, a common legal system is neither practicable nor desirable; bilateral agreements with close neighbours represents on the other hand, a form of cooperation much more efficient as is the sharing of knowledge: this must be our approach for the future. Cooperation does not mean uniformity”28, whereas Antonio Gagliardo, an Italian and former director of EUROPOL, argued that “with the institution of EUROPOL, a new concept of cooperation is developed, one which moves beyond occasional and bilateral agreements between different police forces and of cooperation in Interpol”29. From the JHA pillar came some concrete initiatives on how to improve the understanding of and the fight against organised crime. These included the Tampere Programme (1999), The Hague Programme (2004) and the Stockholm Programme (2009). The Tampere Programme can be considered a milestone as it specifically concentrated on the fight against organised crime. It proposed “a new European arrest warrant for fast-track extradition of suspects; special EU procedures to preserve evidence for trials abroad and a task force of police chiefs to exchange best practice between EU police forces and plan joint operations”30. The Tampere Programme also importantly included the establishment of EUROJUST, a permanent judicial cooperation unit, to improve the fight against organised crime. Established in 2002 and based in The Hague, it acts as a central contact point. In 2008, a new Council Decision on the strengthening of EUROJUST was signed to give it further operational capabilities31. In the Hague Programme in 200432, one of the more concrete proposals that was advanced was “a promise to revolutionize how European police forces share information across borders by adhering to a “principle of availability” by January 2008. The principle of availability means that police forces will no longer need to formally request information from each other, or rely on informal “old boy” networks to get information. Police from one EU country will have access to police files in another, unless a good reason is given to the contrary”33. Another important directive34 that was passed in 2004 included the power for Member States to seize assets that were the product of proceed of crimes. In the Lisbon Treaty, which came into force in 2009, “many JHA areas move[d] from the consultation procedure with unanimity in the Council and only consultation of the 27 Cf. UN definition of Transnational Organised Crime https://www.unodc.org/unodc/en/organisedcrime/intro/UNTOC.html#Fulltext [accessed 1 February 2018]. 28 Malins, La Costruzione dello Spazio giuridico Europeo contro il crimine Organizazzato, Verso la Conferenza ONU di Palermo del 12–15 dicembre 2000, Seminario organizzato dalla Commissione Parlamentare d’inchiesta sul fenomeno della mafia e delle alter associazioni criminali similari, Roma 2–3 novembre 2000, Camera dei Deputati, Roma, 113. 29 Cf. Malins, supra, 174. 30 Brady, supra, 15. 31 Cf. https://eur-lex.europa.eu/legalcontent/EN/TXT/?uri=CELEX:32009D0426 [accessed 25/4/18]. 32 Cf. http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2005:053:0001:0014:EN:PDF [accessed February 2018]. 33 Brady, supra, 15–16. 34 Cf. Directive 2014/42/EU of the European Parliament and of the Council of 3 April 2014 on the freezing and confiscation of instrumentalities and proceeds of crime in the European Union. Based on the Italian model, this directive has taken a long time to be implemented. For example, in 2018 the UK has still not fully implemented the directive into national legislation.

70

Allum/Gilmour

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:14 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. The Fight against Organised Crime and its proliferation in the European Union

European Parliament (EP) to the ordinary legislative procedure with qualified majority voting (QMV) in the Council and full co-legislative powers of the EP”35. This effectively gave the EP greater involvement and also more extensive powers in the area of JHA (such as Europol, Eurojust, Judicial cooperation in criminal matters and Non-operational police cooperation36), thereby “effectively communautarizing” the organised crime agenda37. The EP has also played its part in the development of this area. Its Committee on Civil Liberties, Justice, and Home Affairs (LIBE) has consistently voiced its concern38 for the need to establish EU data protection standards to protect citizens’ rights otherwise, it will do everything it can in its power to block39 the development of EU databases (including the Prüm DNA/Fingerprint databases40). In 2011, on the initiative of Italian MEP Sonia Alfano, the EP established a Special Committee on Organised Crime, Corruption and Money Laundering (CRIM) whose mandate was to make ‘recommendations to tackle organised crime across the European Union’. In particular, it ‘paid particular attention to methods and procedures used in Italy, as models’41. In 2013, the EP approved a ‘Resolution on Organised Crime in the EU’ in which it identified 21 recommendations for concrete action and measures which would be implemented between 2014–2019. This resolution has been described by Italian prosecutor Roberto Scarpinato as ‘potentially a watershed moment’42 in the EU’s fight against organised crime as it seeks to force Member States to take collective action. However, the committee’s midterm report was quite heavily criticized for not sufficiently allowing research to be carried out in the Union and its Member States on this topic, for failing to ask what such a committee could be expected to achieve in the given circumstances, and how it could or should tackle a feasible assignment within a set timeframe43. CRIM was not re-established in the new EP term in 2016, but the EP’s Committee on Civil Liberties, Justice and Home affairs has been overseeing the implementation of those recommendations. However, there appears to be some disappointment about exactly what this committee has achieved. This brief overview of how policies on organised crime and police cooperation have developed in the EU highlights various tensions in a delicate political context. Organised crime is not easy to define and understand in one national context, let alone an international community of Member States. There exist various political tensions in 35 Cf. https://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/ec/111615.pdf [accessed 1/2/2018]. 36 cf. https://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/ec/111615.pdf [accessed 1/2/2018]. 37 Allum and Den Boer, supra 140. 38 See LIBE report on the proposal for a regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) (COM (2017) 0 010 – C8 – 0009/2017 – 2017/0003 (COD)) http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP// NONSGML+REPORT+A8-2017-0324+0+DOC+PDF+V0//EN [Accessed 7 February 2018]. 39 It effectively has very little power in this regard apart from blocking any initiatives in relation to the Schengen Zone. Stronger regulation came into force through the EC General Data Protection Regulation see https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-dataprotection-regulation-gdpr-govern_en [ccessed 1/2/2018]. 40 Cf. https://ec.europa.eu/home-affairs/what-we-do/policies/police-cooperation/information-exchange/ eixm_en [7 Accessed February 2018]. 41 Cf. Papademetriou, Global Legal Monitor, European Union: Parliamentary Committee on Organised Crime and Money Laundering, 19/10/2012, Available at: http://www.loc.gov/law/foreign-news/article/european-union-parliamentary-committee-on-organised-crime-and-money-laundering/(accessed 10/8/2016). 42 Quoted by Alfano, supra, 12. 43 See Fijnaut, C., “The European Parliament and organised crime: the impending failure of the Alfano Committee”, Eur. J. Crime Crim. L. & Crim. Just, (2013), 21, 1.

Allum/Gilmour

71

21

22

23

24

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:15 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

terms of transferring police powers to a higher authority as well as specific countries seeking to impose their vision on others (this could be suggested for Italy). 25 What emerges is that the EU’s Treaties, Action Plans and Framework Decisions are a patchwork of ideas, strategies and approaches. Although there is an attempt to have a clear internal security agenda, there does not exist one coherent European voice on how to tackle organised crime. This is because of the multitude of positions and opinions. As a result, EU institutional structures and decisions leave space for the interpretation and, ultimately, non-application of agreed common norms. This also extends into the domain of police and judicial cooperation: is it best to seek one coherent approach or to harmonize laws? The EU poses a real challenge to states about how to find the most appropriate formula. In terms of police cooperation, instead of waiting for states to decide the best way forward, information sharing between states is seen as an acceptable way forward.

C. What is organised crime in the EU? Citizens’ perceptions We often underestimate how important perceptions of a social phenomenon are because they influence policy-makers and politicians. And yet, they are often based on poor information, misunderstandings or misrepresentation of issues perpetuated by newspapers, films and novels. 27 Organised crime and mafias are areas that particularly suffer from this problem, because they are often portrayed in an over-sensationalised or romantic way in films or TV series, far away from the harsh reality of the phenomenon. For example, in 2013, a mixed group of British police and law enforcement agencies44 had the following images when asked to think about Italian mafias: “Al Pacino”, “dark clothing”, “horse’s heads”, “well dressed men sitting round a table”, “omertà”, “pasta houses”, “The Sopranos”, “Gomorrah”45. A far cry from the reality of illicit Italian mafia money being invested in businesses in London and the UK46. 28 So, perceptions are important but they can also be dangerous as they are the thermometer policy makers and politicians look at and refer to. If organised crime groups and activities are not perceived as a worrying phenomenon by the general public, then politicians will not take it seriously either. 29 An EU-wide survey of the perceptions of organised crime does not exist47. There are only special Eurobarometer reports: one focusing on ‘Organised, cross border crime and corruption’ (200648) and another on Awareness of Home Affairs (201249). There exists very little survey material on European citizens’ perceptions of organised crime from 26

44 A questionnaire was distributed among a very small (max 15) mixed group of police and law enforcement agencies in March 2013. 45 Cf. Allum, “Godfathers, dark glasses, and pasta”: Discussing British perceptions of Italian Mafias’, Sicurezza e scienze sociali, 3EN (2013), 51–68. 46 Cf. http://theconversation.com/mafia-in-the-uk-the-story-cant-simply-end-in-uxbridge-38186 [Accessed 3 February 2018]. 47 What does exist is a Corruption Perception Index. This has been published annually by Transparency International since 1995 and ranks countries according to how experts and opinion polls perceive corruption. See http://www.transparency.org/cpi2015?gclid=Cj0KEQjwxLC9BRDb1dP8o7Op68IBEiQAwWggQN0nTVcGTDNt9yeaXFBz3_95l_iXngVIEddfbhJfjiwaAk1_8P8HAQ (accessed 12/8/2016). 48 Cf. Eurobarometer, 2006, Special Eurobarometer 245/Wave 64.3 – TNS Opinion & Social, Opinions on organised, cross-border crime and corruption, Brussels. Available at http://ec.europa.eu/commfrontoffice/publicopinion/archives/ebs/ebs_245_sum_en.pdf [accessed 20 March 2017]. 49 Cf. Special Eurobarometer 380, Awareness of Home Affairs, Special Eurobarometer 380/Wave EB76.4–TNS Opinion & Social, 2012, available at http://ec.europa.eu/commfrontoffice/publicopinion/ archives/ebs/ebs_380_en.pdf [accessed 20 March 2017].

72

Allum/Gilmour

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:16 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. The Fight against Organised Crime and its proliferation in the European Union

individual Member States like France, Spain and Germany, perhaps this is because, as Jacques Dughera has pointed out, ‘mafia and organised crime only concerns others’50. Here, a brief summary of the available sources is presented in order to show how different Members States may perceive the question of organised crime. What we see is that where organised crime is visible, citizens are aware of the phenomenon where it is less tangible, the threat is felt as more removed. An A Ipsos Mori survey of public perceptions of organised crime in Scotland51 in 201352 showed that people had a good sense of what the phenomenon was. When asked what type of illegal activities they associated with organised crime: 72 % said drug dealing, 20 % money laundering and 18 % people trafficking. 8 % were unable to name any type of organised crime activity. 10 % said that they have been personally affected by organised crime in the last three years. 69 % of people in Scotland (nearly 7 out of 10) believe that organised crime is not a serious problem in their neighbourhood, while just over 27 % perceive it to be a serious issue, with those living in urban (31 %) and the most deprived areas (46 %) most likely to regard it as a problem. Those most likely to be affected by organised crime were young people (38 %), old people (25 %) and those on low income/from deprived backgrounds (16 %). When asked about the most significant impact of organised crime in Scotland, the answers were interesting: 21 % said fear in the community, 17 % drugs/ drug abuse, 12 % less money for public services, 11 % violence in the community and 11 % damage to victims’ health53. Not all agreed on who should tackle the problem: 88 % said the police, 38 % the Scottish government, 19 % local communities, 15 % everyone and 11 % councils. 63 % felt that the police were effective while 17 % felt it was ineffective. 81 % of people would report someone who was suspected of being involved in organised crime (85 % among women) while 8 % were unsure of what to do54. Similar questions were asked to students55 at the University of Bath in October 2016. When asked what illegal activities they associated with organised crime: 79 % said drugs, 52.5 % money laundering, 51 % human trafficking, 36 % extortion, 32.5 % violence and 2.5 % prostitution. About 9 % said they had been affected by organised crime in the last three years, mainly by theft and violence. 47 % believed that organised crime is not at all a serious problem in their neighbourhood while only 3 % believed it is a serious problem. They believed that the most affected were the low income/deprived 56 %, the weak 32 %, addicts 32 % and immigrants 29 %. Maybe this is because they see organised crime as something slightly removed from their everyday reality and lives. In 2009, a Home Office sponsored study explored the nature and extent of public concerns about organised crime in the UK56. The study focused on 4 main areas of 50 Cf. http://alternatives-economiques.fr/blogs/jdughera/2015/11/24/guerre-contre-la-criminalite-organisee-ou-en-est-on-en-france/[accessed 20 March 2017]. 51 Results are based on a survey of 1,001 respondents (adults aged 18+) conducted by telephone between 29th April – 5th May 2013. 52 Scottish Government, 2013, Public Perceptions of Organised Crime in Scotland, Ipsos MORI Scotland, Crime and Justice, Social Research, available at https://www.ipsos.com/sites/default/files/ migrations/en-uk/files/Assets/Docs/Scotland/Scotland_SPOM_Organised_Crime_Report_190913.pdf [accessed 12 August 2016]. 53 Cf. Scottish Government, supra, 6. 54 Cf. Scottish Government, supra, 8. 55 125 undergraduate and postgraduates students at the University of Bath in the department of Politics, Languages and International Studies answered this questionnaire during October 2016. All answers were gathered and treated anonymously. 56 Cf. Bullock, Chowdhury and Hollings, Home Office, 2009, Research Report 16, Public Concerns about Organised crime, Key implications, The Report, Summary, 2009, pp. 1–17, available at https://

Allum/Gilmour

73

30

31

32

33

34

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:16 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

questioning: (1) access to information about organised crime; (2) forms and characteristics of organised crime; (3) harms associated with organised crime and (4) impact of organised crime on society. The report highlighted that respondents understanding of organised crime was based largely on its image in popular culture, notably its representation in films and on television57. In conclusion, “most respondents thought that organised crime causes serious harm to the country”58: “it generate[d] high levels of harm at both national and local levels (…) a great deal of individual worry”. In particular, “crimes that impact at the individual level were considered most harmful and those impacting on the wider societal or business level the least harmful”59. 35 A short questionnaire distributed among English police officers60 in the South East of England in October-November 2016 gives us an interesting insight into their perceptions and understanding of Italian Mafias. The images that come to mind of Italian mafias are still strongly influenced by films, actors and scenes such as The Sopranos, Scarface, Marlon Brando, Joe Pesci, or Goodfellas. And yet, 83 % identified violence as their main activity, 81 % drugs, 77 % extortion and 77 % corruption, which may suggest that they do not necessarily consider Italian mafias as more invisible and sophisticated forms of crime but rather blatant and visible. 26 % believe that Italian mafias are not particularly or not harmful at all to Italy, 43 % believe that Italian mafias are not particularly or not harmful at all to Europe and 63 % believe that Italian mafias are not particularly or not harmful at all to the UK. In Italy, perceptions are clearly different. It is not seen as a remote and removed question from the everyday lives of citizens, even in the North. A questionnaire61 of secondary school children in Basilicata published in 201062 shows that they have a good understanding of the mafia question: there was “unanimous and strict disapproval about mafia crimes, its system of (counter) values, its power-seeking beyond rules, its violence, its structural illegal activities”63. The conspiracy of silence was blamed as a factor for its existence while understanding the seriousness of its threat. These students demonstrated a “mistrust and pessimism” towards public institutions as a result, but expressed a notion of resigned “fatal” co-habitation with an underlining sense of passivity64. 36 Another survey65 of shopkeepers and businesses in Turin in 201466 also confirms the concrete knowledge of mafias even in the North of Italy: around 60 % define mafia as a criminal association with economic and political powers, 21.3 % an organised system of violence and corruption and 8.2 % as a mentality. To the question what does the mafia do; in Turin 86.5 % believe they are interested in distributing and selling drugs, 62.9 % www.gov.uk/government/uploads/system/uploads/attachment_data/file/116623/horr16-report.pdf (accessed 10 March 2017). 57 Bullock et al, Home Office, 2009, supra, 3. 58 Bullock et al, Home Office, 2009, supra, i. 59 Bullock et al, Home Office, 2009, supra, iii. 60 36 police officers answered the questionnaire anonymously. The average age was 39: 74 % men and 26 % women. Some results discussed in Allum, 2013. 61 270 questionnaires distributed to young people (attending all forms of secondary schools) in the Province of Matera, Italy. 62 Calvanese, ‘Criminalità organizzata in Basilicata: la percezione sociale da parte dei giovani lucani’, in Rassegna Italiana di Criminologia. 2010 (1), pp. 35–58, available at http://www.rassegnaitalianadicriminologia. it/home/item/42-criminalit%C3%A0-organizzata-in-basilicata-la-percezione-sociale-del-fenomeno-da-partedei-giovani-lucani [accessed 1 March 2017]. 63 Calvanese, supra, 36. 64 Calvanese, supra, 36. 65 900 questionnaires distributed in 4 different districts of Turin, 501 returned, a completion rate of 55.6 %. 66 Sciarrone, R., Dagnes, J., and Storti, L.,, Presentation, Criminalità organizzata, contesto di legalità, e sicurezza urbaba; un’indagine tra gli operatori economici di Torino, Dipartimento di Culture, Politica e Società Università degli Studi di Torino, 2014, Italy.

74

Allum/Gilmour

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:17 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. The Fight against Organised Crime and its proliferation in the European Union

controlling subcontracts, 53.8 % building developments, 53.1 % usury (loan sharking) and 41.1 % providing votes in exchange for favours, etc67. As a result, 89 % believe that it damages the economy, 2 % believe it helps the economy and 9 % that it has nothing to do with the economy68. At the EU level, there exists limited data and it does not tend to focus on organised 37 crime in-depth but in relation to other phenomenon such as terrorism or corruption. For example, the 2006 Eurobarometer report focused uniquely on the link between organised crime and corruption. They asked about this relationship and found that ‘one out of two citizens considers that most corruption is caused by organised crime (54 %), whereas 35 % of the people interviewed reject that view’69. 11 % had no opinion. Italy (70 %), Slovenia (67 %) and Lithuania (67 %) are convinced of the link between organised crime and corruption, while the Republic of Cyprus (54 %), Czech Republic (52 % and Finland (51 %) do not agree that there is a link in their country, whilst there were 24 % of don’t knows in Portugal, 22 % in Estonia and 20 % in Spain70. Around 76 % of European citizens believe that preventing and combatting cross 38 border crime would be more effective if common policy decisions were taken at European level. But, “more than a quarter of citizens in Sweden (27 %), the United Kingdom (27 %) and Denmark (26 %) do not think that joint decisions […] would make police in this area [anti-organised crime and anti-corruption policies] more effective”71. However, asked about who and at what level the threat of organised crime and 39 terrorism should be combatted, 91 % agree that it is EU institutions and governments of Member States which should work more closely together as an effective way of tackling terrorism and organised crime’72. Those countries where respondents are least likely to agree are the UK (87 %), Austria (84 %) and Portugal (82 %)73. Opinion about whether Member States can counter organised crime and terrorism on their own varies across Member States: Poland (62 %), Italy (54 %), Belgium (54 %), France (53 %), Romania (52 %), Netherlands (52 %) and UK (45 %)74.

D. The reality of organised crime and its fight in the EU Since 2004, EUROPOL has published a variety of strategic analysis reports that provide 40 an overview of organised crime in the EU: there are the EU terrorism situation and trends reports75 organised crime threat assessments (SOCTA76) (including one that focuses on internet organised crime, IOCTA77), threat assessment reports (Migrant smuggling networks78, Italian organised crime79 and environmental crime80) and trend reports81. 67

Sciarrone, Dagnes and Storti, supra, 20. Sciarrone, Dagnes and Storti, supra, 21. 69 Eurobarometer, 2006, supra, 12. 70 Eurobarometer, 2006, supra, 11. 71 Eurobarometer, 2006, supra, 7. 72 Eurobarometer, 2012, supra 64. 73 Eurobarometer, 2012, supra, 66. 74 Eurobarometer, 2012, supra, 69. 75 Published since 2008. 76 Published in 2004, 2005, 2006, 2007, 2009, 2011, 2014. 77 Published in 2011, 2014, 2015. 78 Published in 2016. 79 Published in 2013. 80 Published in 2013. 81 See: https://www.europol.europa.eu/crime-areas-and-trends/trends-and-routes#fndtn-tabs-0-bottom-2 [Accessed February 2018]. 68

Allum/Gilmour

75

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:18 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda 41

42

43

44

45

In EUROPOL’s 2013 EU Serious and Organised Crime Threat Assessment report, it estimated that there were ‘3600 organised crime groups active in the EU’82, whereas by 2017, ‘approximately 5,000 international OCGs [were] currently under investigation in the EU’83. To put this into some kind of perspective, Italian figures suggest in 2016 that there are 90 Camorra clans in the Province of Naples, 114 in the Campania region with 4000–4500 members, in Calabria, 160 clans with 4389 members and in the Province of Palermo, 2400 members alone. Some suggest that each organisation has approximately 6000 members each84. But how these figures are calculated always remains somewhat problematic. According to EUROPOL’s 2013 report, organised crime groups are increasingly networked in their crimes and behaviour, increasingly heterogeneous although ethnic kinship, linguistic and historic ties remain important and increasingly flexible, engaging in multiple forms of crime85. In terms of figures, it estimated that in 2013, 70 % of groups were composed of members of multi nationalities, 30 % of groups are poly-crime groups (active in more than one criminal activity) and 40 % of groups have a network type structure. In 2017, 45 % of groups are now poly-crime groups. 70 % are active in more than three countries with 10 % being active in more than seven countries86. EUROPOL identifies two main models of group organisation: on the one hand, classic hierarchies and on the other, networks with cellular structures, less rigid than permanent hierarchies. But, then adds that ‘between these two models there are other varying forms of organisation and their typical features are not necessarily mutually exclusive. Groups can adapt to the characteristics of either or even both models’87. It is believed that these groups are increasingly entrepreneurial in approach and business management because ‘the use of violence is often counterproductive and almost always attracts unwanted law enforcement attention and retaliatory actions’88. It goes on ‘violence is used by most OCGs only in a measured, deliberate and premeditated manner and when deemed strictly necessary’. However, some OCGs use violence as an integral part of their strategy. In these cases, violence is used to intimidate witnesses, to extort money and collect debts, to coerce people to take part in or facilitate criminal activities, to forcefully take over businesses, to consolidate a group’s position in a certain crime area and as part of robberies and other property crimes’89. The 2017 EUROPOL report moves away from commodities and takes a ‘forward look at potential developments that are framed not simply in terms of law enforcement practice, but in a wider societal context’90. However, this information has to be qualified: the report is composed by EUROPOL based on intelligence sent by national police forces and, as Brady pointed out in 2006, while one Member State contributed over 500 pages of criminal intelligence to EUROPOL’s first organised crime threat assessment, another offered only a single page91. He 82 Cf. EUROPOLs EU Serious and Organised Crime Threat Assessment (SOCTA 2013) Available here: https://www.europol.europa.eu/activities-services/main-reports/eu-serious-and-organised-crime-threatassessment-socta-2013, 2013, 6, [accessed 12 March 2017]. 83 Cf. EUROPOL’s European Union Serious and Organised Crime Threat Assessment 2017, available here https://www.europol.europa.eu/activities-services/main-reports/european-union-serious-and-organised-crime-threat-assessment-2017, 7 [accessed 12 March 2017]. 84 La Spina, A., Il mondo di mezzo. Mafie e antimafie, Bologna: Mulino, (2016), 181. 85 Europol, 2013, supra, 6–7. 86 Europol, 2017, supra, 15. 87 Europol, 2013, supra, 33. 88 Europol, 2013, supra, 35. 89 Europol, 2013, supra. 90 Europol, 2017, supra, 1. 91 Brady, supra, 19.

76

Allum/Gilmour

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:18 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. The Fight against Organised Crime and its proliferation in the European Union

makes the point that “some Member States still do not give EUROPOL sufficient support” both in terms of information or personnel92. For example, for the 2013 EUROPOL’s Threat Assessment – Italian Organised Crime report93, it is clear that some of the larger Member States did not participate in the collection of data. So, it would appear that information sharing remains partial and its resulting overall picture very general, made up of all forms of organised crime and no forms of unorganised crime. As EUROPOL is intrinsically interlinked with a political project, there still lacks a real understanding of the necessity to have one central European police agency that coordinates and oversees investigations. As a result, European cooperation and interaction covers all forms of serious and organised crime activities but it remains patchy at best. Some examples of historic operations may highlight this in more detail. According to Marotta, Operation Bravo clarifies well how EUROPOL supports Member States94. This operation was undertaken in 1999 with the involvement of the Dutch, German, Belgian, Spanish, Danish, Swedish, Finnish law enforcement authorities and EUROPOL. It ‘uncovered a large-scale drug trafficking organisation’ that had been active in several Member States over a number of years. In December 1999, 12 people were simultaneously arrested in different locations in Finland, 5 at a later date and 207 kg of drugs were seized.95 Because this international network is active and present in several countries, “the role of EUROPOL as a co-ordinator of operative work, exchange of information and analyser of information has been significant”96. Operation Samot97 also highlights the usefulness and efficiency of European police cooperation, in this case, in relation to a human trafficking. Towards the end of 1998, Dutch law enforcement agencies started investigating an Iraqi organised crime group that appeared to be involved in the illegal trafficking of human beings. The organisers appeared to be resident in the Netherlands but the group organised the illegal transport of Iranian nationals into Scandinavia, the UK and Canada. The initial results of the investigations revealed that the organisation was arranging the passage of illegal immigrants from the Netherlands via Belgium and France into the UK. In order to target this international organisation as a whole, an international co-operation team was set up through EUROPOL. At the beginning of April 1999 an operational meeting took place through the liaison network within EUROPOL with representatives from the Netherlands and the UK, who also exchanged information with Belgium and France. As a result of this European co-operation, it was possible to arrest the main target in the UK in April 1999 and 9 others in May in the Netherlands, UK and France98. These cases involve a small number of Member States and therefore perhaps are easier to coordinate. However, there have been cases with an important number of member states such as Operation Gomorrah in 2008 which involved over 18 Member States and third countries. This operation highlights the positive energy and perhaps also the negative obstacles of European-International police cooperation. In 2008, “a 92

Brady, supra. Europol, Threat Assessment – Italian Organised Crime, 2013, available at https://www.europol.europa. eu/publications-documents/threat-assessment-italian-organised-crime [accessed 1 September 2017]. 94 Marotta, E., ‘Role and Action of EUROPOL in combatting organised crime’ in: Longo (ed.) The European Union and the Challenge of Transnational Organised Crime, Towards a Common Police and Judicial Approach, (2002) Milano, 113–114. 95 179 kg of hashish, 21 kg of amphetamines, and 7 kg of marihuana See http://www.burojansen.nl/ EUROPOL/EUROPOL1999.html [accessed 17 August 2016]. 96 Marotta, supra, 114. 97 Cf. http://www.burojansen.nl/EUROPOL/EUROPOL1999.html [accessed 17 August 2016]. 98 Cf. http://www.burojansen.nl/EUROPOL/EUROPOL1999.html [accessed 17 August 2016]. 93

Allum/Gilmour

77

46

47

48

49

50

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:19 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

two-year investigation coordinated by EUROPOL and EUROJUST involved 20 Member States and 3 third countries. This resulted in the arrest of 67 criminals linked to Camorra clans, the seizure of more than 800 tons of counterfeit products valued at 12 million euro and the recovery of assets exceeding 16 million euro”99. In the Italian document100 requesting information from other countries, the input from EUROPOL was systematically referred to in a very positive tone. 51 Obviously, EUROPOL was also involved and submitted a very detailed report that produced investigative leads101. A lot of documents helped to produce those conclusions, one of which merits special mention, the EUROPOL document AWF Copy (…) that collected many clues, all very significant in sustaining the hypothesis of this investigation102. For the whole investigation EUROPOL was constantly involved, it had pre-announced the creation of a working group, in which all confidentiality on gathered information was lifted103.

E. The fight against organised crime: Is a “European Criminal Intelligence Model” the only way forward? Among the complex and at times, confused approach towards organised crime that has emerged, EUROPOL and EUROJUST are the two main concrete tools that have developed at EU level to counter crime. In other words, closer police and judicial cooperation. Both institutions have been given the task to coordinate operational work, exchange information and analyze data. From an overarching supervisory role, they have gained more hands-on powers in terms of directing operations. EUROPOL, since 2006, has produced an annual assessment report on organised crime made up of information provided by national police forces. This would seem a useful tool to monitor organised crime and identify trans-border trends throughout Europe. 53 However, because of the lack of political will and desire to create a collective European police and judicial space, both tools have suffered from not being given enough powers and a legitimate status among Member States104 and even third parties like the USA. For example, in the past, as “EUROPOL cannot share information about transnational cases that impact on its jurisdiction, the US does not take EUROPOL very seriously and prefers to stick to its bilateral channels. EUROPOL also complains that Member State liaison officers based in Washington seldom consult its office in the same city”.105 54 In 2005, a “European Criminal Intelligence Model” was proposed as a practical way for European Police forces to exchange information106. It was seen as “a policing plan 52

99 Cf. Council of the European Union, From: Hungarian delegation, To: Customs Cooperation Working Party, n. prev. doc: 7805/3/10 REV 3 ENFOCUSTOMS 26, Subject: Threat Assessment on Intellectual Property Rights (IPR) 2010: 5). http://www.statewatch.org/news/2011/jan/eu-council-threat-assesmentipr-15841-rev1-10-2.pdf, 5. [accessed 18 August 2016]. 100 Cf. Procura di Napoli, Procidimento penale n. 54548/2008 RGNR del RG della Procura di Napoli – Richiesta di scambio informative prelimainare tra autorità giudiziarie. Art. 18 Convenzione ONU sul Crimine Organizzato, Riferimento per Eurojust n. 4991/2008, 15/12/2008. 101 Procura di Napoli, supra, 2. 102 Procura di Napoli, supra, 2. 103 Procura di Napoli, supra, 6. 104 Den Boer & Bruggeman, ‘Shifting gear: Europol in the contemporary policing era’, Politique Européenne 2007/3 (n° 23), 79. 105 Brady, supra, 34. 106 Goold, Development of The Organised Crime Threat Assessment (OCTA) and Internal Security Architecture European Parliament (LIBE) PE 410.682, (2009) Brussels: http://www.europarl.europa.eu/ RegData/etudes/etudes/join/2009/410682/IPOL-LIBE_ET(2009)410682_EN.pdf [accessed 3 February 2018].

78

Allum/Gilmour

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:19 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. The Fight against Organised Crime and its proliferation in the European Union

for coordinating investigations against organised crime throughout the EU, according to a method called intelligence-led policing”107 and was to be implemented by 2008. However, in 2005, some Member States (Austria, the Benelux countries, France, Germany and Spain) also decided to push ahead on this front separately because they saw it as one of the only viable ways forward. The Prüm Decision108, a kind of ‘laboratory’109, developed systems in which Police forces could exchange information (DNA, fingerprints, vehicle registration, etc.) quickly and easily; it was seen as ‘an information-sharing avant-garde outside the EU’110 Although it was feared that this system would undermine EU initiatives, it did not. Rather it acted as an encouraging force, removing some of the barriers that Bigo111 identified as necessary to maintain individual state sovereignty against the overwhelming appeal of state silo-busting global security strategies and thereby bolstering the EU Internal Security strategy with its focus on intelligence sharing across borders. Originally hostile to the idea of automatic intelligence sharing with other countries112, the UK Government opted back in to the Prüm measures113 and is discussing the possibility of maintaining open intelligence sharing in a bilateral agreement following Brexit. Questions of security appear to be winning the battle with those who would privilege individual, or at least state-level, sovereignty. In the Post-Stockholm agreement policy cycle data protection, although a central concern, is seen as negotiable based on acceptance of the EU’s new General Data Protection Regulation (GDPR)114. This sets the rules to allow intelligence and personal information to transfer across state boundaries and outside of the EU. In January 2017, a Council Resolution on a model agreement for setting up Joint 55 Investigation Teams (JIT115) (2017/C 18/01) was passed as well as clarification in Article 5 of Europol’s Regulations. They have sought to create links among national police and judicial agencies to enable better cooperation in transnational EU-wide investigations. In other words, these teams are able to (1) request and share information more informally, (2) be present at house searches and surveillance in other countries, (3) coordinate efforts on the spot, (4) build up trust between practitioners from different countries working together and deciding on common strategies and (5) prosecuting offenders in the appropriate jurisdiction. EUROPOL and EUROJUST provide direct support and assistance together with EU funding. Compared with the traditional way of information sharing which has been the International letter of request (ILOR), which were considered slow, cumbersome and bureaucratic, these teams have become “an invaluable tool for large-scale cross border enquiries and have now become a well utilized avenue for investigators to use”116. However, it may not be that straightforward to implement. Italy, considered a main player in the fight against organised crime, only117 implemented the 107

Brady, supra, 15. See Ryder, European Criminal Intelligence, Part 3 Chapter 3, in this volume. Cf. https://eurlex.europa.eu/legalcontent/EN/TXT/?uri=LEGISSUM%3Ajl0005 [accessed 25 April 2018]. 109 Brady, supra, 21. 110 Brady, supra, 21. 111 Bigo, “EU Police Cooperation: National Sovereignty Framed by European Security” in: Guild and Geyer (eds) Security versus Justice? Police and Judicial Cooperation in the European Union, Routledge (2016), 93. 112 Cf. conversation in Parliament at: https://publications.parliament.uk/pa/cm201516/cmselect/cmeuleg/342-xii/34205.htm [accessed February 2018]. 113 Cf. full Parliamentary decision at: https://publications.parliament.uk/pa/cm201617/cmselect/cmeuleg/71-vi/7122.htm [accessed February 2018]. 114 Cf. https://www.eugdpr.org/[accessed February 2018]. 115 de Buck, ‘Joint Investigation Teams’, ERA Forum, (2007), 8: 253–264. See also https://www.europol.europa.eu/activities-services/joint-investigation-teams [accessed 1 February 2018]. 116 Interview with Police officer, OC unit, Metropolitan police, 20 October 2016. 117 6 years after. 108

Allum/Gilmour

79

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:20 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

JIT into law in 2016. Even then, Italy has found it problematic. An Italian prosecutor who uses JIT argued that there clearly exist language and cultural barriers as well as financial and time constrains118. So, while it is a step in the right direction in terms of “intelligence sharing”, still more needs to be done to make this wholly efficient including guaranteeing funding. Caution is as ever at the forefront of key developments. 56 JIT build on the work of the police liaison officers that have been used in police cooperation since the 1970s and which in 1996 was formalized to have EU police liaison officers located in European capitals. But, again, their work has not been straightforward. Liaison officers have often become isolated individuals in capitals using discretionary and ad hoc powers in terms of what they do119 and how they engage with local and national law enforcement agencies. The Academic Advisors of EUROPOL’s 2017 threat assessment acknowledged this key impediment, stating; the ‘lack of harmonisation of law and failures in implementing international standards as a possible obstacle to the effectiveness of criminal investigations’120. 57 The decision by the UK to leave the EU will also mean a departure from the current arrangement it has with EUROPOL. This is likely to bring a new arrangement to the fore121 perhaps similar to the one negotiated by Denmark in its breakaway from EUROPOL in 2017122 following the introduction of EUROPOL’s new Regulation to strengthen cross-border investigations and cooperation123. Given that the UK has been a major contributor to EUROPOL (one of its directors was is British) and to EU policy on police collaboration and information sharing124, this is likely to have lasting impact across the Union. The UK Government has, however, stressed that it is keen to avoid a “limited patchwork of cooperation” that would potentially create “operational gaps” in security across Europe125. It sees a new strategic agreement between the UK and the EU as the best way forward but some commentators have pointed out the lengthy timeframe that such negotiations have endured in the past, with 9 to twelve years being close to the norm126.

F. Conclusions 58

This chapter has sought to outline the developments within EU policies and practices that improve the collective understanding of and law enforcement impact upon organised crime, including intelligence sharing across EU Institutions, States, and State 118

Interview with Italian Antimafia Prosecutor, Naples, 28 October 2016. Block, 2010, ‘Bilateral Police Liaison Officers: Practices and European Policy’, Journal of European Research, vol 6, n. 2, pp 194–210. 120 Comment by Academic Advisors, SOCTAs, 2017, Europol, 1, available at https://www.europol.europa. eu/activities-services/main-reports/european-union-serious-and-organised-crime-threat-assessment-2017 [accessed 1 June 2017]. 121 Martill. and Staiger. (eds). 2018. Brexit and Beyond: Rethinking the Futures of Europe, UCL Press, 150. 122 Cf. agreement between Denmark and EUROPOL at https://www.europol.europa.eu/publicationsdocuments/agreement-operational-and-strategic-cooperation-between-kingdom-of-denmark-and-europol [accessed February 2018]. 123 Cf. new Regulation at http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0794&from=EN [accessed February 2018]. 124 Martill. and Staiger. (eds). 2018, supra, 158; Sergio Carrera, Jean-Pierre Cassarino, Nora El Qadim, Mehdi Lahlou, Leonhard Den Hertog. EU-Morocco Cooperation on Readmission, Borders and Protection: A model to follow? 2016. , 4. 125 Cf. HM Government, 2017. Security, law enforcement and criminal justice: A future partnership paper, 13, UK Government, London. Available at: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/645416/Security__law_enforcement_and_criminal_justice_-_a_future_partnership_paper.PDF [accessed February 2018]. 126 Martill and Staiger, supra, 152. 119

80

Allum/Gilmour

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:21 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. The Fight against Organised Crime and its proliferation in the European Union

Actors. Political and Police strategies for cooperation against organised crime in the EU have been fraught with delay and compromise as clashes between privileging “security” against “sovereignty” have played out in policy development and political discourse. Nevertheless, there has been significant progress made, even against the odds – 59 consider Denmark’s remarkable feat of political conjuring that saw it vote to leave EUROPOL (largely because of changes to intelligence sharing regulations) in a referendum and sign a last-minute agreement that changes its membership status whilst keeping its involvement in the European Police Office practically unchanged. These odds roll out once more as Brexit looms but most observers see a similar compromise in view for the future of British law enforcement and intelligence agencies in EUROPOL. The gradual linguistic merger between organised crime, terrorism, migration, and security has created a wider platform for EU agencies and political actors to negotiate upon and it is clear that a break from the EU’s five-year programmes (Tampere, Hague, and Stockholm) has allowed for a much broader approach127. The intelligence-led approach taken by EUROPOL, as outlined in their Threat 60 Assessments, sits at the heart of a coordinated approach to countering organised crime128 and is therefore critically important (and equally critical for their other themes, counter terrorism, cybercrime, etc.). With the future perhaps as unclear as it has ever been, there is still reason to be confident that past uncertainties are being dealt with in the development of cooperation against organised crime in the EU and beyond. This may take the form of further bilateral agreements to maintain progress, and retain the inclusion of the UK and ‘five-eyes’ partners in the mix (although there are clear calls for this to be a more transparent process if conducted out with the purview of international institutions129). The gains made in political, law enforcement, and judicial cooperation thus far, and over decades of development, are critical to maintain if the EU is to retain an ability to counter organised crime. 127 Cf. http://www.consilium.europa.eu/en/policies/strategic-guidelines-jha/for the full list [Accessed 3 February 2018]. 128 Goold,‘Mind the (information) Gap: making sense of the European Union’s strategic approach to transnational organised crime’ in Allum and Gilmour (eds) Routledge Handbook of Transnational Organised Crime, (2012), Routledge, Abingdon, UK. 129 Cf. https://www.privacyinternational.org/sites/default/files/2017-11/PI-Briefing-to-National-Intelligence-Oversight_0.pdf [accessed 3 February 2018].

Allum/Gilmour

81

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:21 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2 The Role of European Intelligence in Countering Terrorism Gilles de Kerchove/Christiane Höhn Outline A. Introduction ...................................................................................................................... I. Definition of intelligence? ..................................................................................... II. Importance of intelligence .................................................................................... III. Role of intelligence in counter-terrorism, including the US experience .... B. The EU framework with regard to intelligence ........................................................ I. Art. 4 (2) TEU ......................................................................................................... II. Challenges for the EU with regard to counter-terrorism and intelligence III. EU tools in the area of intelligence .................................................................... 1. EU Intelligence and Situation Centre (INTCEN)....................................... 2. Passenger Name Record (PNR) ...................................................................... 3. EU-US Terrorist Financing Tracking Programme (TFTP) ...................... 4. Financial Intelligence Units: FIU.net within Europol – secrecy by design .................................................................................................................... 5. Common risk indicators for security checks of EU nationals at external borders .................................................................................................. 6. Risk assessment methodology developed by the Commission (DG HOME) for air cargo (aviation security) and beyond ............................... 7. European Union Satellite Centre (SATCEN) .............................................. C. Relevant interfaces between EU tools and security services .................................. I. Schengen Information System (SIS) II............................................................... II. European Counter-Terrorism Centre (ECTC) at Europol............................ III. Interoperability of databases................................................................................. IV. Access of security services to the EU databases............................................... V. Security research ..................................................................................................... VI. EU Computer Emergency Response Team (CERT) ....................................... VII. Privacy shield ........................................................................................................... VIII. Fundamental Rights Agency................................................................................. IX. Battlefield information........................................................................................... D. European intelligence cooperation outside of the EU context .............................. I. Counter-Terrorism Group (CTG)....................................................................... II. Madrid Group.......................................................................................................... E. Assisting third countries to strengthen their security services in a rule of law framework.......................................................................................................................... F. What more could be done in the EU context? ......................................................... I. Under the existing legal framework ................................................................... 1. Commission to engage in dialogue with security services........................ 2. Commission to support cooperation in the context of Art. 73 TFEU... 3. Commission to support peer review and strengthening national services .................................................................................................................. 4. Commission to pool information in relevant areas to get a better information picture and subscribe to private databases............................ 5. Further develop concept of European security – what would this mean legally?................................................................................................................... 6. Harmonization of data protection and privacy rules?............................... 7. Designation by Member States of security services as competent authorities............................................................................................................. 8. Engagement of security services with the European Parliament............. 9. Engagement with the European Court of Justice ....................................... II. In the transatlantic context................................................................................... III. In the longer term future ...................................................................................... G. Conclusion .........................................................................................................................

82

de Kerchove/Höhn

mn. 1 6 12 17 33 33 37 40 41 42 45 47 50 51 54 55 56 61 72 73 75 77 80 83 84 85 85 88 89 93 94 95 96 99 100 103 105 106 107 108 109 112 116

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:22 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism Bibliography: Anderson, Attacks in London and Manchester, March – June 2017, Independent Assessment of MI5 and Police Internal Reviews, December 2017, available at: https://assets.publishing.service.gov.uk/ government/upl oads/system/uploads/attachment_data/file/664682/Attacks_in_London_and_Manchester_ Open_Report.pdf; Bauer, L’avenir du terrorisme, Institut Diderot, Les Carnets des Dialogues du Matin, Hiver 2015–2016, available at: www.institutdiderot.fr; Carter, D. L. & Carter, J. G. (2009), Intelligence Led Policing: Conceptual Considerations for Public Policy, Criminal Justice Policy Review, 20(3); Chesterman, One Nation Under Surveillance: A New Social Contract to Defend Freedom Without Sacrificing Liberty, Oxford University Press, 2011; Chertoff et. al, Globsec Intelligence Reform Initiative: Reforming Transatlantic Counter-Terrorism, 2016, available at: www.gobsec.org; Davies, Ideas of Intelligence Divergent National Concepts and Institutions Harvard International Review 24,3 (2002), p. 62–66; Den Boer (2014), Intelligence-led policing in Europe: lingering between idea and implementation, in: Duyvesteyn et al, The Future of Intelligence, Challenges in the 21st Century, Abingdon/New York, Routledge, p. 113; Den Boer (2015), Counter-Terrorism, Security and Intelligence in the EU: Governance Challenges for Collection, Exchange and Analysis, Intelligence and National Security, 30:2–3, 402–419; de Kerchove/Höhn, The Regional Answers and Governance Structure for Dealing with Foreign Fighters: the Case of the EU, in: Foreign Fighters under International Law and Beyond, eds. Andrea de Guttry, Francesca Capone, Christophe Paulussen (2016) pp. 299–326; European Political Strategy Center, Towards a “Security Union”, Bolstering the EU’s Counter-Terrorism Response, Issue 12/2016; Europol, Changes in Modus Operandi of IS revisited, November 2016; Fägersten (2015), Intelligence and decision-making within the Common Foreign and Security Policy, Swedish Institute for European Policy Studies, European Policy Analysis, issue 2015:22 epa; Fenech, Rapport fait au nom de la Commission d’enquête relative aux moyens mis en oeuvre par l’État pour lutter contre le terrorisme depuis le 7 janvier 2015, Assemblée nationale, No. 3922, July 2016; Gruszczak (2016), Intelligence Security in the European Union, Building a Strategic Intelligence Community, Palgrave/Macmillan; Hertzberger (2007), Counter-terrorism intelligence cooperation in the European Union, Turin, UNICRI; Kean/Hamilton (eds), The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks Upon the United States, Washington, D.C (2004); Kaunert/Léonard, European security, terrorism and intelligence: Tackling new security challenges in Europe, Basingstoke/New York: Palgrave (2013); Kroon, Ma3tch: Privacy AND Knowledge “Dynamic Networked Collective Intelligence”, 2013 IEEE International Conference on Big Data, available at: http://ieeexplore.ieee.org/document/6691683/; Müller-Wille, For our eyes only, Shaping an intelligence community within the EU, EUISS. (2004); Palacios (2016), Intelligence Analysis Training: A European Perspective, The International Journal of Intelligence, Security and Public Affairs, 18:1, 34–56; Warner, Wanted: A Definition of “Intelligence”, Understanding Our Craft, Studies in Intelligence (CIA’s journal), Vol 46 No 3.

A. Introduction The European Council stated in its conclusions of 18 December 20151: “The recent 1 terrorist attacks demonstrate in particular the urgency of enhancing relevant information2 sharing.” Information collection, sharing and analysis are key in the fight against terrorism. As the pace and scale of recent terrorist attacks and foiled attacks in Europe have shown, having the best possible intelligence picture and acting upon it is especially important with regard to the European “foreign terrorist fighters”3 still in Syria and Iraq (some of whom might return to Europe) as well as Daesh, which has been directing, enabling or inspiring attacks in Europe, the region and around the world. In addition to strengthening efforts in the area of prevention of radicalization, it is 2 crucial for EU Member States to invest more in the security and intelligence services as well as law enforcement, to be as strong as possible at the national level. Strong services also encourage sharing among them. Sharing among law enforcement and security and 1 http://www.consilium.europa.eu/en/press/press-releases/2015/12/18-euco-conclusions/ (last checked 21 April 2017). 2 Information is a broad concept and includes law enforcement, intelligence and other information. 3 Individuals referred to as “foreign terrorist fighters” travel abroad for the purpose of terrorism. Definition contained in the DIRECTIVE (EU) 2017/541 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 15 March 2017 on combating terrorism and replacing Council Framework Decision 2002/475/JHA and amending Council Decision 2005/671/JHA. p 4.

de Kerchove/Höhn

83

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:23 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

intelligence services at the national level is increasing within the Member States. This horizontal sharing is necessary to have the full picture and the best possible analysis as both law enforcement and security/intelligence services work to prevent terrorist threats4. At European level, such cooperation is developing more slowly. Daesh has demonstrated that it works across national borders, that the various teams involved in recent attacks such as in Paris November 2015 and in Brussels March 2016, have been located in several Member States. 3 In addition, within the Schengen area, persons travel freely. Therefore, the abolition of internal border controls needs to be accompanied by so-called flanking security measures, including information sharing. One such tool is the Schengen Information System, which serves to put information from law enforcement and security services at the right place at the right time so that terrorist suspects entering the Schengen space can be identified during border or second line security checks. The SIS II can create valuable intelligence leads for security services and law enforcement (monitoring of movements). Schengen also explains why the “Security Union”5 promoted by Commission President Junker is so important. However, in the area of intelligence, the cooperation tools and structures in the Schengen area are less developed than law enforcement and criminal justice and challenges in information collection, sharing and analysis remain6. This is due in large part to restrictions in the EU Treaties, which excludes “national security” from the EU’s remit (Art. 4 (2) TEU). Given the nature of the current terrorist threat, there is a greater need for cooperation of security services across Europe than in the past. 4 After the Charlie Hebdo attacks and the November terrorist attacks in Paris in 2015, the EU Heads of State or Government and the European Council asked for deeper cooperation between Member States’ security services notably by structuring further their information exchange.7 4 This has been one of the key learning points after 9/11 (Kean/Hamilton (eds), The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks Upon the United States. Washington, D.C (2004)) and also one of the conclusions of the report by David Anderson “Attacks in London and Manchester, March – June 2017, Independent Assessment of MI5 and Police Internal Reviews”, of December 2017, https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/664682/Attacks_in_London_and_Manchester_Open_Report.pdf, last visited 6 April 2018). 5 Delivering on the European Agenda on Security to fight against terrorism and pave the way towards an effective and genuine Security Union, Communication from the Commission to the European Parliament, the European Council and the Council, Brussels, 20.4.2016, COM(2016) 230 final. (https:// ec.europa.eu/home-affairs/sites/homeaffairs/files/what-we-do/policies/european-agenda-security/legislativedocuments/docs/201604 20/communication_eas_progress_since_april_2015_en.pdf (last checked on 16 March 107)). The first Commissioner for the Security Union, Sir Julian King, was appointed in September 2016. His mission letter can be found here:https://ec.europa.eu/commission/commissioners/ sites/cwt/files/commissioner_mission_letters/mission-letter-julian-king_en.pdf (last checked on 16 March 2017). 6 See for a comprehensive analysis of the current intelligence and law enforcement architecture in Europe Michael Chertoff et. al, Globsec Intelligence Reform Initiative: Reforming Transatlantic CounterTerrorism, 2016, www.gobsec.org p. 15: “Many national in the EU have integrated their borders without any integration or sufficient cooperation among their intelligence services”. The Honorary Steering Committee of the report are Michael Chertoff, former Secretary of the US Department for Homeland Security, Carl Bildt, former Swedish Prime Minister, John Baron Reid of Cardowan, former Home and Defense Secretary, Member of the House of Lords, UK and Dr. August Hanning, former State Secretary in the Federal Interior Ministry and Director of the Federal Intelligence Service (BND), Germany. 7 Informal meeting of the Heads of State or Government Brussels, 12 February 2015 – Statement by the members of the European Council (http://www.consilium.europa.eu/en/press/press-releases/2015/02/ 150212-european-council-statement-fight-against-terrorism/ (last checked 21 April 2017), European Council Conclusions of 18 December 2015 (http://www.consilium.europa.eu/en/press/press-releases/ 2015/12/18-euco-conclusions/(last checked 21 April 2017).

84

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:23 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

This chapter looks at the various aspects of intelligence in the fight against terrorism, 5 including the differences to traditional counter-espionage and counter-intelligence work, the relevant EU tools as well as limits of EU cooperation and makes some suggestions how cooperation on intelligence could be strengthened in particular in the context of the existing EU treaties.

I. Definition of intelligence? In the US, after 9/11, the US Government introduced a series of reforms in order to 6 remove the walls between agencies, including police and intelligence, in order to ensure that terrorists could not exploit information gaps. However, in the EU context, for cultural, historical and constitutional reasons some Member States insist on strict separation between law enforcement and intelligence information at national level and often argue that, for source protection reasons, intelligence information cannot be shared with law enforcement personnel or other players involved in counter-terrorism. However, many Member States have found ways around these concerns and achieved significant operational success doing so. Therefore the question arises: What is the difference between counter-terrorism 7 intelligence and law enforcement information? What is the definition of intelligence8? This is especially relevant as in many countries, such as Germany, the law enforcement agencies have received additional powers to act to prevent terrorism. With regard to counter-terrorism (CT), law enforcement also “increasingly relies on covert and/or “intelligence techniques”, so the distinction between the two communities can be blurred”9. In addition, criminal law has been adapted over the past years to respond effectively to the evolving terrorist threat. The Council Framework Decision on combatting terrorism as updated in 200810 already includes crimes such as membership in a terrorist organisation and providing terrorist training as well as inciting terrorist acts. Especially in the context of foreign terrorist fighters, with the UN Security Council Resolution 217811, the Council of Europe Additional Protocol to the Convention on Prevention of Terrorism12 and the new EU Directive on combatting terrorism13, criminalisation has been further expanded and includes many preparatory acts, such as preparation of terrorist travel or receiving terrorist training. Hence, criminal law and law enforcement cover actions long before attacks are committed.

8 On the definition see also Warner, Wanted: A Definition of “Intelligence”, Understanding Our Craft, Studies in Intelligence, CIA’s journal, Vol 46 No 3 and Davies, “Ideas of Intelligence Divergent National Concepts and Institutions” Harvard International Review 24,3 (2002), pp. 62–66. 9 Chertoff et. al, Globsec Intelligence Reform Initiative pp. 7. 10 COUNCIL FRAMEWORK DECISION 2008/919/JHA of 28 November 2008 amending Framework Decision 2002/475/JHA on combating terrorism, L 330/21. (http://eur-lex.europa.eu/legal-content/EN/ TXT/PDF/?uri= CELEX:32008F0919&from=EN last checked on 16 March 2016). 11 Adopted on 24 September 2014 http://www.un.org/en/sc/ctc/docs/2015/SCR%202178_2014_EN.pdf (last checked on 16 March 2016). 12 Adopted on 22 October 2015 https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent ?documentId=090000168047c5ea. 13 The European Parliament and the Council reached political agreement on 17 November 2016. The Directive was adopted by the Council on 7 March 107 after the vote of the EP Plenary on 15 February 2017. It was signed on 15 March 2017. The text can be found here: http://data.consilium.europa.eu/doc/ document/PE-53-2016-INIT/en/pdf (last checked on 17 March 2017).

de Kerchove/Höhn

85

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:24 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

Diagram:

law enforcement security and intelligence services prevenon

invesgaon of criminal acts, including preparatory acts prevenon

Despite the various attempts at definition of intelligence information14, a clear cut definition and hence delineation between intelligence and law enforcement information seems to be lacking. Let’ s take the following as a hypothetical example: Let’ s assume that the same information was provided by a third country to the representative of the criminal police of one Member State and to the intelligence officer of another Member State, warning about explosives in a cargo plane that had landed at a European airport on its way to the US. Thanks to this information, the bombs were identified and the attack on the plane was averted. Although it was the same information, in one Member State, it was subsequently treated and transmitted as law enforcement information, in the other Member State as intelligence information. This seems to suggest an organic definition, based on the agency which receives the information. Given the different procedural rules for law enforcement and security services to collect information on citizens at home and fundamental rights protections, the organic approach would in this context suggest that the definition of whether a piece of information is regarded as relevant for law enforcement or for an intelligence agency depends on the body that collected or received it. There is the risk of information being overprotected depending on which route it entered the system. The threshold before security services can act with regard to collection of information tends to be lower, given the procedural protections in the criminal justice context. Security and intelligence services often can collect and store in their databases information, or intelligence, with different threshold than police. An additional question is: are the individual bits and pieces of information already intelligence or just the refined product? It seems that with regard to information found on the battlefield decisions have been made by some allies recently to classify only refined analysis products, which would allow easier sharing of the pieces of information such as from cell phones with law enforcement and other authorities. In the future, States will more and more lose the monopoly over information, including in conflict zones. The trend is already under way. Private organizations either on the ground or via crowd sourcing or other ways on the internet already have a wealth of information today that would be very useful to States. 9 In counter-terrorism, both security services and law enforcement hold valuable information that may be important pieces of the puzzle and which would need to be analysed together (“connect the dots”)15. Both security services and law enforcement are 8

14 On definition of intelligence please see the Omand Means and Methods of Modern Intelligence and their wider implications Part II Chapter II, in this volume. 15 David Anderson in his report writes:” The first step change relates to improvements in the ability of MI5 and police to exploit data to detect activity of concern, particularly on the part of closed subjects of interest but in relation also to active subjects of interest and previously unknown individuals. Two specific strands to this work are proposed: a better strategy for acquiring, analysing and sharing data across intelligence and policing, for example through wider use of bulk personal datasets… Key to this

86

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:24 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

active long before terrorist attacks are committed. While the task of security services is to protect the country from threats, police has both a protective task and in addition a task to help detect, investigate and bring to justice criminal suspects. Prior to the Brussels and Paris attacks, most of the perpetrators had ordinary criminal (but not terrorist) backgrounds. This underlines the need for security and intelligence services and law enforcement personnel to work together in cross-checking and sharing information. Instead of the organic approach, one could rather adopt a functional approach to the delineation – intelligence information to disrupt plots, while law enforcement information serves to collect evidence for investigation and prosecution. One often important distinction is between strategic and operational intelligence. 10 While the latter contains specific information which serves to identify terrorist suspects and disrupt plots, strategic intelligence is the analysis of information that provides the threat picture and serves to inform policy decisions. Criminal intelligence is important in the law enforcement and criminal justice 11 context. Networks have to be identified and dismantled in the context of criminal investigations and prosecutions. Intelligence led policing16 which has been promoted since 9/11 shifts police work from reacting to incidents to a more strategic and proactive approach of interventions, based on analysis and collection of information. While there is no universally accepted definition of intelligence led policing, the following elements seem to be key: “The collection and analysis of information related to crime and conditions that contribute to crime, resulting in an actionable intelligence product intended to aid law enforcement in developing tactical responses to threats and/or strategic planning related to emerging or changing threats.”17

II. Importance of intelligence Both strategic intelligence analysis and operational intelligence are crucial. Intelli- 12 gence is necessary to learn about the functioning, objectives, members, modus operandi and planned attacks of terrorist groups or individuals and to disrupt specific plots before they occur, such as in early 2015 in Verviers, Belgium. With Al Qaeda and even more Daesh this is particularly challenging because of the bottom-up model of terrorism it promotes, called by some the “Uberization” of terrorism: Al Qaeda wanted to centrally plan major attacks. Daesh has conducted and directed attacks, involving returning foreign terrorist fighters it had trained in Syria and Iraq. However, it also encourages, inspires and provides with “how to” information those who have not traveled to Syria and Iraq to commit attacks at home. Daesh has an extremely effective social media strategy to do this, leading to radicalization online of many youth inside the EU. For terrorists who are inspired by Daesh but only have very loose ties to the organization if at all, giving a Daesh label to the attack serves to make it part of a broader, seemingly important cause and provides significance. It is challenging for development is a new commitment by MI5 to allow knowledge derived from intelligence to be shared more widely beyond intelligence circles. This should enable, for example, neighbourhood policing and other agencies to make judgements with a better knowledge of the national security risk, and to implement appropriate local action. Improved flow of information in the other direction also has the potential to contribute to better decision-making at the centre in relation to the risk from closed subjects of interest in particular…” 16 On intelligence-led policing see also Den Boer (2014), in: Duyvesteyn et al (eds), Intelligence-led policing in Europe: lingering between idea and implementation, 113. 17 Carter, D. L. & Carter, J. G. (2009). “Intelligence Led Policing: Conceptual Considerations for Public Policy”. Criminal Justice Policy Review, 20(3), 310–325.

de Kerchove/Höhn

87

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:25 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

services to detect lone actors who are radicalized in their communities and online and have not previously travelled to conflict zones. Diagram:

informaon collecon

informaon sharing

informaon analysis

operaonal execuon

Intelligence sharing is only part of the challenge. Intelligence collection is the crucial first step without which sharing and analysis cannot take place. Human intelligence sources are key, but difficult to introduce into the terrorist environment both in Syria and at home. Investment in this is necessary – in recent years, much investment took place in signal intelligence and analysis of communication of the internet, which is important, but cannot replace human sources. One possibility for collecting intelligence from returning foreign terrorist fighters is in the context of criminal proceedings, where repentant suspects may be offered advantages in terms of sentencing or in prison. The French parliamentary commission of inquiry after the Paris attacks of November 201518 recommends to further explore how to set up a regime for repentant terrorist suspects19. This is also an example of how the criminal justice proceedings can serve to collect intelligence. Several Member States have set up intelligence units in prisons. Investing in cyber capabilities – prevention of attacks and infiltration, detection and observation of communication on the web, including the dark web, big data analytics – is important, given the high capacity of Daesh in cyberspace. 14 In addition, without excellent analysis of the often massive amount of information (tsunami of data), actionable intelligence may be overlooked. Hence, analysis and prioritization is a major challenge. Commissions of inquiry after terrorist attacks often find that data had been available but that some of the attackers had not been regarded as the highest threat or that there had been no indication of involvement in attack planning. Some services are broadening the profiles of their members (recruiting IT experts, sociologists, psychologists, ethnologists etc.) to be more creative and strengthen analysis from all possible angles. Recruiting staff with language skills is also critical. DAESH has recruited foreign terrorist fighters from over 100 countries and communicates in most of the world’s major languages. 15 Hence there is a strong need for Member States to support their security services with the necessary resources, technical capabilities (such as interception on cables) and a legal framework to ensure they can act effectively. The more a country invests in its intelligence service, the more capable it becomes and the more services from other countries want to engage and share. Improvements in the information sharing culture between services will come alongside greater investment in capabilities, hence stronger services at national level increase security across the EU. Alain Bauer points out the paradox that when services are efficient and there are no attacks the budget is often reduced20. 13

18 Commission d’enquête relative aux moyens mis en œuvre par l’État pour lutter contre le terrorisme depuis le 7 janvier 2015 (http://www2.assemblee-nationale.fr/14/autres-commissions/commissions-d-enquete/moyens-pour-lutter-contre-le-terrorisme/(block)/28447 last checked 4 June 2018): Report: http:// www.assemblee-nationale.fr/14/pdf/rap-enq/r3922-t1.pdf (last checked 16 March 2017). 19 Proposition 21: Engager une réflexion sur l’assouplissement du cadre juridique du statut de “ repenti “ dans le domaine du terrorisme. 20 Alain Bauer, “L’avenir du terrorisme”, Institut Diderot, Les Carnets des Dialogues du Matin, Hiver 2015–2016, www.institutdiderot.fr, p. 40.

88

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:25 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

Security and intelligence services also face constraints: To protect sources and 16 methods, the third party rule states that information received from another service may only be shared with the agreement of that service. Services also have to protect their own sources and methods. However, this is not specific to intelligence: law enforcement also has sources in the “milieu” it needs to protect. Infiltrating the mafia can be as deadly as dealing with sources in the counter-terrorism context. The “five eyes”21 – US, UK, Canada, Australia, New Zealand – is the closest and oldest arrangement for intelligence cooperation. There is an agreement of mutual non-espionage among the “five eyes”. Significant amounts of information are shared within this historically tried and trusted framework. But it is not possible for the members to share onwards with others without agreement from the country providing the information. Trust is key in intelligence cooperation. It seems necessary, in counter-terrorism, to move from a need to know to a dare to share culture, not removing the need to know but significantly broadening it. Anderson states in his review related to the recent attacks in the UK: “The decision to allow intelligence-derived knowledge to be shared more widely beyond intelligence circles marks a significant cultural change. It will allow local police and other agencies to be alerted to threats of which they are currently unaware, and should increase the options for addressing those threats.”22

III. Role of intelligence in counter-terrorism, including the US experience Modern terrorism engages both national security and law enforcement issues – Daesh 17 has had both a territorial presence and connections with “homegrown” terrorists. Thus, intelligence must address both of these. Also worth noting is that intelligence is focused on prevention, while law enforcement tends to be focused on criminal acts that have occurred. This division is bridged when laws allow the prosecution of preparatory acts, like conspiracy, terrorist travel, or material support to terrorism. Such laws bring law enforcement more into the prevention arena. In the current threat environment, in particular with regard to Daesh and Al Qaeda, where internal and external threats are closely linked, three elements are key: information collection, sharing and analysis (including prioritization). In counter-terrorism, the role of security and intelligence services is different from the traditional areas of their work. As Alain Bauer points out23, the qualities, methods and mindsets that were required during the Cold War, which was mainly focused on counter-espionage, are not those that apply in the fight against terrorism. While the traditional security and intelligence services should continue if not intensify their work on counter-espionage in the current international context especially with the hybrid threat (influence operations from some third countries), a different culture and approach is necessary for counter-terrorism. Bauer points out that specific counter-terrorism services are lacking – the only one being in New York, created after 9/11 by the New York Police Department (NYPD). The NYPD CT service consists half of military, law enforcement and intelligence officers and half of civilian consultants including university experts, which creates the needed combination of operational and conceptual competence. Services dealing with counter-terrorism in some EU Member 21 On the “five eyes”: Simon Chesterman, One Nation Under Surveillance: A New Social Contract to Defend Freedom Without Sacrificing Liberty, Oxford University Press, 2011. 22 Anderson, December 2017, p. 42. 23 Alain Bauer, “L’avenir du terrorisme”, Institut Diderot, Les Carnets des Dialogues du Matin, Hiver 2015–2016, www.institutdiderot.fr, pp. 20 f, 30 ff, 36 ff.

de Kerchove/Höhn

89

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:26 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

18

19

20

21

22

States are part of a larger structure of a service which has a different culture than that needed for counter-terrorism. According to him, there is often a cultural problem. Traditionally in counterespionage, time is the friend, criminal activities are not being interrupted to detect the whole network and not alert the group that it is being observed. Information is stove piped, closed off, everything is secret. During the Cold War, threats were existential for the existence of the State. This has also been the case with regard to separatist terrorist groups such as the IRA and ETA. In today’s form of terrorism, for counter-terrorism, time is your enemy, the fast moving threat has increased the need to share quickly. It can also prove difficult for officials in services that normally don’t work with certain countries because of espionage to suddenly work with them closely on counter-terrorism. According to Bauer, it is necessary to develop a specific counter-terrorism service (not to restructure the intelligence/security services which should continue their important counter-espionage work), based on the model of NYPD New York. Efficient counter-terrorism work is different from counter-espionage. In today’s form of terrorism, for counter-terrorism, a common, open analysis tool is necessary to also detect weak signals which combines the best minds and all relevant services and operators including public transport and train operators which are now excluded because according to Bauer the intelligence collection (which should be as open as possible), the analysis (which should be as precise as possible) and intervention (of which one should not speak) are mixed up. Today the small action community is regarded as determining everything, although collection and analysis are different and much larger. Conviction is necessary to create change. He also states that terrorists tell a lot about their plans on the internet and that the difficulty is to prioritize the importance of the various targets24. A key challenge in today’s world is how to make sense of the huge amount of information available, hence the analytical capabilities of security authorities are key. Daesh, which is a cross-border phenomenon and has a cross-border strategy, is a common enemy to the services of states and requires a common response. “Need to know” rules have to be broadened with around 5000 foreign terrorist fighters who travelled to Syria and Iraq from the EU and today tens of thousands of Daesh and AQ operatives with the franchises (AQ on 9/11 included around 400 persons). Instead, there is a stronger “need to share”25, or “dare to share”. However, this needs to be done in a way that sufficiently protects sources and methods when and where necessary. In the US, since 9/11, all services contribute to a national counter-terrorism database which is managed by the National Counter-Terrorism Centre (NCTC). From this, names and “selectors” are transferred to a consolidated unclassified watchlist maintained by the Terrorism Screening Centre. This integrated approach allows border guards and other screeners to check travellers against a comprehensive list of terrorist suspects. So far, this seems not to have compromised sources and methods. The need to connect the dots and avoid stovepipes has not only been identified by the 9/11 Commission in the US26 as of major importance in counter-terrorism, but also in

24 Alain Bauer, “L’avenir du terrorisme”, Institut Diderot, Les Carnets des Dialogues du Matin, Hiver 2015–2016, www.institutdiderot.fr, p. 41. 25 On page 3, the policy paper by the European Political Strategy Center – the Commission’s in-house think tank, also stresses the need to share: Towards a ‘Security Union’, Bolstering the EU’s CounterTerrorism Response, Issue 12/2016, 20 April, http://ec.europa.eu/epsc/pdf/publications/strategic_note_issue_12.pdf. 26 Report: https://9-11commission.gov/report/911Report.pdf (last checked 16 March 2017).

90

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:26 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

national Commissions of inquiry in the EU after attacks, such as in France after the attacks of November 2015, which advocates a single counter-terrorism database27 for France. In Europe, cooperation among law enforcement and security services is very different. 23 Europol28 was created about 20 years ago, has around 1000 officers working at its headquarters, and a budget of around 100 million Euros29. In 2016 Europol created a permanent structure for counter-terrorism cooperation with a secure information sharing system connecting the Member States and Europol30, several databases and analytical work files. Operational information garnered from several Member States can therefore be cross-matched and cross-checked. Europol also provides active support to the recent terrorist investigations after the attacks in Paris (November 2015) and in Brussels (March 2016), checking in particular the links across Member States. It also hosts the Internet Referral Unit, monitoring jihadist communications and propaganda online and supporting Member States with internet based investigations. All Member States have Europol Liaison Bureaux in The Hague and at home, a task force of seconded officers of Member States is investigating Daesh (Joint Liaison Team). More and more information is being shared with Europol, which has also cooperative relationships with partner countries such as the US. This is yielding an increase in significant hits and cross-matching referenced on Europol databases. Europol’s new European Counter Terrorism Centre31 combines all of its counter-terrorism tools in a center of excellence, similar to the European Cybercrime Centre (EC3)32 for cybercrime. Europol has made enormous progress since its founding and information sharing on counter-terrorism has massively increased. Contextual and biometric information still needs to be increased33. However, perspective is necessary. Even in the US which, unlike the EU, is a federal state, it took President Hoover 24 several decades to impose the Federal Bureau of Investigation (FBI) on the States. Of course, unlike the US, the EU is not a federal state. Therefore, there will always be cultural, legal, psychological, political and operational barriers that are (much) higher than the barriers ever were between different States of the US. However, this is not a hurdle that the EU could not overcome, at least in the field of counter-terrorism. Another transatlantic difference is the pendulum between privacy/data protection 25 on one hand and security on the other. While the pendulum is on the security end of the scale in the US, in many EU Member States as well as in a number of rulings of the European Court of Justice34, privacy prevails even today. This may have an 27 Proposition no. 17, http://www.assemblee-nationale.fr/14/pdf/rap-enq/r3922-t1.pdf (last checked 16 March 2017). 28 Comprehensive information about Europol can be found at https://www.europol.europa.eu/. 29 Statement of revenue and expenditure of the European Police Office for the financial year 2016 (2016/C 113/30), EU Official Journal. 30 SIENA at the level of EU confidential from autumn 2016. 31 Europol’s European Counter-Terrorism Centre strengthens the EU’s response to terror, https://www. europol. europa.eu/content/ectc. 32 https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3 (last checked 16 March 2017). 33 EU Counter-Terrorism Coordinator, JHA agencies’ role in counter-terrorism, doc. 6146/18. 34 Such as the Judgment of the Court (Grand Chamber) of 6 October 2015 (request for a preliminary ruling from the High Court (Ireland)) — Maximillian Schrems (Case C-362/14) concerning data transfers to the US in the context of the Safe Harbour Agreement; Judgment of the Court (Grand Chamber) of 8 April 2014 (requests for a preliminary ruling from the High Court of Ireland (Ireland) and the Verfassungsgerichtshof (Austria)) – Digital Rights Ireland Ltd (Joined Cases C-293/12 and C-594/12) concerning the EU’s data retention directive and Tele2 Sverige AB (Joined Cases C-203/15 and C-698/15) concerning national data retention legislation. Judgment of the Court (Grand Chamber) of 13 May 2014 (Google Spain Case C-131/12) concerning the “right to be forgotten”. Opinion of the Court (Grand Chamber) of 26 July 2017 – European Parliament (Opinion 1/15) on the EU-Canada PNR agreement.

de Kerchove/Höhn

91

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:26 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

26

27

28

29

impact on the willingness to share not only among the Member States but also in the transatlantic context. In general, one can detect a major investment in IT systems, common resources and modern structures for cooperation and information sharing with regard to Europol. Europol has some of the strictest information handling codes of EU Member States and acts as an EU benchmark in this regard35. In line with Article 19 of the Europol Regulation which gives the provider of information to Europol the right to determine the modalities of access and transfer of information to other parties, the handling codes designed by Europol ensure a controlled and predictable handling of information, with a view to respecting the needs of the data owners. For instance, by applying a dedicated handling code, the provider may determine, at the moment when supplying information, approval by the data owner prior to disclosing information in judicial proceedings or to any other third party. This mechanism ensures that Europol can process sensitive information and intelligence for analysis purposes in line with its mandate under the Europol Regulation, thus enabling state-of-the-art data protection in the interest of law enforcement cooperation. On the other hand, the security services, being outside the EU institutional framework, have created a platform but not an institution. The services of several Member States do however come together outside of the EU context in the Counter-Terrorism Group (CTG). Since the call of the European Council in 2015 for closer cooperation among security services and more structured cooperation, there has been a lot of momentum within the CTG to further strengthen cooperation. Thanks to the leadership of the Netherlands Presidency (2016) to further step up cooperation of the security services, the Counter-Terrorism Group is working to strengthen real-time multilateral exchanges and has launched a new platform to facilitate this in mid-2016. It allows electronic information sharing in a common database and permanent closer cooperation between certain services through the secondment of officers. The new platform has already facilitated operational results36. The legal framework also is more challenging as common legislation in the EU context is not possible given that intelligence is defined as a national responsibility. Several European States have modified their national legislation to allow feeding of a multilateral database in the context of intelligence. For some bilateral information sharing is preferable and sufficient with regard to intelligence, as the information that is of interest to a partner country will be shared with that country (“need to know” approach). However, it is not always known to the service of a Member State that particular information would be of interest to another Member State. Another specificity with regard to counter-terrorism is the need to respond quickly to operational intelligence, the speed of reaction is critical to saving lives. Multilateral sharing such as in the context of the CTG platform allows a speedy reaction, it reduces the chance of unintentional gaps (“blind spots”) and allows all those with relevant information to contribute. Those excluded from a series of bilateral exchanges could have vital pieces of relevant information but are not aware of it37. Sharing with law enforcement is often done at national level, so that then law enforcement agencies can share internationally, for example with Europol. It is indeed 35 Chertoff et. al, Globsec Intelligence Reform Initiative, p. 16, see also Ryder, European Criminal Intelligence, Part 3 Chapter 3, in this volume. 36 See Report by the EU Counter-Terrorism Coordinator to the Council, Implementation of the counter-terrorism agenda set by the European Council, Brussels, 20 December 2016, doc 14260/16 ADD 1 EXT 1 p. 17 (http://data.consilium.europa.eu/doc/document/ST-14260-2016-ADD-1-EXT-1/en/pdf last visited on 19 April 2017). 37 Chertoff et. al, Globsec Intelligence Reform Initiative p. 26.

92

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:27 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

very important to share and work closely with law enforcement at national level. Information sharing on counter-terrorism via Europol has massively increased: By the end of 2017, there were more than half a million data objects linked to terrorism in the Europol Information System (EIS)38. In January 2018, the persons linked to terrorism in the EIS (foreign terrorist fighters and their supporters/facilitators) was 46.131, 6.539 provided by EU Member States and 39.592 by third parties. By the end of 2014, just before the Charlie Hebdo attacks in January 2015, the EIS contained 1125 objects (incl. around 350 person entities) linked to terrorism39. It is also important for intelligence and security services to work with the judiciary, 30 which may have information of interest to the services, so there should be close links. Another traditional question is also how to introduce intelligence information in the trial. There are rules in (most) Member States on how intelligence could be transformed into evidence or be used to start a criminal investigation. If information is in the hands of a law enforcement agency there are hardly any restrictions to use it as evidence in court of law (if lawfully collected). However, the use in courts of intelligence collected by intelligence and security agencies is often more complex40. This is being solved in different ways in the various EU Member States and has been discussed by Eurojust most recently at the tactical meeting in June 2016. In many cases, the intelligence information transmitted to law enforcement serves as the beginning of an investigation, in which other evidence is collected, which is admissible in court. Another challenge for security services (and law enforcement/judiciary) is encryp- 31 tion. Terrorists increasingly use the dark net and encryption. The internet companies have strengthened encryption after the Snowden leaks to keep the confidence of customers. In cases of end-to-end encryption created by the customer the companies don’t have the keys. There are complex questions related to encryption, those concerning the judiciary have been discussed by the EU Ministers of Justice at their informal meeting in Bratislava in July 2016 and by the Justice and Home Affairs Council in December 201641 and in December 2017. In October 2017, the Commission suggested a number of measures related to encryption in the criminal justice context, including strengthening Europol’s de-cryption capabilities42. Big data is an opportunity and a challenge for security services – services need to 32 adapt, including with regard to technology, to benefit in the best possible way from the 38 53 % of the total number of data objects, compared to 3.9 % of data objects linked to counter terrorism by the end of 2016. For more information on the EIS, see the Europol website: “The Europol Information System (EIS) is Europol’s central criminal information and intelligence database. It covers all of Europol’s mandated crime areas, including terrorism”. (https://www.europol.europa.eu/activities-services/services-support/information-exchange/europol-information-system last checked on 4 January 2018). 39 EU Counter-Terrorism Coordinator, JHA agencies’ role in counter-terrorism, doc. 6146/18 ADD 1/ EXT 1. 40 There are procedures in some Member States that allow the Court to review intelligence information in camera. The European Court of Justice rules of procedure have been adjusted for the Court to be in a position to hear and receive classified material, but this procedure has not yet been used. DECISION (EU) 2016/2386 OF THE COURT OF JUSTICE of 20 September 2016 concerning the security rules applicable to information or material produced before the General Court in accordance with Article 105 of its Rules of Procedure OJ L 355/5 (https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016D2386&from=EN last checked 18 May 2018). 41 Based on a discussion paper by the Presidency http://data.consilium.europa.eu/doc/document/ST14711-2016-INIT/en/pdf (last checked 16 March 2017). Outcome of the Council meeting: file:///C:/Users/ hoehnch/Downloads/st15391.en16 %20(1).pdf (last checked 16 March 2017). 42 Eleventh progress report towards an effective and genuine Security Union, Brussels, 18.10.2017 COM (2017) 608 final, COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE EUROPEAN COUNCIL AND THE COUNCIL.

de Kerchove/Höhn

93

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:27 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

available information on the internet, which has increased exponentially from the past. However, the recent Tele2 ruling43 of the European Court of Justice which does not allow to impose an obligation of generalized data retention on private telecommunications companies may have serious consequences: as the traffic data may no longer be available and the content may be encrypted, there may be the risk for security services that they go dark with regard to terrorist communication. That would benefit no-one.

B. The EU framework with regard to intelligence I. Art. 4 (2) TEU The key provision in this context is Art. 4 (2) TEU: “National security remains the sole responsibility of each Member State.”44 This is being interpreted, in particular by the security services of certain Member States, as excluding the regulation of cooperation and functioning of intelligence services from the remit of the EU. However, there has never been an interpretation of Art. 4 (2) TEU45 by the European Court of Justice (ECJ) or the Council Legal Service. This could change: In 2017, the United Kingdom’s Investigatory Powers Tribunal has made a preliminary reference to the ECJ to clarify whether the powers of the security and intelligence agencies to collect and access bulk communications data fall within the scope of EU law46. This could lead to an interpretation of the term “national security” by the ECJ. 34 On the other hand, internal security is a shared competence between the EU and the Member States, Art. 67 ff TFEU. This is interpreted as law enforcement cooperation. Information exchange between all relevant security stakeholders at EU level, including the security services and law enforcement authorities, is possible under Art. 67 (3) TFEU which sets out that the EU shall endeavour to ensure a high level of security through measures for “coordination” and “cooperation” between police, judicial and other competent authorities.47 The “new settlement for the UK within the EU” drawn up before the Brexit referendum, which has not entered into force due to the “no” vote, reconfirmed Art. 4 (2) but also recognized the benefits of collective action: “Article 4(2) of the Treaty on European Union confirms that national security remains the sole responsibility of each Member State. This does not constitute a derogation from Union law and should therefore not be interpreted restrictively. In exercising their powers, the 33

43 Judgment of the Court of 21 December 2016, Joined Cases C‐203/15 and C‐698/15. http://curia. europa.eu/juris/document/document.jsf?text=&docid=186492&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=820024 (last checked 17 March 2017). According to the ECJ, generalized data retention contradicts the structure of the e-privacy directive, the secondary law upon which Member States’ data retention legislation is based, as well as the necessity/proportionality principle with regard to the rights of privacy and data protection based on the Charter of Fundamental rights. 44 This has been reiterated in the draft Decision of the Heads of State or Government, meeting within the European Council, concerning a New Settlement for the United Kingdom within the European Union: “Article 4(2) of the Treaty on European Union confirms that national security remains the sole responsibility of each Member State. This does not constitute a derogation from Union law and should therefore not be interpreted restrictively. In exercising their powers, the Union institutions will fully respect the national security responsibility of the Member States.” However, this draft decision is void as the British referendum turned out in favour of the Brexit. 45 For a discussion of the definition of “national security” see Sule, National Security and EU law restraints on Intelligence Activities, Part 4 Chapter 2, in this volume. 46 Privacy International v Secretary of State for Foreign and Commonwealth Affairs et al, http://www. ipt-uk.com/judgments.asp (last visited on 16 January 2018). 47 See Chertoff et. al, Globsec Intelligence Reform Initiative p. 6.

94

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:28 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

Union institutions will fully respect the national security responsibility of the Member States. The benefits of collective action on issues that affect the security of Member States are recognised.”48 But what is the difference between national and internal security? How does this 35 relate to European security? One could argue that today, given the Daesh operating methods which are transnational and include cells spanning across several Member States, preparing the attack in one Member State and carrying it out in another, the concept of European security has to be added to national security, as national security does not capture exhaustively all the threats that a country faces. If this is the case, not all cooperation of security services at European level can possibly be excluded from the EU level. In addition, Art. 73 TFEU states that “it shall be open to Member States to organize 36 between themselves and under their responsibility such forms of cooperation and coordination as they deem appropriate between the competent departments of their administrations responsible for safeguarding national security.” The EU Treaties attribute competences to the European Union. A provision about possibilities for Member States to cooperate on issues of their sole responsibility is not necessary: Member States can do as they please in these areas with or without mention in the Treaty. Hence the article is a tautology. An explanation for this could be that some Member States had not been happy about Art. 4 (2) TEU and hence Art. 73 TFEU is there to accommodate those Member States and compensate for Art. 4 (2). Hence, the article is not a necessary condition for Member States’ security services to work together more closely, but it is interesting that it has been taken up in the EU Treaties. Another interpretation is that there is no tautology, that there must be a legal explanation for the article. This sense could be an encouragement of Member States to cooperate in this area.

II. Challenges for the EU with regard to counter-terrorism and intelligence As pointed out above, in counter-terrorism it is crucial to have the full information 37 picture and to collect, analyse and share as much information as possible. Hence close cooperation between law enforcement and security services is a “must” and stovepipes and artificial walls need to be avoided. It is therefore a challenge for EU counterterrorism cooperation that law enforcement cooperation takes place within the EU context and cooperation of security services outside of it. Despite these challenges, there are a number of tools and interfaces at the EU level that are relevant to security services which are explained below. Art. 4 (2) TEU has not prevented the European Council, institution of the EU, to ask 38 security services to cooperate more closely. EU leaders have indicated that deepening and structuring better the cooperation among security services is a priority in counterterrorism: At the informal meeting of the Heads of State or Government Brussels, 12 February 2015, the members of the European Council stated: “We ask that…Member States’ security services deepen their cooperation.” This was reiterated in the Conclusions of the European Council on 18 December 2015: “The commitment made by the Heads of State or Government last February for deeper cooperation between security services should be further pursued, in full respect of Member States’ sole responsibility 48 A New Settlement for the United Kingdom within the European Union, Decision of the Heads of State or Government, meeting within the European Council, concerning a New Settlement for the United Kingdom within the European Union, OJ C 69I, 23.2.2016, p. 1.

de Kerchove/Höhn

95

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:28 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

for national security, notably by structuring further their information exchange so that interested Member States can engage in enhanced joint operational threat analysis.” 39 So far, this deepening and structuring of the cooperation is taking place in the context of the CTG, as referred to in the joint statement of EU Ministers for Justice and Home Affairs and representatives of EU institutions on the terrorist attacks in Brussels on 22 March 2016: “Ministers are convinced of the need to […] fully support the work of the Counter Terrorism Group (CTG), in particular by further accelerating the establishment of a dedicated platform for real time, multilateral information exchange.”

III. EU tools in the area of intelligence There are some EU tools specifically related to intelligence49.

40

1. EU Intelligence and Situation Centre (INTCEN)50 41

The EU Intelligence and Situation Centre (INTCEN)51 is located in the European External Action Service (EEAS). It deals with strategic intelligence analysis, not operational intelligence. It relies on contributions from the security and intelligence services of EU Member States and is staffed with seconded experts from the services as well as with EU officials. Together with the EU Military Staff Intelligence Directorate it creates joint civil/military situational analysis and strategic foresight (Single Intelligence Analysis Capacity) for the EEAS, the Commission, the Council, and the Military Committee, as well as for Member States via the dedicated Council structures (COSI, JHA, PSC, FAC). The more timely intelligence contributions from the EU Member States, the better and more detailed the reports are. A counter-terrorism team within the INTCEN staffed by experts from CTG services is providing strategic analysis on the various aspects of the terrorist threat to Europe. Its work plan is established in close consultation with the CTG, with additional input by the EU Counter-Terrorism Coordinator and by the Commissioner for the Security Union to ensure that INTCEN’s strategic analysis covers the most important policy areas. Accurate strategic intelligence is important to make appropriate policy choices. Regional teams, such as for North Africa and the Middle East, also contribute to analysis relevant to the terrorist threat in the respective regions. Together with the EUMS Intelligence Directorate, INTCEN is considered by the EU Member States intelligence and security services to be the main 49 Regarding the emerging role of the European Union (EU) as a security and intelligence actor from the perspective of counter-terrorism see also Den Boer, Intelligence and National Security, 2015, 402 ff. On EU, CT and intelligence see also Kaunert/Léonard, European security, terrorism and intelligence: Tackling new security challenges in Europe, 2013. On the emergence of an EU strategic intelligence community as a complex multi-dimensional networked construction see also Gruszczak (2016), Intelligence Security in the European Union. For an older description see also Hertzberger (2007), Counter-terrorism intelligence cooperation in the European Union, Turin, UNICRI. (https://warwick.ac. uk/fac/soc/pais/people/aldrich/vigilant/eveline._hertzberger.intelligence_cooperation_eu.pdf last visited 16 January 2018) and Müller-Wille, For our eyes only, Shaping an intelligence community within the EU, EUISS. (2004) (https://www.iss.europa.eu/sites/default/files/EUISSFiles/occ50.pdf last checked on 16 January 2018). 50 For a more detailed description and analysis of INTCEN see the chapters by Rauwolf, Intelligence in EU-led military missions and operations, Part 2 Chapter 4, in this volume and Palacios, EU intelligence: On the road to a European Intelligence Agency?, Part 3 Chapter 1, in this volume. See also Fägersten (2015), Intelligence and decision-making within the Common Foreign and Security Policy, (http://www. sieps.se/en/publications/2015/intelligence-and-decision-making-within-the-common-foreign-and-security-policy-201522epa/Sieps_2015_22epa? last visited 16 January 2018). 51 See fact sheet https://eeas.europa.eu/factsheets/docs/20150206_factsheet_eu_intcen_en.pdf.

96

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:29 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

gateway for strategic intelligence to the EU. In addition to the intelligence analysis division, it also has an open source intelligence division, which also researches in social media, the EU Situation Room (providing 24/7 situational awareness based on media monitoring) and a Consular Crisis Management Division to support cooperation and coordination between the Member States and the EU delegations in the consular field.

2. Passenger Name Record (PNR) The EU PNR52 was adopted in April 2016. Again, it is an instrument for preventing, 42 detecting, investigating and prosecuting terrorist offenses53. The objectives include “to ensure security, to protect the life and safety of persons”54. The preamble also states that “assessment of PNR data55 allows identification of persons who were unsuspected of involvement in terrorist offences or serious crime prior to such an assessment and who should be subject to further examination by the competent authorities. By using PNR data it is possible to address the threat of terrorist offences and serious crime from a different perspective than through the processing of other categories of personal data.”56 Given the importance of the PNR to detect unknown terrorist suspects, it is a very 43 relevant tool for the security services. A number of directors of security services of EU Member States have briefed their national members of the European Parliament on the importance and necessity of an EU PNR. Prior to the adoption of the EU PNR, the EU had already concluded PNR Agree- 44 ments with the US, Canada57 and Australia58. A second PNR agreement with Canada was signed in 201059. Taking the EU-US Agreement as an example, the purpose is “to ensure security and to protect the life and safety of the public”60. The PNR data is used by the US “for the purposes of preventing, detecting, investigating and prosecuting terrorist offenses and related crimes.”61 With regard to privacy and data protection, 52 Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offenses and serious crime, Provisional edition P8?TA-PROV (2016)0127, http://data.consilium.europa.eu/doc/document/PE-712015-INIT/en/pdf (last visited 17 March 2017). 53 Art. 1.2 PNR directive. 54 Para 5 of the preamble of the PNR directive. 55 Art. 6 of the PNR directive sets out the conditions for the processing, such as the principles of nondiscrimination and that positive results from automated matching need to be reviewed by non-automated means. The PNR data can be compared against databases relevant for the purposes of preventing, detecting, investigating and prosecuting terrorist offences and serious crime and against pre-determined criteria. 56 Para 7 of the preamble of the PNR directive. 57 Agreement between the EC and the Government of Canada on the processing of Advance Passenger Information and Passenger Name Record data, Official Journal of the EU L82/15 of 21.3.2006. This PNRCanada agreement from 2006 is no longer in force. It was linked to Decision 2006/253 (COMMISSION DECISION of 6 September 2005 on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the Canada Border Services Agency) which expired in September 2009. 58 Agreement between the EU and Australia on the processing and transfer of Passenger Name Record data by air carriers to the Australian Customs and Border Protection Service, Official Journal of the EU L186/4 of 14.7.2012. 59 Starting in 2010, the EU and Canada negotiated a new PNR agreement, which was signed in 2014. The Council of the EU requested the European Parliament to approve it. 60 Art. 1 of the Agreement between the USA and the EU on the use and transfer of passenger name records to the US Department of Homeland security, Official Journal of the EU L215/5 of 11.8.2012. 61 Art. 4.1.a of the EU-US PNR Agreement. Art. 18 of the EU-US PNR Agreement states that “Consistent with existing law enforcement or other information-sharing agreements or arrangements between the US and any EU Member States…DHS shall provide to competent police, other specialised law enforcement or judicial authorities of the EU Member States…analytical information obtained from

de Kerchove/Höhn

97

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:29 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

many issues have arisen. All agreements contain safeguards for data protection. The draft EU-Canada Agreement signed in 2014 was referred by the European Parliament to the European Court of Justice, which provided an opinion on compatibility with EU law before conclusion62. The agreement has to be re-negotiated to comply with the ruling63.

3. EU-US Terrorist Financing Tracking Programme (TFTP) The EU-US TFTP64 is an instrument not only used for investigation and prosecution of terrorism and terrorism financing, but also for prevention and detection purposes, hence very early in the process65. Therefore, the TFTP is not only a law enforcement tool, but also an intelligence tool to collect information and detect terrorist (financing) networks at very early stages relevant for security services. This shows that in some areas, where it seems beneficial, Member States accept that the EU concludes agreements related to intelligence collection. Information obtained via the TFTP is provided to “law enforcement, public security, or counter terrorism authorities of Member States…for the purpose of the prevention, investigation, detection or prosecution of terrorism and terrorist financing.”66 Hence security services can benefit from the information of the TFTP. Requests to the US can be sent by Member States and Europol, and the US can share information on its own initiative. 46 By the end of 2017, 66,086 intelligence leads have been provided by the TFTP (Art. 9 and 10) since it came into force in 2010, including more than 30,117 leads specific to travelling foreign terrorist fighters (Syria/Iraq/IS). There has been a 20 % increase in the number of intelligence leads provided by the Terrorist Finance Tracking Programme (TFTP) in 2017, compared to 201667. More than 89 % of the intelligence leads from the TFTP were generated since January 2015. From an overall perspective, the TFTP has proven to be a valuable tool in counter terrorism investigations: it enhances the ability to map out terrorist networks, often filling in missing links in an investigative chain. However, EU/SEPA transactions are excluded from the TFTP, hence an EU Terrorist Financing Tracking System complementary to the TFTP could be considered68. 45

PNR in those cases under examination or investigation to prevent, detect, investigate or prosecute within the EU terrorist offences…” 62 The EP had referred the draft PNR agreement with Canada to the ECJ to ascertain compatibility with EU law (Case No. C-1/15). The press release on the opinion of the ECJ of July 2017 can be found here: https://curia.europa.eu/jcms/upload/docs/application/pdf/2017-07/cp170084en.pdf (last checked on 4 January 2018), Opinion of the Court (Grand Chamber) of 26 July 2017 – European Parliament (Opinion 1/15), http://curia.europa.eu/juris/document/document.jsf?text=&docid=194498&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=647080 (last checked on 4 January 2018). 63 The fundamental rights protection related to these instruments is set out in more detail in the chapter by Schmahl, Intelligence and Human Rights, Part 4 Chapter 1, in this volume. 64 Agreement between the European Union and the USA on the processing and transfer of Financial Messaging Data from the European Union to the US for the purposes of the Terrorist Finance Tracking Program, Official Journal of the European Union L195/5 of 27.7.2010. For more information see http://ec. europa.eu/dgs/home-affairs/what-we-do/policies/crisis-and-terrorism/tftp/index_en.htm. 65 Art. 1.1.a of the EU-US TFTP Agreement. 66 Art. 1.1.b of the EU-US TFTP Agreement. 67 EU Counter-Terrorism Coordinator, JHA agencies’ role in counter-terrorism, doc. 6146/18 ADD 1/EXT 1. 68 See report by the EU Counter-Terrorism Coordinator to the Council, State of play on the implementation of the statement of the Members of the European Council of 12 February 2015, the JHA Council Conclusions of 20 November 2015 and the Conclusions of the European Council of 18 December 2015, 4 March 2016, doc. 6785/16. About the benefits of the agreement in practice, in particular in the context of investigations see also the Joint Report from the Commission and the US Treasury Department regarding the value of TFTP Provided Data pursuant to Art. 6 (6) of the Agreement between the European Union and the USA on the processing and transfer of Financial Messaging Data from the European Union to the US for the purposes of the Terrorist Finance Tracking Program.

98

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:30 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

4. Financial Intelligence Units: FIU.net within Europol – secrecy by design FIU.net is a decentralised computer network69 to facilitate the exchange of informa- 47 tion between the Financial Intelligence Units (FIUs) in EU Member States. FIUs are mandatory state agencies that handle financial intelligence. Their cooperation is based on community legislation70 concerning arrangements for cooperation between financial intelligence units of the Member States in respect of exchanging information to compensate the open borders in the single market which also affect terrorist financing. To improve the international exchange of financial intelligence, the FIUs in France, Italy, Luxembourg and the United Kingdom joined the FIU in the Netherlands with the financial support of the European Commission. The system began in 2004 and was developed over the next decade. As of 2015 all EU FIUs were connected. The information exchanged on FIU.net includes suspicious transaction reports (STRs) and Suspicious Activity Reports (SARs)71. Each FIU stores the received financial information in its own local FIU.net database, in the FIU premises, and can share that information directly through their local application server. Hence, there is no single database in the FIU.net system. Under the auspices of the Commission, FIU.net was embedded into Europol on 1 January 2016. FIU.net is not connected to the other databases of Europol, but it is part of the Horizontal Operations Support of EUROPOL. FIU.net makes use of Ma3tch72, a technology that allows connected FIUs to match 48 and compare their data with data stored by other FIUs and detect subjects of their interest in other countries, without initially disclosing the data held. Ma3tch allows autonomous pseudonymised analysis. The data in Ma3tch is ‘hashed’: FIU.net transforms the data of each subject in a dedicated alphanumeric code. Only those lists of alphanumeric code will be shared with all FIUs through their FIU.net local application servers. The original personal data cannot be derived but FIUs can perform hit/no-hit searches: an FIU will only see hits relevant to the subjects they already know and whose alphanumeric code have been shared. The Ma3tch process identifies relevant information and knowledge links between all parties in real time, even though no sensitive information is exchanged, all organizations can identify where and when other relevant information is available. Overall, Ma3tch technology has an interesting approach worth studying and developing further which may in the future also inspire the private matching of information in other areas. A national FIU can make a request to its counterpart in another EU Member State. 49 FIU.net gives national FIUs the possibility to communicate and cross-check data “FIU to FIU” in real time. Europol offers to FIUs the possibility to cross-check their own data against High-Value Targets from Europol database, using the Ma3tch technology. In April 2018, the Commission made a legislative proposal to facilitate access of law enforcement authorities (as well as Europol) to information of FIUs and vice-versa and to facilitate the cooperation between the FIUs of Member States. It includes the obligation for FIUs to reply to information requests by FIUs of other Member States 69 For more information on FIU.net see https://www.europol.europa.eu/about-europol/financial-intelligence-units-fiu-net (last checked on 4 June 2018). 70 2000/642/JHA Council Decision of 17 October 2000 and EU Directive 2015/849 (4th AMLD). 71 Those are disclosures made to an FIU by an entity (financial institutions, professionals etc.) whenever required (by applicable legislation/regulations) to provide the information, based on any type of suspicion of money laundering or terrorist financing. 72 For a detailed explication of Ma3tch, on which our description is based, see Udo Kroon, Ma3tch: Privacy AND Knowledge ‘Dynamic Networked Collective Intelligence’, 2013 IEEE International Conference on Big Data (http://ieeexplore.ieee.org/document/6691683/).

de Kerchove/Höhn

99

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:30 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

within short deadlines73. In some Member States, the FIU is part of the first circle of security/intelligence services.

5. Common risk indicators for security checks of EU nationals at external borders 50

As requested by the European Council74, in 2015, the Commission, in cooperation with Member States, Europol and Frontex developed common risk indicators for security checks of EU nationals at external borders. In cases where systematic checks of databases for all travelers are not possible, the risk indicators, which have been further operationalized by Frontex, allow targeted checks of those travelers that seem to pose the greatest risk. To identify these risks and their indicators, inputs from the relevant authorities of the Member States have been crucial. The operational plans of respective joint operations coordinated by Frontex have been amended and contain instructions for the identification of foreign terrorist fighters through crosschecking with the relevant databases, using the Common Risk Indicators. It requires the referral of potential subjects of interest for detailed second line screening and if necessary foresees onward referral to the national security and intelligence services75.

6. Risk assessment methodology developed by the Commission (DG HOME) for air cargo (aviation security) and beyond 51

In 2010, the Commission indicated its intention to “further develop the EU regime for aviation and maritime security, based on continuous assessment of threat and risks”76, hence introducing the concept. The threat and risk assessment methodology was initially developed in the area of air cargo and then expanded to aviation security. In 2012, the Council “welcom[ed] the implementation, of air cargo security control measures based on joint threat and risk assessments and the reassessments of the threats and risks to aviation security related to liquids, aerosols and gels with a view to support related policy making” and concluded: “The Council requests the Commission, the 73 17.4.2018 COM(2018) 213 final 2018/0105 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down rules facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of certain criminal offences and repealing Council Decision 2000/642/JHA {SWD(2018) 114 final} – {SWD(2018) 115 final}. 74 Informal meeting of the Heads of State or Government Brussels, 12 February 2015 – Statement by the members of the European Council: “full use be made of the existing Schengen framework to reinforce and modernise external borders’ control: we agree to proceed without delay to systematic and coordinated checks on individuals enjoying the right of free movement against databases relevant to the fight against terrorism based on common risk indicators; the Commission should issue rapidly operational guidelines for this; we will also consider a targeted amendment to the Schengen Borders Code where necessary to provide for permanent checks, based on a proposal by the Commission”. 75 For an overview of the implementation of the Common Risk Indicators see the report by the EU Counter-Terrorism Coordinator to the Council, State of play on the implementation of the statement of the Members of the European Council of 12 February 2015, the JHA Council Conclusions of 20 November 2015 and the Conclusions of the European Council of 18 December 2015, 4 March 2016, doc. 6785/16 (http://data.consilium.europa.eu/doc/document/ST-6785-2016-INIT/en/pdf last checked on 17 March 2017) as well as the report by the EU Counter-Terrorism Coordinator to the Council of 20 December 2016: Implementation of the counter-terrorism agenda of the European Council, doc. 14260/16 EXT 1 (http://data.consilium.europa.eu/doc/document/ST-14260-2016-EXT-1/en/pdf last checked on 17 March 2017) and ADD 1 EXT 1 (http://data.consilium.europa.eu/doc/document/ST14260-2016-ADD-1-EXT-1/en/pdf last checked on 17 March 2017); EU Counter-Terrorism Coordinator, JHA agencies’ role in counter-terrorism, doc. 6146/18 ADD 1/EXT 1. 76 “The EU Internal Security Strategy in Action: Five steps towards a more secure Europe”, Communication from the Commission to the European Parliament and the Council, 22.22.2010, COM(2010) 673 final.

100

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:31 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

High Representative and the Member States, in accordance with their respective roles and areas of competence, to consider extending the risk assessment activities hitherto conducted on air cargo and liquid explosives, to other domains of aviation security to be commonly agreed upon in the remit of Regulation 300/2008 to support risk based policy making. Due consideration should be given to relevant data for aviation security.”77 The risk assessment methodology has been developed by the Commission jointly with Member States and with strong support from EU INTCEN. Member States determine which authorities participate in the meetings, de facto, often, security services participate in the risk assessment. It has been extended to many other areas relevant to Commission competence both in aviation security and outside (transport security, supranational risk assessment for anti-money laundering and counter-terrorist financing, energy security, customs security etc). With regard to air cargo: Generally, air carriers that fly air cargo or mail into the EU 52 from a non-EU airport are required to comply with the EU ‘Air Cargo or Mail Carrier operating into the Union from a Third Country Airport’ (ACC3) programme78. ACC3 designation is required for each non-EU airport from which an air carrier flies air cargo or mail to the EU. However, the EU ACC3 requirements are waived for cargo and mail operations from origins with robust aviation security measures and with an established low risk, as identified through an EU Risk Assessment. These origins are laid down in Attachment 6-F to Regulation (EU) No 185/2010.79 At the same time, additional rules apply to cargo and mail that has been identified, again through an EU Risk Assessment, as high risk-cargo and mail. According to Art. 6 of the Anti-Money Laundering (AML) directive, the Commission 53 is carrying out supranational risk assessments for the EU related to AML and counter terrorist financing while Member States carry out their national risk assessments. The Commission, in close consultation with Member States, identifies common systemic risks across the EU and suggests mitigating measures. The latest risk assessment was published in June 201780.

7. European Union Satellite Centre (SATCEN) The EU SATCEN is a CFSP (Common Foreign Security Policy) instrument and was 54 incorporated as an agency into the EU in 2002. It provides Geospatial Inteligence (GEOINT) and Imagery Intelligence (IMINT) products to EU institutions, CSDP missions, JHA agencies and Member States upon request. It is pooling and sharing knowhow and services by providing analysis products, training and working to improve capabilities. SATCEN’s sources of satellite data are commercial providers and governmental satellite imagery from EU Member States. With regard to CT, “EU SatCen provides geospatial analysis of specific aspects of terrorism activity like terrorist training 77 Council Conclusions on aviation security against terrorist threats, December 2012, doc 17008/12 (http://register.consilium.europa.eu/doc/srv?l=EN&f=ST%2017008%202012%20INIT last visited 21 April 2017). 78 See http://ec.europa.eu/transport/modes/air/security/cargo-mail/non-eu_en.htm. 79 For security reasons, this attachment is not made public and only made accessible by Member States authorities based on a ‘need-to-know’. For further information on ACC3 see European Commission, Focus on ACC3 requirements Answers to the most frequently asked questions on EU regulations for inbound air cargo and mail VERSION 1.1, http://ec.europa.eu/transport/modes/air/security/cargo-mail/ doc/qa1082v11.pdf. 80 Report from the Commission to the EP and the Council on the assessment of the risks of money laundering and terrorist financing affecting the internal market and relating to cross-border activities, COM/2017/0340 final, https://publications.europa.eu/en/publication-detail/-/publication/ce3cb15d-5a5a11e7-954d-01aa75ed71a1/language-en (last visited 4 April 2018) and SWD (2017) 241 final.

de Kerchove/Höhn

101

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:31 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

camps or weapons smuggling. Satellite imagery, in conjunction with other spatial data, is also used for the development of spatial models of vulnerability to terrorism threats.”81

C. Relevant interfaces between EU tools and security services 55

In addition to EU tools which are related to intelligence, there are a number of interfaces which make other EU tools relevant for security services82. Combatting current and future security challenges would benefit from improved cooperation between the law enforcement, intelligence and military as well as IT security communities. Too much useful information lives and is contained within the silos of these individual communities for the moment.

I. Schengen Information System (SIS) II83 The SIS II is a flanking measure to compensate the abolishment of internal border controls in the Schengen area: In the context of the fight against terrorism, information about foreign terrorist fighters and other terrorist suspects is added by Member States to the database, so that in the context of border controls or checks within the Schengen area information on terrorist suspects from all Schengen partners (and the UK, which participates in the law enforcement part of the SIS II) is available. It is crucial that information on suspected foreign terrorist fighters and other terrorist suspects is entered into the SIS II systematically84 and that the database is checked systematically at the EU’s external borders85. SIS II generates leads about the movement of terrorist suspects and hence enhances the intelligence picture. 57 Art. 36 (3) of the SIS II Council Decision provides the possibility for security services to enter information into the SIS II for discrete checks, hence this is a link, an entry point for services to an EU system: 56

81 https://www.satcen.europa.eu/services/general_crime_and_security_surveillance (last visited on 17 January 2018) A good overview of SATCEN’s activities can be found in its Annual Report 2016 (https://www.satcen.europa.eu/key_documents/EU%20SatCen%20Annual%20Report% 20201658e24cb1f9d7202538bed52b.pdf last visited on 17 January 2018). 82 See also the speech by the Director General of the British MI5 Andrew Parker to the BfV Symposium in Berlin on 14 May 2018 (https://www.mi5.gov.uk/news/director-general-andrew-parker-speech-to-bfvsymposium last checked on 11 June 2018): “National level and multilateral security work between European nations draws strength from a range of important EU systems and arrangements. Exchanging data through EU law enforcement databases, and Passenger Name Records on the travel of terrorist subjects across Europe provides vital intelligence.” 83 Comprehensive information about the SIS II can be found on the Commission’s website at http:// ec.europa.eu/dgs/home-affairs/what-we-do/policies/borders-and-visas/schengen-information-system/ index_en.htm. 84 Conclusions of the European Council of 18 December 2015 “ensuring the systematic entry of data on foreign terrorist fighters into the Schengen Information System II”, doc EUCO 28/15. 85 Conclusions of the European Council of 18 December 2015: “It is also crucial that Member States implement systematic and coordinated checks at external borders, including on individuals enjoying the right of free movement.” In line with the mandates given by the JHA Council in November 2015 and by the European Council in December 2015, a targeted amendment of the Schengen Borders Code was adopted in 2016 to introduce mandatory systematic checks at external land, sea and air borders with regards to Union citizens and other persons enjoying the right of free movement, who would be checked systematically against relevant databases. The systematic checks of Union citizens in the databases are done on a “hit/no hit” basis, using the databases in such way that personal data rights are only impacted to a very limited extent justified by the security objectives.

102

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:32 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

“In addition, an alert may be issued in accordance with national law, at the request of the authorities responsible for national security, where there is concrete indication that the information referred to in Article 37(1) is necessary in order to prevent a serious threat by the person concerned or other serious threats to internal or external national security. The Member State issuing the alert pursuant to this paragraph shall inform the other Member States thereof. Each Member State shall determine to which authorities this information shall be transmitted.”86 In its conclusions on 20 November 2015, the JHA Council stated that “Member States will ensure that national authorities enter systematically data on suspected foreign terrorist fighters into the SIS II, in particular under Article 36.3, carry out awareness raising and training on the use of the SIS and define a common approach to the use of the SIS II data relating to foreign fighters.”87 Increasingly, security services in EU Member States are feeding and using the SIS II 58 databases, especially in the context of foreign terrorist fighters. There are differences among Member States: Some enter foreign terrorist fighters under the law enforcement provision of 36.2, others under the intelligence provision of Art. 36.3. Work has been undertaken in the past years to optimize and harmonize the use of the SIS II in the context of foreign terrorist fighters, for example by identifying criteria for the insertion of a person in this context and by adding a terrorist marker. Under the Netherlands Presidency, the JHA Council adopted a roadmap in June 2016 identifying a number of measures to further improve the use of the SIS II in the context of foreign terrorist fighters. In some Member States, there are obstacles for services to feeding the SIS II, for 59 example in the case of need for the authorization by a judge or prosecutor to enter a name88. It is important to identify and address potential obstacles both at national and European level. It is also important to exchange experiences of the services with the use of the SIS II, as well as to harmonize the actions to be taken in case of a hit and to train the border guards and police officers accordingly. While there is no explicit provision of access for security services to the SIS II in the current legislation, such access for queries would be possible if a member of the service was seconded to the national SIRENE bureau. Then the SIS II data could be run against the databases of the service. Granting explicit access to the SIS II to security services (or the possibility to designate security services as competent authorities under the regulation) will be an important question in the context of the update of the SIS II regulation89. Access to the SIS II for security services is important. Another important question is the mutualisation of the hits after a hit has occurred: 60 So far, only the Member State providing the information relevant for the hit and the Member State where the hit occurs are informed of the hit90. However, in the Schengen zone, it is relevant for all Member States to know when and where a foreign terrorist 86 Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II), Official Journal of the European Union L 205/ 63 of 7.8.2007. 87 Conclusions of the Council of the EU and of the Member States meeting within the Council on Counter-Terrorism, 20 November 2015, doc 14406/15. 88 Reasons for these obstacles may include national fundamental rights related principles. 89 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending Regulation (EU) No 515/2014 and repealing Regulation (EC) No 1986/2006, Council Decision 2007/533/JHA and Commission Decision 2010/261/EU – COM/2016/0883 final – 2016/0409 (COD). 90 The SIS works on a hit/no hit basis: For example, a name is being checked in the database, if an alert is in the system there is a “hit”.

de Kerchove/Höhn

103

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:32 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

fighter has re-entered the EU or been intercepted within the EU. Therefore, a procedure is being discussed to inform other Member States and Schengen associated countries about the hits. This would allow to have a much fuller information picture, to which it would also be important to associate Europol if possible to ensure the best possible support to Member States who are leading the investigations.

II. European Counter-Terrorism Centre (ECTC) at Europol91 In November 2015, the JHA Council stated: “Europol will launch the European Counter Terrorism Centre (ECTC) on 1 January 2016 as a platform by which Member States can increase information sharing and operational cooperation with regard to the monitoring and investigation of foreign terrorist fighters, the trafficking of illegal firearms and terrorist financing”92. In December 2015, the European Council referred to the urgency of “improving information exchange between Member States’ counterterrorism authorities, supporting the work of the new Europol CT Centre, and increasing Member States’ contributions to Europol databases”.93 62 On 1 January 2016, Europol launched the European Counter Terrorism Centre (ECTC). This is a platform through which Member States can increase information sharing and operational cooperation with regard to: the monitoring and investigation of foreign terrorist fighters; the trafficking of illegal firearms; and terrorist financing and the identification of additional lines of investigations. Member States can make use of Europol’s full range of capabilities in the area of organised and cyber-crime, such as cross-checking the relevant data. The ECTC serves as an information hub for counterterrorism for law enforcement and other relevant authorities in EU Member States and beyond and provides operational support, coordination and expertise for Member States’ investigations, as well as a strategic support capability, including in tackling the use of social media for radicalisation purposes94. Europol is developing an interesting capacity to support internet based investigations of Member States in the context of the Internet Referral Unit and the European Cybercrime Centre EC3. For this, it will be necessary to attract top talent, such as PhDs in IT and mathematics, hence have the possibility to recruit also outside of the police forces, as Member States services already do. 63 Increasingly, Member States are asking Europol to provide support on major counterterrorism investigations, such as after the Paris and Brussels attacks in 2015 and 201695. The ECTC strongly increased operational support to Member States. Support more than tripled in 2017 (439 supported operations) compared to 2016 (127). Around a third of this support is provided by the Internet Referral Unit (IRU)96. By the end of 2017, terrorism has become the third largest crime area in Europol’s Secure Information 61

91

See also the Chapter by Ryder, European Criminal Intelligence, Part 3 Chapter 3, in this volume. Conclusions of the Council of the EU and of the Member States meeting within the Council on Counter-Terrorism, 20 November 2015, doc 14406/15. 93 Conclusions of the European Council of 18 December 2016, doc EUCO 28/15. 94 See the report by the EU Counter-Terrorism Coordinator to the Council, State of play on the implementation of the statement of the Members of the European Council of 12 February 2015, the JHA Council Conclusions of 20 November 2015 and the Conclusions of the European Council of 18 December 2015, 4 March 2016, doc. 6785/16. On the ECTC see also Europol’s European Counter-Terrorism Centre strengthens the EU’s response to terror and the infographic, https://www.europol.europa.eu/content/ectc and the analysis by Chertoff et. al, Globsec Intelligence Reform Initiative p. 16 ff. 95 For a recent overview over Europol’s activities relevant to CT see EU Counter-Terrorism Coordinator, JHA agencies’ role in counter-terrorism, doc. 6146/18 and doc. 6146/18 ADD 1/EXT 1. 96 EU Counter-Terrorism Coordinator, JHA agencies’ role in counter-terrorism, doc. 6146/18 ADD 1/EXT 1. 92

104

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:33 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

Exchange Network (SIENA): The volume exchanged by EU Member States and third parties now accounts for 12% of all exchanged messages (of overall exchanged messages, after robbery and drugs related crime, 16 % and 14 % of all messages exchanged, respectively)97. In support of the Member States, Europol can also help to prevent and disrupt 64 terrorist activities, hence support preventive investigations. It would be important for Member States to use Europol services to support investigations from the earliest possible stage and to reflect upon how best Europol can use its capabilities to support the Member States’ investigations of homegrown terrorist fighters98. The Commission supports the development of a more proactive and preventive role of Europol99. The new Europol regulation which entered into force in May 2017 provides a more modern legal framework for Europol100. In addition to the EIS101, information is exchanged via the Analytical Workfile Focal Point Traveller102 on foreign terrorist fighters103. However, while information sharing has been boosted (see above) and Member States now trust Europol and share counter-terrorism information more actively, it still not fully reflects the threat. As the sharing of names has increased considerably, it is more important now to also improve data quality and share contextual information for analysis purposes104. It is now more than ever important to enhance data quality and share contextual information for analysis purposes, both from an operational and strategic perspective. This becomes even more relevant, given that a strategic foresight component in assessing the strategic threat posed by terrorism, in a real time fashion, still needs to be established, to fully answer questions regarding, for instance, cyberterrorist threat scenarios and the risks resulting from the change of the situation in terms of the territorial influence of Daesh in the conflict zones in Syria and Iraq in particular. It is a challenge that the tasks of police and security services are different across the 65 Member States, so that some Member States, where police have early preventive powers, 97 By the end of 2015, there were about 732.000 exchanged messages on CT (8 %), and by the end of 2017, 1.005.610 messages processed through SIENA at Europol. 98 EU Counter-Terrorism Coordinator, JHA agencies’ role in counter-terrorism, doc. 6146/18. 99 Enhancing security in a world of mobility: improved information exchange in the fight against terrorism and stronger external borders, COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE EUROPEAN COUNCIL AND THE COUNCIL, Brussels, 14.9.2016 COM(2016) 602 final (http://ec.europa.eu/justice/citizen/document/files/com_2016_602_enhancing_security_en.pdf last checked on 17 March 2017). 100 REGULATION (EU) 2016/794 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/ 968/JHA (file://dm4/home/docs/CTC/HoSG%202017%20implementation/Europol%20regulation.pdf last visited 21 April 2017). 101 See supra, mn. 29. 102 This is a specific database where information about foreign fighters is shared among Member States and with partner countries which have acceded to the Focal Point such as the US and Australia as well as INTERPOL and Eurojust. 103 For previous figures see the report by the EU Counter-Terrorism Coordinator to the Council of 4 March 2016, doc. 6785/16 as well as the report of December 2016 doc. 14260/16 EXT 1. See also de Kerchove/Höhn, The Regional Answers and Governance Structure for Dealing with Foreign Fighters: the Case of the EU, in: Foreign Fighters under International Law and Beyond, eds. Andrea de Guttry, Francesca Capone, Christophe Paulussen (2016), p. 299–326. 104 See recommendation by the EU CTC: “Member States should maintain a high volume and quality of contributions provided to Europol, while increasing the data quality, e. g. by contextual information for analysis purposes”. Report by the EU Counter-Terrorism Coordinator to the Council of 20 December 2016: Implementation of the counter-terrorism agenda of the European Council, doc. 14260/16 EXT 1, EU Counter-Terrorism Coordinator, JHA agencies’ role in counter-terrorism, doc. 6146/18.

de Kerchove/Höhn

105

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:33 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

share more information than others, where security services are in the lead105. The level of sharing varies among Member States. Europol is able to handle information up to level secret106 and has strict handling codes which allow Member States to remain the owners of the information that is shared. The more information is shared with Europol, the more interesting cross-checking becomes. Cross-checking with information Europol has received is interesting in particular given the criminal background of many of the recent attackers – as of November 2016, 816 individuals reported to Europol for terrorism-related offences have also been reported for involvement in serious and/or organised crime107. 66 Although it is called Europol, it is not a law enforcement agency, but rather an information sharing hub. Security services can be designated as Europol competent authorities by the Member States and enjoy full cooperation with and participation in Europol108. The TFEU and the legal framework of Europol allow information exchange between law enforcement and intelligence services109. The Europol regulation allows Europol to receive and cross-check information about persons who may commit a crime in the future110. It is a positive development that a number of Member States have seconded liaison officers from their security services to the national liaison bureaux in The Hague and have connected their security services to the SIENA network. 67 After the Brussels attacks of March 2016, Europol has put in place a Joint Liaison Team111 of seconded investigators from Member States which is supporting investigation into links of terrorist groups across the EU. Security services could second experts to this team or to their national Europol liaison bureau either at home or at Europol in The Hague, which would allow the service access to Europol’s information and might facilitate cooperation. 105 See also de Kerchove/Höhn, “The Regional Answers and Governance Structure for Dealing with Foreign Fighters: the Case of the EU”, in: Foreign Fighters under International Law and Beyond, eds. Andrea de Guttry, Francesca Capone, Christophe Paulussen (2016) p. 299–326. 106 The electronic network for information exchange SIENA was upgraded to confidential in the autumn 2016 and it is being explored how Europol can support the network of the Police Working Group on Terrorism (level secret). Manually, Europol can already handle information at the level secret. 107 Europol analysis: Changes in Modus Operandi of IS revisited, November 2016, https://www.europol. europa.eu/newsroom/news/islamic-state-changing-terror-tactics-to-maintain-threat-in-europe (last checked 17 March 2017). Chertoff et. al, Globsec Intelligence Reform Initiative p. 13 also highlight that more recent terrorism often has its origins in criminal networks and is often perpetrated by known criminals. “Lines between criminals and terrorists are increasingly blurred.” p. 15. 108 See also Chertoff et. al, Globsec Intelligence Reform Initiative p. 17: “Some intelligence services which are designated at Member State level to also constitute “competent” authorities under the legal framework of Europol have contributed data on foreign terrorist fighters to the EIS.” 109 See also Chertoff et. al, Globsec Intelligence Reform Initiative p. 17. 110 The new Regulation has a clear definition of the persons to be stored in Annex II of the Europol Regulation which became applicable in May 2017, for cross-checking data (in the EIS), namely “Personal data collected and processed for the purpose of cross-checking shall relate to: (a) persons who, in accordance with the national law of the Member State concerned, are suspected of having committed or having taken part in a criminal offence in respect of which Europol is competent, or who have been convicted of such an offence; (b) persons regarding whom there are factual indications or reasonable grounds under the national law of the Member State concerned to believe that they will commit criminal offences in respect of which Europol is competent.” 111 Joint statement of EU Ministers for Justice and Home Affairs and representatives of EU institutions on the terrorist attacks in Brussels on 22 March 2016, doc 7371/16 “set up a joint liaison team of national counter-terrorism experts at Europol’s European Counter Terrorism Centre (ECTC) to support the Member States’ law enforcement authorities in investigating the wider European and international dimensions of the current terrorist threat, to which Member States are invited to second experts. This team will draw on Europol’s law enforcement capabilities to monitor the threat from foreign fighters, the flows of terrorist financing and illegal firearms, and online propaganda.” See EU Counter-Terrorism Coordinator, JHA agencies’ role in counter-terrorism, doc. 6146/18 and doc. 6146/18 ADD 1/EXT 1.

106

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:34 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

In some Member States, police and security services are double-hatted, which may facilitate information sharing and cooperation through Europol (although such doublehatting is not necessary for services to cooperate with Europol)112. Some security services are already connected to Europol’s electronic information exchange network SIENA, in particular the dedicated counter-terrorism network within SIENA. Security services of several EU Member States are connected to Europol via the network of national counterparts in the context of Europol’s Internet Referral Unit113, which is detecting terrorist content on the internet and referring it to the internet companies for removal. Starting in 2016, Europol has also been asked by the Committee on Internal Security (COSI) to provide regular strategic assessments of the terrorist threat, alongside INTCEN, which it has started to do114. Europol is part of the EU’s initiative to ensure greater interoperability of databases115. Europol is also preparing its support to the Passenger Information Units (PIUs) of the Member States for processing and use of Passenger Name Record (PNR) data. Enrichment of Europol’s analysis by drawing on PNR data on known criminals and terrorists is in preparation. Europol is also developing a vision on travel information in cooperation with the Commission, other JHA agencies and Member States on how the various initiatives (ETIAS, EES, PNR, interoperability, revisions of SIS and Eurodac) can get together from an operational perspective and how Europol can best support the relevant border management and security authorities116. In October 2017, the Commission tabled a CBRN action plan117 proposing to develop a CBRN knowledge hub within the ECTC.

68

69

70

71

III. Interoperability of databases Greater interoperability of EU databases is a priority identified by the European 72 Council118. Today, EU databases are fragmented and based on different legal bases. Given the security and migration challenges as well as the new, unified legal basis for both under the Lisbon Treaty, it is important to re-think the current approach, taking on board from the beginning privacy by design. In December 2017, the Commission presented an interoperability legislative package119, based on the work of the High Level

112

See supra mns. 65–66. See: Europol’s Internet Referral Unit to combat terrorist and violent extremist propaganda, https:// www.europol.europa.eu/content/europol%E2%80%99s-internet-referral-unit-combat-terrorist-and-violentextremist-propaganda. 114 “Structured and multilateral approach for operational cooperation on CT threats: COSI had several discussions on the topic during the Netherlands Presidency and decided that regular separate future oriented threat assessments from INTCEN and Europol (law enforcement perspective) would be presented to COSI. COSI has started to implement this approach under the Slovak Presidency.” EU CTC report to the Council, December 2016, doc. 14260/16 ADD 1 EXT 1. 115 See infra mn. 72. 116 See EU Counter-Terrorism Coordinator, JHA agencies’ role in counter-terrorism, doc. 6146/18 and doc. 6146/18 ADD 1/EXT 1. 117 Action plan to enhance preparedness against chemical, biological, radiological and nuclear security risks, COM(2017) 610 final, 18.10.2017. 118 European Council Conclusions of 18 December 2015: “ensuring the interoperability of the relevant databases with regard to security checks”. 119 The press release provides a comprehensive overview and links to all the relevant legislative proposals and other documents (http://europa.eu/rapid/press-release_IP-17-5202_en.htm last checked on 4 January 2018). 113

de Kerchove/Höhn

107

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:34 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

Experts Group on Information Systems and Interoperability120. The package includes the establishment of a European Search Portal, a shared biometric matching service and a common identity repository. The work on interoperability is highly relevant to the security services as optimal interoperability would allow a much better information picture, while at the same time benefiting privacy and data protection (a common repository of data for security, travel and migration would help to better detect identity fraud and facilitate review by data protection authorities). Data protection and privacy have been taken into account from the beginning in the design of the interoperability package121.

IV. Access of security services to the EU databases It may be of interest for security services to have access to European databases and tools. As mentioned above, services have expressed an interest in access to the PNR and SIS II information, but there are also other databases such as the Entry-Exit-System which is currently under discussion. While security services are not specifically mentioned in the instruments today, there are possibilities for access: 74 On PNR, it is up to each Member State to set the conditions for access of security services. The EU text allows such access, as competent authorities can be those responsible for prevention and fight against terrorism122. This means that security services could be designated as or included into a PIU. To have maximum use of the PNR system and have full access to the data, it may be useful to consider placing an officer from the security service into the national Passenger Information Unit, as only the PIU has access to all PNR data. This would ensure that cross-checks can be carried out against all relevant security service databases and full access. Therefore, security services may want to be closely involved in the technical and legal next steps at national level to ensure that services can use the PNR to the maximum extent. With regard to SIS II and Europol, secondments by the service to the national SIRENE and/or Europol liaison bureau would allow access and running the information against the databases of the service. 73

V. Security research 75

The Commission has also invited security services to form a network to provide input and direction to future Horizon 2020 research programming and to review results from existing research projects of use for the services123. This network would be flexible 120 Information on the HLEG (with the participation of relevant stakeholders such as experts from EU Member States, the EU Counter-Terrorism Coordinator and EU JHA agencies) can be found here: http://ec.europa.eu/transparency/regexpert/index.cfm?do=groupDetail.groupDetail&groupID=3435 (last checked 17 March 2017). The final report by the HLEG was issued in May 2017 and includes an annex by the EU CTC (http://ec.europa.eu/transparency/regexpert/index.cfm?do=groupDetail.groupDetail Doc&id=32600&no=1 last checked 4 January 2018). 121 The EU’s Fundamental Rights Agency and the European Data Protection Supervisor (EDPS) actively participated in the HLEG interoperability and have provided annexes to the final report. 122 Art. 4.1 of the PNR directive: “Each Member State shall establish or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and of serious crime or a branch of such an authority, to act as its passenger information unit (‘PIU’).” 123 Horizon 2020 Work Programme 2016–2017, Secure societies – Protecting freedom and security of Europe and its citizens, European Commission Decision C (2015)6776 of 13 October 2015, SEC-21–GM2016-2017: Pan European Networks of practitioners and other actors in the field of security.

108

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:35 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

and outside of the institutional context and could be an interesting tool for services to benefit from EU funding and determine the direction of future security research in areas which are of particular relevance, such as for example new technologies, cyber security etc. Security services of EU Member States can also apply to participate in EU research 76 projects, which several services of EU Member States have already successfully done. This seems to have provided useful contacts also to the academic community, for example on prevention of radicalization. Security services can also apply for funding under the Internal Security Fund124.

VI. EU Computer Emergency Response Team (CERT) After a pilot phase of one year and a successful assessment by its constituency and its 77 peers, the EU Institutions decided to set up a permanent Computer Emergency Response Team (CERT-EU)125 for the EU institutions, agencies and bodies in 2012. It’s mission is to enhance the security of the IT infrastructure of all EU institutions, bodies and agencies by supporting incident prevention, detection, mitigation and response. The team is currently made up of 30 IT security experts who carry out highly specialised operational work to which information is critical. It cooperates closely with other CERTs in the Member States and beyond as well as with specialised IT security companies. It has subscribed to many commercially available tools within its remit to increase its knowledge base and collection of useful information to mitigate cyber threats. Exchanges with CERTs in EU Member States take place on a real time basis. It also cooperates closely with INTCEN and Europol. Within certain Member States, cooperation of CERTs and security services is important. Therefore, also on EU level, cooperation with security services is relevant. The Commission’s proposal for updating the mandate of ENISA126, the EU Cyberse- 78 curity Agency, includes steps to strengthen the role of ENISA in cyber security. It will have a supporting role in operational cooperation as secretariat of the CERTs Network by ensuring, among others, the well-functioning of the CERTs Network IT infrastructure and communication channels, requiring a structured cooperation with CERT-EU, European Cybercrime Centre (EC3) and other relevant EU bodies. With CERT-EU it could provide technical assistance in case of significant incidents and to support incident analysis, as well as vulnerability analysis upon request of Member States. The European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE)127 79 is an instrument of its participating countries128. Participation in the Centre is open to EU Member States and NATO Allies. The EU and NATO are invited to join the activities of the Centre. Hybrid CoE is to serve as a hub of expertise supporting efforts 124 See http://ec.europa.eu/dgs/home-affairs/financing/fundings/security-and-safeguarding-liberties/internal-security-fund-police/index_en.htm. 125 More information: https://cert.europa.eu/cert/filteredition/en/CERT-LatestNews.html (last checked on 17 March 2017). 126 COM(2017) 477 final 2017/0225 (COD), Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (‘’Cybersecurity Act’’). 127 For more information about the centre see https://www.hybridcoe.fi/about-us/. 128 Currently, the Participants of the Memorandum of Understanding concerning Hybrid CoE are Estonia, Finland, France, Germany, Latvia, Lithuania, Netherlands, Norway, Poland, Spain, Sweden, the UK and the USA.

de Kerchove/Höhn

109

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:35 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

to enhance civil-military capabilities, resilience, and preparedness to counter hybrid threats with a special focus on European security, including to further a common understanding of hybrid threats at strategic level and promote the development of comprehensive, whole-of-government response at national levels and of coordinated response at EU and NATO levels.

VII. Privacy shield The EU-US Privacy Shield129, adopted in June 2016, which regulates the transfer of data within companies between EU to US locations, replaces the Safe Harbour scheme, which was invalidated by the European Court of Justice. One interesting aspect in this context is the national security exception to the agreement, of which the Privacy Shield regulates the scope. 81 One of the objectives of the update and reform of the Safe Harbour scheme was the need to ensure that use of the national security exception provided in Commission Decision 2000/520/EC is limited to an extent that is strictly necessary and proportionate130. The Privacy Shield consists of the Privacy Principles and several official communications, representations and commitments by the US Government which will also be published in the US Federal register and which are the result of talks between the Commission and the US Government. All this is annexed to the Commission’s adequacy decision that assesses whether the Shield provides adequate privacy protections. 82 Adherence to the Privacy Principles is limited to the extent necessary to meet national security, public interest or law enforcement requirements131. The Commission has assessed the limitations and safeguards available in US law regarding access and use of personal data transferred under the EU-US Privacy Shield by US public authorities for national security purposes. In addition, the US Government, through its Office of the Director of National Intelligence (ODNI) has provided the Commission with detailed recommendations and commitments contained in Annex VI to the decision. The US has also committed to create a new oversight mechanism for national security interference (Annex III)132. The adequacy decision sets out in detail the findings of the Commission on access and use by US public authorities for national security purposes, in particular limitations, oversight and individual redress133. After a detailed analysis, the Commission assesses that the US national security framework relevant to the Privacy Shield captures the essence of the principles of necessity and proportionality134 and concludes that there are rules in place in the US designed to limit any interference for national security purposes with the fundamental rights of the persons whose personal data are transferred under the Privacy Shield to what is strictly necessary to achieve the legitimate objective in question135. 80

129 For more information see http://europa.eu/rapid/press-release_IP-16-2461_en.htm and the fact sheet http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_eu-us_privacy_shield_en.pdf. 130 See pre-ambular para 8 of the COMMISSION IMPLEMENTING DECISION of 12.7.2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield, Brussels, 12.7.2016 C(2016) 4176 final (adequacy decision). 131 Annex II, Sec I.5, para 64 of the adequacy decision. 132 Para 65 of the adequacy decision. 133 Paras 67–124 of the adequacy decision. 134 Paras 76 of the adequacy decision. 135 Para 88 of the adequacy decision.

110

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:35 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

VIII. Fundamental Rights Agency At the request of the European Parliament, the EU’s Fundamental Rights Agency 83 (FRA), one of the JHA agencies which participated in the High Level Expert Group mentioned earlier, launched research on surveillance by national intelligence authorities and fundamental rights136. In November 2015, FRA published a report mapping the legal framework on surveillance in the Member States137. The report highlights that introducing and maintaining clear and accessible legislation and strong oversight mechanisms is challenging, but vital in striking a balance between security and privacy. In 2017, FRA published the second report. “It updates FRA’s 2015 legal analysis on the topic, and supplements that analysis with field-based insights gained from extensive interviews with diverse experts in intelligence and related fields, including its oversight.”138

IX. Battlefield information Terrorist organizations such as Daesh and AQ are present on battlefields, such as in 84 Syria and Iraq, hence the military forces on the ground have opportunities to collect significant amounts of information on terrorist groups (documents, electronics, cellphones, computers, fingerprints). Given presence of foreign terrorist fighters and the nexus between Daesh structures on the battlefield and operations around the world, it is important that such information is not only collected, but also analyzed and shared with border and law enforcement authorities. It would be crucial for this information to be available in real time at the borders, hence in the SIS II system for the Schengen area, so that infiltration into the EU of Daesh operatives from the conflict zone can be avoided. Such information may also be useful for investigations and prosecutions of terrorist suspects in Europe. This requires information sharing not only with intelligence and security services, but also with law enforcement and border authorities. There are interesting precedents from the INTERPOL VENNLIG project the previous armed conflict in Iraq and in Afghanistan (INTERPOL project HAMAH)139. The EU has started to discuss these issues, which are also on the agenda at the G7140 and the antiISIL coalition141. Exploring closer cooperation with NATO and the US, which has a lot 136 See http://fra.europa.eu/en/project/2014/national-intelligence-authorities-and-surveillance-eu-fundamental-rights-safeguards-and (last visited 19 April 2017). 137 Report: “Surveillance by intelligence services: fundamental rights safeguards and remedies in the EU” (http://fra.europa.eu/en/project/2014/national-intelligence-authorities-and-surveillance-eu-fundamental-rights-safeguards-and/publications last checked 19 April 2017). 138 FRA report: “Surveillance by intelligence services: fundamental rights safeguards and remedies in the EU Volume II: field perspectives and legal update” (http://fra.europa.eu/en/publication/2017/surveillance-intelligence-socio-lega last checked 4 January 2018). 139 INTERPOL pioneered military-to-law enforcement information exchange, starting in 2005 with Project Vennlig in Iraq, and later in Afghanistan through Project Hamah. See INTERPOL press release https://www.interpol.int/fr/News-and-media/News/2017/N2017-144 (last checked 8 January 2018). 140 G 7 statement of Ministers of the Interior, 19–20 October 2017: “commit ourselves to discuss among G7 members states to deepening the issue of “battlefield data” acknowledging the legal and procedural challenges” (http://www.g7italy.it/sites/default/files/documents/Joint%20Communiqu%C3%A9.pdf) (last checked 8 January 2018). 141 “Coalition members are actively disrupting Da’esh networks that move individuals, material and funds to enable external attacks. Information sharing, enhanced traveller screening and law enforcement cooperation – including collection of evidence admissible in courts of law – are essential to this effort, as

de Kerchove/Höhn

111

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:36 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

of experience with embedding prosecutors and law enforcement with military forces and sharing internationally with law enforcement, will be important. It is also worth exploring how information collected by the International Criminal Court in conflict theatres can be made available to law enforcement and judicial authorities. The EU will establish a crime information cell pilot within the naval operation EUNAVFOR MED SOPHIA to facilitate sharing of information between military, law enforcement, judicial and border authorities, with the participation of Europol and Frontex.

D. European intelligence cooperation outside of the EU context I. Counter-Terrorism Group (CTG) As pointed out above, the cooperation between the security services of EU Member States and some partners takes place outside of the EU context in the CounterTerrorism Group (CTG), which was created by the Berne Club after 9/11. During the extraordinary JHA Council on 20 September 2001, Ministers called upon the heads of the security services of the EU Member States to intensify their cooperation and to increase the sharing of information. Since then, the CTG has met regularly at Heads of Service, Heads of Counter-Terrorism Units and expert level142. The regular threat assessments which are produced by the CTG are shared with EU institutions through the INTCEN. The chairman of the CTG has briefed the Justice and Home Affairs (JHA) Council repeatedly on the progress of cooperation in the context of the CTG, in particular the setting up of the common platform under the Dutch Presidency, which will allow the electronic exchange of information and closer cooperation through posting of members of the services of the Member States to the platform.143 In the future, the chairman of the CTG will be regularly invited to attend the JHA Council when counter-terrorism is being discussed. The platform and the increased engagement of the CTG with the JHA Council are very positive developments144. 86 Given the need to cross-check information on terrorist suspects with crime information and to have a complete information picture, it will be desirable to establish cooperation between the ECTC at Europol and the CTG platform. Otherwise, there are risks of not connecting the dots sufficiently. This is currently being explored. 85

is the ability to prosecute and penalize foreign terrorist fighters and others providing material support to Da’esh. We encourage information sharing through INTERPOL and other collective law enforcement channels, such as EUROPOL, as well as through financial intelligence unit (FIU) channels.” Joint Statement by Ministers of the Global Coalition following the Meeting on the Defeat of Da’esh, 22 March 2017 (https://eeas.europa.eu/headquarters/headquarters-homepage_en/23342/Statement%20by%20Ministers%20of%20the%20Global%20Coalition%20following%20the%20Meeting%20on%20the%20Defeat%20of %20Da%E2%80%99esh,%20Washington%20D.C.,%2022%20March%202017 last checked 8 January 2018). 142 On the CTG, see also Chertoff et. al, Globsec Intelligence Reform Initiative p. 15 f. 143 “New platform for deepening cooperation between European intelligence and security services”, press release, Netherlands Presidency of the EU, January 2016. Joint statement of EU Ministers for Justice and Home Affairs and representatives of EU institutions on the terrorist attacks in Brussels on 22 March 2016, doc 7371/16: “fully support the work of the Counter Terrorism Group (CTG), in particular by further accelerating the establishment of a dedicated platform for real time, multilateral information exchange.” 144 On cooperation within the CTG see also the speech by the Director General of the British MI5 Andrew Parker to the BfV Symposium in Berlin on 14 May 2018 (https://www.mi5.gov.uk/news/directorgeneral-andrew-parker-speech-to-bfv-symposium).

112

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:36 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

In its Communication on “Enhancing security in a world of mobility: improved 87 information exchange in the fight against terrorism and stronger external borders” of September 2016145, the Commission writes: “While some progress has been observed recently, and law enforcement counterterrorism units increasingly cooperate with Europol’s European Counter-Terrorism Centre, cooperation between law enforcement and security services is still uneven. Security services exchange more regularly through the Counter Terrorism Group (CTG), outside the EU framework, and the two communities remain operationally disconnected. The key challenge remains how to harness the potential benefits of sharing information and intelligence to make a real operational difference. This does not need institutional innovations. But making full use of the possibilities for cooperation under the EU Treaties could deliver a change in sharing and connecting information through multidisciplinary cooperation. The range of options available to achieve this objective are framed by the competences conferred in the Treaties, the responsibility for national security belonging to Member States. In this context, the Commission will look for practical solutions to improve information exchange.”

II. Madrid Group After 9/11, counter-terrorism fusion centers have been set up in a number of Member 88 States – such as OCAM in Belgium, GTAZ in Germany or JTAC in the UK -, bringing together and pooling information from the relevant players, including law enforcement and security services. At the EU level, the fusion centres are meeting in the so-called Madrid Group, which has been financially supported by the Commission in the past. In the current context, financial support to Madrid Group meetings could be resumed.

E. Assisting third countries to strengthen their security services in a rule of law framework In some third countries, restructuring the security services to be efficient and comply 89 with a rule of law and human rights framework is necessary, such as those countries in democratic transition which want to transform their services but need new savoir faire to fight terrorism effectively. The EU has experience in this context: After the end of the Cold War, in the context of enlargement, security services of “old” Member States helped new Member States to reform and update their services. This was done with EU funding and Member States’ expertise. In a third country, a similar project was undertaken for the first time in Palestine in 90 the early 2000s: Assisting Palestine to set up the security service to fight terrorism effectively. Several security services of EU Member States had been involved in this initiative funded by the EU, which had also led to closer intelligence working relationships between the services concerned and Palestine. An EU project in Ivory Coast has been launched recently, implemented by the French operator CIVIPOL146. As part of a 145 COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE EUROPEAN COUNCIL AND THE COUNCIL, Brussels, 14.9.2016 COM(2016) 602 final http://ec. europa.eu/justice/citizen/document/files/com_2016_602_enhancing_security_en.pdf (last checked on 17 March 2017). 146 Civipol is the consulting and service company of the French Ministry of the Interior. It provides services in the areas of homeland security, civil protection and governance to clients in France and

de Kerchove/Höhn

113

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:37 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

broader project related to peace and security147, the EU will support the strengthening of the capacities of the security and intelligence services. This includes support to the reorganisation and oversight mechanisms of security and intelligence services, audit of the IT systems of concerned services, strengthening their role in prevention of radicalisation and early warning, a feasibility study of a regional platform for intelligence sharing with neighbouring countries as well as strengthening the operational capacities of the security and intelligence services in full respect of human rights and the rule of law, including by training. 91 Today, the EU is assisting Iraq148 to strengthen the collaboration of security services in the context of counter-terrorism, in particular in the context of a counter-terrorism fusion center. The EU has also offered to provide expertise to Tunisia on the restructuring of the security service for counter-terrorism, which again would involve Member State expertise and EU funding. In the context of a broader project on Security Sector Reform149, the EU is assisting Tunisia with regard to the legal framework and oversight mechanisms of the security services related to the Ministry of Interior in the context of the fight against terrorism150. This component is implemented by Geneva Centre for the Democratic Control of Armed Forces (DCAF)151. The EU is also assisting the Tunisian Fusion Centre (CT pole) with expert advice. In the context of the Euromed Police IV project, sharing and analysis of strategic criminal intelligence is one of the objectives152. Joint threat assessments inter alia on counter-terrorism are being developed with partner countries in the MENA region. Europol is involved. 92 As part of the EU Western Balkans Counter-Terrorism Initiative, the CounterTerrorism Initiative (CTI) Network supports the strengthening of operational police cooperation and mutual trust in counter-terrorism153. With EU financial support, the Member States’ police and in some cases security services are working with their abroad. Civipol is regularly involved in large-scale international projects through auditing, advisory, technical assistance and training assignments. It works extensively with the European Commission. 147 Programme de soutien à la sécurité nationale, à la prévention de la radicalisation et à la consolidation de la paix en Côte d’Ivoire, Instrument contributing to Stability and Peace Action IcSP 2016/04. 148 Brussels, 5.8.2015, C(2015) 5536 final, COMMISSION IMPLEMENTING DECISION, of 5.8.2015 on the Exceptional Assistance Measure on strengthening counter terrorism capacities in the Middle East, North Africa and Iraq to be financed from the General Budget of the European Union and Annex: Instrument contributing to Stability and Peace, Exceptional Assistance Measure on Strengthening counter terrorism capacities in the Middle East, North Africa and in Iraq; Brussels, 3.3.2017 C(2017) 1464 final COMMISSION IMPLEMENTING DECISION of 3.3.2017 on exceptional assistance measures in favour of Iraq and ANNEX II: Instrument contributing to Stability and Peace. Exceptional Assistance Measures on Iraq – Support to the stabilisation and reconciliation process in Iraq, Second Exceptional Assistance Measure (EAM 2) – Supporting the development of human rights-compliant counter terrorism strategy, legislation and coordination measures in Iraq. 149 23 Million Euros, adopted in 2015. The information about the project is contained here: https://ec. europa.eu/neighbourhood-enlargement/sites/near/files/neighbourhood/pdf/key-documents/tunisia/2015 0731-aap-2015-tunisia-financing-commission-decision-20150730.pdf (last visited on 17 March 2017). 150 Description of the intelligence related part of the project: “Le troisième axe se concentre sur le renseignement, en particulier dans sa composante “ lutte contre le terrorisme “, notamment la réforme législative encadrant les activités de renseignement et la mise en œuvre d’actions spécifiques et de transfert d’expertises dans le domaine du financement des nouvelles formes de criminalité et du blanchiment des capitaux. Un élément majeur de cet axe pourrait être un soutien à la création d’un centre unique du renseignement intérieur soutenu par une loi-cadre sur les activités de renseignement.” https://ec.europa.eu/ neighbourhood-enlargement/sites/near/files/neighbour hood/pdf/key-documents/tunisia/20150731-aap2015-tunisia-financing-commission-decision-20150730.pdf (last visited on 17 March 2017). 151 More information about DCAF can be found here: http://www.dcaf.ch/ (last visited on 17 March 2017). 152 http://www.euneighbours.eu/en/eu-in-action/projects/euromed-police-iv (last visited on 21 April 2017). 153 EU Western Balkan counter-terrorism initiative: integrative plan of action, Council doc. 13887/15 of 4 December 2015, Conclusions of the Council of the EU and of the Member States meeting within the Council on the Integrative and Complementary Approach to Counter-Terrorism and Violent Extremism

114

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:38 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

counterparts from the Western Balkans on a broad range of operational counterterrorism issues and capacity building. In December 2016 the Council decided to “prioritis[e] activities to develop a more comprehensive mechanism to address security threats in the Western Balkan region, including integrating intelligence-led policing to set counter-terrorism and serious and organised crime priorities at a regional level, compatible with the approach taken in the EU Policy Cycle”.154

F. What more could be done in the EU context? “It is time to adapt and address existing barriers to better law enforcement and 93 intelligence integration and transnational liaison. These include issues of trust, standardisation, legislation, counter-terrorism approaches and culture. These must be addressed incrementally through existing best practices and models.Law enforcement is increasingly at the centre of better pan-European and transatlantic counter-terrorism cooperation. Crucially, better fusion of intelligence processes, and intelligence and law enforcement agencies, is needed to provide the means for pre-empting terrorist attacks before they occur, rather than relying on effective investigation after the event.”155

I. Under the existing legal framework Despite Art. 4 (2) TEU, there are possibilities for the EU to create closer links with 94 the services and support efforts to strengthen them. It is not suggested to create a European security service in the current legal and political context. However, the possibility and usefulness of combining the various security services of the EU institutions (today the Council, the Commission and the European Parliament each have their own security service) for counter-espionage could be explored, similar to the CERTEU156 for cyber security.

1. Commission to engage in dialogue with security services In full respect of Art. 4 (2) TEU, the Commission could reach out to security 95 services: it could organize regular meetings (together with the EU CTC) with senior representatives of the security services of Member States to discuss policy initiatives such as the results of the High Level Expert Group on Information Systems and Interoperability and get the views and needs of the security community. The Commission has already invited the intelligence community to participate in risk assessments, what was done for example, with the strong support from EU INTCEN, in aviation/ transport security. Further increasing the dialogue with the security services could lead to fruitful exchange, building trust and better understanding views and positions of security services.

in the Western Balkans (3 December 2015), doc. 14986/15, 7 December 2015 (http://data.consilium. europa.eu/doc/document/ST-14986-2015-INIT/en/pdf last visited 21 April 2017). 154 Council Conclusions on strengthening the EU internal security’s external dimension in the Western Balkans including via the Integrative Internal Security Governance (IISG) (8 December 2016) doc. 15413/ 16 (http://data.consilium.europa.eu/doc/document/ST-15413-2016-INIT/en/pdf last visited 21 April 2017). 155 Chertoff et. al, Globsec Intelligence Reform Initiative p. 4. 156 See supra mn. 77.

de Kerchove/Höhn

115

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:38 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

2. Commission to support cooperation in the context of Art. 73 TFEU 96

A common analysis culture and knowledge among services in the counter-terrorism field is also necessary. French President Macron has suggested the creation of a European Intelligence Academy in the context of counter-terrorism: “What Europe, Defence Europe, lacks most today is a common strategic culture. Our inability to work together convincingly undermines our credibility as Europeans. We do not have the same cultures, be they parliamentary, historical or political, or the same sensitivities. And that cannot be changed in one day. But I propose trying, straight away, to build that common culture […]. To create this convergence, we need deep-rooted change. […] I want this common culture to be expanded, in the fight against terrorism, to our intelligence services. I thus want a European Intelligence Academy to be created, to strengthen the ties between our countries through training and exchanges.”157 “In the fight against terrorism, Europe needs to ensure closer ties between our intelligence services by creating a European Intelligence Academy.”158

If Member States expressed an interest, the Commission could explore to support this initiative financially159. The Commission could also explore to support joint trainings160 of security service counter-terrorism officers and/or existing intelligence training academies in Member States to develop curricula and modules for counterterrorism which would be open to analysts from other Member States, a network among such academies/universities for counter-terrorism could be created and supported by the Commission. This would over time contribute to creating a common culture and more common analysis in the counter-terrorism field while not touching on the traditional functions of the security services (counter-espionage), which remain purely at the national level. 98 Art. 73 TFEU provides the possibility for several Member States to have more structured cooperation among security services (outside of EU context). The Counter Terrorism Group (CTG) is developing a platform for information exchange outside of the EU context, this is a good first step to strengthen cooperation. A number of Member States believe that, in light of the police/intelligence challenges revealed by the Paris and Brussels attacks, cooperation at both the national and the supranational level needs to be intensified. Upon request, the Commission could support such initiatives between interested Member States financially. 97

157 Speech by President Macron on 26 September 2017 (http://www.elysee.fr/declarations/article/initiative-pour-l-europe-discours-d-emmanuel-macron-pour-une-europe-souveraine-unie-democratique/last visited on 16 January 2018). English translation. 158 Summary/fact sheet of the proposals of President Macron’s speech of 26 September 2017, “Initiative pour l’Europe Une Europe souveraine, unie, démocratique” (http://www.elysee.fr/assets/Initiative-pourlEurope-une-Europe-souveraine-unie-et-democratique-Emmanuel-Macron.pdf last visited on 16 January 2018) English: (http://www.elysee.fr/assets/Initiative-for-Europe-a-sovereign-united-democratic-EuropeEmmanuel-Macron.pdf last visited 16 January 2018). 159 On page 7, the policy paper by the European Political Strategy, also suggests the creation of an intelligence academy: Towards a ‘Security Union’, Bolstering the EU’s Counter-Terrorism Response, Issue 12/2016, 20 April, http://ec.europa.eu/epsc/pdf/publications/strategic_note_issue_12.pdf. 160 On the need for a common European analysis culture and training see also José Miguel Palacios, “Intelligence Analysis Training: A European Perspective”, The International Journal of Intelligence, Security and Public Affairs, 2016, 18:1, 34–56 (http://www.tandfonline.com/doi/pdf/10.1080/23800992.2016.1150684 last visited on 19 April 2017).

116

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:39 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

3. Commission to support peer review and strengthening national services A peer review process of the security services could be put in place (outside of the 99 EU context), which the EU could support as appropriate (the process itself and the necessary upgrades of the national services). A peer evaluation of the counter-terrorism structures of the Member States took place previously in 2001 after 9/11.

4. Commission to pool information in relevant areas to get a better information picture and subscribe to private databases The Commission, in cooperation with the EU CTC, the Member States and other 100 relevant stakeholders could prepare the report to be submitted to the President of the European Council on the basis of Art. 222 (4) of the TFUE (threat assessments to the European Council to enable the EU and Member States to take effective action). The Commission has a lot of information in the area of aviation, transport, competi- 101 tion, health, cyber (EU-CERT161 in particular which is subscribed to major private databases and information tools and collects a lot of operational information), CBRN, energy etc. that is very relevant for counter-terrorism but at the moment is not pulled together to provide a comprehensive strategic risk analysis. One could reflect to designate a body in the Commission or task INTCEN to do so, to have the advantage to pool information, potentially building on the existing team in DG Home which is supporting the sectoral risk and threat analysis. Private companies have a lot of information relevant to security and CT162 as they 102 operate in high risk environments (and third states). There are also lots of private databases and tools the Commission could subscribe to increase its access to information. The Commission together with the EU CTC could build a partnership with the private sector for counter-terrorism, host regular meetings and identify the most relevant private tools the EU institutions and agencies (including Europol) should subscribe to.

5. Further develop concept of European security – what would this mean legally? As pointed out above, while the concept of “national security” is enshrined in the EU 103 treaties, the concept of “European security” as such is not (although the area of freedom, security and justice is). When the Lisbon treaties were drafted, the international threat environment was different – while Al Qaeda terrorism was present, the new bottom up and truly transnational operating methods of Daesh, building on thousands of foreign terrorist fighters who travelled from the EU to Syria and Iraq, did not exist yet. It can be argued that without European security, national security of the Member States cannot be fully protected. Does this mean that the current treaties could be interpreted in a way that intelligence is only excluded as far as the national security of a Member State is concerned, but not when European security is at stake? Should the concept of European security be incorporated in a future update of the EU treaties? These concepts would benefit from further academic discussions and development. It is necessary to deal with the new threat environment and adapt EU action accordingly, especially as citizens expect progress on security and the terrorist threat has a major impact in a number of Member States as well as neighbouring countries and tourist destinations. 161 162

EU Cyber Emergency Response Team. The Anderson report of December 2017 also highlights that private sector cooperation is vital.

de Kerchove/Höhn

117

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:40 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda 104

The above suggestions show that a number of steps could be taken to build trust and bring the services closer to the EU, while supporting and encouraging initiatives among a smaller number of Member States outside EU. Among all flanking measures for security that have been taken to compensate the lifting of the internal border controls in Schengen, those taken for intelligence remain the least developed and an enormous challenge, however, as pointed out above, significant steps have been taken with the creation of EU tools such as SIS II, the PNR, the EU-US TFTP which are enhancing the intelligence picture.

6. Harmonization of data protection and privacy rules? 105

It could be explored in the light of Art. 4 (2) TEU whether and if so how much privacy/ data protection rules of the Member States applicable to security and intelligence services could be harmonized at EU level to facilitate cooperation. The outcome of the preliminary reference made by the United Kingdom’s Investigatory Powers Tribunal to the ECJ could be of interest in this regard.

7. Designation by Member States of security services as competent authorities 106

With regard to EU tools such as Europol, the PNR or the future SIS, where the text so allows, Member States could designate security services as “competent authorities” at the national level so that they can fully benefit from the instruments. When negotiating new or revised legal texts at EU level such as SIS, it would be important to ensure that this is possible.

8. Engagement of security services with the European Parliament 107

Directors or other senior officials from Member States security services could increase their engagement with and brief the European Parliament, in particular the LIBE committee dealing with civil liberties and counter-terrorism, to ensure that the security perspective of the debate in Brussels is strengthened and operational necessities of the services are better understood.

9. Engagement with the European Court of Justice 108

In the US, regular exchanges in the form of informal seminars are taking place between the security and intelligence community and the Supreme Court, to build mutual understanding and provide an opportunity for the security community to keep the Court informed about evolution of the threat and current challenges. It could be explored to hold similar seminars between the security community in Europe, including the security services, and the European Court of Justice.

II. In the transatlantic context 109

Chertoff et al163 suggest a number of pragmatic transatlantic initiatives to strengthen intelligence and law enforcement cooperation such as a core transatlantic CT hub, in which the ECTC, the CTG as well as national CT centres from Europe and the US would be involved. It could start with a smaller core of countries and later expand. A “joint transatlantic CT Strategic Threat and Risk Assessment” could be regularly drafted to identify, assess and prioritise the threats, risk and opportunities facing intelligence 163

118

Chertoff et. al, Globsec Intelligence Reform Initiative p. 27 ff.

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:40 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Role of European Intelligence in Countering Terrorism

and law enforcement agencies in CT. Within the hub, case-based task forces could “promote joint execution of intelligence-led operations as well as better sharing of personal data”. They also promote the establishment of a hit-no-hit search function/single search 110 interface based on the FIU model (each nation holds its data but encrypted searching identifies information or patterns to follow up). Finally, they suggest a transatlantic CT centre of excellence, which could initially be a 111 virtual network linking academies carrying out intelligence training. It could agree on best practices, training material could be shared. It would achieve joint standardisation (“common terminology is needed through the intelligence cycle for the understanding and priorisation of threats, faster analysis and dissemination”) and training and build trust and mutual understanding. It could address emerging technologies and the EU could contribute funds for its members. Involvement of the private sector could be considered.

III. In the longer term future In its White Paper on the Future of Europe164, for Scenario 4 (“Doing less more 112 efficiently”) and Scenario 5 (“Doing much more together”), the European Commission suggests: “Cooperation between police and judicial authorities on terrorism-related issues is systematic and facilitated by a Common European Counter-Terrorism Agency. A new European Counter-Terrorism Agency helps to deter and prevent serious attacks in European cities by the systematic tracking and flagging of suspects. National police authorities can easily access European databases containing the biometric information of criminals.” In his State of the Union speech of 13 September 2017, President of the European 113 Commission Juncker stated the following vision: “The European Union must also be stronger in fighting terrorism. In the past three years, we have made real progress. But we still lack the means to act quickly in case of cross-border terrorist threats. This is why I call for setting up a European intelligence unit that ensures data concerning terrorists and foreign fighters are automatically shared among intelligence services and with the police.”165 In October 2017, the Commission issued a CT package and stated: “Beyond these practical measures for the short term, the Commission is working towards a future European Intelligence Unit, as announced by President Juncker as part of his vision for the European Union by 2025.”166 In the US, the Federal Bureau of Investigation, the FBI, is playing a leading role in 114 counter-terrorism: “Combating terrorism is the FBI’s top investigative priority. Working closely with a range of partners, we use our suite of investigative and intelligence capabilities to neutralize terrorist cells and operatives here in the U.S., to help dismantle extremist networks worldwide, and to cut off financing and other forms of support provided by terrorist sympathizers. Our overall goal, as we lead law enforcement and domestic intelligence efforts to defeat terrorism, is to eliminate the risk of terrorism, both international and domestic, to the homeland and to U.S. interests abroad.”167 The 164 European Commission, White Paper on the future of Europe, Reflections and scenarios for the EU27 by 2025, 1 March 2017 pp. 22 ff. (https://ec.europa.eu/commission/sites/beta-political/files/white_paper_on_the_ future_of_europe_en.pdf – last checked on 22 March 2017). 165 http://europa.eu/rapid/press-release_SPEECH-17-3165_en.htm (last checked on 16 January 2018). 166 Eleventh progress report towards an effective and genuine Security Union, COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE EUROPEAN COUNCIL AND THE COUNCIL, Brussels, 18.10.2017 COM(2017) 608 final. 167 FBI website. https://www.fbi.gov/investigate/terrorism.

de Kerchove/Höhn

119

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:41 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

FBI is both a law enforcement and a domestic intelligence agency and has a network of legal attachés around the world for international law enforcement cooperation. 115 A number of commentators speak about the need to create a European Central Intelligence Agency (CIA) – which in the US context is responsible for the collection and analysis of foreign intelligence. However, the more relevant question to ask, given the domestic focus on Europe, is whether it should rather be explored in the longer term to create a European FBI, a combined law enforcement and intelligence capability focusing on fighting terrorism inside the EU. However, this would require a change in the EU legal framework which limits the task of Europol and Eurojust to only supporting Member State led investigations. Therefore, a sui generis solution for Europe respecting the principle of support to Member States may need to be sought. If this were to be considered, the ECTC at Europol could be further developed to provide support more explicitly both to law enforcement and security services of Member States by offering a common platform for information exchange and analysis at European level. Europol would remain an agency in support of Member States investigations and disruption efforts and not become an autonomous investigative body. However, law enforcement and intelligence information would be fused much more comprehensively and the ‘dare to share’ principle as discussed above would in that way be maximised as far as possible. Advances in technology in order to protect the most sensitive data ought to make such a scenario possible.

G. Conclusion While national security remains outside the remit of the EU, on counter-terrorism, closer cooperation among the security services and with law enforcement agencies, at European and national level is necessary. Today’s terrorism is a crime in a similar way to other serious crime and in this way counter-terrorism is different in nature than other national security tasks such as counter-espionage, which requires a different mindset. Despite the current legal framework, many EU tools and interfaces concern intelligence and security services and are already of great interest to them. Therefore it is of interest to security services to follow closely the developments at EU level and engage proactively, in particular at policy level. With regard to operational information sharing, progress has been made on the use of the SIS II by the security services and to structure more the cooperation in the context of the CTG. It would be interesting to further explore whether and how the technology developed in the context of the FIU.net could facilitate information sharing among Member States in counter-terrorism, including with regard to the security services. A number of steps could be taken in the current legal framework to further strengthen the cooperation of security services, including financial support by the Commission, if requested and as appropriate. 117 Outside of the EU institutional framework, a structural strengthening of the CTG with a permanent President like the Eurogroup could be considered. A stronger cooperation between the ECTC at Europol and the CTG platform is also needed. 118 In the long term future, the pros and cons of the question of the development of the ECTC at Europol to provide support more explicitly to both law enforcement and security services and bringing together law enforcement and intelligence information in support of the Member States with regard to supporting criminal investigations and disruption of the plots could be further explored. As technology advances and cross-border linkages and travel patterns increase further still, we may find that additional support and pooled capabilities, at the very least in certain niche capability areas, becomes essential. 116

120

de Kerchove/Höhn

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:42 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3 European Intelligence in Cyberspace Tatiana Tropina/Nicolas von zur Mühlen Outline A. Introduction ...................................................................................................................... B. Threats Landscape ........................................................................................................... I. Actors......................................................................................................................... 1. Cybercriminals .................................................................................................... 2. Terrorists .............................................................................................................. 3. Hacktivists............................................................................................................ 4. Nation states and state-supported actors...................................................... 5. Actors’ motivation and attribution issue ...................................................... II. Threats to confidentiality, availability and integrity of data and systems . 1. Unauthorised access to data and systems..................................................... 2. Illegal interception.............................................................................................. 3. Interference with computer data and systems............................................. a) Denial of service and computer sabotage ............................................... b) Ransomware................................................................................................... c) Targeted interference with computer data, systems and networks... d) Advanced persistent threats ....................................................................... e) Threats to critical infrastructure ............................................................... III. “Cyberwarfare”, “Information warfare” and “Hybrid cyberwarfare”.......... C. Cybersecurity Policies and Frameworks ..................................................................... I. Tools and policies to address cybersecurity threats........................................ II. Cybersecurity regimes ............................................................................................ 1. Criminal law and tackling crime .................................................................... 2. Critical information infrastructure protection frameworks...................... 3. Frameworks for cyberwar and warfare.......................................................... 4. Other regimes...................................................................................................... D. Cybersecurity and Cyber Intelligence.......................................................................... I. Reactive and proactive approaches ..................................................................... II. Intelligence in cyber domain or “cyber intelligence”? .................................... III. Levels and sources of cyber intelligence ............................................................ IV. Approaches at EU level ......................................................................................... V. National approaches............................................................................................... E. Conclusions .......................................................................................................................

mn. 1 4 4 6 7 9 10 12 14 17 21 22 23 25 28 29 30 31 34 34 39 39 43 46 54 59 59 62 65 70 76 85

Bibliography1: Abelson et al, Keys under Doormats: Mandating insecurity by requiring government access to all data and communications, Massachusetts Institute of Technology, 2015, available at: https://dspace. mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf; Agence Nationale de la Sécurité des Systèmes d’Information, Managing Cybersecurity for Industrial Control Systems, 2014, available at: https://www.ssi.gouv.fr/uploads/2014/01/Managing_Cybe_for_ICS_EN.pdf; Ahn/Doupe/Zhao/Liao, Ransomware and cryptocurrency, in: Holt (ed.), Cybercrime Through an Interdisciplinary Lens, Routledge, 2016, p. 105; Alarid, Recruitment and Radicalization: The Role of Social Media and New Technology, in: Hughes/Miklaucic (eds.), Impunity: Countering Illicit Power in War and Transition, Center for Complex Operations (CCO) and Peacekeeping and Stability Operations Institute (PKSOI), 2016, available at: http://cco.ndu.edu/Portals/96/Documents/Impunity/Impunity%20FINAL%20for%20Web.pdf; Alderson/ Soo Hoo, The Role of Economic Incentives in Securing Cyberspace, Stanford Center for International Security and Cooperation, 2004, available at: http://cisac.fsi.stanford.edu/publications/role_of_economic_incentives_in_securing_cyberspace_the; Andress/Winterfeld, Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, Elsevier Science, 2013; Bambauer, Minnesota Law Review 96.2 (2011), p. 584; Barnsby/Reeves, Give Them an Inch, They’ll Take a Terabyte: How States May Interpret Tallinn Manual 2.0’s International Human Rights Law Chapter, Texas Law Review, 95.7, 2017, p. 1515; Baylon, 1

All online sources were last accessed on 8 March 2018.

Tropina/von zur Mühlen

121

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:42 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda Challenges at the Intersection of Cyber Security and Space Security, Chatham House, 2014; available at: https://www.chathamhouse.org/publications/; Baylon/Brunt/Livingstone, Cyber Security at Civil Nuclear Facilities: Understanding the Risks, Chatham House, 2015, 3 available at: https://www.chathamhouse.org/ publications/; Bendiek, European Cyber Security Policy, German Institute for International and Security Affairs, 2012; Bendiek, The New “Europe of Security”, SWP Comments 20/2017, available at: https://www. swp-berlin.org/fileadmin/contents/products/comments/2017C20_bdk.pdf; Berkman Center for Internet and Society at Harvard University, Don’t Panic: Making Progress on the “Going Dark” Debate, 2016, available at https://cyber.harvard.edu/pubrelease/dont-panic/Dont_Panic_Making_Progress_on_Going_Dark_Debate.pdf; Borum et al., Cyber Intelligence Operations, The Coast Guard Proceedings 71.4 (2014–2015), p. 65; Borum et al., Strategic cyber intelligence, Information & Computer Security 23.3 (2015), p. 317; Boulos, The Tallinn Manual and Jus ad bellum: Some Critical Notes, in: Ramírez/GarcíaSegura L. (eds.), Cyberspace. Advanced Sciences and Technologies for Security Applications, Springer, 2017, p. 231; Brantly, Defining the role of intelligence in cyber: a hybrid push and pull, in: Phythian (ed.), Understanding the Intelligence Cycle, Routledge, 2013, p. 76; Brantly, The Decision to Attack, University of Georgia Press, 2016; Brenner, At Light Speed: Attribution and Response to Cybercrime/Terrorism/ Warfare, Journal of Criminal Law & Criminology 97.2 (2007), p. 379; Brown/Snower, Global Economic Solutions 2010/2011, Global Economic Symposium, 2011, available at: https://www.global-economicsymposium.org/solutions/publications/global-economic-solutions/global-economic-solutions-2010-11; Brunst, Cyberabwehr, in: Dietrich/Eiffler, Handbuch des Rechts der Nachrichtendienste, Boorberg, 2017, p. 817; Brunst, Terrorism and the Internet: New Threats Posed by Cyberterrorism and Terrorist Use of the Internet, in Wade Maljević (eds.), A War on Terror?: The European Stance on a New Threat, Changing Laws and Human Rights Implications, Springer, 2010, 51; Christou, Cybersecurity in the European Union, 2016, Palgrave Macmillan UK; Christou, The EU’s Approach to Cybersecurity, 2017, University of Essex project on EU-Japan Security Cooperation, available at: http://repository.essex.ac.uk/19872/1/EU-Japan_9_Cyber_Security_Christou_EU.pdf; Cilluffo, A Borderless Battle: Defending Against Cyber Threats, Testimony before the U.S. House of Representatives Committee on Homeland Security, March 22 2017, available at: https://cchs.gwu.edu/testimonies; Cilluffo, A Global Perspective on Cyber Threats, Testimony before the U.S. House of Representatives, Committee on Financial Services, Subcommittee on Oversight and Investigations, June 16 2015, available at: https://cchs.gwu.edu/testimonies; Clapper/Lettre/Rogers, Joint Statement for the record to the Senate Armed Service Committee. Foreign Cyber Threats to the United States, 2017, available at: https://www.armed-services.senate.gov/imo/media/doc/Clapper-Lettre-Rogers_01-05-16.pdf; Clough, A World of Difference: The Budapest Convention on Cybercrime and the Challenges of Harmonisation, Monash University Law Review 40.3 (2014), p. 698; Cornish et al. (2010), On Cyberwarfare, Chatham House, 2010, available at https://www.chathamhouse.org/publications/; Council of the European Union, Six-Month report on the Implementation of the Cyber Defence Policy Framework by the Politico-Military Group, 10347/15, 2015; Danish Centre for Cyber Security, Threat Assessment: The cyber threat against Denmark, 2017, available at: https://fe-ddis.dk/eng/Products/Intelligence-Risk-Assessments/; Danish Ministry of Defence, Danish Defence Agreement 2013–2017, available at: http://www.fmn.dk/eng/allabout/Documents/TheDanishDefenceAgrement2013-2017english-version.pdf; Darmois/Schméder, Cybersecurity: a case for a European approach, London School of Economics, 2016, available at: http://www.securityintransition.org/wp-content/uploads/2016/02/WP11_Cybersecurity_FinalEditedVersion.pdf; Davies, Information Warfare and the Future of the Spy, Information, Communication & Society, 2.2 (1999), p. 115; Degaut, Spies and Policymakers: Intelligence in the Information Age, Intelligence and National Security 31.4 (2016), p. 509; Department of Defense, The DoD Cyber Strategy, 2015, available at: https://www.hsdl.org/?abstract&did=764848; Department of Homeland Security/Federal Bureau of Investigation, Joint Analysis Report on GRIZZLY STEPPE, 2016, available at https://www. us-cert.gov/security-publications/; Dunn Cavelty/Maurer, Postmodern Intelligence: Strategic Warning in an Age of Reflexive Intelligence, in: Security Dialogue 40.2 (2009), p. 123; Dutch Ministry of Defence, The Defence Cyber Strategy, 2012, available at: https://ccdcoe.org/strategies/Defence_Cyber_Strategy_NDL. pdf; Duvenage/von Solms/Jaquire, Conceptualising Cyber Counterintelligence, Proceedings of the 15th European conference on Cyber Warfare and Security, University of the German Federal Armed Forces, 2016, p. 93; European Commission, EU cybersecurity initiatives, 2017, available at: http://ec.europa.eu/ information_society/newsroom/image/document/2017-3/factsheet_cybersecurity_update_january_2017_ 41543.pdf; European Parliament, Cyber defence in the EU: Preparing for cyber warfare?, Briefing October 2014, available at: http://www.europarl.europa.eu/thinktank/de/document.html?reference=EPRS_BRI (2014)542143; European Parliament, Cybersecurity in the European Union and Beyond: Exploring the Threats and Policy Responses, Study for the LIBE Committee, 2015, available at: http://www.europarl. europa.eu/RegData/etudes/STUD/2015/536470/IPOL_STU(2015)536470_EN.pdf; Fidler/Pregent/Vandurme, NATO, Cyber Defense, and International Law, 2013, available at: http://www.repository.law. indiana.edu/facpub/1672; Finnemore/Hollis, Constructing Norms for Global Cybersecurity, The American Journal of International Law 110.3 (2016), p. 425; G8, G8 Principles for Protecting Critical Information Infrastructures, 2003, available at: http://www.cybersecuritycooperation.org/documents/G8_CIIP_

122

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:43 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace Principles.pdf; Gehem et al., Assessing Cyber Security, The Hague Centre for Strategic Studies, 2015, available at: https://hcss.nl/report/assessing-cyber-security/; German Ministry of Defence, White Paper on Security Policy and the Future of the Bundeswehr, 2016, available at: http://www.planungsamt.bundeswehr.de/portal/poc/plgabw?uri=ci:bw.plgabw.grundlagen.weissbuch; German Ministry of Interior, CyberSicherheitsstrategie für Deutschland, available at: https://www.bmi.bund.de/cybersicherheitsstrategie/ BMI_CyberSicherheitsStrategie.pdf; Giles, Prospects for the Rule of Law in Cyberspace, Letort Papers, 2017, available at: https://ssi.armywarcollege.edu/pubs/display.cfm?pubID=1343; Gioe, “The More Things Change”: HUMINT in the Cyber Age, in: Dover/Dylan/Goodman (eds.), The Palgrave Handbook of Security, Risk and Intelligence, Palgrave Macmillan, 2017, p. 213; Global Public Policy Institute, Advancing Cybersecurity Capacity Building, March, 2017, available at: http://www.gppi.net/publications/; Goldman/ Warner, Why a Digital Pearl Harbor Makes Sense … and is Possible, in: Perkovich/Levite (eds.), Understanding Cyber Conflict, Georgetown University Press, 2017, p. 147; Goodman, International dimensions of cybercrime, in Ghosh/Turrini (eds.), Cybercrimes: A multidisciplinary analysis, Springer, 2010, p. 311; Gouvernement de la République française, French National Digital Security Strategy, 2015, available at: https://www.ssi.gouv.fr/uploads/2015/10/strategie_nationale_securite_numerique_en.pdf; Greathouse, Cyber War and Strategic Thought: Do the Classic Theorists Still Matter?, in: Kremer/Müller (eds.), Cyberspace and International Relations, Springer, 2014; Hackback: Permitting Retaliatory Hacking by Non-State Actors as Proportionate Countermeasures to Transboundary Cyberharm, Columbia Journal of Transnational Law 52 (2013), p. 275; Hathaway et al, The Law of Cyber-Attack, California Law Review 100.4 (2012), p. 817; Hathaway et al., France: Cyber Readiness at a glance, Potomac Institute for Policy Studies, 2016, available at: http://www.potomacinstitute.org/images/CRI/CRI_France_Profile_PIPS.pdf; Herr/Herrick, Understanding Military Cyber Operations, in: Harrison/Herr, Cyber Insecurity, Rowman & Littlefield, 2016, p. 259; HM Government, UK National Cyber Security Strategy 2016–2021, available at: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/national_cyber_ security_strategy_2016.pdf; Home Affairs Committee, Radicalisation – Eighth Report of Session 2016 – 17, House of Commons, 2016, available at: https://publications.parliament.uk/pa/cm201617/cmselect/cmhaff/ 135/135.pdf: Hulnick, Intelligence theory: seeking better models, in: Phythian (ed.), Understanding the Intelligence Cycle, Routledge, 2013, p. 149; Mattern et al., Operational Levels of Cyber Intelligence, International Journal of Intelligence and Counterintelligence 27.4 (2014), p. 702; Intelligence and National Security Alliance, Cyber Intelligence: Setting the landscape for an emerging discipline, 2011, available at: https://www.insaonline.org/resources/publications/; Intelligence and National Security Alliance, Operational Levels of Cyber Intelligence, 2013, available at: https://www.insaonline.org/resources/publications/; Intelligence and National Security Alliance, Tactical Cyber Intelligence, 2015, available at: https://www. insaonline.org/resources/publications/; Johnson, National Security Intelligence, in: Johnson (ed.), The Oxford Handbook of National Security Intelligence, Oxford Handbooks, 2010, p. 3; Julisch, Understanding and overcoming cyber security anti-patterns, Computer Networks 57.10 (2013), p. 2206; Kenney, Cyberterrorism in a Post-Stuxnet world, in: Williams/Fiddner (eds.), Cyberspace: Malevolent Actors, Criminal Opportunities, and Strategic Competition, United States Army War College Press, 2016, p. 153; Kesan/ Hayes, Mitigative Counterstriking: Self-Defense and Deterrence in Cyberspace, Harvard Journal of Law & Technology 25.2, p. 431; Korzak, UN GGE on Cybersecurity: The End of an Era?, 2017, available at: http:// thediplomat.com/2017/07/un-gge-on-cybersecurity-have-china-and-russia-just-made-cyberspace-lesssafe; Krause, NATO on its Way Towards a Comfort Zone in Cyber Defence, CCDCOE, 2014, available at: http://www.ccdcoe.com/sites/default/files/multimedia/pdf/TP_03.pdf; Lewis, Aux Armes, Citoyens: Cyber Security and Regulation in the United States, Telecommunications Policy 29.11 (2005), p. 821; Lewis, Confidence-building and international agreement in cybersecurity, in Disarmament Forum 4/2011, p. 51; Lewis, The Role of Offensive Cyber Operations in NATO’s Collective Defence, Tallinn Paper no. 8, CCDCOE, 2015, available at: https://ccdcoe.org/sites/default/files/multimedia/pdf/TP_08_2015_0.pdf; Lewis/Timlin, Cybersecurity and Cyberwarfare, UNIDIR, Center for Strategic and International Studies, 2011, available at: http://unidir.org/publications; Lewis/Zheng/Carter, The Effect of Encryption on Lawful Access to Communications and Data, Center for Strategic & International Studies, 2017, available at: https://ec.europa.eu/home-affairs/sites/homeaffairs/files/what-we-do/policies/organized-crime-and-humantrafficking/encryption/csis_study_en.pdf; Lin, Ethics of Hacking Back, Emerging Sciences Group, 2016, available at http://ethics.calpoly.edu/hackingback.pdf; Lotrionte, Cyberwar: Building a Normative and Legal-Based Approach for Cyberdeterrence, in: Beck (ed.), Law and Disciplinarity. Thinking Beyond Borders, Palgrave Macmillan, 2013, p. 67; Luiijf/te Paske, Cyber Security of Industrial Control Systems, 2015, available at: http://publications.tno.nl/publication/34616507/KkrxeU/luiijf-2015-cyber.pdf; Mačák, From Cyber Norms to Cyber Rules: Re-engaging States as Law-makers, Leiden Journal of International Law 30 (2017), available at: https://ssrn.com/abstract=2961821; Mačák, Is the international law of cyber security in crisis?, in Pissanidis/Rõigas/Veenendaal (eds.), 8th International Conference on Cyber Conflict (CyCon), NATO CCD COE Publications, 2016, p. 127; Mälksoo, From the ESS to the EU Global Strategy: external policy, internal purpose, Contemporary Security Policy 37.3 (2016), p. 374; Mandt, Integrating Cyber-Intelligence Analysis and Active Cyber-Defence Operations, Journal of Information Warfare 16.1

Tropina/von zur Mühlen

123

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:43 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda (2017), p. 31; Markoff, Explanation of Position at the Conclusion of the 2016–2017 UN Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security, 2017, available at: https://www.state.gov/s/cyberissues/releasesandremarks/272175.htm; Marxsen, Verfassungsrechtliche Regeln für Cyberoperationen der Bundeswehr, JuristenZeitung 2017, p. 543; Maurer, Cyber Mercenaries, Cambridge University Press, 2018; Maurer, Cyber norm emergence at the United Nations – An analysis of the activities at the UN regarding Cyber-security, 2011, available at http://belfercenter.ksg.harvard.edu/files/maurer-cyber-norm-dp-2011-11-final.pdf; McAfee Labs, 2016 Threats Predictions, available at: https://www.mcafee.com/us/resources/reports/rpthreats-predictions-2016.pdf; McGhee, Cyber Redux: The Schmitt Analysis, Tallinn Manual and US Cyber Policy, Journal of Law and Cyber Warfare, 2/2013, p. 64; Ministère des Armées, French White Paper on Defence and National Security 2013, available at: http://www.defense.gouv.fr/english/dgris/ defence-policy/white-paper-2013/white-paper-2013; Muller, Cyber Security Capacity Building in Developing Countries: Challenges and Opportunities, NUPI Report, no. 3 2015, available at: https://brage.bibsys. no/xmlui/bitstream/id/331398/NUPI+Report+03-15-Muller.pdf; NATO StratCom COE, Social Media as a Tool of Hybrid Warfare, 2016, available at: https://www.stratcomcoe.org/social-media-tool-hybridwarfare; Neutze/Nicholas, Competition, Conflict, and Innovation Demand Effective Cyber Security Norms, Georgetown Journal of International Affairs: International Engagement on Cyber, 2013, p. 3; Nielsen, Pursuing Security in Cyberspace: Strategic and Organizational Challenges, Orbis 56.3 (2012), p. 336; Nieuwboer, National intelligence authorities and surveillance in the EU: Fundamental rights safeguards and remedies, Report on the Netherlands, legal update, European Union Agency for Fundamental Rights, 2016, available at: http://fra.europa.eu/sites/default/files/fra_uploads/the-netherlandsstudy-data-surveillance-ii-nl.pdf; OAS, American States’ Inter-American Integral Strategy to Combat Threats to Cyber Security, available at: https://www.oas.org/juridico/english/cyb_pry_strategy.pdf; Obiso, Cybersecurity: Capacity Building and Emergency Response, 2014, available at: https://itu4u.wordpress.com/ 2014/05/27/cybersecurity-capacity-building-and-emergency-response/; OECD, Computer-Related Criminality: Analysis of Legal Policy in the OECD Area, Report DSTI-ICCP 84.22, 1986; OECD, OECD Recommendation of the Council on the Protection of Critical Information Infrastructures, 2008, available at: http://www.oecd.org/sti/40825404.pdf; Office of the Director of National Intelligence, Assessing Russian Activities and Intentions in Recent US Elections, 2017, available at: https://www.dni.gov/files/ documents/ICA_2017_01.pdf; Omand/Bartlett/Miller, Introducing Social Media Intelligence (SOCMINT), Intelligence and National Security Journal 27.6 (2012), p. 801; Osula/Rõigas, in Osula/Rõigas (eds.), International Cyber Norms – Legal, Policy & Industry Perspectives, NATO CCD CoE, 2016, p. 11, available at: https://ccdcoe.org/sites/default/files/multimedia/pdf/InternationalCyberNorms_full_book. pdf; Ott, Conflict in Cyberspace: How International Legal Norms Can Reduce Military Escalation in Cyberspace, Fletcher Security Review 3.1 (2017), p. 67; Pernik, Improving Cyber Security: NATO and the EU, International Centre for Defence Studies, 2014, available at: https://www.icds.ee/fileadmin/media/ icds.ee/failid/Piret_Pernik_-_Improving_Cyber_Security.pdf; Pipyros et al, A new strategy for improving cyberattacks evaluation in the context of Tallinn Manual, Computers & Security 74 (2017), p. 371; Richards, Pedalling hard: further questions about the Intelligence Cycle in the contemporary era, in: Phythian (ed.), Understanding the Intelligence Cycle, Routledge, 2013, p. 43; Robinson, EU Cyber-Defence: A Work in Progress, EUISS ISSUE Briefs 10/2014, available at: https://www.files.ethz.ch/isn/182329/ Brief_10_Cyber_defence.pdf; Schmitt (ed.), Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, Cambridge University Press, 2017; Schmitt/Vihul, International Cyber Law Politicized: The UN GGE’s Failure to Advance Cyber Norms, Friday, 2017, available at: https://www.justsecurity.org/ 42768/international-cyber-law-politicized-gges-failure-advance-cyber-norms/; Scott/Spaniel, Rise of the Machines: The Dyn Attack Was Just a Practice Run, Institute for Information Infrastructure Protection, 2016, available at: http://icitech.org/wp-content/uploads/2016/12/ICIT-Brief-Rise-of-the-Machines.pdf; Secretariat of the Security Committee, Finland’s Cyber security Strategy 2013, available at: http://www. defmin.fi/files/2378/Finland_s_Cyber_Security_Strategy.pdf; Segal, The Development of Cyber Norms at the United Nations Ends in Deadlock. Now What?, 2017, available at: https://www.cfr.org/blog/development-cyber-norms-united-nations-ends-deadlock-now-what; Serrano, Cybersecurity: towards a global standard in the protection of critical information infrastructures, European Journal of Law and Technology 6.3 (2015), available at: http://ejlt.org/article/view/396/592; Shackelford et al., Making Democracy Harder to Hack, University of Michigan Journal of Law Reform 50:3 (2017), p. 630; Shakarian/Shakarian/ Ruef, Introduction to Cyber-Warfare: A Multidisciplinary Approach, Syngress, 2013; Shane/Perlroth/ Sanger, Security Breach and Spilled Secrets Have Shaken the N.S.A. to its Core, New York Times, December 12 2017, available at https://nyti.ms/2ji4LZ0; Shimeall, From Cyber Crime to Cyber War: Indicators and Warnings, in: Williams/Fiddner (eds.), Cyberspace: Malevolent Actors, Criminal Opportunities, and Strategic Competition, United States Army War College Press, 2016, p. 545; Sieber, Mastering Complexity in the Global Cyberspace: The Harmonization of Computer-Related Criminal Law, in Delmas-Marty et al. (eds.): Les chemins de l’Harmonisation Pénale/Harmonising Criminal Law, Société de législation comparée, Paris, 2008, p. 127; Sieber/Neubert, Transnational Criminal Investigations in

124

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:44 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace Cyberspace: Challenges to National Sovereignty, Max Planck Yearbook of United Nations Law 20 (2016), p. 241; Sommer/Brown, Reducing Systemic Cybersecurity Risk, OECD, 2011, available at: https://www. oecd.org/gov/risk/46889922.pdf; Sophos, Security Threat Report 2012, available at: https://www.sophos. com/medialibrary/pdfs/other/sophossecuritythreatreport2012.pdf; Sterner, The Paradox of Cyber Protest, George C. Marshall Institute, 2012, available at: http://marshall.org/science-and-tech/the-paradox-ofcyber-protest/; Stouffer, Guide to Industrial Control Systems (ICS) Security, NIST Special Publication 800-82 (Revision 2), 2015, available at: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80082r2.pdf; Styczynsky/Beach-Westmoreland/Stables, When the lights went out: A comprehensive review of the 2015 attacks on Ukrainian critical infrastructure, Booz Allen Hamilton, 2016, available at: https:// www.boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report-when-the-lights-wentout.pdf; Symantec, Internet Security Threat Report, 2017, available at: https://www.symantec.com/security-center/threat-report; Thornton, The Changing Nature of Modern Warfare, The RUSI Journal, 160:4 (2015), p. 40; Tiirmaa-Klaar, Cyber Diplomacy: Agenda, Challenges and Mission, in: Ziolkowski (ed.), Peacetime Regime for State Activities in Cyberspace, NATO CCD COE Publications, 2013, p. 509; Tiirmaa-Klaar/Gassen/Gerhards-Padilla/Martini, Botnets, Cybercrime and National Security, in: Botnets, SpringerBriefs in Cybersecurity, Springer, 2013; Tikk-Ringas, International Cyber Norms Dialogue as an Exercise of Normative Power, Georgetown Journal of International Affairs, 17.3 (2016), p. 47; Tikk/Kaska/ Vihul, International Cyber Incidents: Legal Considerations, NATO Cooperative Cyber Defence Centre of Excellence (CCD COE), 2010, available at: https://ccdcoe.org/publications/books/legalconsiderations.pdf; Trimintzios et al., Cybersecurity in the EU Common Security and Defence Policy (CSDP), European Parliamentary Research Service, 2017, available at: http://www.europarl.europa.eu/RegData/etudes/ STUD/2017/603175/EPRS_STU(2017)603175_EN.pdf; Tropina, Comparative Analysis, in Sieber/von zur Mühlen, (eds.), Access to Telecommunication Data in Criminal Justice, Duncker & Humblot, 2016, p. 9; Tropina, Organized Crime in Cyberspace, in: Heinrich-Böll-Stiftung/Schönenberg (eds.), Transnational Organized Crime: Analyses of a Global Challenge to Democracy, transcript Verlag, 2013, p. 47; Tropina, Public–Private Collaboration: Cybercrime, Cybersecurity and National Security, in: Tropina/Callanan (eds.), Self- and Co-regulation in Cybercrime, Cybersecurity and National Security, SpringerBriefs in Cybersecurity, Springer, 2015; Tsagourias, Cyber attacks, self-defence and the problem of attribution, Journal of Conflict and Security Law 17.2 (2012), p. 229; United Nations Office on Drugs and Crime, Comprehensive Study on Cybercrime, Vienna, 2013; United Nations, Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, 2013, available at: http://www.un.org/ga/search/view_doc.asp?symbol=A/68/98; United Nations, Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, 2015, available at: http://www.un.org/ga/ search/view_doc.asp?symbol=A/70/174; UNODC, The use of the Internet for terrorist purposes, 2012, available at: https://www.unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf; Uthoff, Strategic Cyber Intelligence: An Examination of Practices across Industry, Government, and Military, in: Lemieux (ed.), Current and Emerging Trends in Cyber Operations, Palgrave Macmillan, 2015, p. 198; van der Meer, Defence, Deterrence, and Diplomacy: Foreign Policy Instruments to Increase Future Cybersecurity, in Samuel/Sharma (eds.), Securing Cyberspace: International and Asian Perspectives, Pentagon Press, 2016, p. 95; Veenendaal/Kaska/Brangetto, Is NATO Ready to Cross the Rubicon on Cyber Defence? Cyber Policy Brief, available at: https://ccdcoe.org/sites/default/files/multimedia/pdf/NATO% 20CCD%20COE%20policy%20paper.pdf; von zur Mühlen/Tropina, Delikte in der digitalen Sphäre – Die Vereinten Nationen im Kampf gegen Cyberkriminalität, Vereinte Nationen 2/2016, p. 56; Watney, The way forward in addressing cybercrime regulation on a global level, Journal of Internet Technology and Secured Transactions 1.3 (2012), p. 61; Williams/Shimeall/Dunlevy, Intelligence Analysis for Internet Security, Contemporary Security Policy 23.2 (2002), p. 1; Wirtz, The Cyber Pearl Harbor, Intelligence and National Security 32.6 (2017), p. 758; Ziolkowski, Confidence Building Measures for Cyberspace, in: Ziolkowski (ed.), Peacetime Regime for State Activities in Cyberspace, NATO CCD COE Publications, 2013, p. 533.

A. Introduction Addressing security challenges resulting from modern information and communica- 1 tion technologies in the recent decade has become one of the key priorities on the agenda for policy-makers, business, law enforcement and intelligence community in many nation states. Cyberspace is frequently characterised by a “continuous state of insecurity”,2 caused by the blurring borders between public and private, civil and 2

Mandt, Journal of Information Warfare 16.1 (2017), 31 (32).

Tropina/von zur Mühlen

125

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:44 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

military, the transnational character of threats and their potential impact, and the low entry barriers for malicious cyber actors. The dependency of all the aspects of the society’s functioning on information and communication technologies creates “a new multi-dimensional attack space”,3 where any adversary can target physical, logical, social layers of the cyberspace and move between them. The possibilities to attack critical infrastructure have prompted the nation states to develop both offensive and defensive capabilities for the cyberattacks, which might potentially bring cyberspace onto the “brink of arm race”.4 2 Tackling the multitude of cyber threats requires a comprehensive and proactive approach, which, in addition to legal and regulatory frameworks, international cooperation, involvement of private industry, should include tools to mitigate and prevent the risks in cyberspace. This chapter analyses the role of cyber intelligence – collection and analysis of information about, comprehensive assessment of and reaction to the activities, capabilities and intentions of adversaries and malicious actors in the cyber domain – in developing an adequate response to the cyber threats, with a special focus on the European context. 3 The following part of the chapter – Section B – examines the threat landscape by analysing both the types of malicious actors and different types of threats. Section C focuses on different cybersecurity regimes developed to tackle threats in cyberspace. The last part – Section D – discusses the definition of cyber intelligence and its role in addressing the cybersecurity issues in general and in Europe in particular.

B. Threats Landscape I. Actors Understanding the different types of threats is crucial in developing an adequate response to them, because it brings a particular cybersecurity challenge to a specific domain, such as national security, critical information infrastructure protection or criminal investigations. The threats can be characterised and distinguished based on different factors: tools, targets, actors and their motivations, and types of malicious activity. However, not every factor plays the determining role in making a proper distinction. While understanding of tools and targets is critical for addressing the cybersecurity threats, the same technical means can be used by different type of actors – for example, the networks of compromised computers (botnets) could be used for both commission of crimes against individuals and attacks against critical infrastructure. Furthermore, different actors can attack the same object: for instance, financial industry can be an attractive target for both organised cybercriminals motivated by financial gains, hacktivists with intent to bring attention to their political cause and state-backed actors involved in cyber-espionage.5 5 Therefore, the motivation of malicious actors becomes one of the most important factors in assessing the level of a particular cybersecurity threat and the capability of the 4

3 Intelligence and National Security Alliance, Cyber Intelligence, 2011, 5, available at: https://www. insaonline.org/resources/publications/. 4 Baylon, “Challenges at the Intersection of Cyber Security and Space Security”, Chatham House Research Paper, 2014, 7, available at: https://www.chathamhouse.org/publications/. 5 See Cilluffo, A Global Perspective on Cyber Threats, 2015, 3, available at: https://cchs.gwu.edu/ testimonies.

126

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:45 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

attackers.6 Depending on the motivation, intentions and capabilities of the actors, the most common typology is a distinction between four different types of attackers: criminals, terrorists and hacktivists, and nation states (or state-supported actors).7

1. Cybercriminals In the past few decades, the scene of cybercrime has changed dramatically. From 6 being dominated by hackers committing the crimes out of curiosity or to test the security of the systems, cybercrime transformed into a complex and thriving digital underground economy, where both stand-alone criminals and criminal organisations are mostly motivated by financial gain. The underground economy of cybercrime is nowadays based on the monetary value of data as an illegal commodity and the development and trade of tools for commission of crimes. Both commodities are easily being moved across national borders and traded in underground online marketplaces. Illicit business of cybercrime shows many similarities with legitimate business models: criminals employ decentralisation, product placement, outsourcing, subcontracting, and networking. Highly sophisticated criminal-to-criminal services offer “crime as service” tools, including training tutorials, while making them available for “customer” demand at relatively low prices compared with the potential illicit profits.8 The growth of the dark market and criminal organisations in cyberspace, according to some opinions, already went to a scale that represents a potential threat to global economic integrity.9

2. Terrorists For many years, terrorists have been using the Internet for fundraising, recruiting, 7 training, planning and collection of information about targets.10 For example, the Islamic State effectively maximised its efforts to use modern telecommunication platforms like social networks and (often encrypted) messaging services to spread propaganda and recruit terrorists worldwide.11 Many of the recent attacks in Europe and the US linked to a radical Islamic motivation were committed by perpetrators who were radicalised over the Internet within a short period of time and carried out the attack in the name of ISIS without having a direct connection to the group.12 However, the level of threat that such groups and individuals pose to targets like 8 critical information infrastructure is unclear yet. While terrorist organisations might have a significant interest in cyberspace operations – for instance, the Islamic State definitely has an intention to engage in cyberattacks13 – many experts question their

6 Danish Centre for Cyber Security, Threat Assessment: The Cyber Threat Against Denmark, 2017, 3, available at: https://fe-ddis.dk/eng/Products/Intelligence-Risk-Assessments/. 7 See Cilluffo, A Global Perspective on Cyber Threats, 2015, 2, available at: https://cchs.gwu.edu/ testimonies. 8 Tropina, in: Heinrich-Böll-Stiftung/Schönenberg (eds.), Transnational Organized Crime: Analyses of a Global Challenge to Democracy, 2013, 52. 9 Cilluffo, A Borderless Battle: Defending Against Cyber Threats, 2017, 5, available at: https://cchs.gwu. edu/testimonies. 10 UNODC, The use of the Internet for Terrorist Purposes, 2012, 3 et seq., available at: https://www. unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf. 11 Alarid, “Recruitment and Radicalization: The Role of Social Media and New Technology”, in: Hughes/Miklaucic (eds.), Impunity: Countering Illicit Power in War and Transition, 2016, 313 et seq. 12 See (UK) Home Affairs Committee, 2016, mn. 23, available at: https://publications.parliament.uk/pa/ cm201617/cmselect/cmhaff/135/135.pdf. 13 Department of Defense, The DoD Cyber Strategy, 2015, 9, available at: https://www.hsdl.org/? abstract&did=764848.

Tropina/von zur Mühlen

127

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:45 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

ability to carry out a truly disruptive attack.14 This might be attributed to the fact that to achieve their aims terrorists have to tackle the information systems in a way that can cause physical harm and loss of lives,15 but it is still hard for them to develop such capabilities. Nevertheless, several less severe attacks like, for instance, the unauthorised alteration of websites (so-called defacements) have been conducted by groups that claimed to be connected to ISIS, although in some cases the question of attribution remains unclear.16

3. Hacktivists 9

Hacktivists use cyber capabilities to attack governments, individuals and corporations to bring attention to their political and social agenda or ideology. Some of the hacktivists groups, such as Anonymous, have been successfully building their “brands” for several decades already.17 Groups like Lulz Security (LulzSec) and Anonymous targeted high-profile organisations and businesses by carrying out distributed denial of service (DDoS) attacks, defacing websites, redirecting traffic, and leaking data. LulzSec’s victims include the Church of Scientology, the FBI, the CIA, the US Senate and Justice Department, MasterCard, Visa, Sony, the Wall Street Journal, Vatican City and others.18 The recent trend in hacktivism show copycat attacks carried out by groups acting like hacktivists but without clear political or social cause. Some reports predict that this might be the beginning of a new era of hacktivism, when malicious actors with hard-todetermine motives can use hacktivism as a mask, making attribution harder.19

4. Nation states and state-supported actors 10

National states are increasingly getting engaged in economic and industrial espionage and intelligence gathering. Furthermore, some states have been allegedly involved in computer network and critical information infrastructure attacks.20 Consequently, it is nation states and actors used as proxies (especially organised cybercrime groups and hacktivists)21 or backed up by the states that represent the most advanced and persistent threat to cybersecurity. Even when states are not proactively engaged in malicious activity, they still can collect and use intelligence for their military planning and doctrines, for offensive and defensive capabilities and for getting engaged in classic espionage.

14 Kenney, in: Cyberspace: Malevolent Actors, Criminal Opportunities, and Strategic Competition, Williams/Fiddner (eds.), 2016, 153 (154); Cilluffo, A Global Perspective on Cyber Threats, 2015, 2, available at: https://cchs.gwu.edu/testimonies. 15 See Brunst, in Wade Maljević(eds.), A War on Terror?, 2010, 51 (65 et seq.). 16 In April 2015, hackers disrupted the internal broadcasting system of the French TV channel TV5Monde and posted material on its social media feeds including protest against French military action in Iraq. Although the attack was initially attributed to ISIS, according to reports French authorities later suspected the involvement of the hacking group named “Fancy Bear” that is allegedly linked to the Russian military intelligence agency GRU, see http://reut.rs/1IGfCBo. 17 McAfee Labs, 2016 Threats Predictions, 36, available at: https://www.mcafee.com/us/resources/ reports/rp-threats-predictions-2016.pdf; Sophos, Security Threat Report 2012, 4, available at: https:// www.sophos.com/medialibrary/pdfs/other/sophossecuritythreatreport2012.pdf. 18 Sterner, The Paradox of Cyber Protest, 2012, 2, available at: http://marshall.org/science-and-tech/theparadox-of-cyber-protest/. 19 McAfee Labs, 2016 Threats Predictions, 36–37, available at: https://www.mcafee.com/us/resources/ reports/rp-threats-predictions-2016.pdf. 20 Cilluffo, A Global Perspective on Cyber Threats, 2015, 3–4, available at: https://cchs.gwu.edu/ testimonies. 21 Maurer, Cyber Mercenaries, 2018, 16 et seq.

128

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:46 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

The difference between cybercriminals and state-backed hackers is that the latter can 11 be a part of the nation state’s military or security organisations. For example, North Korea allegedly possesses sophisticated military offensive cyber operations capabilities that were involved in several malicious cyber activities since 2009.22

5. Actors’ motivation and attribution issue The differentiation of the threats based on motivation, albeit being helpful for 12 attribution to a specific domain, is still suffering from the lack of clear borders: actors can blend together, collaborate to advance their cyber capabilities and provide cover for each other.23 Organised cybercriminals can assert the interests of a particular nation state,24 and politically motivated attackers work with nation states to advance their goals. This behaviour increases the chance of attribution mistake or of a miscalculation when assessing cybersecurity risks. For example, it is alleged that Russia and other states use the capabilities of criminal organisations operating in the cyber domain.25 Furthermore, due to the anonymity of the internet and the lack of attribution, it is not always possible to define with certainty whether a cybersecurity threat is backed up by the nation state or motivated by financial gain only. Despite the lack of clear borders, the motivation behind the act is still a crucial factor 13 because an effective response to the threat from one actor in some cases cannot be used against others. For instance, a nation state as a threat cannot be deterred by the same methods as organised cybercrime or a terrorist group: while dismantling organised crime online would be the domain of criminal law, the destructive attack of one state on another can raise the issue to the level of war and applicability of humanitarian law.26

II. Threats to confidentiality, availability and integrity of data and systems The spectrum and multitude of cybersecurity threats are determined by the variety of 14 actors that can use cyberspace for malicious activity, and the wide array of tools and targets available to them. While the threats go beyond the criminal acts committed in cyberspace, not every criminal activity would represent a cybersecurity threat. For example, the crime creation, sharing, accessing of child abuse images, while clearly falling into the domain of criminal investigations, will not constitute a cybersecurity threat as it does not endanger or target the computer systems or data. At the same time, other crimes that use social engineering techniques in addition to digital tools would clearly belong to cybersecurity threats, because they include manipulation or interference with computer data and contribute into the underground economy of cybercrime. This includes the cases of phishing or computer fraud, and, under certain conditions also acts posing a risk to national security, for example, the use of social engineering to get access to protected systems for espionage. 22 Office of the Secretary of Defense, Military and Security Developments Involving the Democratic People’s Republic of Korea, 2017, 13 et seq, available at: https://fas.org/irp/world/dprk/dod-2017.pdf. 23 Department of Defense, The DoD Cyber Strategy, 2015, 9, available at: https://www.hsdl.org/? abstract&did=764848. 24 Shimeall, From Cyber Crime to Cyber War: Indicators and Warnings, in: Cyberspace: Malevolent Actors, Criminal Opportunities, and Strategic Competition, Williams/Fiddner (eds.), 545 (548). 25 See supra fn 16 and infra fn 31. 26 Sommer/Brown, Reducing Systemic Cybersecurity Risk, 11, available at: https://www.oecd.org/gov/ risk/46889922.pdf.

Tropina/von zur Mühlen

129

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:46 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

Therefore, classification of cybersecurity threats should not be attached only to criminal activities. Depending on the type and motivation of the attackers the threats are much broader than the domain of cybercrime and require different responses depending on the target, on the attacker, and types of data or systems that are endangered by a particular threat. 16 Threats are interdependent and are not mutually exclusive. For example, unauthorised access to data and systems can be used for interference or modification of data. Furthermore, denial of service attacks with the use of botnets would not be possible if the attackers did not get illegal access to the system by compromising it with malware and “zombying” it.27 Thus, while there is a distinction between different type of acts depending on the “core” activity and targets, they can complement each other in a particular malicious act. 15

1. Unauthorised access to data and systems Unauthorised access to computer data and systems – the so-called hacking – as a danger goes beyond just a criminal offence of accessing computer systems. This is a “meta-threat” because in many cases it is the first essential step for stealing sensitive information, modification and destruction of data, unauthorised disclosure and other activities. 18 Any type of malicious actor relies on an unauthorised access in achieving their aims. Cybercriminals use access for further commission of fraud and identity theft or for unauthorised disclosure of data. Illegal access with the purpose of unauthorised disclosure is also the tool of some hacktivists, such as in the case of the “Ashley Madison” breach, when in 2015, a group of highly skilled hacktivists “The Impact Team,” hacked into the extramarital websites owned by Avid Life Media, in particular, Ashley Madison website. The group threatened to expose information about clients if the site is not shut down. Later they leaked personal data of 32 million users publicly on the dark net.28 19 Illegal access is also a core threat when it comes to the state-supported malicious activity. Unauthorised intrusion into computer systems lies at the core of industrial and economic espionage and other dangers posed by nation states or state-backed actors. One of the examples, which went far beyond unauthorised access, is the so-called “Sony Hack”, when malicious actors, allegedly supported by North Korea and possibly in retaliation for a comedy movie, carried out an intrusion into the systems of Sony Pictures Entertainment. The unauthorised access led to the theft of confidential business information, sensitive data about Sony employees, celebrities and contractors. The access was combined with a destructive cyberattack and followed by coercion, threats of violence of terrorism.29 20 Unauthorised access is not always a pure technical threat: the access can be obtained by both “hacking” (unauthorised intrusion into the computer systems) and by social engineering techniques like phishing, when the target is lured to disclose access credentials. This happens both in cybercrime and in state-supported malicious acts. For example, the Danish Defence Intelligence Service reported that in 2015 and 2016 the same foreign actor repeatedly attempted to access data of the Danish Ministry of Foreign Affairs and the Ministry of Defence via phishing campaigns, which were carried 17

27 European Parliament, Cybersecurity in the European Union and Beyond, 2015, 38, available at: http:// www.europarl.europa.eu/RegData/etudes/STUD/2015/536470/IPOL_STU(2015)536470_EN.pdf. 28 https://www.wired.com/2015/08/happened-hackers-posted-stolen-ashley-madison-data/. 29 Department of Defense, The DoD Cyber Strategy, 2015, 1–2, available at: https://www.hsdl.org/? abstract&did=764848.

130

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:47 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

out against targeted individuals with the aim to reveal their login information. In addition to phishing, the attackers tried to access email accounts by the use of automated testing of passwords.30 Tailored phishing attacks against specific individuals – the so-called “spear-phishing” – also have been conducted to compromise the personal e-mail accounts of Democratic Party officials during the 2016 US election.31

2. Illegal interception Illegal interception of electronic communications endangers the confidentiality of 21 computer data and interconnected systems. Interception can be carried out by any malicious actor with the goal to obtain sensitive data – be it from individuals, for corporate espionage or for other intelligence purposes. Some of the interception methods exploit the weaknesses in the critical Internet infrastructure, like vulnerabilities in the Border Gateway Protocol (BGP), which is responsible for the entire Internet traffic routing. The so-called BGP-hack allows hackers to compromise the routers and redirect the traffic into a system under their control, hijacking the traffic without either sender or recipient noticing that the traffic had been intercepted at some unscheduled stop.32 Illegal interception can be performed by intelligence agencies in a foreign jurisdiction to collect sensitive information: for example, different documents released by National Security Agency (NSA) whistleblower Edward Snowden and by WikiLeaks indicate that the German Chancellery as well as (in a specific case) communications from the German foreign intelligence agency and the German federal criminal office were a target for interception by the US NSA.33

3. Interference with computer data and systems From computers of individual users to the obstruction of critical infrastructure – 22 interference with data and systems is probably the most common type of threat endangering availability and integrity of data. It can include denial of service attacks, destruction of data, and data modification. Currently, the denial of service attacks, ransomware, and targeted attacks against critical infrastructure can be considered as the most dangerous cyber threats. a) Denial of service and computer sabotage Computer sabotage, or denial of service is one of the most straightforward cyberse- 23 curity threats.34 DDoS (distributed denial of service) attacks have a major impact on the operation of the businesses by limiting the availability and accessibility of data and services to customers or public. DDoS attacks can be used by different actors: criminals employ them for blackmailing the businesses to pay money to stop the attack or under further threat to destroy the data, hacktivists carry this type of attacks to achieve their political goals, and nation states can use DDoS in political conflicts. 30 Danish Centre for Cyber Security, Threat Assessment: The cyber threat against Denmark, 2017, 4, available at: https://fe-ddis.dk/eng/Products/Intelligence-Risk-Assessments/. 31 Department of Homeland Security/Federal Bureau of Investigation, Joint Analysis Report on GRIZZLY STEPPE, 2016, 2, available at https://www.us-cert.gov/security-publications/; Office of the Director of National Intelligence, Assessing Russian Activities and Intentions in Recent US Elections, 2017, 2, available at: https://www.dni.gov/files/documents/ICA_2017_01.pdf. 32 For a recent example of a BGP-hack see Zetter, Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet, available at: https://www.wired.com/2013/12/bgp-hijacking-belarus-iceland/. 33 Gebauer/Moltke/Sontheimer, Spiegel Online, 29.09.2015, available at: http://www.spiegel.de/international/world/new-snowden-document-reveals-us-spied-on-german-intelligence-a-1055055.html. 34 European Parliament, Cybersecurity in the European Union and Beyond, 2015, 39, available at: http:// www.europarl.europa.eu/RegData/etudes/STUD/2015/536470/IPOL_STU(2015)536470_EN.pdf.

Tropina/von zur Mühlen

131

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:47 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda 24

In most of the cases the interference is performed with the use of botnets – the robot networks that consist of compromised “zombie” computers, exploited without the knowledge of their owners.35 The recent attacks showed also that the botnets started exploiting the vulnerabilities of the Internet of Things by targeting poorly secured home devices connected to the Internet. In October 2016 the botnet operating with the use of Mirai malware brought parts of the Internet infrastructure on the US east coast offline by launching a coordinated attack on Dyn – a company that controls big parts of the domain name system.36 Later in December 2016 the same botnet was used to attack home routers, particularly affecting the customers of Deutsche Telekom in Germany and TalkTalk in the UK, bringing millions of users in Europe offline.37

b) Ransomware 25 Ransomware is a type of malicious software that interferes with computer networks or individual devices, encrypts the data and locks access to it, allowing malicious actors to demand a ransom for restoring the access. The first ransomware – the “PC Cyborg Trojan” – was documented as early as in 1989.38 Nowadays, almost three decades later, ransomware became an attractive tool for financial profit.39 26 The recent ransomware attacks – WannaCry and NotPetya – in May and June 2017 demonstrated a significant vulnerability of many computer systems and networks of individuals, businesses and governments to this type of threat. Both types of ransomware used Windows exploits that were leaked by the hacking group Shadow Brokers, possibly stolen from government entities.40 The WannaCry ransomware attack hit, among others, the networks and systems of Telefonica, Deutsche Bahn and NHS hospitals in the UK.41 The NotPetya ransomware attack started in Ukraine through a hacked Ukrainian accountancy software developer and affected some critical systems such as the automatic radiation monitoring systems in Chernobyl, energy companies and government agencies. NotPetya further spread to systems in Russia, Western Europe and the US. 27 According to NATO Cooperative Cyber Defence Centre of Excellence (CCDCoE), NotPetya ransomware had the level of complexity and costs showing that it is highly unlikely being developed by unaffiliated actors. As the poor design of ransomware collection methods made it impossible to cover the costs of the deployment of malware, NATO CCDCOE claims that with high probability NotPetya ransomware was launched either “by a state actor or a non-state actor with support or approval from a state”.42 28

c) Targeted interference with computer data, systems and networks The most dangerous cases of interference with data and systems are represented by targeted attacks, especially those that can possibly be politically motivated. In 2009 Stuxnet worm affected the operations of centrifuges at an Iranian uranium-enrichment 35 Tiirmaa-Klaar/Gassen/Gerhards-Padilla/Martini, Botnets, Cybercrime and National Security, in: Botnets. SpringerBriefs in Cybersecurity, 2013, 2. 36 See Scott/Spaniel, Rise of the Machines: The Dyn Attack was Just a Practice Run, 2016 available at: http://icitech.org/wp-content/uploads/2016/12/ICIT-Brief-Rise-of-the-Machines.pdf. 37 https://www.enisa.europa.eu/publications/info-notes/mirai-malware-attacks-home-routers. 38 Ahn/Doupe/Zhao/Liao, in: Holt (ed.), Cybercrime Through an Interdisciplinary Lens, 2016, 105. 39 According to the FBI, the victims of ransomware in the first quarter of 2016 paid $209 million for restoring access to their data, see http://nbcnews.to/2i5BU8Y. 40 Shane/Perlroth/Sanger, Security Breach and Spilled Secrets Have Shaken the N.S.A. to its Core, New York Times, December 12 2017, available at https://www.nytimes.com/2017/11/12/us/nsa-shadow-brokers.html. 41 CERT-EU, WannaCry Ransomware Campaign Exploiting SMB Vulnerability – v1.6, May 22 2017 available at: https://cert.europa.eu/static/SecurityAdvisories/2017/CERT-EU-SA2017-012.pdf. 42 https://ccdcoe.org/notpetya-and-wannacry-call-joint-response-international-community.html.

132

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:48 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

plant43 and, as estimated in reports, allegedly caused a partial destruction of approximately 1000 centrifuges.44 The Shamoon virus destroyed hard drives and shut down more than 30,000 computers at major energy companies in the Middle East in 2012 and reappeared several years later, wiping the information from hard drives in Saudi Arabia in November 2016 and January 2017.45 Attacks against power grids in Ukraine in December 2015, when the disruption of energy grids caused power blackout for more than 200,000 customers is yet another example of how data and system interference can be used to attack parts of critical infrastructure.46 d) Advanced persistent threats The term “Advanced persistent threat” (APT) refers to the activities performed by 29 organised criminals or state-supported actors intruding into a network and staying there undetected for an extended period of time, mapping its vulnerabilities and defence, locating and acquiring data, and utilising information that is captured in the course of intrusion. APT is always a customised infiltration, which means that it includes the process of preparation, learning about the technical characteristics of the network, targeting specific defences, collecting access information by technical means and social engineering techniques. Most of the APTs are performed by highly qualified intruders and target sensitive data related to diplomacy, politics, and intelligence services.47 e) Threats to critical infrastructure Critical infrastructures today mostly rely on software-based control systems and, 30 therefore, are increasingly becoming dependent on information technologies, which makes them also interrelated and interdependent.48 Cyberattacks against critical infrastructures, such as electricity and water supply, healthcare, transportation, financial services, can disrupt the supply of essential services and have devastating effect on public safety. The recent attacks such as above-mentioned Ukrainian power outage in 2015 and nuclear plant attacks in December 2014 in South Korea, where a state-run nuclear operator was the subject of a theft of sensitive data such as blueprints of nuclear reactors and electrical flow charts,49 show how vulnerabilities of the critical infrastructures can potentially cause significant damage. The alleged hacks of Russian Government on the email servers of the Democratic National Committee in the US raised the debate of the possibility of the nation state not only to disrupt the functioning of critical information infrastructures, but to also influence via cyberattacks the political situation in the other countries.50 43 See Shakarian/Shakarian/Ruef, Introduction to Cyber-Warfare: A Multidisciplinary Approach, 2013, 224–235. 44 Baylon/Brunt/Livingstone, Cyber Security at Civil Nuclear Facilities: Understanding the Risks, 2015, 3 available at: https://www.chathamhouse.org/publications/. 45 Symantec, Internet Security Threat Report, 2017, 16–17, available at: https://www.symantec.com/ security-center/threat-report. 46 Styczynsky/Beach-Westmoreland/Stables, When the lights went out: A comprehensive review of the 2015 attacks on Ukrainian critical infrastructure, 2016, available at: https://www.boozallen.com/content/ dam/boozallen/documents/2016/09/ukraine-report-when-the-lights-went-out.pdf. 47 Andress/Winterfeld, Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, 2013, 154. 48 See ENISA, Methodologies for the identification of Critical Information Infrastructure assets and services, 2015, 1, available at: https://www.enisa.europa.eu/publications/methodologies-for-the-identification-of-ciis. 49 Baylon/Brunt/Livingstone, Cyber Security at Civil Nuclear Facilities: Understanding the Risks, 2015, 3 available at: https://www.chathamhouse.org/publications/. 50 Shackelford et al., Making Democracy Harder to Hack, University of Michigan Journal of Law Reform 50:3 (2017), 630 (632).

Tropina/von zur Mühlen

133

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:48 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

III. “Cyberwarfare”, “Information warfare” and “Hybrid cyberwarfare” The possibility of “cyber Pearl Harbor”51 is being debated for at least a decade. While for the time being there has been no act of “cyberwar” that would have caused deaths or significant damage to human beings, the combination of kinetic attack and cyberattack to multiply the effect of traditional warfare might be a likely scenario in the future.52 Therefore, a growing number of countries are including cyber-conflict in their military considerations by establishing special units, adopting new military doctrines and developing national strategies for cyber defence and capabilities for cyberwarfare.53 Attacks against Estonia in 2007 and Georgia in 2008,54 Stuxnet and Sony Hacks, interference with power grids in Ukraine and NotPetya ransomware gave prominence to the debate on the state and non-state actors’ capability to develop and use the socalled “cyberwarfare” alone or in addition to traditional warfare.55 Moreover, there are raising concerns about exploiting vulnerabilities of critical infrastructure that will allow achieving political aims without armed conflict and with the lower risk of retaliation due to the lack of attribution.56 32 In addition to the debates on cyberwarfare, a recently emerged concept of hybrid warfare in cyber domain is currently changing cybersecurity narratives. This concept was at first meant to address threats combining traditional warfare with cyberattacks. However, in the recent years the threat of propaganda, disinformation and misinformation (the so called “fake news”) and other harmful content spread on the Internet are included into the hybrid warfare narrative.57 The perceived national security threat relates to the use of propaganda together with cyberattacks, such as hacking critical information infrastructures, as a weapon for political destabilisation. 33 This concept represents a major shift in the cybersecurity narrative. In the past Western liberal democracies resisted efforts by groups such as the Shanghai Cooperation Organization to define “subversive content” as a cybersecurity issue. It was widely recognised that cybersecurity threats mostly represent technical threats, and that content regulation requires different sets of legal and policy instruments. Since this debate is relatively new, it is not clear whether the inclusion of the content, threats such as propaganda or “fake news” into the overall concept of cybersecurity threats is temporary or the entire concept will change in the near future. 31

51 This term is widely used as an analogy for a strategic surprise attack against national critical information infrastructure, see e. g. the remarks by Secretary Panetta on Cybersecurity, New York City, 11 October 2012, available at: http://archive.defense.gov/transcripts/transcript.aspx?transcriptid=5136. On the use of the analogy see Goldman/Warner, in: Perkovich/Levite (eds.), Understanding Cyber Conflict, 2017, 147 et seq.; Wirtz, Intelligence and National Security 32.6 (2017), 758 (758 et seq). 52 See European Parliament, Cyber defence in the EU: Preparing for cyber warfare?, Briefing October 2014, available at: http://www.europarl.europa.eu/thinktank/de/document.html?reference=EPRS_BRI (2014)542143. 53 See infra D.V. 54 See for details Tikk/Kaska/Vihul, International Cyber Incidents: Legal Considerations, 2010, available at: https://ccdcoe.org/publications/books/legalconsiderations.pdf. 55 See Greathouse, in: Kremer/Müller (eds.), Cyberspace and International Relations, 2014. 56 Cornish et al. (2010), On Cyberwarfare, 2010, available at https://www.chathamhouse.org/publications/. 57 See e. g. Thornton, The RUSI Journal, 160:4 (2015), 40; NATO StratCom COE, Social Media as a Tool of Hybrid Warfare, 2016, available at: https://www.stratcomcoe.org/social-media-tool-hybrid-warfare.

134

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:49 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

C. Cybersecurity Policies and Frameworks I. Tools and policies to address cybersecurity threats The complexity of threats existing in cyberspace blurs the boundaries between 34 different security regimes, such as civil defence, military defence and criminal justice, which previously were considered as distinct domains of policy and regulation.58 Traditionally, both crime and war were the acts of aggression committed in the physical world. The act of war was “unambiguous” and “unique” as mostly only nation states could summon the resources to launch physical aggression on another nation state.59 In case of crime the domain for criminal justice and law enforcement was clear with the ultimate dominance of reactive approach60 to prosecute the offender. This domain was defined in and governed by the criminal law of the sovereign states and mutual legal assistance treaties. With cyber threats, however, the problem of blurring borders between state, non-state and state-supported actors is changing the concept of crime and war and, as a result, erode the division between internal and external public order both for the purpose of prevention of and reaction to cybersecurity incidents. Theoretically, the different cybersecurity policies and regimes can be distinguished 35 based on the nature of threats and approaches to addressing them.61 In reality, however, the cybersecurity regimes are much more multifaceted, fragmented and overlapping. Various binding and non-binding treaties, frameworks and other instruments have been adopted or are being discussed on the international, regional, bilateral and national levels. The subject areas of the responses to cybersecurity threats vary from international law of armed conflict, critical information infrastructure protection to investigation of any crime leaving digital traces, to name but a few. Furthermore, development of cybersecurity regimes differs from traditional way of legislating reaction to aggression in a physical world: states are resorting “to normative activity outside the scope of traditional international law”62 and many of the processes are focused on the so-called “norm-making”, the soft law and non-binding tools as an alternative to international treaties.63 These processes are extremely complex and to a large degree fragmented; however, the policies and frameworks are not limited to norm-making as such. In addition to creation of binding measures and soft law instruments for cyberspace there are efforts related to foreign policy and diplomacy on the bilateral and multi58 See Tropina, in: Tropina/Callanan (eds.), Self- and Co-regulation in Cybercrime, Cybersecurity and National Security, 2015, 6; Bendiek, European Cyber Security Policy, 2012, 6. 59 Brenner, Journal of Criminal Law & Criminology 97.2 (2007), 379 (403). 60 Watney, Journal of Internet Technology and Secured Transactions 1.3 (2012), 63. 61 For example, Maurer suggests “two-stream” model, which differentiates two international (on the level of the UN) approaches to the cybersecurity issues: politico-military stream and economic stream. The former refers to the use of the information technologies for undermining international stability and the latter includes the criminal misuse of information technologies, see Maurer, Cyber norm emergence at the United Nations – An analysis of the activities at the UN regarding Cyber-security, 2011, 6, available at http://belfercenter.ksg.harvard.edu/files/maurer-cyber-norm-dp-2011-11-final.pdf. 62 Mačák, Leiden Journal of International Law 30 (2017), 5, available at: https://ssrn.com/abstract=2961821. 63 Finnemore/Hollis, in The American Journal of International Law 110.3 (2016), 437; Osula/Rõigas, in: Osula/Rõigas (eds.), International Cyber Norms – Legal, Policy & Industry Perspectives, 2016, 11, available at: https://ccdcoe.org/sites/default/files/multimedia/pdf/InternationalCyberNorms_full_book.pdf; Giles, Prospects for the Rule of Law in Cyberspace, 2017, 17, available at: https://ssi.armywarcollege.edu/pubs/ display.cfm?pubID=1343.

Tropina/von zur Mühlen

135

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:49 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

lateral level,64 which are represented by the on-going work to develop confidence building measures65 via diplomatic channels. Additionally, the processes of development of different organisational measures, technical cooperation, capacity building frameworks and public-private collaboration between industry and governments in providing cybersecurity on both national and international levels add more complexity to the multi-dimensional cybersecurity policy-making. 36 Another factor that increases the complexity is the erosion of traditional division between public and private sector and the issue of the degree of governmental intervention and regulation in cybersecurity domain. While it is governments who traditionally have the constitutional mandate to maintain public safety, the major parts of critical infrastructure and networks are owned and managed by the private actors, who play a critical and decisive role in identifying cyber threats and responding to them.66 The development of the internet was mostly dominated by the concept of opposing any regulation for the sake of innovation and development of the new technologies.67 However, the increasing dependencies on information infrastructure and vulnerability to cyber threats have changed the cybersecurity landscape, led to reconsidering the role of the governments, and “have produced a rush to regulate cybersecurity”68. Currently, there is a major shift, especially in Europe, from hands-off regulation to a stronger role of the governments in imposing mandatory cybersecurity requirements in the private sector69. 37 The challenge of developing responses to cybersecurity threats is the need to address all the facets of the problem and to understand that different tools are required depending on the threat and motivation of the attackers. While it is important to focus on the targets of the attacks, their methodology and consequences, the need to define the “ownership of cybersecurity”70 when it comes to threat is critical for attributing responses to distinct regulatory domains: national security agencies, military or law enforcement. Furthermore, the distinction between various regimes is crucial on an international level as responses to one threat will not solve other problems: for example, the processes related to cyberaggression or cyber-disarmament will not improve mutual legal assistance in digital crossborder investigations. 38 While this section of the chapter makes a distinction between different cybersecurity regimes, it should be noted that the “ownership” of legal, regulatory, policy and other responses to a particular threat will not always fit the traditional concepts of security mandates in criminal law, law of armed conflict, and public international law.71 The assignment of a particular problem to a specific agency – be it law enforcement or national security services – depends on the combination of factors, such as seriousness of the threat, motivation of the attackers, the scale of the problem and possible consequences.

64 See Tiirmaa-Klaar, in: Ziolkowski (ed.), Peacetime Regime for State Activities in Cyberspace, 2013, 509 et seq. 65 Van der Meer, in Samuel/Sharma (eds.), Securing Cyberspace: International and Asian Perspectives, 2016, 95. 66 Bendiek, above n. 58, 6. 67 Lewis, Telecommunications Policy 29.11 (2005), 821 et seq. 68 Bambauer, Minnesota Law Review 96.2 (2011), 584 (606). See also Alderson/Soo Hoo, The Role of Economic Incentives in Securing Cyberspace, 2004, 2 et seq., available at: http://cisac.fsi.stanford.edu/ publications. 69 Tropina, 2015, above n. 58, 29 et seq. 70 Hathaway et al, California Law Review 100.4 (2012), 817 (831). 71 Bambauer, 2011, above n. 68, 595 et seq.

136

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:50 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

II. Cybersecurity regimes 1. Criminal law and tackling crime Criminal law provides a set of instruments to respond to the threats to confidenti- 39 ality, integrity and availability of data, systems and networks and other threats. However, the domain of criminal justice is much wider than cybersecurity threats: cybercrime frameworks are being used for investigation of any crime leaving digital traces. Due to the transborder nature of criminal activity in cyberspace, the key to tackle the problem of cybercrime is harmonisation of legal standards in substantive criminal law and in the field of criminal procedure and mutual legal assistance.72 The first attempt to harmonise legislation in this area was taken three decades ago, 40 when the OECD proposed a list of acts serving as a common denominator for criminalisation of computer crime.73 However, despite the “flurry of activity in relation to cybercrime at the international, regional and national level”74 in the last decades, there is no global cybercrime treaty. Current approaches are to a large degree fragmented and involve many international and regional organisations operating in this field. The most important document up to date is the Council of Europe’s Convention on Cybercrime 2001, which became the only standard, that strives to achieve a truly international level.75 The single initiative taken on the global level by the United Nations (UNODC) – Comprehensive Study on Cybercrime76, which potentially could lead to a proposal on a cybercrime treaty – failed in 2013 due to the lack of both political willingness, and also due to the pioneering role of the Council of Europe in this field.77 In addition to CoE Convention, many other organisations, such as the European Union, 41 the Commonwealth of Independent States, African Union, and others developed various binding and non-binding regional cybercrime frameworks. Such instruments include the EU Directive on Attacks against information systems78, the Commonwealth Model Law on Computer and Computer Related Crime, frameworks of Commonwealth of Independent States and the Shanghai Cooperation Organisation, the League of Arab States’ Convention on Combating Information Technology Offences, African Union Convention on Cybersecurity and Data Protection 2014, and some others.79 These instruments have to a large 72 See Sieber/Neubert, Max Planck Yearbook of United Nations Law 20 (2016), 241 (243 et seq.); Goodman, in Ghosh/Turrini (eds.), Cybercrimes: A multidisciplinary analysis, 2010, 320 et seq.; Sieber, in Delmas-Marty at el (eds).: Les chemins de l’Harmonisation Pénale/Harmonising Criminal Law, 2008, 127 et seq. 73 OECD, Computer-Related Criminality: Analysis of Legal Policy in the OECD Area, 1986. 74 Clough, Monash University Law Review 40.3 (2014),730 (698). 75 As of the 10th of February, 2018, it has been ratified by 56 states and has only 4 signatories not followed by ratification. Despite being an instrument of the regional organisation, the Convention was open to signatures by non-members from the very beginning: even during the negotiations phase, four non-member states – the United States, Canada, Japan and South Africa – participated in the drafting process and signed the Convention. Except South Africa, three other states ratified the Convention later. Furthermore, the list of non-members of Council of Europe that ratified the convention includes such countries Australia, Dominican Republic, Israel, Mauritius, Panama, and others. See: Council of Europe, Chart of signatures and ratifications of Treaty 185 Convention on Cybercrime. Available at: https://www. coe.int/en/web/conventions/full-list/-/conventions/treaty/185/signatures. 76 United Nations Office on Drugs and Crime (UNODC), Comprehensive Study on Cybercrime, 2013. 77 See von zur Mühlen/Tropina, Vereinte Nationen 2/2016, 59 et seq. 78 Directive 2013/40/EU on attacks against information systems and replacing Council Framework Decision 2005/222/JHA. 79 A detailed list and analysis of cybercrime-related instruments can be found in the UNODC, 2013, above n. 76, 63 et seq.

Tropina/von zur Mühlen

137

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:51 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

degree influenced each other, with the most prominent role played by the Council of Europe Cybercrime Convention in setting the international standards. Yet, despite having common core provisions, they significantly differ in substantive areas: while most of them cover the criminalisation of certain illegal behaviour in cyberspace, very few establish mechanisms for international cooperation in cybercrime investigations.80 42 On national level the degree of fragmentation goes even further: while substantive criminal law is to a large degree harmonised81, the cross-border transmission of electronic evidence depends on mutual legal assistance and on the availability of certain investigatory instruments in the national law. Furthermore, there are differences related to the whole national security architecture and the place of criminal justice in it. For example, in some countries, there is a strict separation between law enforcement and intelligence agencies, while in other regimes law enforcement and intelligence share information freely.82 These differences influence transborder cooperation in cybercrime investigation and, as criminal justice traditionally is considered to be a sole domain of a sovereign state, it is hard to solve the problem of fragmentation with the adoption of an international treaty.

2. Critical information infrastructure protection frameworks The protection of critical infrastructure is a distinct area of cybersecurity regimes as critical information infrastructure resilience includes not only robustness in the case of cyberattacks, but also a broader spectre of issues, such as resilience in case of weather disaster or human errors.83 The first step to establish international standards was taken in 2003, when G8 suggested eleven principles for protection of critical information infrastructures. The principles include, among others, creation of emergency warning networks, raising awareness among stakeholders and promoting partnerships between them, and international cooperation. Notably, this shows the overlap in the mandates between critical information infrastructure protection and criminal justice domain – the G8 principles encourage countries to “have adequate substantive and procedural laws, such as those outlined in the Council of Europe Cybercrime Convention of 23 November 2001, and trained personnel to enable them to investigate and prosecute attacks on critical information infrastructures, and to coordinate such investigations with other countries as appropriate”.84 44 The G8 effort was followed by the resolution 58/199 of the United Nations General assembly, which refers to the G8 principles, and by the resolution 64/211 that offers the tools to assess policies on critical information infrastructure protection.85 Further efforts at the level of the United Nations were taken by the International Telecommunications Union (ITU), which in 2005 got involved in critical information infrastructure protection under the mandate of the WSIS. In 2007 the ITU launched a global cybersecurity agenda that resulted in the creation of IMPACT – International Multi-Lateral Partnership Against Cyber Threats.86 43

80 Such instruments can be found only in the Council of Europe Convention, the Commonwealth of Independent States Agreement, and the League of Arab States Convention. 81 UNODC, 2013, above n. 76, 72 et seq. 82 Tropina, in Sieber/von zur Mühlen (eds.), Access to Telecommunication Data in Criminal Justice, 2016, 9 (17 et seq.). 83 Tropina, 2015, above n. 58, 11. 84 G8, G8 Principles for Protecting Critical Information Infrastructures, 2003, available at: http://www. cybersecuritycooperation.org/documents/G8_CIIP_Principles.pdf. 85 See Serrano, European Journal of Law and Technology 6.3 (2015), 3, available at: http://ejlt.org/ article/view/396/592. 86 See http://www.impact-alliance.org/aboutus/mission-&-vision.html.

138

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:51 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

Regional organisations also play an active role in the field of critical information 45 infrastructure protection. In 2008 OECD adopted the Recommendation of the Council on the Protection of Critical Information Infrastructures, calling for the member states to implement such measures as risk management strategies, creation of CERT (computer emergency response teams) and CSIRTs (computer security incident response teams), public-private partnerships and others87. The European Union created the European Network and Information Security Agency (ENISA) in 2004 for coordination of efforts among Member States, launched the EU Cybersecurity strategy in 2013, and subsequently adopted the Directive on security of network and information systems (NIS Directive) in 2016.88 The possible effect of NIS Directive is, however, still unknown, as the Member States should identify the operators of essential services that are regulated by the Directive by 9 November 201889.

3. Frameworks for cyberwar and warfare There is no international consensus on the thresholds and triggers for malicious 46 activity in cyberspace to reach the level of threat or use of force, threat to the peace, breach of the peace or act of aggression, or armed attack as stipulated by the UN Charter and humanitarian law.90 Undoubtedly, as many state-supported threats in cyberspace fall below such a threshold, it is uncertain which rules should apply and how to prevent states from supporting cyberattacks. The development of frameworks in this area considers, firstly, the application of the law on the use of force (ius ad bellum) and international humanitarian law (ius in bello) to cyberspace91, and, secondly, the rules for responsible state behaviour. On the national level and on the level of military alliances cyberwar constitutes the development of military strategies and offensive and defensive capabilities of the nation states. The question of applying international humanitarian law (ius in bello) to acts and 47 conflicts in cyberspace and the issue of responsible state behaviour have been addressed, most prominently, on the level of the United Nations in the work of the UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE).92 The group, which started its work in 2004, produced three consensus reports: in 2010, 2013 and 2015. Two of the reports – in 2013 and 2015 – showed some agreement on the legal matters related to applicability of international law to cyberspace and responsible behaviour of states, such as not interfering with each other’s critical infrastructures, not targeting each other’s computer emergency response teams, assistance in investigation of cyberattacks and responsibility for actions originating from countries’ territory.93 87 OECD, OECD Recommendation of the Council on the Protection of Critical Information Infrastructures, 2008, available at: http://www.oecd.org/sti/40825404.pdf. 88 EU Directive 2016/1148 concerning measures for a high common level of security of network and information systems across the Union. 89 Art. 5 of EU Directive 2016/1148 concerning measures for a high common level of security of network and information systems across the Union. 90 Lotrionte, in: Beck (ed.), Law and Disciplinarity. Thinking Beyond Borders, 2013, 67 (71); Pipyros et al, A new strategy for improving cyberattacks evaluation in the context of Tallinn Manual, Computers & Security 74 (2017), 371 (375). 91 Giles, 2017, above fn. 63, 9. 92 See e. g. Tikk-Ringas, Georgetown Journal of International Affairs 17.3 (2016), 47 et seq. 93 United Nations, Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, 2013, available at: http:// www.un.org/ga/search/view_doc.asp?symbol=A/68/98; United Nations, Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, 2015, available at: http://www.un.org/ga/search/view_doc.asp?symbol=A/70/174.

Tropina/von zur Mühlen

139

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:52 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

However, the 5th GGE (with the mandate 2016–2017) after two years of work “collapsed”94 as the final report was rejected by a number of countries, including Cuba and, allegedly, Russia and China95 due to their disagreement with the inclusion of such provisions as the right to self-defence, the right to respond to wrongful acts and the applicability of the international humanitarian law into the report.96 It is currently unclear whether the United Nations will continue the process of norm-making in this field in GGE format or in any other way. Undoubtedly, the failure of the 5th GGE shows the divergence in the legal and political debates and the inability of the UN to resolve these issues in the foreseeable future. 49 Further frameworks related to military activities in cyberspace can be found on the level of military alliances, notably, NATO.97 The first attempts to evolve cyber capabilities were taken at the NATO Summit in 2012 and followed by the creation of the NATO Computer Incident Response Capability. In 2005, NATO included the cyber threat in the Comprehensive Political Guidance document. The need to establish cyber capabilities was fully recognised after attacks against Estonia in 2007 and led to the adoption of the Policy on Cyber Defence.98 In 2014 the Wales Summit affirmed that “cyber-defence is part of NATO’s core task of collective defence”. Furthermore, cyberspace was recognised as a “domain of operations in which NATO must defend itself as effectively as it does in the air, on land and at sea” at the NATO meeting in Warsaw in 2016.99 50 Current NATO’s strategy for cyber defence includes the implementation of national cyber defence capabilities in NATO member countries via the NATO Defence Planning Process, integration of cyber defence into Smart Defence initiatives via creation of the Malware Information Sharing Platform, the Smart Defence Multinational Cyber Defence Capability Development project, the Multinational Cyber Defence Education and Training project,100 and cyber defence exercises with NATO member countries101 In 2015 NATO also developed the Memorandum of Understanding on Cyber Defence, which is aimed to increase situational awareness. For research, training and capacity building NATO established the Cooperative Cyber Defence Centre of Excellence (CCD CoE) in Tallinn, Estonia, as a research and educational enterprise not formally part of 48

94 Schmitt/Vihul, International Cyber Law Politicized: The UN GGE’s Failure to Advance Cyber Norms, Friday, 2017, available at: https://www.justsecurity.org/42768/international-cyber-law-politicized-ggesfailure-advance-cyber-norms/; see also Markoff, Explanation of Position at the Conclusion of the 2016–2017 UN Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security, 2017, available at: https://www.state.gov/s/ cyberissues/releasesandremarks/272175.htm; Segal, The Development of Cyber Norms at the United Nations Ends in Deadlock. Now What?, 2017, available at: https://www.cfr.org/blog/development-cybernorms-united-nations-ends-deadlock-now-what. 95 Korzak, UN GGE on Cybersecurity: The End of an Era?, 2017, available at: http://thediplomat.com/ 2017/07/un-gge-on-cybersecurity-have-china-and-russia-just-made-cyberspace-less-safe. 96 Schmitt/Vihul, 2017, above n. 94. 97 See for more details: Veenendaal/Kaska/Brangetto, Is NATO Ready to Cross the Rubicon on Cyber Defence? Cyber Policy Brief, available at: https://ccdcoe.org/sites/default/files/multimedia/pdf/NATO% 20CCD%20COE%20policy%20paper.pdf; Lewis, The Role of Offensive Cyber Operations in NATO’s Collective Defence, 2015, available at: https://ccdcoe.org/sites/default/files/multimedia/pdf/TP_08_2015_0.pdf; Pernik, Improving Cyber Security: NATO and the EU, 2014, available at: https://www.icds.ee/fileadmin/ media/icds.ee/failid/Piret_Pernik_-_Improving_Cyber_Security.pdf. See also Masala/Scheffler Corvaja, chapter xx, mn. xxx. 98 Fidler/Pregent/Vandurme, NATO, Cyber Defense, and International Law, 2013, available at: http:// www.repository.law.indiana.edu/facpub/1672. 99 See www.nato.int/cyberdefence/. 100 See http://www.nato.int/cps/en/natohq/topics_78170.htm. 101 See: Krause, NATO on its Way Towards a Comfort Zone in Cyber Defence, 2014, 5, available at: http://www.ccdcoe.com/sites/default/files/multimedia/pdf/TP_03.pdf.

140

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:52 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

NATO but supported by NATO member countries and several NATO schools and colleges. Furthermore, in 2016 NATO also signed the Technical Arrangement on cyber defence cooperation with the European Union102. One of the results of NATO’s involvement in the cyber domain is the development 51 of the Tallinn Manual on the International Law applicable to cyber warfare. The Tallinn manual is a project initiated by NATO and carried out by a group of experts, which consisted of practitioners and academics from NATO member countries. The Manual, first published in 2012, represents an “academic, nonbinding study”103 aimed to consider how the existing public international law is applicable to cyberspace rather than creation of any new norms applicable to cyberwar or cyberwarfare.104 The second version of the manual – Tallinn Manual 2.0 was released in 2017 and includes, in addition to the previous study, a legal analysis of the common cyber incidents.105 While it is clear that the Tallinn manual represents a significant step forward to fill 52 the gaps in cyber-norms and to reach consensus among the experts on the applicability of the international law to cyberspace,106 it has some drawbacks in terms of possible influence. The critics of Tallinn manual point out that it lacked the wider representation of nation states in its development107 and as a non-state initiative lacks the power of norm-making or norm interpretation process.108 Moreover, from a substantive point of view, the manual was criticised for possibly lowering the threshold for the applicability of the right to self-defence for non-state actors together with dropping the threshold of the definition of armed attack, and, therefore, increasing potential of the use of force and changing the landscape of the possible conflicts in the future.109 Nevertheless, in the context of failure of UN GGE in 2017, the potential influence of the manual is unclear. While the discussion on cyberwarfare and applicability of the international law is 53 getting fragmented, nation states started implementing cyberwarfare capabilities in their military doctrines. It is hard to assess exactly how many states are developing or planning to develop offensive cyberwarfare capabilities and at which stage this process finds itself at the moment. According to the joint statement by Clapper, Lettre and Rogers, “as of late 2016” at least 30 states “are developing offensive cyberattack capabilities”.110 The UNIDIR report of 2011, which was using open-source information from 133 states, found out that at least 33 countries included cyberwarfare in their military doctrines, planning or organisation.111 As it will be further discussed in the Part D.V., in the European Union there are several states which openly develop cyberwarfare capabilities.

102 NATO, 2016, NATO and the European Union enhance cyber defence cooperation, available at: https://www.nato.int/cps/en/natohq/news_127836.htm. 103 Lotrionte, 2013, above n. 90, 69. 104 See e. g. Barnsby/Reeves, in Texas Law Review 95.7, 2017, p. 1515 (1515 et seq.). 105 Schmitt (ed.), Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, 2017. 106 Neutze/Nicholas, Georgetown Journal of International Affairs: International Engagement on Cyber, 2013, 3 (9 et seq.). 107 McGhee, Journal of Law and Cyber Warfare, 2/2013, 64 (103). 108 Mačák, 2016, above fn 62, 136. 109 Boulos, in: Ramírez/García-Segura (eds.), Cyberspace. Advanced Sciences and Technologies for Security Applications, 2017, 231 (241). 110 Clapper/Lettre/Rogers, Joint Statement for the record to the Senate Armed Service Committee. Foreign Cyber Threats to the United States, 2017, 5, available at: https://www.armed-services.senate.gov/ imo/media/doc/Clapper-Lettre-Rogers_01-05-16.pdf. 111 Lewis/Timlin, Cybersecurity and Cyberwarfare, 2011, 3, available at: http://unidir.org/publications.

Tropina/von zur Mühlen

141

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:53 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

4. Other regimes 54

55

56

57

58

Other regimes in addressing cybersecurity threats include confidence building measures, public-private cooperation, technical and organisational measures and capacity building. – Confidence building measures represent normative commitments that states are supposed to respect. Such commitments focus on preventing and reducing the risk of state conflicts or outbreak by mitigating mistrust, misunderstanding and miscalculations via exchange of information, resources, increasing awareness and facilitating common understanding.112 Sets of confidence building measures have been developed mostly on the regional levels by the organisations such as OSCE, AOS, ASEAN, SCO and others.113 – Public-private cooperation is considered important due to the significant role of the private sector in managing critical information infrastructure and networks and “existence of myriad actors in the information security field”.114 The scope and scale of public-private collaboration in cybersecurity involves different areas of ICT markets and various forms of cooperation: from ad hoc to long-term public-private partnerships and nationwide joint cybersecurity initiatives.115 – Technical and organisational measures, such as risk analysis, training, control and certification, alert systems and recovery strategies have become the core of organisational cybersecurity policies for both industrial control systems and other actors in the private sector.116 – Capacity building frameworks address the vulnerabilities of cross-border externalities117 because the lack of cybersecurity capacity in one country can pose significant risks on another. The programs for capacity building include the initiatives from international and regional organisations such as ITU118, EU119, OAS120, and private sector and academia’s efforts such as Oxford University Global Cyber Security Capacity Centre and Microsoft’s capacity building programs.121 Furthermore, the Global Forum 112 Trimintzios et al, Cybersecurity in the EU Common Security and Defence Policy (CSDP), 2017, 19, available at: http://www.europarl.europa.eu/RegData/etudes/STUD/2017/603175/EPRS_STU(2017)603175_ EN.pdf; Ziolkowski, in: Ziolkowski (ed.), Peacetime Regime for State Activities in Cyberspace, 2013, 533 et seq.; Lewis, Disarmament Forum 4/2011, 53 et seq. 113 See Giles, 2017, above n. 63, xiv et seq.; Ott, Fletcher Security Review 3.1 (2017), 67 (70). 114 Brown/Snower, Global Economic Solutions 2010/2011, Global Economic Symposium, 2011, 143, available at: https://www.global-ecnomic-symposium.org/solutions/publications/global-economic-solutions/ global-economic-solutions-2010-11. 115 Tropina, 2015, above n. 58, 20 et seq. 116 See Agence Nationale de la Sécurité des Systèmes d’Information, Managing Cybersecurity for Industrial Control Systems, 2014, 16 et seq., available at: https://www.ssi.gouv.fr/uploads/2014/01/Managing_Cybe_for_ICS_EN.pdf, Stouffer, Guide to Industrial Control Systems Security, 2015, 3-1 et seq, available at: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf; Luiijf/te Paske, Cyber Security of Industrial Control Systems. 2015, 35 et seq., available at: http://publications.tno.nl/ publication/34616507/KkrxeU/luiijf-2015-cyber.pdf. 117 Global Public Policy Institute, Advancing Cybersecurity Capacity Building, 2017, 1, available at: http://www.gppi.net/publications/. 118 See http://www.itu.int/en/ITU-D/Cybersecurity/Pages/cybersecurity_metrics_capacity_building.aspx; Obiso, Cybersecurity: Capacity Building and Emergency Response, 2014, available at: https://itu4u.wordpress.com/2014/05/27/cybersecurity-capacity-building-and-emergency-response/. 119 European Commission, EU cybersecurity initiatives, 2017, available at: http://ec.europa.eu/information_society/newsroom/image/document/2017-3/factsheet_cybersecurity_update_january_2017_41543.pdf. 120 OAS, American States’ Inter-American Integral Strategy to Combat Threats to Cyber Security, 3 et seq., available at: https://www.oas.org/juridico/english/cyb_pry_strategy.pdf. 121 Muller, Cyber Security Capacity Building in Developing Countries: Challenges and Opportunities, NUPI Report, no. 3 2015, 8, available at: https://brage.bibsys.no/xmlui/bitstream/id/331398/NUPI+Report +03-15-Muller.pdf.

142

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:54 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

for Cyber Expertise (GFCE) was created in 2015 as a global capacity building initiative between governments and private stakeholders.

D. Cybersecurity and Cyber Intelligence I. Reactive and proactive approaches The nation states are increasingly recognising cyberspace as a new warfare domain, 59 and are therefore developing offensive and defensive capabilities to address constantly evolving cyber threats.122 However, while the technical capabilities of the attackers and defenders might evolve in parallel, many cybersecurity approaches are still rather static and reactive: they aim to identify the intrusion, minimise the disruption and mitigate the consequences after the malicious actors are “already inside the wire”.123 While investment into technology is essential, it cannot be effective on its own anymore due to the growing proliferation of adversaries, the increasing complexity of cyber-threats, the lack of legal frameworks, be it on national or international level, and the challenge of attribution.124 Any malicious activity in cyberspace has a human interaction behind it. It is the 60 motivation of the attacker that brings acts of adversaries to one or another domain – be it military defence or criminal justice. Serious persistent threats and attacks require adversaries to plan them, to collect information, to determine the targets, to acquire the access to the network. This planning process takes time, therefore it is important to empower policy-makers with the knowledge about adversaries’ capabilities and potential actions and use this time to develop solutions for an intelligencebased defence.125 There is already a recognition that cyber defence shall not follow only a passive, reactive approach. It is not enough to ensure the development of legal and technical instruments to address threats in cyberspace and building technical capability to react to the incidents that already happened. Therefore, some nation states are increasingly embracing the concept of intelligence-driven cyber defence,126 where intelligence, as in case of any complex security threats, is a central component. The aim of intelligence-driven cyber defence is to assess the range of geopolitical, cultural, social and other contexts that influence decision-makers behind the attack.127 This approach broadens the focus from the use of technology for identification and elimination of attacks and intrusions to a wider set of actions. Intelligencedriven cyber defence aims to collect information from expanded sources about adversaries and their capabilities, objectives, doctrines and limitations in order to understand the motivations behind malicious activities and prevent and anticipate cyber-incidents.

122 Gehem et al., Assessing Cyber Security, 2015, 49, available at: https://hcss.nl/report/assessing-cybersecurity/. 123 Mattern et al., International Journal of Intelligence and Counterintelligence 27.4 (2014), 702 (705); see also Intelligence and National Security Alliance, Operational Levels of Cyber Intelligence, 2013, 3, available at: https://www.insaonline.org/resources/publications/; Borum et al., The Coast Guard Proceedings 71.4 (2014–2015), 65 (67); Nielsen, Orbis 56.3 (2012), 336 (349). 124 Borum et al., Information & Computer Security 23.3 (2015), 317 (329). 125 Intelligence and National Security Alliance, 2013, above fn 123, 4 et seq. 126 See D.V. for national approaches within Europe. 127 Brantly, The Decision to Attack, 2016, 119 et seq.

Tropina/von zur Mühlen

143

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:54 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda 61

There is also an increasing discussion to what extent offensive capabilities by launching a counterstrike to the supposed source of an attack can and should be considered in the development of proactive approaches to maintain cybersecurity. These activities are discussed under the term “hack back” and reach from accessing systems to delete stolen content to DDoS attacks on networks with the intent to shut down the adversary’s systems.128 The latter example illustrates that these countermeasures can overlap with the issues that are discussed in the context of cyberwar. This especially relates to the state’s right to self-defence, the issue of attribution of the attack and the intensity of the counterattack.129

II. Intelligence in cyber domain or “cyber intelligence”? Although there is no agreed definition of cyber intelligence,130 it can generally be described as information collection about, comprehensive assessment of and reaction to the adversarial activities, capabilities and intentions in the cyber domain for intelligence purposes.131 It relies on data collected from a wide range of traditional intelligence sources (like human intelligence, open source intelligence and signal intelligence) with the aim to inform policy-makers at any level of the cyber domain. 63 Cyber intelligence should be distinguished from a broader concept of using information and communication networks as a source for collecting intelligence, where digital developments and information gathering supplement traditional tools for data collection.132 While traditional intelligence is also facing challenges related to cyberspace as the new environment for operations and is struggling with the consequences of the information revolution,133 cyber intelligence, as a distinct field, operates with the aim to address cybersecurity threats, including threats to national security. Furthermore, in addition to a general process of collecting information to address cyber threats, cyber counter-intelligence, as part of a broader concept of cyber intelligence, focuses on countering the intelligence actions of the adversary; this includes detection, deterrence, prevention, degradation, exploitation and neutralisation of the foreign intelligence services’ operations related to all the sceptre of possible threats – from cyberwarfare to their efforts to collect information.134 64 Both cyber intelligence and counter-intelligence require new sources and means of gathering information. This is especially true in such areas as cyber defence due to the fact that unlike the conventional weapons cyber-weapons are available to a wide range of actors as they require less infrastructure and no restricted, controlled or limitedsupply materials, and therefore, tracing such processes is harder and requires more information collected from different sources.135 62

128 See e. g. Kesan/Hayes, Harvard Journal of Law & Technology 25.2, 431 (474 et seq.); see also below n. 182. 129 On these issues see Tsagourias, Journal of Conflict and Security Law 17.2 (2012), 229 et seq. 130 See Uthoff, in: Lemieux (ed.), Current and Emerging Trends in Cyber Operations, 2015, 199 et seq. 131 Intelligence and National Security Alliance, Tactical Cyber Intelligence, 2015, 1, available at: https:// www.insaonline.org/resources/publications/. 132 See e. g. how the digital and cyber developments impact HUMINT: Gioe, in: Dover/Dylan/Goodman (eds.), The Palgrave Handbook of Security, Risk and Intelligence, 2017, 213. 133 See e. g. Degaut, Intelligence and National Security 31.4 (2016), 509 et seq.; Dunn Cavelty/Maurer, Security Dialogue 40.2 (2009), 128 et seq. 134 Duvenage/von Solms/Jaquire, Conceptualising Cyber Counterintelligence, Proceedings of the 15th European conference on Cyber Warfare and Security, 2016, 93 (96 et seq.). 135 Williams/Shimeall/Dunlevy, Contemporary Security Policy 23.2 (2002), 1 (4).

144

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:55 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

III. Levels and sources of cyber intelligence Cyber intelligence operates on several levels, which are complementary and supplementary to each other:136 On the strategic level, cyber intelligence focuses on the long-term issues that can impact strategic decisions.137 This level aims to provide information for political decision-making, assess the cyber-environment, define the intentions of adversaries that can have an impact on the national cybersecurity and estimate the capability of the malicious actors. It delivers a framework for all other levels of cyber intelligence activities by framing a “concept” for cyberspace operations. Tactical cyber intelligence is the collection and analysis of data in order to understand the threats and prepare for them.138 It links the macro-level provided by strategic intelligence with the micro-level of individual cases where tactical intelligence is supposed to respond to the dynamic threats by focussing on day-to-day defensive activity, on “what is happening on the network”.139 The tactical level includes tactics, procedures and tools to methodologically understand the patterns of behaviour or approaches of an adversary and examine the compromise indicators.140 Strategic and tactical levels are mutually reinforcing as tactical assessment can help strategic analysis.141 The reactive approaches to cyber threats are usually focussed on the analysis carried out on the tactical level as this level concentrates on the particular events happening on the network. This is exactly why there is a need to shift the focus from tactics to strategy and mutually reinforce both levels because acting on the tactical level mostly means that adversary is either close to getting access to the system or is already inside the network.142 Operational cyber intelligence bridges the two other levels – strategic and tactical. It refers to collection of specific information that is required to comprehend the operational environment, objectives, trends, resources and activities of adversaries and also to plan and execute cyber operations and achieve strategic goals in the cyber domain.143 Intelligence analysis at this level can also overlap with investigations of a single case and include the assessment of data related to a particular incident, the identification of specific vulnerabilities that have been exploited, and the analysis related to attribution.144 While addressing cyber threats becomes distinct from traditional intelligence and the focus of data collection might shift, the critical aspects of the traditional intelligence cycle model stay the same: direction and requirements, collection of data, processing and exploitation, analysis and production, dissemination, consumption and feedback.145 136 In practice, the levels are not always sharply distinguishable. On the corresponding levels of military cyber operations see Herr/Herrick, in: Harrison/Herr, Cyber Insecurity, 2016, 259 (266 et seq.). 137 Uthoff, 2015, above fn 130, 202; Borum et al., above fn 124, 319; Williams/Shimeall/Dunlevy, above fn 135, 9. 138 Intelligence and National Security Alliance, 2015, above n. 125, 2. 139 Julisch, Understanding and overcoming cyber security anti-patterns, Computer Networks 57.10 (2013), 2206 (2210); See also Williams/Shimeall/Dunlevy, above n. 135, 12; Borum et al., above n. 124, 68. 140 Uthoff, 2015, above n. 130, 203. 141 Williams/Shimeall/Dunlevy, 2002, above n. 135, 12. 142 Intelligence and National Security Alliance, 2013, above n. 125, 10. 143 Uthoff, 2015, above n. 130, 203. 144 Williams/Shimeall/Dunlevy, 2002, above n. 135, 12. 145 On the intelligence cycle in general see Omand, [in this book]; Johnson, in: Johnson (ed.), The Oxford Handbook of National Security Intelligence, 2010, 3 (12 et seq.). The intelligence cycle model recently has been criticized as outdated and oversimplified, see Richards, in Phythian (ed.), Understanding

Tropina/von zur Mühlen

145

65 66

67

68

69

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:55 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

However, it is clear that cyber intelligence needs to include all the methods of data collection that traditional intelligence rely on to get as much information about the adversary as possible.146 Any intelligence discipline can potentially provide data of crucial value for cyber intelligence. This includes collection of data coming from such disciplines as communications intelligence (COMINT), signal intelligence (SIGINT), human intelligence (HUMINT), open source intelligence (OSINT), geospatial and measurement intelligence (GEOINT) as critical components,147 which are further combined with other sources of data such as unclassified network data and data from CERTs, data about cyber-activity of a particular country or relevant geopolitical events.

IV. Approaches at EU level The EU Member States mainly consider the issue of cybersecurity as their national competence due to the sensitivity of the issue and its connection to national security and defence. However, the understanding of the cross-border nature of threats and growing concerns about the possibility of the vulnerabilities of one Member State to affect others and the entire Union, called for the development of coordinated approaches to cybersecurity in the European Union. This coordination till recently was rather happening in an ad hoc manner, distributed across different domains and institutions.148 The concrete efforts to shape a comprehensive cybersecurity agenda at EU level started with the harmonisation of approaches to tackling cybercrime, in particular, adoption of the EU Framework decision on attacks against information systems in 2004 (later repealed by the EU Directive on attacks against information systems 2013149). However, some critical parts of the overarching cybersecurity approach where the Member States traditionally try to protect their sovereignty, such as cyber defence, were missing until the adoption of EU Cybersecurity Strategy in 2013. The EU Cybersecurity Strategy was further followed by the Directive on security of network and information systems (EU NIS directive) in 2016 and the recent proposal for the creation of the EU Cybersecurity Agency in September 2017.150 71 The EU Cybersecurity strategy 2013 was the first attempt to address the entire spectrum of cybersecurity threats at EU level, including both, civil aspects of cybersecurity and cyber defence and clearly establish priorities for the cybersecurity policy that previously was spread across different regulatory frameworks. The document identified five strategic priorities, which include achieving overall resilience, fighting cybercrime, developing cyber defence policies and capabilities in relation to the Common Security and Defence Policy (CSDP), developing industrial and technological resources, and establishing a coherent EU cyber diplomacy. The three first tasks were assigned to 70

the Intelligence Cycle, 2013, 43 (46 et seq.); Hulnick, in Phythian (ed.), Understanding the Intelligence Cycle, 2013, 149 (152 et seq.). on cyber specific aspects see Brantly, in Phythian (ed.), Understanding the Intelligence Cycle, 2013, 76; Williams/Shimeall/Dunlevy, above n. 135, (15 et seq.); Intelligence and National Security Alliance, above n. 131, 6 et seq. 146 Brantly, in Phythian (ed.), Understanding the Intelligence Cycle, 2013, 76 (81). See also Williams/ Shimeall/Dunlevy, above fn 135, 15; Davies, Information, Communication & Society, 2.2 (1999), 115 (129). 147 Some authors also identified new categories of intelligence sources in the cyber domain like e. g. social media intelligence (SOCMINT), see Omand/Bartlett/Miller, Intelligence and National Security Journal 27.6 (2012), 801 et seq. 148 Darmois/Schméder, Cybersecurity: a case for a European approach, 2016, 11, available at: http:// www.securityintransition.org/wp-content/uploads/2016/02/WP11_Cybersecurity_FinalEditedVersion.pdf. 149 See above n. 78. 150 European Commission, Press release IP/17/3193 from 19 September 2017.

146

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:56 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

existing EU agencies: the European Network and Information Security Agency, the European Cybercrime Centre (EC3) within Europol and the European Defence Agency in collaboration with the EU Military Staff, respectively. The cyber defence pillar was the most significant novelty in the EU cybersecurity 72 approach outlined in the EU Cybersecurity Strategy 2013, as the EU has no standing military forces or equipment and only the Member States can provide capabilities for EU-led cyber defence operations.151 Furthermore, as the European Union itself is not engaged in developing offensive cyber capabilities and the generation and readiness of military forces are considered rather a national competence, the strategy focuses solely on self-protection in the cyber domain.152 Despite the fact that cyber defence was included as one of the top ten priorities on the EU military agenda by the 2010 revisions to the Capability Development Plan, endorsed in 2011,153 it was the EU Cybersecurity Strategy that set the further approach and coordination by defining four key activities in the area of cyber defence: building cyber defence capabilities, developing a EU cyber defence policy framework, dialogue and coordination between civil and military actors and a dialogue with international partners, including NATO and other stakeholders.154 The role of intelligence, however, was directly mentioned in the EU Cybersecurity 73 Strategy only in relation to fighting cybercrime and not with regard to the defence capabilities. Part 2.2 of the Strategy stipulates that European Commission will support the European Cybercrime Centre (EC3), which “will provide analysis and intelligence, support investigations, provide high level forensics, facilitate cooperation, create channels for information sharing between the competent authorities in the Member States, the private sector and other stakeholders, and gradually serve as a voice for the law enforcement community”. However, further developments related to the EU Concept on Cyber Defence provide for a greater role of cyber intelligence in addressing cyber threats. For example, a report on the implementation of the Cyber Defence Policy Framework lists the continuous production of strategic intelligence assessments on cyber-related issues as one of the tasks to achieve the aim of strengthening cyber threat analysis at strategic and operational levels in order to identify and analyse current and new cyber threats.155 A later report from 2016 states that the mandate to collect and provide strategic intelligence in support of the Cyber Defence Policy Framework is assigned jointly to the EU Intelligence and Situation Centre (EU INTCEN156) and the Intelligence Directorate of the European Union Military Staff (EUMS157).158 Furthermore, the 2016 report provides that to facilitate the planning and implementation for 151 Christou, The EU’s Approach to Cybersecurity, 2017, 2, available at: http://repository.essex.ac.uk/ 19872/1/EU-Japan_9_Cyber_Security_Christou_EU.pdf. 152 Christou, Cybersecurity in the European Union, 2016, 138. E. g., the EU Global Strategy for the European Union’s Foreign and Security Policy highlights on p. 11 that “Member States remain sovereign in their defence decisions”. The strategy is available at: https://europa.eu/globalstrategy/sites/globalstrategy/files/regions/files/eugs_review_web_0.pdf. See also Robinson, EU Cyber-Defence: A Work in Progress, EUISS ISSUE Briefs 10/2014, available at: https://www.files.ethz.ch/isn/182329/Brief_10_Cyber_defence.pdf, 2. 153 European Defence Agency, Capability Development Plan Fact Sheet, available at: https://www.eda. europa.eu/what-we-do/our-current-priorities/strategies/Capabilities. 154 EU Cybersecurity strategy, Part 2.3. 155 Council of the European Union, Six-Month report on the Implementation of the Cyber Defence Policy Framework by the Politico-Military Group, 10347/15, 2015, 15. 156 See also Palacios, EU Intelligence: On the road to a European Intelligence Agency?, Part 3 Chapter 1, in this volume. 157 See also Rauwolf, Intelligence in EU-led military minions and operations, Part 2 Chapter 4, in this volume. 158 Council of the European Union, Six-Month report on the Implementation of the Cyber Defence Policy Framework by the Politico-Military Group, 9701/16, 2016, 9.

Tropina/von zur Mühlen

147

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:56 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

each Common Security and Defence Policy (CSDP) operation or mission, EU INTCEN and the EUMS Intelligence Directorate are tasked to prepare updated strategic threat assessments, which include the section on cyber when appropriate. The same document also highlights strengthening cooperation with EU bodies such as CERT-EU159 and Europol for the process of enhancing strategic cyber threat analysis, with a view to regularly sharing insights and information. 74 The recent proposal for a new EU Cybersecurity Agency tries to give more prominent role to the information gathering and analysis in a proactive way.160 It aims to task ENISA with “proactively contributing to the development of policy in the area of network information security” and with “providing strategic long-term advice to Member States and Union institutions” by performing the analysis of current and emerging risks, threats and incidents and identifying emerging trends. This initiative indicates the growing understanding that collection and analysis of relevant information is an integral part of securing the cyberspace. 75 Despite all the efforts outlined above, the development of a comprehensive approach to cyber intelligence on EU level is still in its infancy. This can be also attributed to the fact that the approach to cybersecurity on the level of the European Union in general focuses on building capacity, resilience and addressing cyber threats while securing the freedom and openness of the Internet, rather than relying on deterrence and militarisation. Even though tackling the lack of military and intelligence capacities was on the EU agenda since the adoption of the EU Cybersecurity Strategy in 2013, progress is still slow and this area of the strategic priority is the least developed, compared to other non-military aspects.161 Even three years after the adoption of the EU Cybersecurity Strategy, in 2016, the European Commission still called for “synergies” to be “sought between cyber defence efforts and wider EU cybersecurity policies” in its communication on the European Defence Action Plan.162

V. National approaches 76

While the EU is currently trying to strengthen its security and defence policies as a union and, at the same time, enhance its cooperation with NATO on cyber defence, these attempts are not able to fully harmonise the policies and actions among the EU Member States in this field, as not all of the EU Member States participate in the Common Security and Defence Policy163 and, moreover, not all of the EU Member States are members of NATO.164 This makes the development of a common proactive approach to cybersecurity and cyber intelligence problematic: the foreign cyber and defence policy so far “remains the subject of well-intentioned declarations of intent” in the EU.165 159 Computer Emergency Response Team (CERT-EU) for the EU institutions, agencies and bodies. See: https://cert.europa.eu/cert/plainedition/en/cert_about.html. 160 Proposal for a Regulation of the European Parliament and of the Council on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (“Cybersecurity Act”), COM(2017) 477 final. 161 Robinson, 2014, above fn 152,1 et seq., Christou, 2016, above fn 152, 136 et seq. 162 European Defence Action Plan (COM(2016) 950 final), 18. 163 E. g. Denmark is not a part of Common Security and Defence Policy. 164 Austria, Cyprus, Finland, Ireland, Malta, and Sweden are not NATO members. 165 Bendiek, The New “Europe of Security”, SWP Comments 20/2017, available at: https://www.swpberlin.org/fileadmin/contents/products/comments/2017C20_bdk.pdf. Mälksoo, Contemporary Security Policy 37.3 (2016), 374 (374 et seq.) argues that “the EU’s efficiency and autonomy as a security actor are but limited compared to some of its well-endowed member states”.

148

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:57 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

Due to the sensitivity of the issues and sovereignty concerns the EU is currently 77 only able to take a coordination role while Member States act independently on national security issues, especially with regard to such critical issues as, for example, attribution of malicious acts. In this regard, the Council of the European Union in the so-called “Cyber Diplomacy Toolbox”,166 while stressing the possibility of the joint EU diplomatic response to malicious cyber activities in cyberspace, highlighted that the “attribution to a State or a non-State actor remains a sovereign political decision based on all-source intelligence and should be established in accordance with international law of State responsibility”. Consequently, with the growing insecurity of cyberspace, its further militarisation and the development of advanced persistent threats it is the EU Member States that are taking steps to approach on the national level both military aspects of cybersecurity, such as defensive and offensive strategies and cyber intelligence gathering and processing capabilities. A number of countries consider offensive capabilities and cyber intelligence as critical – and sometimes interrelated – components of either general cybersecurity or more specific cyber defence strategies. The most notable attempt of addressing the issue of cyber intelligence on the national 78 level is the recent Cybersecurity Strategy of the United Kingdom, which was adopted in 2016. The Strategy, in addition to focussing on cyber defence, aims to enhance the “sovereign” offensive capabilities, and clearly states the UK has “the means to take offensive action in cyberspace”, should it “choose to do so”.167 The strategy also strengthens the role of cyber intelligence gathering by establishing the National Cyber Security Centre (NCSC) as a single body for cybersecurity, which, among other tasks, serves as “a unified source of advice for the Government’s cybersecurity threat intelligence and information assurance”.168 The parent body for the NCSC is the Government Communications Headquarters (GCHQ). Furthermore, the strategy sets as one of the priorities collaboration with the private sector by providing industry with proactive intelligence on cyber threats and getting upstream intelligence that could be in possession of the industry. Another example of strengthening the role of cyber intelligence and the development 79 of cyber offensive capacities on the national level is the case of the Netherlands. In comparison to the UK, where the national cybersecurity strategy covers all the aspects of cybersecurity, be they related to military or civil or law enforcement domains, the Netherlands set the general priorities concerning defence and intelligence in the National Cybersecurity Strategy and further developed them in the Dutch Cyber Defence Strategy 2012 (revised in 2015). The 2012 Defence Strategy sets the development of military capabilities to conduct cyber operations (offensive capabilities) and strengthening the intelligence position in cyberspace among the focal points for action. Both priorities are further strengthened in the 2015 revisions of the Strategy. The strategy highlights that the intelligence gathering “includes infiltration of computers and networks to acquire data, mapping out relevant sections of cyberspace, monitoring vital networks, and gaining a profound understanding of the functioning of and technology

166 See: Draft Council Conclusions on a Framework for a Joint EU Diplomatic response to Malicious Cyber Activities (Cyber Diplomacy Toolbox). Brussels, 7 June 2017 (OR. en) 9916/17. Available at: http:// data.consilium.europa.eu/doc/document/ST-9916-2017-INIT/en/pdf. 167 HM Government, UK National Cyber Security Strategy 2016–2021, 9, available at: https://www.gov.uk/ government/uploads/system/uploads/attachment_data/file/567242/national_cyber_security_strategy_2016. pdf. 168 Ibid., 29.

Tropina/von zur Mühlen

149

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:57 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

behind offensive cyber assets”.169 The implementation of the priorities related to cyber intelligence gathering resulted in the establishment on 15 June 2014 of the Joint SIGINT Cyber Unit, which represents a joint effort of the General Intelligence and Security Service and the Military Intelligence and Security Service.170 80 The Finnish Cyber Security Strategy regards cyber intelligence and creation and maintenance of cyberwarfare as critical components of the cyber defence capabilities. Cyber intelligence is considered as both the way for providing situational awareness about vulnerabilities, threats and adversary capabilities and the tool for supplying information for offensive capabilities (cyberwarfare).171 81 In Germany, the 2016 National Cyber Security Strategy underlines the importance of an efficient and sustainable cybersecurity architecture at national level. Amongst other measures, such as further development of the National Cyber Response Centre and the foundation of the central office for information technology in the security sphere (ZITiS) that will deliver support for security agencies in IT forensics, encryption, interception of telecommunications and Big Data analysis, one of the main objectives of the strategy is also strengthening the defence capabilities.172 The 2016 National Cyber Security Strategy also emphasises the role of the Federal Intelligence Service (BND). The collection of information related to cyber threats and cyber capabilities of foreign states falls under the general competence of the BND as its general mandate is to gather and evaluate relevant information that is of importance to the foreign or security policy. Furthermore, within its legal competences the BND is explicitly authorised to collect and analyse international telecommunication flows to identify attack signatures (so-called SIGINT Support to Cyber Defense, SSCD).173 In addition, the domestic security agency – the Federal Office for the Protection of the Constitution (BfV) – plays a vital role in the German Cyber Security Strategy by providing resources in the field of counter-espionage and counter-sabotage. The 2016 National Cyber Security Strategy also emphasises the importance of cyber and information technologies in the defence domain. This priority is further developed in the 2016 White Paper on German Security Policy and the Future of the German Army.174 Consequently, the Cyber and Information Space Command (CIR), organised as an individual branch of the German military with an independent organizational structure, started operating in 2017 – it is planned to be fully operational by 2021. The CIR is designed to strengthen protection of military’s own IT infrastructure and computer-assisted weapons systems and to perform the reconnaissance of online threats and to develop capabilities for actively countering cyberattacks (“offensive defence”). Yet, the legal basis and the preconditions, especially the authorisation by the German Parliament, for carrying out such counterattacks are still being debated.175

169 Dutch Ministry of Defence, The Defence Cyber Strategy, 2012, 12, available at: https://ccdcoe.org/ strategies/Defence_Cyber_Strategy_NDL.pdf. 170 Ibid. See also Nieuwboer, National intelligence authorities and surveillance in the EU: Fundamental rights safeguards and remedies, Report on the Netherlands, legal update, 2016, available at: http://fra. europa.eu/sites/default/files/fra_uploads/the-netherlands-study-data-surveillance-ii-nl.pdf. 171 Secretariat of the Security Committee, Finland’s Cyber security Strategy 2013, 28, available at: http:// www.defmin.fi/files/2378/Finland_s_Cyber_Security_Strategy.pdf. 172 German Ministry of Interior, Cyber-Sicherheitsstrategie für Deutschland, 33, available at: https:// www.bmi.bund.de/cybersicherheitsstrategie/BMI_CyberSicherheitsStrategie.pdf. 173 See Brunst, in Dietrich/Eiffler, Handbuch des Rechts der Nachrichtendienste, 2017, 817 (858). 174 German Ministry of Defence, White Paper on Security Policy and the Future of the Bundeswehr, 2016, 36 et seq., available at: http://www.planungsamt.bundeswehr.de/portal/poc/plgabw?uri=ci:bw.plgabw. grundlagen.weissbuch. 175 See Marxsen, JuristenZeitung 2017, 543 (544 et seq.).

150

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:58 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 3. European Intelligence in Cyberspace

Other examples of setting the priorities related to proactive approaches to cyber 82 intelligence and the development of offensive cyber capabilities can be found in the military strategies as opposite to overarching cybersecurity strategies. For instance, the French National Digital Security Strategy 2015 mentions only 83 defence in cyberspace,176 while the French White Paper on Defence and National Security 2013 calls for the development of intelligence activities for identification of the origin of attack and assessing the capabilities of potential adversaries. The White Paper connects intelligence and the development of offensive action capabilities of the French state as two of the most essential factors of an appropriate response to cyber threats.177 The 2014 Pact for Cyber Defence provides for the development of military capabilities to maintain cybersecurity.178 Shortly after the adoption of the Pact, France established a competence centre for cyber defence. In the beginning of 2017 the cyber defence command unit (COMCYBER) that combines the protection of own infrastructure, cyber intelligence and offensive capabilities, e. g. by the intrusion and destruction of hostile systems (hack backs) was set up under the umbrella of the Ministry of Defence. In Denmark, the Danish Defence Agreement focuses on strengthening the role of the 84 Centre for Cyber Security under the Ministry of Defence and on supporting the establishment and operations of a computer network operations capability in order to provide a capacity that can execute defensive and offensive military operations in cyberspace.179 Furthermore, the Danish Defence Agreement suggests to reinforce the intelligence activities by placing the intelligence services together under one domicile in the Copenhagen area with the aim, among others, of establishment of the new cyber capabilities in the frame of the Defence Intelligence Service.180

E. Conclusions As the issue of cybersecurity and especially of cyber defence is still perceived in 85 Europe as the domain of the nation states, the role of the European Union in promoting cyber intelligence and coordinating Member States efforts to address cyber threats from a strategic intelligence point of view is not very prominent yet. It is yet unclear whether this role will be stronger in the future. The attitude toward cyber intelligence and its integration into the strategies and policies in the EU Member States represents the patchwork of different approaches with such point of divergences as the issue of offensive capabilities and the role of cyber intelligence in cybersecurity as a whole as opposed to cyber defence only. In the meantime, the European Union and its Member States are facing a number of 86 other challenges related to cybersecurity and cyber intelligence such as – just to name a few – the problem of addressing hybrid threats, the policy dilemmas related to 176 Gouvernement de la République française, French National Digital Security Strategy, 2015, available at: https://www.ssi.gouv.fr/uploads/2015/10/strategie_nationale_securite_numerique_en.pdf. 177 Ministère des Armées, French White Paper on Defence and National Security 2013, 71, available at: http://www.defense.gouv.fr/english/dgris/defence-policy/white-paper-2013/white-paper-2013. See also Hathaway et al., France: Cyber Readiness at a glance, 2016, available at: http://www.potomacinstitute. org/images/CRI/CRI_France_Profile_PIPS.pdf. 178 See http://www.defense.gouv.fr/actualites/articles/presentation-du-pacte-defense-cyber. 179 Danish Ministry of Defence, Danish Defence Agreement 2013–2017, available at: http://www.fmn.dk/ eng/allabout/Documents/TheDanishDefenceAgrement2013-2017english-version.pdf, 16. 180 Ibid., 18.

Tropina/von zur Mühlen

151

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:58 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

encryption and access to encrypted information “going dark”181 and the permission of such defensive measures as the ability of the nation state to “hack back”.182 The question of safeguarding human rights remains one of the central issues in view of extraterritorial surveillance programmes that affect a broad range of communications and personal data.183 Furthermore, the role of the industry in providing cybersecurity and sharing information is becoming another point of discrepancy between EU Member States as well as the EU and countries outside of the EU, such as the USA. The role of the governments and the approach to public-private partnership to cybersecurity is being reconsidered on both EU level and on the level of the EU Member States: one can witness a major shift to hands on regulation and to strengthening the role of the governments in providing cybersecurity instead of considering industry as an equal partner. Ultimately, the necessity to enhance the cyber intelligence capabilities requires also addressing the issues of transparency, accountability and oversight of the agencies collecting and analysing information for this purpose. All these issues represent current and medium-term challenges that are going to influence the approaches to cyber intelligence in the EU and its Member States from both policy and practical perspectives. 181 For the debate see e. g. Castro/McQuinn, Unlocking Encryption: Information Security and the Rule of Law, 201, available at: https://itif.org/publications/2016/03/14/unlocking-encryption-information-security-and-rule-law; Abelson et al, Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications, 2015, available at: https://dspace.mit.edu/bitstream/handle/1721.1/ 97690/MIT-CSAIL-TR-2015-026.pdf; Lewis/Zheng/Carter, The Effect of Encryption on Lawful Access to Communications and Data, 2017, available at: https://ec.europa.eu/home-affairs/sites/homeaffairs/files/ what-we-do/policies/organized-crime-and-human-trafficking/encryption/csis_study_en.pdf; Berkman Center for Internet and Society at Harvard University, Don’t Panic: Making Progress on the “Going Dark” Debate, 2016, available at https://cyber.harvard.edu/pubrelease/dont-panic/Dont_Panic_Making_Progress_on_Going_Dark_Debate.pdf. 182 For the debates on hack backs see Lin, Ethics of Hacking Back, 2016, available at http://ethics. calpoly.edu/hackingback.pdf; Messerschmidt, Columbia Journal of Transnational Law 52 (2013), 275. 183 See Schmahl, Intelligence and Human Rights, Part 4 Chapter 1, mn. 21, mn. 28–39, in this volume.

152

Tropina/von zur Mühlen

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:53:59 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 4 Intelligence in EU-led military missions and operations Christian Rauwolf Outline A. Introductory Remarks – The military in the “civil world” of the European Union I. From “comprehensive” to “integrated” approach ........................................... 1. EU’s comprehensive approach ........................................................................ 2. The EU Global Strategy (EUGS) – the “integrated approach” as prerequisite for “strategic autonomy”............................................................ B. The development of EU’s military capabilities ......................................................... I. The Headline Goal 2003........................................................................................ II. The Headline Goal 2010........................................................................................ III. Military Rapid Response and Battlegroups....................................................... IV. “Brexit” = new possibilities? ................................................................................. 1. PESCO – The Permanent Structured Cooperation.................................... 2. MPCC – The Military Planning and Conduct Capability........................ C. The EU’s crisis management process .......................................................................... D. EU’s planning process for military operations and missions ................................ E. Command and Control (C2) in EU-led Military Missions and Operations...... I. The PSC .................................................................................................................... II. EU Military Chain of Command ........................................................................ 1. Military Strategic Level (I) – The EU Operations Commander and the EU Operations Headquarters (OHQ)............................................................ 2. Military Strategic Level (II) – The Director of the Military Planning and Conduct Capability (MPCC) and the MPCC...................................... 3. Operational Level – The EU Force Commander and the EU Force Headquarters (FHQ).......................................................................................... 4. Tactical Level – The Component Commanders ......................................... III. EU Military Command and Control Structure................................................ IV. EU Command Options.......................................................................................... V. The EUMS ................................................................................................................ F. Military Intelligence structures in the wake of the development of EU’s military capabilities.......................................................................................................... G. Intelligence support to military missions and operations ...................................... I. Mission ...................................................................................................................... II. Permanent Structures............................................................................................. 1. The EUMS Intelligence Directorate ............................................................... 2. The EU Satellite Centre (SATCEN)............................................................... III. Non-permanent structures in support of military operations...................... H. Tasks but no “tools” – an assessment of EU’s military Intelligence structures. I. EUMS INT ............................................................................................................... II. MPCC ........................................................................................................................ III. OHQ/FHQ................................................................................................................ I. Recommendations............................................................................................................

mn. 1 6 6 11 16 20 22 26 32 34 35 36 45 50 51 52 52 53 54 55 56 57 58 59 64 64 67 67 73 75 80 80 81 85 87

Bibliography: American Chamber of Commerce to the EU (Ed.), The European Defence Action Plan. Challenges and perspectives for a genuine transatlantic defence and industrial relationship, 2018; Bagdonas, Sharing Capabilities, Impetus. Bulletin of the EUMS, 6, 2008, pp. 6–7; Beckmann/Kempin, EU Defence Policy Needs Strategy. Time for Political Examination of the CSDP’s Reform Objectives, SWP Comments 34, 2017; Bendiek, The New “Europe of Security”, SWP Comments 20, 2017; Bendiek, A Paradigm Shift in the EU’s Common Foreign and Security policy: from Transformation to Resilience, SWP Research Paper 11, 2017; Biscop, The Global Strategy and Defence: The Challenge of Thinking Strategically about Means, Impetus. Magazine of the EUMS, 22, 2016, pp. 2–3; Bossdorf, Why the Europeans are Afraid of Trump, European Security and Defence, 2018, 2, p. 1; Brennan, Post-Wiesbaden – “new” considerations on Intelligence development, in: Impetus. Bulletin of the EU Military Staff, 8, 2009,

Rauwolf

153

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:00 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda pp. 20–21; Chin, Ten years of Britain’s war against Al Qaeda, in: Utley (Ed.): 9/11 ten years after: Perspectives and Problems, 2012, p. 2; Council of the European Union, Council Decision of 10 May 2005 amending decision 2001/80/CFSP on the establishment of the Military Staff of the European Union, 2005; Council of the European Union, European Concept for Military Planning at the Political and Strategic Level, Council Document 10687/08, 2008; Council of The European Union, Declaration on strengthening the Common European Policy on Security and Defence, Cologne European Council, 2009; Council of the European Union, EU Military Rapid Response Concept, Council Document 5454/1/09 REV, 2009; Council of the European Union, European Union Concept for EU-led Military Operations and Missions, Council Document 17107/14, 2014; Council of the European Union, Council Conclusions on the EU’s comprehensive approach, 2014; Council of the European Union, EU Concept for Military Command and Control, Council Document 5008/15, 2015; Council of the European Union, EU Military Rapid response Concept, 2015; Council of the European Union, EU Concept for Force Generation, 2015; Council of the European Union, EU HQ Manning Guide – Revision, 2015; Council of the European Union, EUZusammenarbeit im Verteidigungsbereich: Rat beschließt militärischen Planungs- und Durchführungsstab (MPCC), Pressemitteilung 338/17, 2017; Dabas, Turning Political Words into Military Deeds, Impetus. Magazine of the EUMS, 16, 2013, pp. 6–7; Engberg, The EU and military operations: A comparative analysis, 2014; European Commission, Factsheet on the European Defence Union; European Council, European Council, Helsinki 10–11 December 1999; European External Action Service, MPCC Factsheet; European External Action Service (2017), EU Factsheet on PESCO, 2017; European External Action Service, Human Resources Report 2016, 2016; European External Action Service, Factsheet on CSDP; European Parliament, Report on the EU comprehensive approach and its implications for the coherence of EU external action, 2014; European Parliament, Report on the European Defence Union, 2016; Farazmand, Crisis and Emergency Management: Theory and Practice, 2014; Federal Foreign Office of Germany/ Federal Ministry of Defence, The European Security and Defence Policy, 2014; Giegerich, European Military Crisis Management. Connecting ambition and reality, 2017; Gluszko, The Role of the Military in the EU, Impetus. Magazine of the EUMS, 19, pp. 3–5, 2015; Gourlay, European Union procedures and resources for crisis management, International Peacekeeping, 11(3), 2014; Gruszczak, Intelligence Security in the European Union. Building a Strategic Intelligence Community, 2016; Haag, The first ten years of military Intelligence, Impetus. Bulletin of the EUMS, 11, pp. 8–9, 2011; Hamelink, The Battlegroup Concept: A Versatile Force Package, Impetus, Bulletin of the EUMS, 1, pp. 12–15, 2006; Hughes, NATO and the EU: Managing the Frozen Conflict – Test Case Afghanistan, 2007; Hynek, EU crisis management after the Lisbon Treaty: civil – military coordination and the future of the EU Operational Headquarters, in: European Security, 20(1), pp. 81–102, 2011; Ionascu, The EU Military Capability Development Process in: Romanian Military Thinking 3/2015, pp. 132–140, 2015; Jacobsen, Right Strategy, Wrong Place: Why NATO’S Comprehensive Approach will Fail in Afghanistan, UNISCI Discussion Papers No. 22, 2010; Joannin, The European Union and Crisis Management, European Issue, 22, 2016; Johansen/Aggerholm/ Frandsen, Entering new territory: A study of internal crisis management and crisis communication in organizations, Public Relations Review, 38(2), pp. 270–279, 2012; Journal of the European Union, Vol. 50, Treaty of Lisbon amending the Treaty on European Union and the Treaty establishing the European Community, signed at Lisbon, 13 December 2007, 2017; Kempin/Kunz, France, Germany, and the Quest for European Strategic Autonomy. Franco-German Defence Cooperation in A New Era, Notes de l’Ifri/ Notes du Cerfa No. 141,2017; Klaiber, The European Union in Afghanistan – Lessons Learned, 2007; Kozlowski/Palacios, Single Intelligence Analysis Capacity (SIAC) – A Part of the EU Comprehensive Approach, Impetus. Magazine of the EUMS, 14, pp. 10–11, 2014; Kuhn, The System of the EU Crisis Management – From bringing Peace to establishing Democracy?, in: Bogdandy/Wolfrum, (Eds.): Max Planck Yearbook of United Nations Law, Vol. 13, pp. 247–266, 2009; Labuhn, Mit PESCO zur Europa Armee? Der Weg zur EU-Verteidigungsunion bleibt steinig, Europäische Sicherheit & Technik, 02/2018, p. 10–11, 2018; Langlois/Capstack, The role of the military in the EU’s external action – implementing the comprehensive approach, 2014; Lassche, The EU Military Staff: a frog in boiling water?, Militaire Spectator Jaargang 186, Nummer 7/8, pp. 340–352, 2017; Laporte/Fischer, the EU Headline Goal Process, in: Hillmann/Hadjisavvas (Eds.): Military Capability development in the framework of the Common Security and Defence Policy, pp. 39–47, 2012; Major/von Voss, European Defence in View of Brexit, SWP Comments 10, 2017; Marrone/Pirozzi/Sartori, PESCO: An Ace in the Hand for European Defence, 2017; Matlary, European Union security dynamics in the new national interest, 2009; Mattelaer, The CSDP mission planning process of the European Union: innovations and shortfalls, European Integration online Papers (EIoP), 14(1), 2010; Messervy-Whitimg, CSDP’s First Steps, Impetus. Magazine of the EUMS, 21, p. 8, 2016; Mölling, Militärisches Krisenmanagement innerhalb der Europäischen Sicherheits- und Verteidigungspolitik. Strukturen, Akteure und Prozesse für die Planung und Entscheidung, 2009; N.N., EU factsheet on EU Intelligence Analysis Centre (INTCEN); N.N., Joint Declaration on European Defence issued at the British-French Summit (Saint-Malo, 4 December 1998); Ortega, A European Army? But First a Defence Union, Elcano Blog 17 March 2015; Ortega, Europeans, get to work, Elcano Blog 06 September 2016; Perret, The European Union and Crisis Management, European

154

Rauwolf

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:00 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 4. Intelligence in EU-led military missions and operations Issue n° 22, 2006; Perruche, Progress and Achievements, Impetus, Bulletin of the EUMS, 2, pp. 1–5, 2006; Pietz, Flexibility and “Stabilization Actions”: EU Crisis Management One Year After the Global Strategy, ZIF Policy Briefing, September 2017; Pulkkinen, First Months of the Military Planning and Conduct Capability (MPCC), Impetus. Magazine of the EUMS, 24, pp. 4–5, 2017; Simón, Command and control? Planning for EU military operations, European Union Institute for Security Studies Occasional Paper, no. 81, 2010; Simon/Mattelaer, EUnity of Command – The Planning and Conduct of CSDP Operations, Egmont Paper, 4, 2001; Sönmez/Dikici/Durak, EU Crisis Management Process, Journal of Military and Information Science, Vol. 2(4), pp. 96–100, 2014; Statewatch.org, Britain drops opposition against new EU military command centre, 9 June 2017; Steinsson, NATO’s Comprehensive Approach in Afghanistan: Origins, Development, and Outcome, 2015; Tardy, MPCC – towards a EU military command?, EUISS Brief, 17/2017; Treverton, Foreword, in: Johnston (Ed.): Analytic Culture in the US Intelligence Community, 2005; Toucas, Debunking myths about Strengthened EU Security and Defence Cooperation, 2016; US Department of the Army Headquarters, Intelligence Officer’s Handbook, Field Manual 34-8-2, 1998; US Department of the Army Headquarters, Intelligence, Field Manual 2-0, 2014; Van Osch, The Strength of the EU, Impetus. Bulletin of the EUMS, No. 12, pp. 1–2, 2011; Walsh, Intelligence-Sharing in the European Union: Institutions are not enough, in: JCMS, Volume 44 (2006), Number 3, pp. 625–643; Walsh, Security Policy and Intelligence Cooperation in the European Union, 2009; Waltz, Knowledge Management in the Intelligence Enterprise, 2003.

A. Introductory Remarks – The military in the “civil world” of the European Union In the “civil world” of the European Union (EU) the military is often still perceived as 1 an alien object, although the civil-military cooperation was and is one of the central aspects of the EU crisis management structures and processes1. More than 30.000 women and men work for the Commission, around 3500 in the General Secretariat of the Council, around 7500 in the European Parliament2 and approximately 5000 for the European External Action Service (EEAS) in and outside of Brussels3, compared to less than 200 soldiers that serve in the European Union’s Military Staff (EUMS)4. Compared to NATO, that – in its core function – is a military alliance, the EU’s self-concept is a civil one. Nonetheless, since the beginning of military missions and operations under the command of the EU5 in 2002, the EUMS forms an integral part of the institutions – at the beginning since 2001 as part of the Council’s General Secretariat and since 2009 as part of the EEAS. In a changing world, were the EU was and still is increasingly forced to accept the 2 responsibility to conduct military operations, the few soldiers that serve at the Schuman Square provide the sole military expertise needed. The EUMS works under the authority of the High Representative/Vice President of the European Commission HR/VP and is the source of collective (multi-disciplinary) military expertise within the EEAS. In addition, the EUMS works under the direction of the EU Military Committee6 1

See Mölling, Militärisches Krisenmanagement, p. 3. See https://europa.eu/european-union/about-eu/figures/administration_en, accessed 01 March 2018. 3 EEAS HR Report 2016, https://eeas.europa.eu/sites/eeas/files/eeas_human_resources_reports_2016. pdf, accessed 01 March 2018. 4 See van Osch, The Strength of the EU, p. 1. 5 When considering EU crisis management one has to differentiate between two general types of actions: crisis management operations, which generally have a strong military component and are based on an executive mandate, and crisis missions, which have a predominantly civilian nature. Since the launching of the EU Training Mission for Somalia in 2010, a third option has been established: a military engagement with a non-executive mandate, the so-called “military (training) mission”. The two types of actions are often combined, especially in the field of civilian-military crisis management in which the EU specializes; see Kuhn, EU Crisis Management, p. 248. 6 The European Union Military Committee (EUMC) is the highest military body set up within the Council. The EUMC is composed of the Chiefs of Defence (CHODs) of the Member States, who are regularly represented by their permanent Military Representatives (MilReps).The EUMC provides the 2

Rauwolf

155

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:01 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

(EUMC) where its strategic planning capability is often utilised. The enabling capabilities of the EUMS include early warning, situation assessment, strategic planning, concept development, training and education and support of partnerships through military-military relationships, in short: it is the unique source of military expertise and planning capabilities.7 3 From its beginning, a small part of the EUMS, the Intelligence Directorate (EUMS INT), provided the basis for the assessment of the military situation in the countries of interest to the EU. With the growing number of crises in the neighbourhood of the EU and the increasing number of military engagements of the Union, the role of the military gained increasingly in importance. 4 Military Intelligence focuses on military threats posed by state and non-state actors in “traditional” armed conflicts as well as asymmetric conflicts8. Its main task on the tactical and operational level has always been and remains to inform the military commander about the possible and probable intentions and capabilities of an actual or potential adversary and to raise the awareness of risks and dangers in the area of operations (AOO) – all this with the aim to provide a solid base for the military commander’s decisions on the battlefield. On the strategic and political level, the task changes and “Military Intelligence” becomes “Defence Intelligence”: it focuses on the information of the military command and the political leadership to provide the information needed for a solid decision-making process. 5 EU military Intelligence was directly connected to the development of the Common Security and Defence Policy (CSDP).

I. From “comprehensive” to “integrated” approach 1. EU’s comprehensive approach Since the end of the 90s, the need to accompany military operations with coherent civil actions in the fields of “nation building”, “Disarmament, Demobilisation and Reintegration” (DDR), Security Sector Reform (SSR) and economic development amongst others was recognized by all major security actors9, nations as well as international organisations like NATO or the EU10. 7 The coherent application of military and civil actions is commonly referred to as “comprehensive approach (CA)”11. There is no universal definition for CA, the EU focuses mostly on using its “diverse policies and tools in a coherent and consistent manner”12. 6

Political and Security Committee (PSC) with advice and recommendations on all military matters within the EU. (https://eeas.europa.eu/headquarters/headQuarters-homepage/5428/european-union-militarycommittee-eumc_en, accessed 29 April 2018). 7 Gluszko, The Role of the Military, p. 4. 8 Gruszczak, Intelligence security, p. 95. 9 See Mölling, Militärisches Krisenmanagement, p. 3; Joannin, Crisis Management. 10 NATO’s engagement in Afghanistan was and is perceived as one of the most striking examples of how a military operation can fail when the appropriate and necessary complementing civil actions are missing or carried out in a uncoordinated way (e. g. Steinsson, NATO’s comprehensive approach; Jacobsen, Right Strategy.). 11 See Council of the European Union: Council Conclusions on the EU’s comprehensive approach, Ch. 1, Article 10 a, § 3, download at: https://europa.eu/capacity4dev/public-fragility/document/councilconclusions-eus-comprehensive-approach, accessed 8 March 2018. 12 Ibid.

156

Rauwolf

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:01 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 4. Intelligence in EU-led military missions and operations

The Treaty of Lisbon within the TEU established that “the Union shall ensure 8 consistency between the different areas of its external action and between these and its other policies. The Council and the Commission, assisted by the High Representative of the Union for Foreign Affairs and Security Policy, shall ensure that consistency and shall cooperate to that effect” [Article 21 (3) 2nd sentence TEU]. A fully comprehensive external action would depend on all civil and military actors 9 to work with a single purpose regardless of organizational and cultural differences13. This does not depend on the creation of fully integrated civil-military entities and chains of command but could be achieved by making the divisions between civilian and military bodies as permeable as possible to reach their full synergy while preserving their different specialized expertise. The military requires an “element of separation” from civilian bodies to develop and maintain its unique skills and ethos14. During the decades since the establishment of the ESDP/CSDP there was never a lack 10 of political declarations. Especially in relation to the Lisbon Treaty a lot of politicians of different countries emphasized the “new quality” in defence cooperation after the signing. However, the European Parliament came, in its “report on the EU comprehensive approach and its implications for the coherence of EU external actions” in the autumn of 2014 to a rather disillusioning assessment: underlining “the fact that the Lisbon Treaty provides the framework for the Union to achieve a more coherent, joined-up and comprehensive approach for the effective pursuit of the Union’s external relations, […the European Parliament] regrets that, despite the Lisbon Treaty innovations, lack of progress in the consistency of the Union’s external action persists. […] It stresses that the EU foreign policy can only be effective if the Member States are willing and able to formulate common policy lines, particularly within multilateral organisations, such as the United Nations [… and] insists that the […comprehensive approach] is the common responsibility of all EU actors in EU institutions, in EU Member States and on the ground in third countries, and that, at the same time, it must fully respect the specific competencies of each institution and actor”15.

2. The EU Global Strategy (EUGS) – the “integrated approach” as prerequisite for “strategic autonomy” The unpredictability of the current US administration16 and the foreseeable departure 11 of the United Kingdom from the EU were and are the main motives17 for the EU to dedicate itself to the undefined target of “strategic autonomy”18, mentioned in the EUGS of 201619. Since then the EU has used the EUGS as a medium to make its citizens aware of the “added value the Union can contribute to security issues”20. To satisfy this requirement, the EU is promoting the “integrated approach” as an 12 expanded version of the comprehensive approach with the aim to enable the Union to “act at all stages of the conflict cycle, acting promptly on prevention, responding responsibly and decisively to crises, investing in stabilization, and avoiding premature 13

See van Osch, The Strength of the EU, p. 9. Langlois/Capstack, The role of the military, pp. 11–12. 15 European Parliament: Report on the EU comprehensive approach, http://www.europarl.europa.eu/ sides/getDoc.do?pubRef=-//EP//TEXT+REPORT+A7-2014-0138+0+DOC+XML+V0//EN, accessed 06 March 2018. 16 Bossdorf, Trump, p. 1. 17 Toucas, Debunking myths, p. 1. 18 EEAS, Global Strategy, p. 19, download at: https://europa.eu/globalstrategy/en/file/814/download? token=I-Kb0OrS, accessed 30 April 2018. 19 Biscop, Global Strategy, p. 3. 20 Bendiek, Europe of Security, p. 2; Toucas, Debunking myths, p. 2. 14

Rauwolf

157

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:02 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

disengagement when a new crisis erupts”21. “The EU will therefore pursue a multiphased […and] a multi-level approach to conflicts, acting at the local, national, regional and global levels”22. 13 First idea for the creation of a security and a defence union date back to the early 2000s but failed to be realized until in its report on future military cooperation in October 2016, the European Parliament (EP) called for a newly created defence union, to “facilitate closer interlocking of national troops and […to] transform the EU Battlegroups into standing units23. 14 Almost like an answer to the EP demands, the European Commission in November 2016 presented its European Defence Action Plan (EDAP) which contains a new level of ambition, stating that the EU should be capable of leading “ten civilian and five military operations” simultaneously24 and that a Military Planning and Conduct Capability (MPCC) was to be established until Summer 2017 to compliment the already existing Civil Planning and Conduct Capability,25 thus enabling the integrated approach to be realized at the strategic level in Brussels. 15 This creation of a permanent military command structure on the military strategic level in Brussels marked the latest step of a process that started nearly three decades ago with the development of the first military capabilities of the EU.

B. The development of EU’s military capabilities The Maastricht Treaty of 1993 gave birth to the EU, built on three pillars: the institutions and competences of the European Communities as developed since 1957, police and judicial cooperation and the Common Foreign and Security Policy (CSFP)26. 17 The first draft of the CFSP dates back to 1992. With the end of the cold war and the start of the war in Yugoslavia, the Western European Union (WEU27) put forward the reorganization of the armies in Europe with three fundamental missions as a basis: humanitarian and evacuation missions, peacekeeping missions and combat missions to 16

21

EEAS, Global Strategy, pp. 9–10. EEAS, Global Strategy, pp. 28–29. 23 European Parliament: Report on the European Defence Union, http://www.europarl.europa.eu/sides/ getDoc.do?pubRef=-//EP//TEXT+REPORT+A8-2016-0316+0+DOC+XML+V0//EN, accessed 10 March 2018. 24 See European Commission, Factsheet; See American Chamber of Commerce to the EU, European Defence Action Plan. 25 Bendiek, Europe of Security, pp. 3–4. 26 Joannin, Crisis Management. 27 The Western European Union (WEU) was an association of 10 European countries (Belgium, France, Germany, Greece, Italy, Luxembourg, the Netherlands, Portugal, Spain, and the United Kingdom) that operated as a forum for the coordination of matters of European security and defence. The WEU grew out of the Brussels Treaty of 1948 – an agreement between Belgium, France, Luxembourg, the Netherlands, and the United Kingdom to provide for collective defence and to facilitate cooperation in economic, social, and cultural matters. NATO and the Council of Europe, both of which were formed in 1949, developed out of that framework. In 1954 the Brussels Treaty was strengthened and modified to include West Germany and Italy, to end the occupation of West Germany, and to include West Germany in NATO; and the WEU came into being on May 6, 1955. In 1960 the activities of committees for social and cultural affairs were transferred to the Council of Europe. In 1984 the union was “reactivated” and a new agenda established: it recognized the significance of U.S. arms to the defence of Europe and resolved to increase regional military cooperation. In March 2010 the members decided to cease the WEU’s operations, and in June 2011 the organisation officially closed (https://www.britannica.com/topic/Western-European-Union, accessed 29 April 2018). 22

158

Rauwolf

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:02 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 4. Intelligence in EU-led military missions and operations

manage crises and re-establish peace. These so-called “Petersberg Missions” were then incorporated into the Treaty of the European Union28. But only at the Franco-British Summit held in St. Malo on 3 and 4 December 1998, 18 the Heads of State and Government of the United Kingdom and France agreed on the need to give the EU the capacity for autonomous decision-making and action, backed up by credible military forces, in order to respond to international crises when the NATO is not involved29. To avoid unnecessary duplication, it was decided that the EU should take into account the assets of the WEU30. After the agreement between France and the United Kingdom, things began to evolve31 in the framework of the WEU as the organization providing the EU with access to operational capabilities and supporting the EU in the framing of defence aspects of the CFSP32. At the meeting of the European Council in Cologne in June 1999 Heads of State and 19 Government of the EU’s member states declared “that the European Union shall play its full role on the international stage. To that end, we intend to give the European Union the necessary means and capabilities to assume its responsibilities regarding a common European policy on security and defence33. (…) The Union must have the capacity for autonomous action, backed up by credible military forces, the means to decide to use them, and a readiness to do so, in order to respond to international crises without prejudice to actions by NATO”34.

I. The Headline Goal 2003 At the European Council in December 1999 in Helsinki the EU agreed upon a new 20 military target known as the Helsinki Headline Goal, which intended to solve especially the quantitative shortfalls regarding the military capabilities of the EU35. The Member States agreed to put at the Union’s disposal, on a voluntary basis, forces capable of carrying out the tasks set out in Article 17(2) TEU36 in operations up to army corps level (50.000 to 60.000 troops) with the necessary command, control and Intelligence capabilities, logistics, other combat support services and additionally, as appropriate, air and naval elements until 2003. The forces should be able to deploy in full at this level within 60 days, with their deployment sustainable for at least a year37. Meanwhile, the EU-NATO relationship became institutionalised by adopting, in 21 December 2002, in Copenhagen, the NATO-EU agreement allowing the EU to draw on some of NATO’s military assets and capabilities, other than national ones, in order to conduct its own peacekeeping operations. Known as the “Berlin Plus”, it states: – assured access by the EU to NATO planning capabilities for its own military operations; – the availability of NATO assets and capabilities for the EU; 28

Perret, Crisis Management. Lassche, The EU Military Staff, p. 342. 30 Joint Declaration on European Defence issued at the British-French Summit (Saint-Malo, 4 December 1998). 31 Ionascu, Capability Development Process, p. 132. 32 Gruszczak, Intelligence security, p. 97. 33 See Messervy-Whiting, CSDP’s first steps, p. 8. 34 Council of the European Union (2014): European Union Concept for EU-led Military Operations and Missions, Council Document 17107/14, http://data.consilium.europa.eu/doc/document/ST-171072014-INIT/en/pdf, accessed 09 March 2018. 35 Perruche, Progress and Achievements, p. 2. 36 I.e. the above-mentioned “Petersberg Tasks”. 37 Hamelink, The Battle Group Concept, p. 12. 29

Rauwolf

159

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:03 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

– the terms of reference for the Deputy Supreme Allied Commander Europe (DSACEUR) and European Command Options for NATO in the context of a EU-led operation making use of NATO assets and capabilities.

II. The Headline Goal 2010 Following the adoption of the European Security Strategy in December 200338, the EU decided to set a new Headline Goal 2010, changing the focus from the quantitative to qualitative approach39. Building on the Headline Goal 2003, it envisaged that the Member States would “be able by 2010 to respond with rapid and decisive action applying a fully coherent approach to the whole spectrum of crisis management operations covered by the Treaty on European Union”. 23 The process of developing EU military capabilities towards the Headline Goal of 2010 was a staggered and comprehensive one. The first step was to identify strategic planning assumptions. 24 Five illustrative scenarios, comprising a range of possible military operations, were prepared: – Separation of parties by force – Stabilisation, reconstruction and military advice to third countries – Conflict prevention – Evacuation operation – Assistance to humanitarian operations40. 25 Specifically, the new Headline Goal aimed to: – increase the interoperability of available EU forces and strengthen their deployment and sustainment capabilities; – expand the spectrum of EU missions, into the spirit of the Security Strategy provisions; – develop an EU rapid response capability, not only regarding decision-making (with the objective to take the decision to launch an operation within 5 days) but also regarding deployment in theatre (within 10 days following the decision)41. 22

III. Military Rapid Response and Battlegroups The aspired EU’s capability to deploy forces very rapidly was a key aspect of the Headline Goal 2010. 27 Earlier work on the contribution of naval and air forces in rapid response operations resulted in the adoption by the EU Military Council (EUMC) in late 2007 of a Maritime Rapid Response Concept42 and an Air Rapid Response Concept43. 28 To ensure the overall coherence of all concepts relating to rapid response, the EUMC tasked the EUMS to update the Air and Maritime Rapid Response concepts to reflect 26

38

See Laporte/Fischer, Headline Goal Process, p. 40. See Perruche, Progress and Achievements, p. 2. 40 Laporte/Fischer, Headline Goal Process, p. 42. 41 Ionascu, Capability Development Process, p. 133; Laporte/Fischer, Headline Goal Process, p. 41. 42 Council of the European Union, EU Military Rapid Response Concept, http://data.consilium.europa. eu/doc/document/ST-5008-2015-INIT/en/pdf, accessed 9 March 2018, Annex D. 43 See Council of the European Union, EU Military Rapid Response Concept, Annex E. 39

160

Rauwolf

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:03 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 4. Intelligence in EU-led military missions and operations

the revised Military Rapid Response concept and to examine the possible need for a Land Rapid Response concept44. On 1 January 2007, the EU achieved full operational capability to conduct two 29 concurrent rapid response operations of the size of a Battlegroup (BG) of around 1500 soldiers45. Since then, Member States have managed collectively to permanently provide to the 30 EU two Battlegroups of 1500 up to 2500 personnel. Battlegroups are a specific form of Rapid Response elements. They remain on standby for six months and can be ready to start implementing their mission within 10 days after the Council’s decision to launch the operation and for a maximum of four months. A Battlegroup Coordination Conference is organized every six months to receive offers from Member States to populate the standby roster. Member States conducted a review of the Military Rapid Response Concept from a 31 joint perspective, taking into account the necessary global approach to crises. The revised concept was agreed by the EUMC in January 2009 and noted by the PSC46 in April. It newly defined the military rapid response time as a period from 5 to 30 days from the approval of the Crisis Management Concept to the moment when operations commence in the Joint Operations Area47.

IV. “Brexit” = new possibilities? With the United Kingdom’s Prime Minister’s official request of 29 March 2017, 32 invoking Article 50 TEU to leave the Union, the EU will have to change the way it organizes its defence policies. Some assess that the “Brexit” will have only limited impact on the CSDP compared to other policy areas like the single market, stressing the intergovernmental character of the CSDP48. Others, focusing on the role the UK was playing in the last decades, thwarting the development of the CSDP49 – like the establishment of a permanent EU military headquarters, prefer to think that the Brexit will open the door for strong and decisive changes in the time to come50. Already in 2016, some authors have argued that the Brexit will encourage the 33 remaining members, with France and Germany taking the lead, to look more favourably on a permanent structured cooperation (PESCO) as a mechanism to enhance their bilateral security and defence cooperation, with a view to strengthening the EU’s 44

See Council of the European Union, EU Military Rapid Response Concept, Annex C. Hamelink, The Battlegroup Concept, pp. 12–13. 46 The Political and Security Committee is a Committee of the Council of the European Union dealing with the common foreign and security policy (CFSP) mentioned in Article 38 of the Treaty on European Union.It comprises representatives from the 28 EU countries. Its remits are to monitor the international situation in the areas covered by the CFSP; to contribute to the definition of policies and to monitor implementation of policies without prejudice to the powers of the EU’s High Representative for Foreign Affairs and Security Policy. Under the responsibility of the Council and the High Representative, the committee exercises political control and strategic direction of crisis management operations. It may thus be authorised to take decisions on the political control and strategic direction of an operation. It is assisted by a Politico-Military Group, a Committee for Civilian Aspects of Crisis Management, and the Military Committee and Military Staff. (https://eur-lex.europa.eu/summary/glossary/political_security_committee.html, accessed 02 May 2018). 47 Council of the European Union, EU Military Rapid Response Concept, Council Document 5454/1/ 09 REV, dated 27 April 2009, http://register.consilium.europa.eu/doc/srv?l=EN&f=ST%205654%202009% 20REV%201, accessed 10 March 2018. 48 See Major/von Voss, European Defence, p. 1. 49 See Ortega, Europeans. 50 E. g. Bendiek, Paradigm Shift; Labuhn, PESCO; Marrone/Pirozzi/Sartori, Ace in the Hand. 45

Rauwolf

161

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:04 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

ambitions to arrive at (what German Minister of Defence Ursula von der Leyen calls) a “European Defence Union” (EDU)51.

1. PESCO – The Permanent Structured Cooperation 34

In its Fact sheet on PESCO the EEAS states that the EUGS “started a process of closer cooperation in security and defence” amongst the EU Member States. PESCO is described as the tool to realize this overarching aim by allowing Member States to “increase their effectiveness in addressing security challenges and advancing towards further integrating and strengthening defence cooperation in the EU framework”. PESCO, as a “treaty based framework” and process would help to “jointly develop defence capabilities and make them available for EU military operations” thus enhancing the EU’s “capacity as an international security partner”52.

2. MPCC – The Military Planning and Conduct Capability 35

Formally created on 8 June 2017, the MPCC may well be perceived as one of the most tangible deliverables of the latest efforts to revitalise EU defence policy. After the United Kingdom had blocked any progress in regard to the establishment of a permanent military command structure in Brussels, “it is symbolic of a certain evolution of mindset after more than 15 years of politicised discrepancies among member states (sic) on the virtues of an EU proper command structure”53.

C. The EU’s crisis management process EU has a comprehensive planning concept that establishes a framework for EU crisis management54. It covers a substantially wide range of situations and activities and includes interventions, designed to end armed conflicts55. This planning process is a quite flexible one that can be adapted to all types of possible EU-led missions and operations and all phases of crisis management56. 37 The process can be divided in six different phases starting from the political-strategic level down to the tactical level. These stages are; Monitoring, Crisis Management Concept, Strategic Options, Operational Planning, Conduct of Operation, and Evaluation57. 38 Monitoring, including early warning and advance planning, is considered as the first phase of crisis management planning58. The monitoring is conducted by several EU entities: the EU Satellite Centre (SATCEN), EU Situation Room and the EU Intelligence Analysis Centre (INTCEN)59. The EU Situation Room continuously scans the world events by focusing on the topics related to EU’s foreign interests60. In case of an 36

51

Ortega, European Army. European External Action Service (2017), EU Factsheet on PESCO, https://eeas.europa.eu/sites/eeas/ files/pesco_factsheet_19-10-2017_1.pdf, accessed 6 March 2018. 53 Tardy, MPCC, p. 1. 54 Sönmez/Dikici/Durak, Crisis Management Process, p. 96.; Dabas, Turning words into deeds, pp. 6–7. 55 Perret, Crisis Management. 56 Farazmand, Crisis and Emergency Management, p. 178. 57 See Hynek, EU crisis management, p. 83. 58 Mattelaer, CSDP mission planning process, pp. 3–4. 59 EU factsheet on EU Intelligence Analysis Centre (INTCEN), http://eu-un.europa.eu/factsheet-on-euIntelligence-analyses-center-intcen/, accessed 11 March 2018; see also Palacios, EU intelligence: On the road to a European Intelligence Agency?, Part 3 Chapter 1, in this volume. 60 Sönmez/Dikici/Durak, Crisis Management Process p. 97. 52

162

Rauwolf

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:04 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 4. Intelligence in EU-led military missions and operations

emerging crisis, the first step is reviewing or revising – if needed – an existing plan where available. When this is not viable, process for a new plan is initiated. The responsible EEAS geographical desk prepares the Political Framework for Crisis Approach (PFCA)61, which is supported by all services and the respective EU delegations. The outcome of PFCA includes a broad range of options – in other terms, courses of actions – available for EU decision-makers62. The second phase is the development of the Crisis Management Concept (CMC)63. By means of the Crisis Management and Planning Directorate (CMPD), within the EEAS, a joint assessment is made for CMC in EU’s area of interest regarding the crisis. The EUMC, the Committee for Civilian Aspects of Crisis Management (CIVCOM), and an appropriate geographical working group within the EEAS provide necessary advice. After that, CMC establishes a basis for a joint effort that involves general end state, key and interim objectives, delivery of key objectives, and principles for measuring success64. The next step is the development of strategic options. The EUMS compiles Military Strategic Options (MSOs)65 whereas Civilian Planning and Conduct Capability (CPCC) lead police and civilian response options. PSC and Council evaluate all options and approve one of them66. Through these assessments, the Council can choose to act through a Council Decision (CD) with which the Council establishes the operation, appoints the Operation Commander(s) and decides on the financial costs of the operation67. At the same time the Council reserves its right to suspend the planning process at any time and to decide not to act in the framework of the CFSP68. The fourth and most extensive phase is the operational planning, which starts with the initial military directive (IMD) and includes the development of concept of operations (CONOPS) and operation plan (OPLAN)69. Civilian and military planning processes separate at this phase, for details on the military process see next chapter. Regarding the civilian operations, CPCC develops CONOPS before CDs, while military planners issue IMD and CONOPS after respective CDs70. The fifth phase is the conduct of operation. PSC, under the responsibility of the Council and of the High Representative (HR), controls and directs the CSDP operations at political and strategic levels. Civil Operation Commander and Military Operation Commander command and control the mission in the theatre71. In the sixth phase a review is conducted during the operations. EUMS evaluates reports and advises the PSC. Additionally, the HR proposes a set of measures aimed at refocusing or finishing the EU action to the PSC. The PSC agrees and forwards the 61 Council of the European Union, European Union Concept for EU-led Military Operations and Missions, Council Document 17107/14, http://data.consilium.europa.eu/doc/document/ST-17107-2014INIT/en/pdf, accessed 9 March 2018, p. 19. 62 Johansen/Aggerholm/Frandsen, New Territory, p. 273. 63 Council of the European Union: European Union Concept for EU-led Military Operations and Missions, p. 19. 64 Giegerich, Military Crisis Management, p. 38. 65 Council of the European Union, European Union Concept for EU-led Military Operations and Missions, p. 19. 66 Mattelaer, CSDP mission planning process, p. 4. 67 Ibid. 68 This could be the case, for example, if foreseeable conflicting interests or assessments of several Member States would impede the necessary unanimous decision of the Member States’ representatives in the Council. 69 Simón, command and control, pp. 13–14. 70 Sönmez/Dikici/Durak, Crisis Management Process, p. 99. See Simon/Mattelaer, EUnity. 71 Gourlay, procedures and resources, pp. 404–421.

Rauwolf

163

39

40

41

42

43

44

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:05 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

measures to the European Council. The Council decides whether to refocus the EU action, including possible termination, or to launch any further action needed at this stage72.

D. EU’s planning process for military operations and missions 45

46

47

48

49

According to the “EU Concept for Military Planning at the Political and Strategic Level”73 and the EU’s “Concept for EU-led Military Operations and Missions”74, military planning is an iterative process which needs to analyse all relevant factors to determine the military mission. At the political and strategic level this will include analysis of the implications of political objectives, desired end state, restraints and constraints as well as an analysis of the capabilities needed, in order to develop military options75. Military planning is conducted at four levels: – The political and strategic level, – The military strategic level, – The military operational level, – The tactical level.76 “Advance planning” and “crisis response planning” have to be distinguished. Advance planning is conducted to allow the EU to deal with potential crises. Crisis response planning is conducted to enable the EU to deal with a real crisis. It builds on advance planning whenever available77. As mentioned above, once the Council has agreed to prepare a military response to a given crisis, the CMC will be the base for the development of MSOs by the EUMS. A MSO describes a military action designed to achieve the EU objectives as defined in the CMC. A MSO outlines the military course of action, the required resources and the constraints. It usually includes an assessment of feasibility and risk, an idea for the command and control structure and an indicative force capability78. Moreover it should include the desired end state, the exit strategy, and the general objective of the military engagement79. Once one of the developed MSO has been selected, the EUMS will produce the IMD as the basis for the development of the CONOPS and the OPLAN by the Operational Headquarters (OHQ).

72

Sönmez/Dikici/Durak, Crisis Management Process, p. 100. Council of the European Union, European Concept for Military Planning at the Political and Strategic Level, Council Document 10687/08, http://register.consilium.europa.eu/doc/srv?l=EN&f= ST% 2010687%202008%20INIT, accessed 09 March 2018. 74 Council of the European Union, European Union Concept for EU-led Military Operations and Missions. 75 Simón, command and control, p. 8. 76 Council of the European Union, European Union Concept for EU-led Military Operations and Missions, p. 18. 77 Council of the European Union, Concept for Military Planning at the Political and Strategic Level, p. 9. 78 Simón, command and control, p. 12. 79 Simón, command and control, p. 13. 73

164

Rauwolf

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:05 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 4. Intelligence in EU-led military missions and operations

E. Command and Control (C2) in EU-led Military Missions and Operations The EU Concept for Military Command and Control80 defines the responsibilities 50 and the framework for the C2 from the political strategic level to those military elements conducting the mission or operation81.

I. The PSC The PSC, in accordance with Article 38 TEU and under the authority of the Council82, 51 exercises political control83 and strategic direction84 of EU-led military missions and operations85, taking into account advice and recommendations from the EUMC86.

II. EU Military Chain of Command 1. Military Strategic Level (I) – The EU Operations Commander and the EU Operations Headquarters (OHQ) The commanding officer of the OHQ, the “EU Operations Commander” (OpCdr) is 52 a commander nominated by the Council or the PSC to conduct a defined military operation. This includes the responsibility to develop the CONOPS and the OPLAN. Moreover the OpCdr has to coordinate the deployment, sustainment and re-deployment of the EU force. The OpCdr is supported by the staff of the static headquarters located outside the area of operations (AOO), the OHQ87.

80 Council of the European Union, EU Concept for Military Command and Control, Council Document 5008/15, http://data.consilium.europa.eu/doc/document/ST-5008-2015-INIT/en/pdf, accessed 09 March 2018. 81 Council of the European Union, EU Concept for Military Command and Control, p. 6. 82 See Mölling, Militärisches Krisenmanagement, p. 7. 83 Political Control is the setting of political objectives and parameters, and the balancing of aims and means to achieve these objectives. It provides the framework within which the military operations can take place and defines their nature and scope (Council of the European Union, EU Concept for Military Command and Control, p. 7). 84 Strategic Direction is the translation of political and strategic objectives into guidance, enabling the military mission or operation to be planned and conducted (ibid.). 85 Council of the European Union, EU Concept for Military Command and Control, p. 7, pp. 16–17. 86 The EUMC provides the PSC with military advice and recommendations on the planning and conduct of EU-led military operations. The Chairman of the EUMC (CEUMC) acts as EUMC spokesman in the PSC and acts as the primary point of contact to the OpCdr (see Council of the European Union, EU Concept for Military Command and Control, p. 17). It is important to recognize that the EUMC is not a formal part of the chain of command within a military mission or operation led by the EU. Nevertheless it is the highest board providing military advice to the PSC and, with the chairman taking part in the PSC sessions, has an important role to play when it comes to decisions with military relevance taking into account the purely civil structure of the PSC; see Mölling, Militärisches Krisenmanagement, pp. 7–9. 87 Council of the European Union, EU Concept for Military Command and Control, p. 8, pp. 18–19.

Rauwolf

165

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:06 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

2. Military Strategic Level (II) – The Director of the Military Planning and Conduct Capability (MPCC) and the MPCC 53

In line with the Council Conclusions of 14 November 2016 on the implementation on the EUGS88 and after the UK dropped its opposition against it89, the MPCC was established as a part of the broader ongoing work to strengthen EU’S security, defence and crisis management capacity. Assuming responsibility at the strategic level for the operational planning and the conduct of EU’s non-executive military missions90, the MPCC was established within the EUMS and with its Director General as the Director of the MPCC who assumes the same roles, tasks and command relationships as those attributed to the military Operations Commanders. Working closely with its civilian counterpart, the CPCC through a Joint Support Coordination Cell (JSCC), the MPCC has to ensure “maximum coordination of civilian and military synergies and sharing of expertise”.91

3. Operational Level – The EU Force Commander and the EU Force Headquarters (FHQ) 54

The EU Force Commander (FCdr) is the military commander appointed by the Council or the PSC, acting under the authority of the OpCdr to execute a military operation. He is authorized to command assigned forces within a designated AOO supported by a headquarters deployed inside the AOO, the FHQ92.

4. Tactical Level – The Component Commanders 55

Component Commanders (CC) are designated by the FCdr or higher authority and are given the authority to accomplish missions and tasks assigned by the FCdr in the respective field of action (e. g. air, land, maritime, special forces)93.

III. EU Military Command and Control Structure 56

The EU military operational chain of command is based on a vertical top to bottom responsibility94.

88

Pietz, Flexibility. Statewatch.org, Britain drops opposition. 90 Currently the EU Training Missions (EUTM) in the Central African Republic, Mali and Somalia. 91 European External Action Service, MPCC Factsheet, https://eeas.europa.eu/sites/eeas/files/ mpcc_factsheet.pdf, accessed 06 March 2018. 92 Council of the European Union, EU Concept for Military Command and Control, p. 8, p. 20. 93 See Council of the European Union, EU Concept for Military Command and Control, p. 9, p. 21. 94 Council of the European Union, EU Concept for Military Command and Control, p. 12. 89

166

Rauwolf

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:06 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 4. Intelligence in EU-led military missions and operations

Diagram:

IV. EU Command Options There are generally two command options for an EU-led military operation: an 57 autonomous one, where the EU on the military strategic level chooses one national OHQ offered by a Member State or one where the EU conducts an operation with recourse to NATO assets and capabilities95.

V. The EUMS The EUMS, like the EUMC, is not part of the military chain of command of an EU- 58 led military operation96. Nevertheless, the EUMS supports the EUMC in monitoring the execution of the operation97 and liaises closely with an active OHQ98. 95 Council of the European Union, EU Concept for Military Command and Control, p. 14; Council of the European Union, EU HQ Manning Guide – Revision, http://data.consilium.europa.eu/doc/document/ ST-15920-2011-EXT-1/en/pdf, accessed 10 March 2018, p. 8; Perruche, Progess and Achievements, p. 3; see Mölling, Militärisches Krisenmanagement, p. 13. 96 However, as mentioned above, in case of a EU-led military mission, the Director General of the EUMS takes over the responsibilities according to the ones of a military operations commander. 97 Council of the European Union, Council Decision of 10 May 2005 amending decision 2001/80/CFSP on the establishment of the Military Staff of the European Union, https://www.cvce.eu/content/publication/2006/8/21/1b4518ca-3924-441c-a31f-d9883164b66f/publishable_en.pdf, accessed 09 March 2018. 98 See Council of the European Union, EU Concept for Military Command and Control, p. 17.

Rauwolf

167

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:07 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

F. Military Intelligence structures in the wake of the development of EU’s military capabilities 59

60

61

62

63

The development of military Intelligence in the EU context was directly connected to the evolution of the CSDP. At the end of the 1990s the leading Member States began to search for alternatives to their national concepts which were often too limited, taking into account globalization, “new wars” and the proliferation of threats. A new system based on “multinational risk sharing and the pooling of military capabilities” in all sectors, including the Intelligence domain, was needed99. The intensification of EU military and defence cooperation since the end of the 1990s led to the development of the first forms of military Intelligence structures in the framework of the WEU100. The EUMS, established 2001, remains to be the core element of the security and defence structures of the EU. Its main objective in the beginning was to provide support and assistance to civilian missions101. Appropriate national and multinational Intelligence capabilities, converging in the EUMS, were crucial to perform early warning, situation assessments and strategic planning for military reactions to evolving threats to the EU’s security102. The construction of an “EU military Intelligence hub” in the new institutional context was a demanding task. The rapid deterioration of the global and European security environment after the 9/11 attack NATO’s intervention in Afghanistan and the subsequent terror attacks in Spain and the United Kingdom led to the need of enhancing multinational cooperation in the Intelligence domain to counter these threats103. During their informal meeting in Warsaw in March 2007, the EU’s ministers of defence agreed to improve planning and support of operations104. Furthermore, the EUMS Intelligence Division was formally tasked to provide input to advance planning, crises response, operations and exercises105. This included a formal involvement in EUMS planning, participation in “Mission Monitoring Teams” and provision of Intelligence analysis and products106.

G. Intelligence support to military missions and operations I. Mission 64

Intelligence support has to provide an analysis of the current situation, consider potential and emerging issues and include an evaluation of their possible development. A military mission or operation may be confronted with a particularly fluid operational 99

Matlary, Security dynamics, p. 7. Gruszczak, Intelligence Security, p. 97. 101 See Kuhn, EU Crisis Management, pp. 253–258 for an elaborate analysis of the legal, procedural and structural challenges and implications of a civil-military cooperation in a crisis management framework. 102 European Council, Helsinki, p. 89. 103 Chin, Ten years, pp. 27–43. 104 Engberg, Military operations, p. 38. 105 Gruszczak, Intelligence security, p. 100. 106 Brennan, Post-Wiesbaden, p. 20. 100

168

Rauwolf

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:07 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 4. Intelligence in EU-led military missions and operations

environment, a limited time available for a comprehensive Intelligence preparation of the battlefield (IPB), which is vital for planning a decision-making at the strategic and operational level. To enhance situational awareness of the deployed forces and enable them to mitigate effects of rapidly changing conditions related to the specific characteristics and risks involved in a military mission or operation, the deployed forces must have integral Intelligence capabilities and appropriate analytical capabilities to provide Intelligence support locally. Reach-back capabilities (from Member States and partners) have to provide crucial support, especially in the planning and during the initial phase of the military mission or operation107. Generally speaking, Intelligence activities in a military environment are divided 65 according to the level of command: – Strategic Level – entailing global and sectoral situational analysis, threat assessment and risk analysis, anticipation of threats and challenges posed by potential or actual adversaries; – Operational Level – support for planning and conduct, crisis response, Intelligencedriven actions, loss and damage assessment; – Tactical Level – targeting, command and control, surveillance, real-time operational picture108. From a military commander’s point of view, from the military strategic to the tactical 66 level, Intelligence serves as one of the most important decision-making tools. The Intelligence section of his headquarters has to provide continuous Intelligence and information to enable him to conduct the operation and at the same time minimize risk109. The commander requires Intelligence about the adversary and the battle space prior to engaging in operations and in order to effectively execute his missions across the full spectrum of operations. Intelligence helps the commander to visualize the battle space, organizing his forces and controlling operations to achieve the desired strategic, operational or tactical objective. Furthermore, Intelligence supports force protection by alerting the commander to emerging threats and assisting in security operations110.

II. Permanent Structures 1. The EUMS Intelligence Directorate The core of the EU’s permanent military Intelligence structures is the Intelligence 67 Directorate of the EU Military Staff (EUMS INT). Its mission is “to provide Intelligence input to early warning and situation assessment, to contribute to the EUMS planning through the provision of Intelligence and Intelligence planning expertise and to provide the Intelligence input to crisis response planning and assessment for operations and exercises”111. EUMS INT is organized into three different branches, reflecting the traditional 68 Intelligence cycle requirements and division of tasks112. The Policy Branch is responsible for the development of Intelligence concepts and 69 contributes to the planning of EU military operations. 107

See Council of the European Union, EU Military Rapid response Concept, pp. 13–14. Waltz, Knowledge Management, p. 13; Treverton, Foreword, p. XI, Gruszczak, Intelligence security, p. 47. 109 See US Department of the Army Headquarters, Intelligence Officer’s Handbook, p. 1-1. 110 US Department of the Army Headquarters, Intelligence, p. 1-1. 111 https://eeas.europa.eu/headquarters/headquarters-homepage_en/5436/The%20European%20Union %20Military%20Staff%20(EUMS), accessed 01 March 2018. 112 Kozlowski/Palacios, SIAC, p. 10. 108

Rauwolf

169

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:08 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

The Support Branch is responsible for strengthening the cooperation with the military Intelligence organizations of the Member States and the information and Intelligence management and distribution. 71 The Production Branch is the central element of the Intelligence Directorate. Its function is to ensure that Intelligence production meets the needs of EU institutions and bodies113. Within the framework of the Single Intelligence Analysis Capacity (SIAC)114 mechanism, the Production Branch works closely with the EU Intelligence Analysis Centre and prepares joint, multi-source-Intelligence products115. 72 For its products, the production Branch relies on finished Intelligence provided by Member States Defence Intelligence Organisations (DIO)116. Member States use their representatives to supply Intelligence to the Military Staff and to communicate Intelligence from EUMS INT to their relevant national agencies117. EUMS INT uses Intelligence shared by Member States but it does not solely depend on these contributions. In addition, it uses Intelligence gathered by bodies and delegations of the EU118 to produce its assessments for the Military Committee, the HR/VP and other EU institutions. The sharing Intelligence with the EUMS INT has a main problem: there is no requirement that Member States share Intelligence that might be of value or interest to the EU or to other Member States, adhering is explicitly voluntary119.The EU representations as well as the Intelligence personnel in operations and missions are able to openly collect information from sources in the field, but all in all the EU lacks the possibilities of a DIO when it comes to systematic collection or analysis of Intelligence120. 70

2. The EU Satellite Centre (SATCEN) “Under the supervision of the Political and Security Committee and the operational direction of the EU’s High Representative for Foreign Affairs and Security Policy (HRIUP), the SATCEN provides decision-makers with early warning of potential crises. This enables them to take diplomatic, economic and humanitarian measures in good time, including generic planning for intervention”121. 74 Since the establishment of the SATCEN, geospatial Intelligence capabilities have been gradually developed as a result of the deepening cooperation with Member States122. SATCEN’s involvement in support of military missions and operations has evolved during the last decade. It reflects the changing international environment and is a result of the EU’s decision-making process becoming more complex and thus more dependent on situational assessments and risk analysis, especially when the use of military force is one of the options contemplated123. 73

113

Gruszczak, Intelligence security, pp. 105–106. See Kozlowski/Palacios, SIAC, p. 11. 115 Haag, The first ten years, p. 8. 116 Bagdonas, Sharing capabilities, p. 7. 117 Walsh, Security Policy, pp. 9–10. 118 Walsh, Security Policy, p. 15. 119 Walsh, Security Policy, p. 14. 120 Walsh, Security Policy, p. 15. 121 See https://europa.eu/european-union/about-eu/agencies/satcen_en#what_it_does, accessed 1 March 2018. 122 Gruszczak, Intelligence security, p. 107. 123 See Gruszczak, Intelligence security, p. 109. 114

170

Rauwolf

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:09 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 4. Intelligence in EU-led military missions and operations

III. Non-permanent structures in support of military operations The Intelligence related capabilities of an EU force are the result of the “force generation process” that precedes the establishment of any military or civil mission or operation. Guidelines for the force generation are laid down in the “EU Concept for Force Generation”124. Member States political commitment, which later translates into appropriate military assets/forces/capabilities offered, constitutes a key for the success of an EUled military operation/mission. Without adequate offers from MS, the force generation process cannot be successfully completed. The appropriate military assets/forces/capabilities to execute the operation/mission must have been committed before the EU Operation Commander (OpCdr) or EU Mission Commander (MCdr) can recommend the decision to launch the operation/mission125. When it comes to the military headquarters, a second process very similar to the force generation, takes place to man the posts which follows the guidelines of the “EU HQ Manning Guide”126. Key principles for the manning of an EU headquarters are as follows: – “The commanders of both OHQ and FHQ are responsible for the manning of their HQ and will adopt a mission-tailored approach to meet the requirements of the operation. – Multinationalisation of the HQ is the overarching principle. However, manning will be driven by functional requirements of the operation, rather than to facilitate the participation from MS […]. – The manning of the EU HQ will be reviewed periodically throughout the course of the operation. – In order to achieve a wide degree of commonality across the potential EU HQ and to facilitate functional links between Strategic and Operational Levels, it is encouraged that HQs should stick to the generic EU HQs structure.” These general principles are valid for all parts of the headquarters. When it comes to the manning of the posts based on the structure decided by the headquarters’ Commander, it is the MS that have to fill the posts. Like the force generation process, the manning process is the result of several conferences with the aim to fulfil the demands of the commanders with the contribution of the MS. In regard to the Intelligence Directorate of the headquarters, the declassified version of the manning guide contains an interesting assumption: “It is assumed that, in addition to the NIC at the EU FHQ, most (EU and non-EU) TCNs will establish either a NIC or a NILO127 at the EU OHQ” with the aim to provide direct Intelligence support to the commanders.

124 Council of the European Union, EU Concept for Force Generation, http://data.consilium.europa.eu/ doc/document/ST-14000-2015-INIT/en/pdf, accessed 10 March 2018. 125 Council of the European Union, EU Concept for Force Generation, p. 5. 126 Council of the European Union (20154): EU HQ Manning Guide – Revision, http://data.consilium. europa.eu/doc/document/ST-15920-2011-EXT-1/en/pdf, accessed 10 March 2018. 127 TCN: Troop Contributing Nation; NIC: National Intelligence Cell; NILO: National Intelligence Liaison Officer (see EDA acronyms list, https://www.eda.europa.eu/docs/documents/eda_acronyms_ as_of_7_september_2009, accessed 10 March 2018).

Rauwolf

171

75

76

77

78

79

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:09 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

H. Tasks but no “tools” – an assessment of EU’s military Intelligence structures I. EUMS INT 80

Taking into account the many tasks for the EUMS INT derived from the support of the political-strategic decision-making process in Brussels, the Crisis Management Process, the Planning Process for military missions and operations, and the Intelligence support for missions and operations, EUMS INT seems to have more than enough workload for its people. Taking into account that the EUMS in total has roughly between 180 and 200 personnel128, even without official numbers, it’s reasonable to assume that EUMS INT cannot have more than a few dozen. These soldiers have to assume tasks that in NATO are shared by the Joint Intelligence and Security Division of the International Military Staff on the political-strategic level and the Intelligence Directorate of the Supreme Headquarters of Allied Powers in Europe (SHAPE)/Allied Command Operations (ACO) on the military strategic level which are accompanied by the NATO Intelligence Fusion Centre (NIFC). The last entity alone that is tasked to “facilitate the sharing and fusion of Intelligence, contribute to filling Intelligence gaps within ACO, and to support the planning and execution of current operations” comprises more than 200 military and civilian Intelligence professionals129. Even when assuming that all Member States provide only their smartest and brightest analysts to the EUMS INT, it is evident, that the number of people is simply too small to fulfil all the mentioned tasks completely – with regard to the infrastructure, the communication means and the access to Intelligence.

II. MPCC The establishment of the MPCC on 08 June 2017 was celebrated as the first step on the way to a permanent military headquarters on the military strategic level130. Of its intended 25 staff members, only 10 were additional ones, the rest recruited from the EUMS and the former EU Operations Centre. Half a year later, in December 2017, the Director General of the EUMS and Director of the MPCC was not able to declare “MINIMUM Operating Capability” because he lacked the personnel131 – it seems that Member States were not able or willing to provide the extra 10 military officers. 82 There are no official numbers available to the Intelligence personnel serving within the MPCC. Taking into account the small amount of additional personnel, it seems that most of the Intelligence related tasks are performed by the EUMS INT with the result that an entity designed to provide Intelligence to the political decision-makers on the strategic level would (still) be burdened with operational level tasks. 81

128

Lassche, The EU Military Staff, p. 342. See https://shape.nato.int/page1139304, accessed 10 March 2018. 130 Council of the European Union, EU-Zusammenarbeit im Verteidigungsbereich: Rat beschließt militärischen Planungs- und Durchführungsstab (MPCC), Pressemitteilung 338/17, https://www.consilium.europa.eu/de/press/press-releases/2017/06/08/military-mpcc-planning-conduct-capability/, accessed 10 March 2018. 131 Pulkkinen, First Months of MPCC, p. 5. 129

172

Rauwolf

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:10 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 4. Intelligence in EU-led military missions and operations

It seems that the establishment of a permanent military headquarters aimed at 83 conducting military operations is not a goal achieved in the short-term132, taking into account that – even for the highly praised MPCC, Member States are not providing the necessary small amount of additional personnel. Common defence and security building through military means and support for 84 military missions and operations outside the EU’s territory has for decades been hindered by the deficit of political will on the part of the Member States. However, political endorsement of the concept of military operations and its incremental development in the framework of the ESDP/CSDP has led to the creation and progressive expansion of appropriate institutional arrangements. For example, the establishment of EUMS INT and its cooperation, especially with INTCEN and SATCEN have vastly expanded Intelligence capabilities in support of EU’s strategic objectives and national interests likewise133.

III. OHQ/FHQ The need for capable and resilient Intelligence structures in operations persists. 85 Taking into account, that the permanent structures are already used to capacity if not overloaded, Member States should provide the Intelligence personnel requested by the commanders. But trained analysts are a scarce resource. Member States’ DIOs are often not in the position to provide the experts needed without accepting restrictions in the own organizations. Battlegroups that are fully prepared and manned are generally available but again Member States lack the will to activate one of them when it comes to the decision to launch a new mission or operation and fall back to an ad-hoc creation of a “tailored to the mission/operation”, i. e. tailored to the will of the TCN and not to the need of the commander, designed force. Furthermore, with the force generation and manning process finished, the OHQ will come into existence far too late to assume all the preparatory tasks, especially the IPB based on solid knowledge databases for the operations area. Too less, too late to provide the necessary and fundamental Intelligence support in 86 the first phases of the operation. Operations commanders hence have to hope and to rely on the information provided by either the EUMS INT or by Member States’ DIOs.

I. Recommendations Some authors have for a long time favored a stronger integration of EU’s Intelligence 87 structures, sometimes advocated the creation of a EU Secret Service or a EU body with executive authority to direct the Member States DIOs work at least partly and with the power to demand the Intelligence needed in the (common) interest of the Union134. Others are intercessors for the establishment of a permanent OHQ. Taking into 88 account that the EUMS would not and could not be the core structure of such a headquarters and the investment in personnel, infrastructure and money the buildup of such a structure would imply and considering that it took more than half a year to 132

See Toucas, Debunking myths, pp. 1–2. Gruszczak, Intelligence security, p. 114. 134 Walsh, Security Policy and Palacios, EU intelligence: On the road to a European Intelligence?, Part 3 Chapter 1, in this volume. 133

Rauwolf

173

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:10 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

provide 10 additional seconded national experts to the MPCC – the idea of such a headquarters appears rather fictional. 89 The first step could be to establish an equivalent to the NIFC. Willing Member States could use the PESCO framework to create a common “Intelligence consultant” for national and EU purposes. This “EUFC” could become the core of a permanent OHQ if and when Member States decide to do so or remain as an additional structure providing the Intelligence support to missions and operations in the quantity and quality needed and asked for by EU’s commanders – a call that remains largely unanswered until today.

174

Rauwolf

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:11 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5 NATO Intellingence and Common Foreign and Security Policy* Carlo Masala/Alessandro Scheffler Corvaja Outline A. Introduction ...................................................................................................................... B. NATO’s legacy intelligence structure .......................................................................... I. Intelligence at NATO............................................................................................. II. Member-State level: Committees......................................................................... III. NATO HQ Level: IS and IMS.............................................................................. 1. International Staff............................................................................................... a) NATO Office of Security ............................................................................ b) Intelligence Unit/Terrorist Threat Intelligence Unit ............................ c) Emerging Security Challenges Division and the SAC.......................... 2. International Military Staff............................................................................... a) IMS-INT ......................................................................................................... b) NATO Situation Centre .............................................................................. IV. Intelligence elements in the broader NATO Command Structure ............. 1. J2 at SHAPE ........................................................................................................ 2. The NATO Intelligence Fusion Centre ......................................................... V. Intelligence during NATO operations ............................................................... VI. Problems of NATO’s legacy intelligence structure ......................................... 1. Lack of trust......................................................................................................... 2. Dependence on the United States .................................................................. 3. Fragmentation and duplication....................................................................... 4. Military focus ...................................................................................................... 5. Technical obstacles............................................................................................. C. NATO’s new intelligence structure.............................................................................. D. Intelligence cooperation between NATO and EU.................................................... E. Conclusion .........................................................................................................................

mn. 1 5 5 10 15 15 15 16 18 19 19 23 24 25 27 29 31 32 35 37 38 39 40 49 59

Bibliography: Atkeson, NATO Intelligence: A Contradiction in Terms, Studies in Intelligence 28 (1984), 1; Badcock, Portuguese spy caught passing ‘Nato secrets’ to Russian handler in Rome, The Telegraph, 24.05.2016, available at: http://www.telegraph.co.uk/news/2016/05/24/portuguese-spy-caught-passingnato-secrets-to-russian-handler-in (last accessed 31.05.2018); Ballast, Trust (in) NATO: The future of intelligence sharing within the alliance, Research Paper 170, NATO Defense College, 2017; BBC News, Trump worries Nato with ‘obsolete’ comment, 16.01.2017, available at: https://www.bbc.com/news/worldus-canada-38635181 (Last accessed: 31.05.2018); Bird, NATO’s Role in Counterterrorism, Perspectives on Terrorism 9:2 (2015), 61; Catano/Gaugar, Information Fusion: Intelligence Centers and Intelligence Analysis in: Goldenberg/Soeters/Dean (eds.), Information Sharing in Military Operations, 2017, 17; Clough, Quid Pro Quo: The Challenges of International Strategic Intelligence Cooperation, International Journal of Intelligence and CounterIntelligence 17:4 (2004), 601; Council of the European Union, Remarks by President Donald Tusk after the signature of the EU-NATO declaration, Press Release 420/16, 08.07.2016, available at: http://www.consilium.europa.eu/en/press/press-releases/2016/07/08/tusk-remarks-eunato-joint-declaration (last accessed: 31.05.2018); Črnčec/Urbanc, Streamlining the Intelligence and Security Structures in NATO and the European Union, Sodobni vojaški izzivi (Contemporary Military Challenges) 16:3 (2014), 63; Curtis, A “special relationship”, Master Thesis, Naval Postgraduate School, 2013, available at: https://calhoun.nps.edu/bitstream/handle/10945/34652/13Jun_Curtis_Wesley.pdf (Last accessed: 19.02.2018); Dibenedetto, Implementing the Alliance Maritime Strategy in the Mediterranean: NATO’s Operation Sea Guardian, Research Paper 134, NATO Defence College, 2016; Dempsey, NATO’s Intelligence Deficit: It’s the Members, Stupid!, Carnegie Europe, available at: https://medium.com/@Carnegie_Europe/natos-intelligence-deficit-it-s-the-members-stupid-db33f94c54 (Last accessed: 30.03.2018); ESRI UK, Delivering shared situational understanding, Case Study, ESRI UK, 2011, available at: https:// www.esriuk.com/~/media/esri-uk/Defence/NATO%20IFC%20FINAL.pdf?la=en (Last accessed: 30.03.2018); *

The Chapter was finalized in 2017 and thus only reflects developments up to this point.

Masala/Scheffler Corvaja

175

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:11 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda Flynn/Pottinger/Batchelor, Fixing Intel, Voices from the Field, Center for a New American Security, 2010, available at: http://online.wsj.com/public/resources/documents/AfghanistanMGFlynn_Jan2010.pdf (Last accessed 31.05.2018); Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, Strategy Research Project, United States Army War College, 2013, available at: www.dtic.mil/get-tr-doc/pdf? AD=ADA589230 (Last accessed: 19.02.2018); Freytag von Loringhoven, Adapting NATO intelligence in support of “One NATO”, NATO, available at: https://www.nato.int/docu/review/2017/Also-in-2017/adapting-nato-intelligence-in-support-of-one-nato-security-military-terrorism/EN/index.htm (Last accessed: 16.02.2018); Gebhard/Smith, The two faces of EU-NATO cooperation Counter-piracy operations off the Somali Coast, Cooperation and Conflict 50:1, 107; Gordon, Intelligence sharing in NATO, Atlantisch Perspectiev 6 (2017), 15; Græger, European security as practice: EU–NATO communities of practice in the making?, European Security 25:4 (2016), 478; Gruszczak, Intelligence Security in the European Union, 2016; Gruszczak, NATO’s Intelligence Adaptation Challenge, GLOBSEC NATO Adaptation Initiative, GLOBSEC, 2018, available at: https://www.globsec.org/wp-content/upload/2018/03/NATO’s-intelligenceadaptation-challenge.pdf (Last accessed: 23.04.2018); Howorth, EU–NATO cooperation: The key to Europe’s security future, European Security 26:3 (2017), 454; Iklódy, New Challenges – New NATO, NATO Review, 2010, available at: https://www.nato.int/docu/review/2010/lisbon-summit/New-NATO/ EN/index.htm (Last accessed: 30.03.2018); Intelligence/Information Sharing in Combating Terrorism, NATO, available at: http://www.natolibguides.info/intelligence (Last accessed: 30.03.2018); Kempin, Could France Bring NATO and the EU Closer Together?, Stiftung Wissenschaft und Politik, 2008; Koehler, Enhancing NATO-EU Cooperation: Looking South and Beyond, NDC Conference Report 02/2017, NATO Defense College, 2017, available at: http://www.ndc.nato.int/download/downloads.php?icode=519 (Last accessed: 19.02.2018); Korkisch, NATO gets better intelligence, Strategy Paper 01-2010, Institut für Außen- und Sicherheitspolitik, 2010, available at: http://www.natowatch.org/sites/default/files/NATO_Gets_Better_Intell_April_PDP_0.pdf (Last accessed: 19.02.2018); Kriendler, NATO Intelligence and Early Warning, Special Series 6/13, Conflict Studies Research Centre, Defence Academy of the United Kingdom, 2006; Masala/Scheffler Corvaja, Alliances in: Dunn Cavelty/Balzacq (eds.), The Routledge handbook of security studies, 2. ed., 2016, 349; Menzel, Knowledge Development vs. Intelligence in NATO: A Problematic Delineation and its Ramifications, JAPPC Journal 22 (Spring/Summer 2016), 12; Morrison, Intelligence in the Cold War, Cold War History 14:4 (2014), 575; Murray, How NATO Makes the Unknown Known: A Look at the Improvements to NATO Joint Intelligence, Surveillance and Reconnaissance, JAPPC Journal 22 (Spring/Summer 2016), 12; NATO, Istanbul Summit Communiqué Istanbul Summit Communiqué issued by the Heads of State and Government participating in the meeting of the North Atlantic Council, Press Release (2004) 096, 28.06.2004, available at: https://www.nato.int/cps/ic/ natohq/official_texts_21023.htm (Last accessed: 01.05.2018); NATO, NATO Handbook, 2006; NATO, New NATO division to deal with Emerging Security Challenges, Press Release (2010) 105, 04.08.2010, available at: https://www.nato.int/cps/ej/natolive/news_65107.htm (Last accessed: 01.05.2018); NATO, International Military Staff: Strategic Military Advice and Staff Support for NATO’s Military Committee, 2015, available at: https://www.nato.int/downloads/20150923_150923-ims-brochure-en.pdf (Last accessed: 01.05.2018); NATO, Joint declaration by the President of the European Council, the President of the European Commission, and the Secretary General of the North Atlantic Treaty Organization, 08.07.2016, available at: https://www.nato.int/cps/ic/natohq/official_texts_133163.htm (Last accessed: 01.05.2018); NATO, Statement on the implementation of the Joint Declaration signed by the President of the European Council, the President of the European Commission, and the Secretary General of the North Atlantic Treaty Organization, Press Release (2016) 178, 06.12.2016, available at: https://www.nato.int/cps/ ua/natohq/official_texts_138829.htm (Last accessed: 31.05.2018); NATO, Third progress report on the implementation of the common set of proposals endorsed by EU and NATO Councils on 6 December 2016 and 5 December 2017, 08.06.2018; NATO, NATO leaders agree to do more to fight terrorism and ensure fairer burden sharing, 25.05.2017, available at: ttp://www.nato.int/cps/en/natohq/news_144154.htm (Last accessed: 31.05.2018); NATO, Committees, available at: https://www.nato.int/cps/ic/natohq/topics_49174. htm (Last accessed: 01.05.2018); NATO, Common set of new proposals on the implementation of the Joint Declaration signed by the President of the European Council, the President of the European Commission and the Secretary General of the North Atlantic Treaty Organization, Press Release (2017) 174, 05.12.2017, available at: https://www.nato.int/cps/ic/natohq/official_texts_149522.htm?selectedLocale=en (Last accessed: 31.05.2018); NATO Encyclopedia, NATO, available at: https://www.nato.int/nato_static_fl2014/ assets/pdf/pdf_publications/20180201_2017-nato-encyclopedia-eng.pdf (Last accessed: 31.05.2018); Nordli/Lindboe, Intelligence in United Nations Peacekeeping Operations, 2017; Raik/Järvenpää, A New Era of EU-NATO Cooperation, Report, International Centre for Defence and Security Estonia, May 2017, available at: https://www.icds.ee/fileadmin/media/icds.ee/doc/ICDS_Report_A_New_Era_of_EU-NATO. pdf (Last accessed: 31.05.2018); Rynning, The Divide: France, Germany and Political NATO, International Affairs 93:2 (2017), 267; Schilde, Cosmic top secret Europe?: The legacy of North Atlantic Treaty Organization and cold war US policy on European Union information policy, European Security 24:2 (2014), 167; Schmitt, More allies, weaker missions? How junior partners contribute to multinational

176

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:12 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy military operations, Contemporary Security Policy (2018), available at: https://doi.org/10.1080/ 13523260.2018.1501999 (Last accessed: 09.09.2018). Sims, Foreign Intelligence Liaison: Devils, Deals, and Details, International Journal of Intelligence and CounterIntelligence 19:2 (2006), 195; Smith/Gebhard, EU–NATO relations: Running on the fumes of informed deconfliction, European Security 26:3 (2017), 303; Snyder, Alliance Politics, 2007; Stròzyk, How European Intel Services Connect the Dots, The Cipher Brief, available at: https://www.thecipherbrief.com/article/europe/how-european-intel-services-connect-the-dots (Last accessed: 19.02.2018); Supreme Headquarters Allied Forces Europe, DCOS Operations and Intelligence, available at: https://shape.nato.int/page28353414 (Last accessed: 01.05.2018); Supreme Headquarters Allied Forces Europe, SHAPE Command Structure, available at: https://shape.nato.int/page8251027 (Last accessed: 01.05.2018); Thies, Friendly rivals: Bargaining and burden-shifting in NATO, 2015; Valasek, The roadmap to better EU-NATO relations, Briefing Note, Centre for European Reform, 2007; Walsh, The international politics of intelligence sharing, 2010; Webb, Improvements Required for Operational and Tactical Intelligence Sharing in NATO, Defence Against Terrorism Review 6:1 (2014), 42; Weitsman, Waging War: Alliances, Coalitions, and Institutions of Interstate Violence, 2013; What is the NIFC?, NATO Intelligence Fusion Center (NIFC), available at: http://web.ifc.bices.org/about.htm (Last accessed: 19.02.2018); Wiek, Multilaterale Zusammenarbeit der Geheimen Nachrichtendienste in der NATO – ein Modell für die Europäische Union? in: Daun/Jäger (eds.), Geheimdienste in Europa, 2009, 204; Zapfe, Efficacy, not Efficiency: Adjusting NATO’s Military Integration, Research Paper 118, NATO Defense College, 2015, available at: http://www.ndc.nato.int/download/downloads.php?icode=460 (Last accessed: 19.02.2018); Director of National Intelligence, Intelligence Community Directive 208: Maximizing the Utility of Analytic Products.

A. Introduction NATO and the EU are often described as two institutions that live in the same city, 1 but on different planets.1 Their relationship has been characterized by rivalry and opposite national agendas, and meaningful cooperation has been scarce and difficult.2 Also in the field of intelligence, the cooperation has suffered from problems such as the dispute between NATO-member Turkey and EU-member Cyprus and the unclear division of labor between NATO and EU.3 But the intelligence relationship has also been further compounded by intelligence-specific issues such as the late incorporation of intelligence functions into the EU and its lack of capabilities in this field, which are stressed elsewhere in this book.4 But it would be unfair to shift all of the blame to the EU’s intelligence apparatus. 2 NATO itself looks back at a long series of attempts to develop an appropriate intelligence structure. A famous article by a former U.S. Army head of intelligence in Europe from 1984 even characterized NATO and intelligence as “a contradiction in terms”.5 As put by its newly installed Assistant Secretary General for Intelligence and Security, Arndt Freytag von Loringhoven, himself, intelligence inside NATO “has grown “organically” over the years without a common master plan” – and is therefore turning joint planning and coordination into a significant challenge.6 NATO’s intelligence bodies have also long been criticized for providing too narrowly military-focused intelligence irrelevant for modern conflicts and for not contributing sufficiently in the

1 Council of the European Union, Remarks by President Donald Tusk after the signature of the EUNATO declaration, 08.07.2016. 2 For a concise review of the difficult history of the relationship, cf. Howorth, European Security 26 (2017), 454. 3 Stròzyk, The Cipher Brief, How European Intel Services Connect the Dots, 2017. 4 See Rauwolf, Intelligence in EU-led military missions and operations, Part 2 Chapter 4, in this volume. cf also Gruszczak, Intelligence Security in the European Union, 2016, 203. 5 Atkeson, Studies in Intelligence 28 (Spring 1984), 1 (1). 6 Freytag von Loringhoven, NATO, Adapting NATO intelligence in support of “One NATO”, 2017.

Masala/Scheffler Corvaja

177

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:12 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

fight against terrorism – leading the U.S. president to characterize it as “irrelevant” during his electoral campaign.7 3 The sorry state of the intelligence partnership between NATO and the EU might however be up for some change in the near future. Institutional reforms have been enacted in both institutions: The EU has made significant steps forwards, with the establishment of the IntCent as the most prominent example.8 And with the establishment of its Joint and Security Intelligence Division in 2016, also NATO’s intelligence structure is currently undergoing one of the most fundamental reforms in its history. At the same time, also the pressure for increased cooperation between NATO and EU is increasing: the growing hybridity of threats has blurred the lines between internal security and external defense. At NATO’s 2016 Warsaw Summit, its Secretary General and the Presidents of the European Council and the European Commission issued a Joint Declaration in which they vowed to “boost our ability to counter hybrid threats, including by bolstering resilience, working together on analysis, prevention, and early detection, through timely information sharing and, to the extent possible, intelligence sharing between staffs; and cooperating on strategic communication and response.”9 4 In the light of these recent developments, this chapter aims at providing an overview of NATO’s intelligence apparatus, its cooperation with the EU and the potential for progress in the near to medium-term future. It reviews the important ongoing changes in NATO’s intelligence structures and analyzes the potential for positive side-effects for the EU-NATO intelligence relationship. For this purpose, the chapter starts with an overview of NATO’s legacy intelligence structure, highlights the important changes associated with the establishment of NATO’s Joint Intelligence and Security Division and finally looks at the hurdles of the EU-NATO relationship to see whether the reorganization will have positive secondary effects.

7 BBC News, Trump worries NATO with ‘obsolete’ comment, 16.01.2017. For the inadequacy of current NATO intelligence, cf. Flynn/Pottinger/Batchelor, Fixing Intel, 2010 and Bird, Perspectives on Terrorism 9 (2015), 61. 8 See Palacios, EU intelligence: On the road to an EU Intelligence Agency?, Part 3 Chapter 1, in this volume. 9 NATO, Joint declaration by the President of the European Council, the President of the European Commission, and the Secretary General of the North Atlantic Treaty Organization, 08.07.2016.

178

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:13 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy

B. NATO’s legacy intelligence structure I. Intelligence at NATO Figure 1: NATO’s organizational structure. North Atlanc Council Member-States Military Commiee

Commiees Commiees Commiees

Allied Command Operaons (SHAPE)

Strategic

NATO Command Structure (NATO-owned)

Internaonal Military Staff

Internaonal Staff

NATO HQ

Joint Force Command Lisbon

Operaonal

Taccal

NATO Force Structure (Member-State-owned)

Allied Land Command

Land Land HQs LandHQs HQs

Allied Command Transformaon

Joint Force Command Naples

Allied Air Command

Allied Marime Command

Air HQs Land HQs Land HQs

Marime HQs Land Land HQs HQs

CIS Group/ Cyber

Response Force

Source: Own Research. Note: The structure is simplified for illustrative purposes and misses some important elements such as the Nuclear Planning Group.

Amongst the various problems facing alliances and coalition warfare, establishing 5 appropriate intelligence sharing has always been the toughest nut to crack.10 To develop the necessary unity of effort for common policy – be it for deterrence or actual military operations – allies have to develop a coherent and shared vision of the problem. But even in a close alliance, the interests of allies will not align perfectly. Allied decisionmaking is thus always also a bargaining process, in which allies attempt to maximize their interest and shift the burden to others.11 As a consequence, allies will always remain wary of intelligence provided by others and fear that it is instrumentalized for bureaucratic or national interests. As an example, a German decision-maker will hesitate to base the decision whether to extend a NATO operation solely on NATO or British intelligence and insist on a national assessment. Allies will thus always want to base their decision-making on national intelligence – thus greatly limiting the role for 10 Schmitt, Contemporary Security Policy, 2018, 1. For general problems of alliances at large and coalition warfare more specifically, cf. Masala and Scheffler Corvaja in: Dunn Cavelty/Balzacq, The Routledge handbook of security studies, 2016, 349 and Weitsman, Waging War, 2013. 11 Cf. Snyder, Alliance Politics, 2007.

Masala/Scheffler Corvaja

179

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:14 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

independent alliance intelligence capabilities. Because national intelligence is so crucial for them, they will also be extremely cautious when it comes to sharing intelligence – and if only because they want to protect their sources. Especially when it comes to strategic intelligence, which guides national decision-making, the willingness to share and to trust is thus very limited.12 6 To understand NATO’s intelligence structure and the purpose of its various elements, it is important to distinguish between the two fundamental types of intelligence that exist at NATO: Agreed and Non-Agreed Intelligence.13 NATO Agreed Intelligence (NAI) is intelligence that is developed by NATO member states in a cooperative fashion and subject to unanimity. Its main purpose is to produce common threat assessments that form the basis for alliance planning and decision-making. In the production of NAI, the national intelligence services are in the lead, with designated member states tasked to draft specific chapters and sections. While the first drafts are provided by the member states, the final document requires unanimous approval of all 29 members. Many agreed intelligence products are produced on an annual basis. In the elaboration of NAI, NATO as an organization and its staff elements play a mainly secretarial role and assist the designated lead nations in consensus building for their segments.14 When it comes to NAI, NATO thus acts mainly as a committee, and the task of the organization is to facilitate the process. Because – at least in theory – NAI provides the basis for alliance force posture, planning und acquisition, NAI (and national contributions to it) is inherently political. Through their influence on NATO’s threat assessment, states can align NATO’s priorities with their national ones and manipulate their part of the overall defence burden.15 In any case, the purpose of NAI is not primarily to make NATO a platform for sharing intelligence between member states, but to arrive at a common assessment. 7 The overwhelming part of intelligence at NATO is non-agreed intelligence. It can be divided in two categories: intelligence produced by NATO staff from open and classified sources and national intelligence shared by the member states.16 Non-agreed intelligence produced by NATO staff is aimed primarily at NATO as an organization and is directed at its decision-makers. But it of course also aims at providing added-value to the member states, to which it is also provided. National intelligence shared by with NATO by its member states fulfills the same functions: On the one hand, it is directed at NATO as an organization and serves to facilitate its decision-making. And on the other hand, because it is shared, it is also directed at the other member states. Nonagreed intelligence is essential for enabling the daily operations and decision-making of individual NATO bodies, commands and agencies. Non-agreed intelligence provided by member states can of course be politicized, but its majority is simply OSINT material and releasable finished intelligence provided by the member states. Member states can also play a key role in providing NAI by providing it exclusively to co-nationals inside NATO HQ and/or the NATO Command Structure. 8 Just as important as the difference between Agreed and Non-Agreed Intelligence are NATO’s traditional focus on military intelligence and the very limited degree of intelligence integration. NATO is a political-military alliance and today deals with many issues that extend beyond the military realm. The intelligence it produces has 12 On the problems of intelligence sharing, cf. Walsh, The international politics of intelligence sharing, 2010 and Clough, International Journal of Intelligence and CounterIntelligence 17 (2004), 601. 13 Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013, 4. 14 On NAI and its role in the Cold War, cf. Wiek in: Daun/Jäger, Geheimdienste in Europa, 2009, 204. 15 Cf. Curtis, A “special relationship”, 2013, 7 and Thies, Friendly rivals, 2015. 16 Črnčec/Urbanc, Sodobni vojaški izzivi (Contemporary Military Challenges) 16 (2014), 63 (68).

180

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:14 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy

however always been mainly military.17 This is quite logical: For most of its history, NATO raison d’etre and primary task were to deter and if necessary defend against the Soviet Union and the Warsaw Pact. The most essential intelligence element was accordingly NATO’s assessment of status, posture and strategy of enemy forces, which would serve as a basis for NATO’s force posture and the NATO defense planning process. This would then again serve as basis for the national defense planning of its member states. Intelligence in NATO was therefore focused on strategic-level and military intelligence, with the purpose of defining the overall need for NATO fielded forces.18 Below this strategic level, NATO never developed an integrated intelligence appara- 9 tus. On modern battlefields, NATO units are integrated down to the platoon level. It might thus seem difficult to imagine that there exist no bodies that can provide appropriate intelligence support to NATO operations. But up to this day, NATO’s intelligence structure still mirrors its Cold War posture, in which multinational integration would not occur below the Corps level.19 NATO therefore never developed own intelligence collection capabilities on these levels, because it was assumed that member states would provide intelligence support to their commanders.20 And – to make things worse – because each nation had clearly designated sectors, NATO also never established an operational intelligence structure to coordinate information between the Corps commanders.21 According to Curtis, member states were wary of permitting too much “intelligence dialogue” on the operational level, which could undermine the more controlled dialogue on the strategic level.22 What remained for NATO was strategic intelligence, where only few member states possessed relevant collection capabilities and relied on intelligence provided by the United States and its sophisticated intelligence apparatus – albeit their national services often cooperated with the United States on a bilateral basis. It can thus be summarized that NATO’s intelligence has traditionally lacked any own collection assets, was limited to the strategic level and depended on national and – most importantly – U.S. intelligence. The following paragraphs will provide an overview of the various elements of NATO’s legacy intelligence structure.

II. Member-State level: Committees NATO is built on two premier decision-making bodies, a political and a military one: 10 the North Atlantic Council (NAC) and the Military Committee (MC). The NAC is NATO’s supreme body and consists of its heads of state and government. It also biannually meets in the format of defense and foreign ministers. During daily work in Brussels, where the NAC meets at least once a week, the heads of states and government are represented by their Permanent Representatives (PERMREPS), who usually hold the rank of ambassador. The Military Committee, NATO’s top military authority, provides 17 Kriendler, NATO Intelligence and Early Warning, 2006. There existed also some other more economically-focused NAI-reports, but also those ultimately served to judge the military readiness of the Soviet Union and the Warsaw Pact. See Wiek in: Daun/Jäger (eds.), Geheimdienste in Europa, 2009, 204. 18 Curtis, A “special relationship”, 2013, 15. 19 Zapfe, Efficacy, not Efficiency, 2015, 3. 20 Korkisch, NATO gets better intelligence, 2010, 8. 21 This fact was very criticized even at the day and put NATO at considerable risk. See Curtis, A “special relationship”, 2013, 18 and Atkeson, Studies in Intelligence 28 (1984), 1 (1). 22 Curtis, A “special relationship”, 2013, 7.

Masala/Scheffler Corvaja

181

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:14 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

11

12

13

14

military advice to the NAC and guidance to NATO’s strategic commands.23 It consists of the chiefs of defence of the member states, which are represented by their Military Representatives (MILREPS), who are usually three-star flag officers. NATO Headquarters (NATO HQ) is structured along these lines. Its premier components are the International Staff (IS) and the International Military Staff (IMS). The International Staff, headed by NATO’s Secretary General, supports the North Atlantic Council (NAC) and its many committees and subcommittees – which is where most of the actual work at NATO HQ takes place. The committees play an integral role in NATO`s decision-making, as it is here where the subject-matter experts and decision-makers from embassies, ministries and agencies meet with NATO officials.24 The International Staff is split into seven divisions, each of which is headed by an Assistant Secretary General (ASG). The International Military Staff supports the Military Committee and its respective workings groups, which function by analogy to the NAC’s committees. The IMS consists of 6 six divisions, which are each headed by a 2-star general or flag officer.25 At a first glance, NATO’s intelligence structure mirrors this division into a civilian and a military committee and respective pillars. At the top, there stands both the Civilian Intelligence Committee (formerly the Special Committee) and the Military Intelligence Committee (formerly the NATO Intelligence Board). Since 2011, these two committees have been loosely aligned under the office of NATO`s Deputy Secretary General as head of the Intelligence Steering Board (ISB), which was to coordinate the development of common strategic intelligence requirements.26 This committee structure will remain unchanged by the current reform. To align the CIC and the MIC along the classical division of labor at NATO HQ would however be misguided. The NAC and the MC are not equals: The NAC and its committees take clear precedence and decides on the broader political and military issues and the MC and its working groups on their narrower military implementation. This is different in the realm of intelligence, where it is the civilian committee that carries the very narrow portfolio: As opposed to the other committees and working groups of the NAC, the CIC and its predecessors have traditionally had very limited and defined mandates which focused on espionage and terrorism. Their purpose was to protect the alliance as an organization from infiltration and attacks by terrorists.27 Because the CIC’s mandate is this limited, there accordingly also does not exist an intelligence division in the International Staff. The CIC is instead supported by the NATO Office of Security. While the CIC thus deals with “counterintelligence”, “foreign intelligence” at large is handled by the MIC, which produces most of NATO’s Agreed Intelligence and almost all relevant doctrinal documents. As opposed to other issues, the MIC, and not the CIC, thus also provides “foreign intelligence”-related support to the NAC – no matter if it is military or not. This division into a civilian and a military committee had proved extremely enduring, as allies had already at their 2004 Summit in Istanbul called for “a review of current intelligence structures”.28 CIC and MIC have not only distinct topic areas, but also different national constituents. The heads of the domestic security and hybrid services of the member states meet 23

NATO, NATO Encyclopedia. NATO, Committees. For an in-depth description of NATO’s institutional architecture and decisionmaking process, see the somewhat outdated yet still relevant NATO, NATO Handbook, 2006. 25 NATO, International Military Staff, 2015. 26 NATO, NATO Encyclopedia. 27 Črnčec/Urbanc, Sodobni vojaški izzivi (Contemporary Military Challenges) 16 (2014), 63 (69). 28 NATO, Istanbul Summit Communiqué Istanbul Summit Communiqué issued by the Heads of State and Government participating in the meeting of the North Atlantic Council, 28.6.2004. 24

182

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:15 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy

in the CIC, while the heads of the military intelligence and hybrid services sit in the MIC.29 Both the CIC and MIC were chaired by nations for a one-year term on a rotational basis. It can be imagined that these constituencies brought their national turf wars to their own committees and the relations between CIC and MIC. Jan Ballast describes that the annual informal Joint CIC/MIC November Plenary therefore brought almost eighty representatives to the table, which often disagreed on many issues.30

III. NATO HQ Level: IS and IMS While the committees consist of national representatives, NATO headquarters possesses both an International and an International Military Staff of NATO-hired or seconded personnel. It is here where the reform will bring about the biggest changes.

1. International Staff a) NATO Office of Security NATO’s International Staff is the major component of NATO Headquarters. It is 15 headed by the Secretary General and supports the work of the North Atlantic Council and its committees. While the International Staff consists of civilians and supports the civilian decision-making bodies, it is more than the “civilian” side of the house: The NAC is the alliance’s supreme decision making body and it is here where all decisions are ultimately taken. The International Staff has traditionally lacked an intelligence section – much because NATO lacked a true intelligence committee: As mentioned above, the Civilian Intelligence Committee was not the NAC’s committee on intelligence issues and/or a committee on non-military intelligence, but a rather a special committee with a narrow focus on counterintelligence and security issues. Accordingly, the NATO Office of Security was the only IS section whose primary purpose was intelligence issues, and it had the clearly delineated and limited task of concentrating on the security of the alliance’s personnel and infrastructure. It had its equivalent at Allied Command Operations in Mons with the Allied Command Counterintelligence (ACCI), which is part of the U.S. 650th Military Intelligence Group.31 b) Intelligence Unit/Terrorist Threat Intelligence Unit After the attacks of September 11th, NATO came under sustained pressure to deliver 16 in the field of counterterrorism – especially in the field of intelligence sharing.32 The narrow focus of the NATO Office of Security seemed increasingly unfit: The authors themselves vividly remember presentations of NATO’s above-mentioned counterterrorism section focusing on potential mortar attacks on NATO headquarters. At the 2002 Prague Summit, NATO enacted a reform of its intelligence structure. A Terrorist Threat Intelligence Unit (TTIU) inside NATO HQ was founded. The TTIU was set up with a mandate to conduct assessments of the terrorist challenges, risks and threats to NATO and its member states. All products of the TTIU were non-agreed intelligence. While the TTIU was subordinate to NATO Office of Security, it was co-directed by the Director of International Military Staff for Intelligence (IMS INT) and consisted of

29

Ballast, Trust (in) NATO, 2017, 5–6. Ibid., 6. 31 Korkisch, NATO gets better intelligence, 2010, 38. 32 Ballast, Trust (in) NATO, 2017, 6. 30

Masala/Scheffler Corvaja

183

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:15 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

both military and civilian officials.33 NATO thus already started to bring together the civilian and military components to work in a comprehensive fashion.34 In the aftermath of NATO’s Istanbul summit 2004, which established firm partnerships with states in the Levante (Mediterranean Dialogue) and the Gulf (Istanbul Cooperation Initiative), the Intelligence Liaison Unit was added. Ran jointly by IS and IMS, it was supposed to increase intelligence sharing with these states.35 17 The TTIU was expanded into the Intelligence Unit (IU) in 2011. The IU now no longer fell under the NATO Office of Security and worked on a broader set of issues, reporting to the North Atlantic Council. It was now subordinate to NATO’s Deputy Secretary General and tasked and coordinated by NATO`s Intelligence Steering Board, which included representatives from NATO HQ and NATO’s Strategic Commands.36 According to Foster, over time the IU became the main recipient of intelligence from the member states’ domestic intelligence services and received counter-intelligence and counter-espionage related reports. That member states perceived an added value can be recognized by the fact that the IU was able to double its size over time, mainly through voluntary national contributions.37

18

c) Emerging Security Challenges Division and the SAC The TTIU/IU was not the only part of the IS dealing with intelligence. As a result of its new Strategic Concept, NATO established an Emerging Security Challenges Division (ESCD) in 2010. The new division was supposed to concentrate on “new” threats such as terrorism, cyber, weapons of mass destruction (WMD) and energy security. In contrast to NATO’s other divisions, which report through committees of the NAC, the ESCD reports directly to the Secretary General and his Private Office.38 Inside the ESCD, another intelligence shop, the Strategic Analysis Capability (SAC), was created, with cyber and the science-for-peace-program as its main priorities.39 The member states were never big fans of the ESCD and the SAC: Terrorism, the proliferation of WMDs, cyber defence, and energy security were exactly those issues that many member states thought were none – or at least not primarily – of NATO’s business. But to make things worse, they perceived of the ESCD as just another attempt by then-Secretary General Anders Rasmussen to build an ever increasing personal staff and to increase NATO’s organizational autonomy. That this was not a far shot can be seen in the self-description of the SAC, according to which it “monitor [s] and anticipates international developments that could affect allied security.”40 Similarly, also the responsible Assistant Secretary General for ESC confirmed that the SAC “will integrate the intelligence and analysis to keep the Secretary-General and NATO military authorities informed of potential crises so that NATO can organize political consultations where necessary.”41 This clearly extends beyond the issues that were originally tasks of the ESC division.

33

Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013, 3. NATO, Intelligence/Information Sharing in Combating Terrorism. 35 Ibid. 36 Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013, 4–5. See also Črnčec/ Urbanc, Sodobni vojaški izzivi (Contemporary Military Challenges) 16 (2014), 63 (69–70) and Curtis, A “special relationship”, 2013, 5. 37 Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013, 5. 38 Iklódy, New challenges – new NATO, 2010. 39 Ballast, Trust (in) NATO, 2017, 6. 40 NATO, New NATO division to deal with Emerging Security Challenges, 04.08.2010. 41 Iklódy, New challenges – new NATO, 2010. 34

184

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:16 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy

2. International Military Staff a) IMS-INT The major traditional intelligence component at NATO Headquarters used to be the 19 Intelligence Division of the International Military Staff, referred to as IMS INT, which reported to the Military Committee and the Military Intelligence Committee. Its main tasks were the production and assessment of intelligence from member states and NATO commands as well as the development and maintenance of NATO intelligence policy. It was led by a two-star equivalent and structured into an Intelligence Policy and an Intelligence Production branch.42 Its core activities were: “developing a NATO intelligence framework, architecture and intelligence capabilities; providing customer oriented policies and NATO Agreed Intelligence Assessments; advising on intelligence sharing matters and conducting intelligence liaison activities.”43 While the IMS in theory primarily supported the Military Committee, IMS INT was 20 the main body providing intelligence inside NATO and played an essential role in providing both agreed and non-agreed intelligence to NATO’s senior decision-making bodies and commands.44 Particularly important products of the IMS INT were the MC 161, NATO’s General Intelligence Estimate/Strategic Intelligence Estimate, which used to be updated on an annual basis.45 According to Foster, when NATO’s intelligence reform was introduced in 2016, IMS INT had a staff of about 35 personnel, of whom 15 worked in analysis/production (four dual hatted with the IU), 10 on doctrine and policy, and about five had administrative duties. A few members were also dedicated to niche intelligence capabilities.46 Also the importance of IMS INT’s role in promulgating a common NATO intelli- 21 gence doctrine cannot be understated. Apart from making sure that the systems of the alliance are interoperable, IMS INT ensures that also within national forces and services the processes for intelligence support to military operations are broadly comparable. This policy, which is usually expressed in NATO Intelligence Policy and Allied Joint Doctrine (especially Allied Joint Publication 2, AJP-2), typically serves as a gold standard according to which even non-NATO member states operate.47 NATO STANAG 2022 “Intelligence Reports” e. g. provides defined categories and terminology for use in intelligence reports. This doctrinal role thus presents a key element in ensuring the functioning of multinational cooperation.

42

NATO, International Military Staff, 2015. Ibid. 44 Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013, 4. 45 Morrison describes the importance of the MC 161 during the Cold War as follows: “The jewel in the NATO intelligence crown was indeed MC 161 (.). This was an annual multi-volume assessment of the Soviet Union and NSWP in enormous detail, covering political, economic, industrial, and military aspects, with individual sections being drafted by assigned nations, drafts critiqued by NATO partners, and then finalised at a two-week working session at NATO Headquarters. MC 161 was valuable in two respects, one publicly acknowledged and one implicitly recognised. Firstly, it provided an agreed baseline assessment of Soviet intentions and Soviet and NSWP capabilities that could be used by all the military staffs of NATO, including those with very little in the way of relevant intelligence capabilities. Secondly – and this was never formally acknowledged – it was assumed (correctly as it turned out) that MC 161 would somehow be leaked to the Soviet Union, who would be best able to judge its accuracy. This was seen as a back-channel confidence-building measure: the Russians knew they were not ten feet tall, and to know that NATO as a whole felt the same should reassure them that NATO strategy was not built on a politically-driven worst-case analysis.” Morrison, Cold War History 14 (2014), 575. 46 Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013, 5. 47 Nordli/Lindboe, Intelligence in United Nations Peacekeeping Operations, 2017, 5. 43

Masala/Scheffler Corvaja

185

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:16 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda 22

Apart from producing agreed intelligence and doctrine, the IMS INT also provided strategic warning and situation awareness to all NATO HQ elements. The NIWS “provides warning of any developing instability, crisis, threats, risks, or concerns that could impact on security interests of the Alliance and monitors de-escalation of a crisis.”48 During the Cold War, the NIWS focused on specified indicators that indicated a potential mobilization of the Warsaw Pact. According to Kriendler, such “indicators” were essentially steps the Warsaw Pact would have to take to prepare an offensive.49 “Warning” was instead the “formal alerting of political and military decision-makers and commanders to the potential for crisis or attack”.50 Due to its focus on large-scale mobilization, the system focused on military indications that tended to be largely quantitative and a “mechanical measurement of multiple, precisely defined and specific events.”51 After the end of the Cold War, NIWS was remodeled and henceforth relied on qualitative analytical processes. As such, it covered not only military threats to NATO, but also a wide set of risk indicators, including uncertainty and instability in and around NATO’s area of operations.52 The NIWS provided warning of any developing crisis and monitored its de-escalation, e. g. by monthly reports.53 In the NIWS, member states’ intelligence services were again in the lead, making it NAI, with specific issues and countries assigned to member states. Making it NAI was important because the main purpose of the system is not just to “catch” a crisis, but to also to develop a common perspective on it.

b) NATO Situation Centre 23 Finally, the International Military Staff also included the NATO Situation Centre (SITCEN), which provides situational awareness to the NAC and the MC. Established in 1968, it was one of NATO’s oldest bodies dealing with intelligence. Its staff consists of both civilian and military personnel. The SITCEN exchanges and disseminates information from all available internal and external sources on a 24/7 basis. As most situations centers, the SITCEN provides no independent intelligence analysis and acts primarily as a transmitter of information of both open and classified reports. It nevertheless plays an important role in ensuring the exchange of national information with the alliance.54

IV. Intelligence elements in the broader NATO Command Structure 24

Only a small part of NATO’s intelligence personnel works at NATO HQ where the current reforms are taking place. The large majority is spread out throughout its command structure – which will remain unaffected by the current reform. The most prominent case here is the J2-element at Allied Command Operations (ACO/SHAPE) (formerly Supreme Headquarters Allied Forces Europe). All NATO’s further subordinate commands of course also sustain J-2 (and G-2/A-2) directorates for Intelligence.55

48

Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013, 4. Kriendler, NATO Intelligence and Early Warning, 2006, 5. 50 Ibid. 51 Ibid. 52 Ibid. 53 Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013, 4. 54 Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013. 55 Korkisch, NATO gets better intelligence, 2010, 33. 49

186

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:17 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy

But the complicated nature of NATO means that the most important operational intelligence players are two rather young, ad-hoc organizations: The NATO Intelligence Fusion Center (NIFC) and the Comprehensive Crisis and Operations Management Centre (CCOMC). According to Foster, NIFC and the CCOMC are however limited by their location outside of Brussels – which means that they can only provide limited NATO intelligence support because they are not always synchronized with the needs of NATO HQ.56

1. J2 at SHAPE The J2 at SHAPE falls under its Deputy Chief of Staff for Operations and Intelligence 25 (DCOS OPI), who is always an American flag officer.57 The J2 division is tasked with operational intelligence production, contributing to the development of ACO’s intelligence policy and providing intelligence, security and counterintelligence advice to the commander of ACO, the Supreme Allied Commander Europe (SACEUR).58 The division is supported by the 650th U.S. Military Intelligence Group/Allied Counterintelligence Activity, a U.S. military unit that provides counterintelligence, including counterespionage and security support to ACO.59 The J2 is part of SHAPE’s Comprehensive Crisis and Operations Management Centre 26 (CCOMC). CCOMC was set up in 2012 to support NATO’s Comprehensive Approach to Crisis Management and serves as SHAPE’s fusion and situational awareness center. The CCOMC plays an essential role in the planning and execution of NATO operations. It combines military and civilian expertise and serves as a gateway to other players – the very essence of NATO’s Comprehensive Approach.60 The J2 is part of the CCOMC’s Crises Identification Group (CIG), which consists of the two core elements, the Civil-Military Analysis (CMA) Branch and the J2 (Intelligence) Operations Branch, whose Chief is the CIG lead.61 J2 is responsible for directing and managing the intelligence production to satisfy SACEUR’s Prioritized Intelligence Requirements (PIR). J2 “coordinates and directs intelligence production across the ACO’s intelligence organizations (e. g. HQ JFCs, Single Service Commands, Joint Task Force etc.) and the NIFC, and coordinates intelligence with IMS INT and Allied Command Transformation (ACT) as necessary”.62

2. The NATO Intelligence Fusion Centre Another very important and particular institution is the NATO Intelligence Fusion 27 Centre (NIFC), which was founded in 2007. The NIFC is co-located with the U.S. European Command’s (EUCOM) Joint Analysis Center (JAC) at RAF Molesworth, U. K., which is run by the U.S. Defense Intelligence Agency. The NIFC comprises over 200 multinational military and civilian staff members from 26 of 29 NATO nations and one non-NATO nation and is tasked to “enable the nations to develop, unite and share intelligence”.63 The NIFC’s mission is to provide SACEUR with timely and actionable intelligence in support of the planning and execution of operations. The NIFC “produces baseline intelligence, including encyclopaedic information, analysis products, 56

Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013, 7. Supreme Headquarters Allied Forces Europe, SHAPE Command Structure. 58 See also Supreme Headquarters Allied Forces Europe, DCOS Operations and Intelligence. 59 Ballast, Trust (in) NATO, 2017, 7. 60 Črnčec/Urbanc, Sodobni vojaški izzivi (Contemporary Military Challenges) 16 (2014), 63 (72). 61 Menzel, JAPPC Journal 12 (Spring/Summer 2016) (42–43). 62 Ibid. 63 Catano/Gaugar in: Goldenberg/Soeters/Dean, Information Sharing in Military Operations, 2017, 17. 57

Masala/Scheffler Corvaja

187

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:17 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

target products, orders of battle, and assessments, as tasked by SHAPE J2. Depending on the situation, the NIFC may deploy an intelligence support team to the designated JHQ to provide direct intelligence support and facilitate intelligence reach back to the NIFC”. The NIFC also produces significant GEOINT.64 28 According to Gordon, the NIFC was the brainchild of former SACEUR Jim Jones, who found that SHAPE/ACO’s own intelligence capabilities were insufficient to support his growing set of missions. He therefore started to increase intelligence staff at the operational level as a “U.S. initiative” in the form of NIFC.65 For Ballast, “for the United States as the main provider of both open source and classified intelligence, the NIFC, through its colocation with the DIA [Defense Intelligence Agency] European regional center [the EUCOM JAC mentioned above], offers an opportunity to receive intelligence from other nations and produce all-source intelligence”.66 While the NIFC falls under the operational command of SACEUR through the Deputy Chief of Staff for Operations and Intelligence at SHAPE,67 it is not a true NATO body but a U.S.sponsored, Memorandum of Understanding–based (MOU) organization chartered by NATO’s Military Committee. The NIFC thus remains outside national chains of command and NATO structures and is based on individual memoranda between the U.S. and participating nations. While basing the NIFC on an MOU organization instead of making it a full NATO organization might appear surprising, it follows a model that is widely used, e. g. at NATO School Oberammergau and all of NATO’s Centers of Excellence.

V. Intelligence during NATO operations It has been mentioned above that NIFC was a result of NATO’s first decade of outof-area-operations in the Balkans in the 1990s, where it recognized that it had no deployable intelligence assets. In Bosnia, the alliance set up an Allied Military Intelligence Battalion (AMIB), but in the absence of alliance-owned capabilities it relied very much on intelligence provided through its members’ national intelligence cells (NICs) for “reachback”.68 Member states established these cells to provide their national contingents – as well as key co-nationals in the NATO structure – with intelligence. Over the course of the operation, informal procedures developed for intelligence sharing and the discussion of current issues among the NICs.69 But while information was shared, the protection of information remained most important – rendered much more difficult at a NATO level as 10 new member states joined the alliance. The NIC model is today the established model by which national intelligence flows into NATO channels during NATO operations and can be found in all relevant doctrines. 30 While the NIC models stands, there is unanimous consent that there exists substantial room for improvement in the field of intelligence support to operations.70 Some of the greatest challenges in this regard are technical interoperability for the secure exchange of information as well as national foreign disclosure policies. In Libya for instance, the release of intelligence collected by the U.S. to the French was so slow that the French had to rely on their own intelligence – creating a five hour gap between 29

64

ESRI UK, Delivering shared situational understanding, 2011, 2. Gordon, Atlantisch Perspectiev 6 (2017), 15. 66 Ballast, Trust (in) NATO, 2017. See also Gordon, Atlantisch Perspectiev 6 (2017), 15. 67 NATO Intelligence Fusion Center (NIFC), What is the NIFC?. 68 Gordon, Atlantisch Perspectiev 6 (2017), 15 (15). 69 Ibid. 70 Murray, JAPPC Journal (2016) 12. 65

188

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:18 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy

reconnaissance and strike missions.71 Because allies recognized that relying on member state intelligence alone was problematic, NATO launched its Joint Intelligence, Surveillance and Reconnaissance (Joint ISR) initiative at the Chicago Summit in 2012. In February 2016, Allied Defence Ministers formally declared the Initial Operating Capability (IOC) of NATO Joint ISR. While this already presents a step forward in dealing with the problems experienced in both Afghanistan and Libya, even more improvement is expected from the Alliance Ground Surveillance system, which consists of five “Global Hawk” Unmanned Aerial Vehicles owned and operated by NATO.72

VI. Problems of NATO’s legacy intelligence structure The previous section started with some general remarks on NATO intelligence and 31 continued with an introduction of NATO’s various intelligence bodies – of which only NATO headquarters will undergo major changes as part of the current reform. In the following paragraphs, several long-standing problems of the alliance in the field of intelligence will be presented. On this basis, it will be possible to assess the likelihood of improvements through the recent reforms in the next section. It will be argued that intelligence inside NATO has traditionally suffered from the following problems: A lack of trust, dependence on the U.S., fragmentation and duplication as well as too much of a military focus. In addition, the NATO intelligence sharing business has also suffered from technical obstacles.

1. Lack of trust The abounding literature on the subject of intelligence sharing is unanimous when it 32 comes to its most enduring obstacle: a lack of trust.73 Judy Dempsey is right when she observes that, when it comes to intelligence, “a culture of deep cooperation does not exist (…) because the members do not trust each other.”74 In the world of intelligence, where the protection of methods and sources is an absolute priority, substantial mistrust exists already between and even within national intelligence services. This mistrust reaches unprecedented levels once it leaves the level of bi- or at least very mini-lateral sharing and moves to the level of multinational intelligence sharing. For Clough, this means that alliances and coalitions have a hard time at sharing intelligence: “as the number of partners increases, so the level of guaranteed security decreases.”75 And even where some level of trust exists, it is often not enough: For Ballast, intelligence is shared only when there are also a common threat perception, demonstrable added value and the right type of diplomatic relationships.76 Already on a bi-lateral basis this is unlikely to be a very frequent case. But at a level of 29, it becomes basically impossible. To see the lack of trust inside NATO exclusively as a result of its multinational nature 33 and size would nevertheless be too easy. NATO looks back at a very specific history full of spy scandals and intelligence leaks that confirms any potential doubts about its ability to safeguard secrets. For Morrison, during the Cold War, this led nations to keep sensitive information outside of NATO channels because they assumed that anything

71

Webb, Defence Against Terrorism Review 6 (2014), 42 (55). Murray, JAPPC Journal (2016), 12. 73 Cf. Walsh, The international politics of intelligence sharing, 2010. 74 Dempsey, Carnegie Europe, NATO’s Intelligence Deficit: It’s the Members, Stupid!, 25.5.2017. 75 Clough, International Journal of Intelligence and CounterIntelligence 17 (2004) 601 (612). 76 Ballast, Trust (in) NATO, 2017, 3. 72

Masala/Scheffler Corvaja

189

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:18 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

they sent to NATO “would soon be on desks in Moscow.”77 Prominent examples are the so-called “Topaz”-case and the leaking of NATO’s Kosovo operations plan to Serbia by a French officer. The constant enlargement of NATO since the early 90s and the lack of trust towards the intelligence establishments of many new member states has also presented a major obstacle of deepening intelligence cooperation “at 29”.78 And even today, substantial skepticism towards the intelligence establishments of many member states persist or is even on the rise.79 34 Ballast has mentioned that threat perception was an important prerequisite for intelligence sharing. Even where trust is in short supply, threat perception can serve as a substantial incentive to share intelligence.80 Inversely, where threat and according demand for information is low, such as in the almost 30 years after the end of the Cold War, states’ impetus to share will be low even where substantial trust exists. Sims describes that if sharing is not driven by collection requirements, it will be “heavily defensive in posture, implicitly adversarial, and therefore hollow, despite political and military leaders’ contrary expectations.”81 Should the threat increase and intelligence sharing turn into more of a necessity, states are instead usually willing to share greater ends. The increased level of intelligence sharing on the operational and tactical levels during NATO operations since 1990 stands as a perfect example of this pragmatic approach to intelligence sharing.

2. Dependence on the United States 35

NATO intelligence is and has always been extremely dependent on the United States – a result of both the massive preponderance of the U.S. in terms of intelligence capabilities and the political and military leadership of the U.S. within NATO. The U. S. provides the bulk of the intelligence, while the other member states mostly contribute niche capabilities. In addition to providing most of the actual intelligence, according to Ballast, the United States are also “instrumental in establishing common procedures and terms which facilitated intelligence sharing.”82 According to Curtis, the U.S. mission to NATO has regular direct access to the Secretary General, provides the overwhelming amount of intelligence in every Working Group and most of the briefings to the NAC and MC.83 Dependency on the United States is not limited to NATO Headquarters and extends to NATO’s operations, where substantial U.S. intelligence support is a condition-sine-qua-non. Particularly in the field of Joint Intelligence, Surveillance and Reconnaissance, but also e. g. in the field of targeting, the U.S. provides much of the needed information – up to 95 % in Kosovo according to Curtis.84 The alliance has no independent ability to provide such support to major NATO operations, and also most of its member states displayed significant weaknesses in this regard. Another excellent example would be the Libya campaign, where the United States continued to provide the majority of intelligence even after it had officially taken a backseat.85

77 Morrison, Cold War History 14 (2014), 575 (581–582). For Morrison, the U.S. and U.K. e. g. treated NATO’s highest level of classification “COSMIC TOP SECRET” as at most “CONFIDENTIAL”. 78 Dempsey, Carnegie Europe, NATO’s Intelligence Deficit: It’s the Members, Stupid!, 25.05.2017. 79 A prominent recent case was the arrest of a senior Portuguese counterintelligence official working for Russia, see Badcock, The Telegraph, 24.05.2016. 80 Ballast, Trust (in) NATO, 2017, 3. 81 Sims, International Journal of Intelligence and CounterIntelligence 19:2 (2006), 195 (202). 82 Ballast, Trust (in) NATO, 2017. 83 Curtis, A “special relationship”, 2013. 84 Ibid. 85 Curtis, A “special relationship”, 2013, 1.

190

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:19 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy

The dependency on the United States is both a blessing and a curse: On the one hand, 36 the U.S. ensures that eventual intelligence gaps are always filled. On the other hand, this service as a “lender of last resort” also prevents the development of adequate European intelligence capabilities and provides an incentive for free-riding. As described by Curtis, this has led to a “crisis-sharing mindset” which takes substantially greater U.S. intelligence support during major NATO operations for granted and prevents the development of an appropriate framework for NATO to support alliance operations.86

3. Fragmentation and duplication The United States have long proposed the creation of an ASG-position for Intelli- 37 gence – albeit they would have reportedly have preferred to see an American in the position. According to Ballast, the main reason for this wish was their annoyance with NATO’s scattered intelligence apparatus and in particular the division between the military and civilian pillars in the alliance.87 In 2013, Foster argued that the multiple and uncoordinated intelligence bodies such as NIFC, IMS INT, IU and SAC led to “duplication of effort and over tasking of intelligence analysis centers for similar products.”88 For Foster, they worked on the same issues at least 75 % of the time. Also Kriendler laments that the approach to intelligence at NATO HQ was “in general terms, too disparate, ad hoc, uncoordinated and, to some extent, duplicative”.89 For him, such parallel intelligence efforts waste valuable time and needlessly drain away limited resources, especially given that some have characterized the “paucity of dedicated analytical capability” as the single greatest weakness of NATO intelligence.90 As a result of this fragmentation, NATO’s member states therefore also received similar requests for information from different NATO bodies – leading to “donor fatigue” and even refusals to provide the same information repeatedly.91 On the NATO side, this also meant that the International Staff and the International Military Staff often provided “unsynchronized, uncoordinated, and incomplete intelligence picture.92

4. Military focus For Kriendler, the excessive focus on military issues was a direct result of the greatest 38 producers of intelligence: the allies’ military intelligence agencies. For him, all of NATO’s headquarters could benefit from increased access to intelligence from other intelligence agencies – something that was later attempted through the IU.93 To understand the fundamental divisions about the greater inclusion of non-military factors, it is necessary to remember that NATO here often touches ground that is very disputed within the member states. In more than a few member states, civilian and military intelligence services have long been engaged in turf wars about challenges such as terrorism, cyber and more recently hybrid warfare.94 This adds to the traditional competition between defense and foreign intelligence services, which have also been a problem.

86

Ibid. Ballast, Trust (in) NATO, 2017, 9. 88 Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013, 1. 89 Kriendler, NATO Intelligence and Early Warning, 2006, 4. 90 Ibid. 91 Curtis, A “special relationship”, 2013, 9. 92 Ibid., 8. 93 Kriendler, NATO Intelligence and Early Warning, 2006, 4. 94 Črnčec/Urbanc, Sodobni vojaški izzivi (Contemporary Military Challenges) 16 (2014), 63 (67–69). 87

Masala/Scheffler Corvaja

191

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:19 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

5. Technical obstacles 39

Apart from their willingness, also member states’ ability to share is not unlimited. The U.S. sustains NATOs common intelligence system “Battlefield Information Collection and Exploitation System” (BICES), which was designed to enhance intelligence collaboration and dissemination of intelligence. This system however remains underused both in- and outside NATO and some states are trying to shelve it. According to Foster, the lack of attention to intelligence provided via BICES often leads to the NAC and the MC receiving disjointed intelligence analyses.95 At present, the military intelligence community within and supporting NATO uses BICES on an inconsistent basis, which inhibits the smooth and timely flow of intelligence. Many NATO nations do not even possess access to BICES in their capitals. The above-mentioned NATO JISR-initiative has already led to some improvements in this regard, but much work remains to be done.

C. NATO’s new intelligence structure Member states have long been aware of the above mentioned problems concerning NATO’s intelligence apparatus – Atkeson authored his piece on the oxymoronic nature of NATO intelligence in 1984. The increasing number of out-of-area-operations and NATO’s struggle to provide added value in the fight against terrorism brought these weaknesses to the open. As a result, already NATO’s Prague Summit Declaration in 2002 called for an overhaul of the entire structure. But while by 2016 important improvements had been made with the creation of the Intelligence Steering Board, the Intelligence Unit and the NIFC, a systematic review of the overall architecture was still missing. While many of the larger member states continued to press for a reform, they were not able to get all of the other allies on board. 41 This changed in 2016, primarily for two reasons: With the candidacy of Donald Trump, NATO started to get pounded for not doing enough in the field of counterterrorism – something that had long been criticized especially by the U.S. Congress. As it was clear that NATO would at a maximum play a supporting role in the fight against ISIS, greater intelligence cooperation on counterterrorism seemed to provide a valid initiative to improve NATO’s image. Maybe even more importantly however, the member states had recognized that the current intelligence structures were unapt for dealing with the hybrid challenge on NATO’s Eastern Flank. The fact that NATO’s new intelligence structure is an explicit answer to the threats faced by NATO on both its Eastern and Southern flanks was essential in achieving allied consensus.96 42 By the time of their summit meeting in Warsaw in July 2016, allies had thus agreed to launch a fundamental reform of NATO intelligence and announced the creation of a new Joint Intelligence and Security Division at NATO Headquarters and a responsible Assistant Secretary General (ASG). While the U.S. had initially hoped to appoint a U.S. ASG, member states opposed this idea due to the already very strong representation of the United States at NATO HQ.97 In October 2016, Secretary General Rasmussen then announced that he had chosen Dr. Arndt Freytag von Loringhoven, a German diplomat and former vice-president of the German foreign intelligence service, as first ASG. Freytag 40

95

Foster, Enhancing the Efficiency of NATO Intelligence Under an ASG-I, 2013, 10. Freytag von Loringhoven, NATO, Adapting NATO intelligence in support of “One NATO”, 2017. 97 At present, the Deputy Secretary General and two ASGs are Americans. 96

192

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:20 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy

von Loringhoven was expected to bring in important experiences in the integration of military and civilian intelligence structures, which had taken place during his tenure at the BND.98 While the ASG is German, his deputy is a U.S. brigadier general. The new Joint Intelligence and Security (JISD) provides intelligence support to both NAC and MC and reports to both the Civilian Intelligence Committee and the Military Intelligence Committee. It consists of two divisions: intelligence (with the merged strands of military and civilian intelligence) and security (the NATO Office of Security). By combining all of NATO’s strategic intelligence elements in the JISD, NATO hopes to establish “a single efficient structure, which can provide a coherent intelligence picture to the North Atlantic Council and NATO’s Military Committee.”99 The new division is somewhat of a strange body inside NATO HQ exactly because it defies the traditional division between IS and IMS. For the time being, the JISD is basically nothing more than a head that unites the existing bodies inside NATO’s intelligence apparatus. Also the committee structure will remain unchanged. Inside the existing structures, the Intelligence Unit has been further strengthened and redesignated as “Intelligence Production Unit” (IPU). A specific branch for hybrid analysis was set up, mandated to “analyse the full spectrum of hybrid actions, drawing from military and civilian, classified and open sources.”100As part of the action plan to step up NATO’s counterterrorism efforts adopted at NATO’s Brussels Summit in May 2017 the allies also decided to establish new “Terrorism Intelligence Cell” inside the NATO Office of Security to “improve the sharing of information among Allies, including on the threat of foreign fighters.”101 How much improvement is to be expected from these reforms? If we go back to the problems identified earlier on in this chapter, the current reform is focused on tackling two of them: the focus on military intelligence and the fragmentation of NATO’s intelligence apparatus. It is too early to say whether the new JISD will provide addedvalue in incorporating non-military factors and providing a coherent intelligence picture for NATO decision-making and planning. At least in terms of duplication of effort however, member states are already reporting improvements in NATO HQ Requests for Information and Priority Information Requests – meaning that NATO is streamlining its intelligence requests better.102 It remains to be seen whether the JISD will be able to incorporate also the last intelligence element at NATO HQ, the Strategic Analysis Capacity, which so far has succeeded in remaining attached to the ESCD. Whether the JISD can (and should) support a further streamlining of NATO’s intelligence structure also beyond NATO HQ is questionable. Ballast suggests that while coordination with SHAPE’s J2 is certainly necessary, JISD and J2 ultimately have very different tasks and information requirements. The JISD should therefore limit itself to establish effective liaison and sharing between both bodies. During operations, NATO will in the absence of significant own collection assets remain dependent on its member states and most importantly the United States as main providers of intelligence. Because NATO is unlikely to be engaged in operations at 29 and is likely to work with non-allied partners in such missions, a tailored framework will have to be adopted for each individual mission. Concentrating on greater specialization, a higher level of interoperability and a stronger NATO JISR-framework leave ample opportunity for improvement. Freytag von Loringhoven, NATO, Adapting NATO intelligence in support of “One NATO”, 2017. Ibid. 100 Ibid. 101 NATO, NATO leaders agree to do more to fight terrorism and ensure fairer burden sharing, 25.5.2017. 102 Gruszczak, NATO’s Intelligence Adaptation Challenge, 2018. 98 99

Masala/Scheffler Corvaja

193

43

44

45

46

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:20 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

Whether the JISD can contribute to more intelligence sharing by reducing the enduring lack of trust between allies is just as questionable. The political estrangement between important NATO member states, the constant adoption of new members and the perceived vulnerability of the security establishments of several smaller member states to infiltration do not bode well for improvements in terms of trust. For Ballast, the JISD should thus avoid to solicit states to greater multilateral intelligence-sharing and instead focus on creating political and technical opportunities for mini-lateral sharing in a NATO framework, e. g. in specific operations or in communities of interest. Moreover, the JISD should concentrate on “soft” factors influencing multi-lateral intelligence sharing such as “write-to-release”-doctrines and disclosure policies.103 Energy invested in promoting a change of mindset in the member states’ intelligence establishments, such as the recent move of the U.S. DNI, which encourages the production of more releasable open or lowly-classified intelligence is likely to yield more success than any attempt to get member states to provide more sensitive intelligence.104 48 While the establishment of a joint division is certainly a success, the mission is far from accomplished. The domestic services represented in the CIC are certainly less happy about the recent marriage and continue to push for the independence of the counterintelligence effort and particularly the NATO Office of Security. For Ballast, a real clash of cultures between the strict insistence on “need-to-know” from the security and “need-to-share” from the intelligence pillar is currently underway.105 As a general rule, the national domestic intelligence services have always considered NATO a playing ground of their foreign and military cousins and were thus weary of granting it any competences on their key areas of responsibility. Making sure that the reform does not get stuck in the turf wars of competing national intelligence services will be a key challenge for the new ASG. 47

103

Ballast, Trust (in) NATO, 2017, 16. Intelligence Community Directive 208: Maximizing the Utility of Analytic Products. 105 Ballast, Trust (in) NATO, 2017, 10. 104

194

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:20 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy

Figure 2: NATO’s New HQ Intelligence structure Old Structure

North Atlanc Council

Civilian Intelligence Commiee

Strategic Analysis Capacity

NATO Office of Security

Intelligence Unit

Internaonal Staff

New Structure

Military Comiee

Military Intelligence Commiee

IMS-INT

SITCENT

Internaonal Military Staff

North Atlanc Council

Civilian Intelligence Commiee

Military Comiee

Military Intelligence Commiee

Joint Intelligence and Security Division (Internaonal & Internaonal Military Staff) Intelligence Pillar

Security Pillar Strategic Analysis Capacity

NATO Office of Security

Intelligence Producon Unit

IMS-INT

SITCENT

Source: Own Research

D. Intellligence cooperation between NATO and EU After this in-depth view at NATO and its current reform, the last part of the chapter 49 will look at its cooperation with the EU. Three primary obstacles have traditionally prevented any meaningful cooperation between NATO and the EU in security and defense matters: Different levels of ambition for the military capabilities of the EU, disagreements about the right division of labor with NATO and the so-called “participation problem”, that is the membership of Cyprus in the EU.106 Throughout most of the 2000s, both member state and inter-institutional relations 50 suffered from fundamentally different conceptions about the EU’s role in security and defense issues. While there existed unanimous consent that Europeans should do more in this field, member states took three different stances towards the CSDP: On the one extreme, the staunchly “atlanticist” states, with the United Kingdom at the center, were openly hostile to CSDP and considered it as either an unnecessary duplication or as an outright competitor to NATO. For them, CSDP was to limit itself to softer, more civilian missions and leave the real military business to NATO. On the other extreme, the more “unionist” states, with France at the center, pushed for a robust military capability and tied CSDP to the need for greater European “strategic autonomy”. Between those extremes, states like Germany, who are both atlanticist and unionist,

106

Cf. Howorth, European Security 26 (2017), 454.

Masala/Scheffler Corvaja

195

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:21 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

attempted to take a middle ground and emphasized that the CSDP could strengthen both the EU’s strategic autonomy and the European pillar inside NATO.107 51 These same three camps were not only at odds about the military nature of CSDP, but also about the role NATO should play with regards to non-military security challenges. Some member states pushed strongly to solicit greater NATO engagement in the more civilian fields of security such as counterterrorism and energy security. For them, NATO presented the natural forum for transatlantic cooperation on security issues. This idea was strongly opposed by the more unionist member states, who argued that NATO was a military organization and that these fields were the clear responsibility of the EU.108 Any transatlantic cooperation on these issues would therefore have to take place in a U.S.-EU format – and NATO would have to limit itself to the their military dimensions. These turf wars between the member states were matched by corresponding tensions between the two bureaucracies, which were both trying to maximize their competencies and resources. 52 The third, and probably most important, obstacle is the ongoing conflict between Cyprus and Turkey. Already early NATO-EU relations in the 1990s suffered from the tensions between Greece and Turkey. But when Cyprus – not recognized by Turkey but strongly supported by Greece – joined the EU in 2004, this lead to an immediate blockade of the relationship between both institutions. Cyprus has blocked Turkish participation in CSDP missions and the European Defence Agency, while Turkey has blocked the participation of Cyprus (and Malta) at NATO-EU meetings and the use of NATO assets by the EU. For many years, both countries have continued this blockade – especially when it comes intelligence sharing – wherever the respective other was involved. While workarounds for the participation-problem could often be found, the Turkey-Cyprus issue continues to present a major obstacle for the inter-institutional relationship and the establishment of formal cooperation mechanisms.109 53 These three general problems were compounded by more specific intelligence problems. From NATO’s perspective, the first problem was the lack of a true intelligence counterpart in the EU. For a long time, the EU lacked appropriate intelligence structures with which to share.110 The Western European Union (WEU) had established an intelligence section, a Situation Centre and a Satellite Centre in the early to mid-90s. But it was only in the aftermath of the Cologne summit in June 1999 that the EU established dedicated defense and security bodies and integrated the WEU’s intelligence bodies (see Rauwolf, Intelligence in EU-led military missions and operations, Part 3 Chapter 4, in this volume.). Soon after, NATO and the EU concluded a first interim security arrangement on access to and exchange of classified information and related material.111 The cooperation increased with the engagement of the EU in peacekeeping missions in the Balkans. Because the UK blocked the establishment of EU operational and strategic headquarters, NATO and the EU concluded the “Berlin Plus” agreement, which enabled the use of the NATO command structure by the EU. As part of this agreement, the EU and NATO struck a more extensive security agreement which established standards for the exchange of classified information – and basically led to an adoption of NATO security mechanisms and standards in the EU.”112 107

Cf. Rynning, International Affairs 93:2 (2017), 267. As put by Tomas Valasek, “French diplomats at NATO fought to keep the alliance in its Cold War box (…) rather than let it adapt to dealing with new security threats.” Valasek, The roadmap to better EUNATO relations, 2007, 2. 109 Smith/Gebhard, European Security 26:3 (2017), 303 (303). 110 Gruszczak, NATO’s Intelligence Adaptation Challenge, 2018, 5. 111 Gruszczak, Intelligence Security in the European Union, 2016, 203. 112 Ibid. On the adoption of NATO standards by the EU, see Schilde, European Security 24:2 (2014), 167. 108

196

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:21 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy

Apart from a lack of institutions, the EU also suffered from a lack of actual intelligence to share – making intelligence cooperation on the ground fundamentally one-sided.113 While NATO possessed at least moderate intelligence capabilities during operations, the EU had nothing similar. And when it came to member state intelligence available to only one of the institutions, NATO could count on the steady flow of vast amounts of U.S. intelligence while the quantity and quality of the intelligence provided by the EU states that are not part of NATO is very limited. The U.S., who was very skeptical of sharing any sensitive intelligence with the EU, also had to consent to any exchange. In the world of intelligence sharing, where information is shared on a quidpro-quo-basis, this was not a good starting point.114 With the accession of Cyprus to the EU in 2004, “Berlin Plus” essentially became a “dead-letter agreement”, with Operations Concordia (2003) and Althea (2004) as the only missions ever launched. The simultaneous further evolution of CSDP also meant that the EU was not unhappy to break out of this system, hoping to eventually create a “Brussels Plus” or “Berlin Plus reverse” for comprehensive crisis management with itself in the lead.115 Because the formal intelligence sharing between both institutions remained underdeveloped, in missions such as in the Balkans and the Horn of Africa informal EU-NATO intelligence-sharing has become more important in recent years. As the security situation on Europe’s flanks has worsened and staff-to-staff contacts have increased, this now extends beyond areas of mutual operations.116 When looking at NATO-EU cooperation, for Koehler, “the emerging picture (…) is thus one of routinized cooperation on the staff and operational levels, coupled with continuing political stasis.”117 Recent developments might be about to put an end to this stasis. As discussed above, NATO and the EU face both political and institutional obstacles to greater intelligence sharing. Apart from cooperation in peacekeeping and counterpiracy, what had so far been missing was a larger pressure to cooperate and a common objective that is less affected by competition. The major threats that Europe is dealing with on its Eastern or on Southern Flank might just provide this opportunity and have already led to increased exchanges. At the same time, both institutions have become extremely hesitant to take on any more large-scale crisis management operations – an area where both institutions used to find themselves in bitter competition. Today, the picture is therefore one of relative compatibility: On Europe’s Eastern flank, there is no question that NATO is in the military lead. On the Southern Flank, where there exists no appetite for greater NATO and/or military involvement, the EU is clearly in the lead. When it comes to counter-terrorism, despite occasional pressure on NATO from the side of the United States, the division of labor is also clear and it is the EU who has the lead role, especially when it comes to the security of its Member States. This means that – as opposed to how it used to be with crisis management – there now exists a clear division of labor between the institutions. At the same time, the hybridity of the challenges on the Eastern and Southern flank provide ample opportunity for cooperation and support. NATO needs the EU when it comes to the non-military dimensions of hybrid warfare. And the EU needs NATO for 113 A perfect example would be the support of NATO intelligence capabilities to the EU mission in the Eastern Mediterranean, see Dibenedetto, Implementing the Alliance Maritime Strategy in the Mediterranean: NATO’s Operation Sea Guardian, 2016, 12. 114 See Clough, International Journal of Intelligence and CounterIntelligence 17:4 (2004), 601. 115 Kempin, Could France Bring NATO and the EU Closer Together?, 2008, 3. 116 Raik/Järvenpää, A New Era of EU-NATO Cooperation, 2017, 14. 117 Koehler, Enhancing NATO-EU Cooperation: Looking South and Beyond, 2017, 2. See also Græger, European Security 25:4 (2016), 478.

Masala/Scheffler Corvaja

197

54

55

56

57

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:22 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 2. The European Intelligence Agenda

some of the military aspects of counterterrorism. The hybrid threat might thus well provide an issue on which NATO-EU intelligence cooperation might evolve. The EU Hybrid Cell and the Hybrid Intelligence Branch within NATO’s IPU are already in regular contact and both support the establishment of the Center of Excellence for Hybrid Threats in Helsinki, which supports – but is not a part of – NATO and the EU. The fact that Turkey has so far taken less interest in the Eastern Flank will also make cooperation on this front significantly easier. 58 To operationalize the Joint Declaration signed at the Warsaw Summit, NATO and the EU have agreed to a Common Set of Proposals, with seven main areas. While member states were careful not to use the term “intelligence”, increased shared situational awareness and shared understanding was included in at least 6 of them and even constitutes one of three main sub-areas in the item “Countering Hybrid Threats”.118 What has since developed has been so-called Parallel and Coordinated Analyses (PACAs), where the EU and NATO would ask member states to basically share the same information with both NATO and EU, thus avoiding the need to share intelligence between both institutions. Three analyses on the Eastern and Southern Neighborhood had been conducted by June 2018 and another one on hybrid threats was on its way.119 The purpose of these PACAs is to provide a shared understanding of specific issues in both institutions – hopefully leading to a more coherent policy of the institutions. On the staffto-staff level, the relative geographical and thematic departments within EU INTCENT and NATO’s JISD are now conducting monthly video conferences to increase joint situational awareness. The branches in hybrid threats have also established a secure EUBICES connection.120 At the same time, NATO and the EU have also launched Parallel and Coordinated Exercises (PACEs) to improve their cooperation and are implementing and operationalising parallel procedures and playbooks for mutual interactions especially in the case of cyber attacks.121 Both institutions are also cooperating very closely with the European Centre of Excellence for Countering Hybrid Threats in Helsinki, which serves as a facilitator for discussions and exercises with representatives from both institutions and selected member states.122

E. Conclusion 59

NATO intelligence is currently undergoing a major transformation. By merging civilian and military intelligence structures at NATO HQ, this reform marks the logical conclusion of a process that started in the early 2000s. Streamlining the structure and strengthening its coordination mechanisms has reportedly already led to less duplication of effort and more coherent Requests for Information to the member states – one of the main objectives of the reform. The strengthened IPU should also lead to a better incorporation of non-military factors. The overhaul of NATO’s intelligence structure is 118 NATO, Common set of new proposals on the implementation of the Joint Declaration signed by the President of the European Council, the President of the European Commission and the Secretary General of the North Atlantic Treaty Organization, 5.12.2017. 119 NATO, Third progress report on the implementation of the common set of proposals endorsed by EU and NATO Councils on 6 December 2016 and 5 December 2017, 8.6.2018. 120 Ibid. 121 NATO, Statement on the implementation of the Joint Declaration signed by the President of the European Council, the President of the European Commission, and the Secretary General of the North Atlantic Treaty Organization, 6.12.2016. 122 NATO, Third progress report on the implementation of the common set of proposals endorsed by EU and NATO Councils on 6 December 2016 and 5 December 2017, 8.6.2018.

198

Masala/Scheffler Corvaja

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:22 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 5. NATO Intellingence and Common Foreign and Security Policy

however far from completed and many tricky questions remain – e. g. whether the reform should extend down to the operational and tactical level. Some of the fundamental obstacles to greater NATO intelligence sharing and cooperation will however remain unaffected: The reform will not increase the trust between allies, it will not lead to a lesser dependence on the United States and it will not eo ipso overcome the technical obstacles to intelligence sharing in the alliance. Multi-national sharing at 29 will remain tricky and never supersede the intense bi- and mini-lateral intelligence ties that exist across NATO. At the end of the day, intelligence in NATO will always remain instrumental for the specific missions of the alliance – and thus prevent NATO from becoming a more general multinational intelligence sharing platform. The reform also presents an opportunity for stepping up NATO’s intelligence 60 cooperation with the EU. The Joint Declaration of NATO and EU in 2016, the inclusion of common situational awareness in the Common Set of Proposals and the constant evaluation mechanisms are a step in the right direction. The roadblocks for greater cooperation such as the Cyprus issue will however remain, and become especially contentious once Turkey’s areas of interest come into focus. Much more important than any institutional reforms or political pressure will however be the perceived necessity of this cooperation in the eyes of both the institutions and the member states. Just like in the past, it might lead to intensive operational-level cooperation where the political relationship remains stalled. It is here where the signs are promising: NATO and the EU have relatively few divisions about their respective roles tackling the challenges on Europe’s Eastern and Southern Flank. And even more importantly, these roles are complimentary and both institutions can provide value to the other. If we look at Sims dictum about the Parallel and Coordinated Exercises sharing, the times could not be any better.123 123

Sims, International Journal of Intelligence and CounterIntelligence 19:2 (2006), 195 (202).

Masala/Scheffler Corvaja

199

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 2.3d from 30.09.2019 13:54:22 3B2 9.1.580; Page size: 160.00mm  240.00mm

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:09 3B2 9.1.580; Page size: 160.00mm  240.00mm

PART 3 EUROPEAN INTELLIGENCE COOPERATION Chapter 1 EU intelligence: On the road to a European Intelligence Agency? José-Miguel Palacios Outline A. Introduction ...................................................................................................................... I. European institutions and intelligence cooperation........................................ II. What is intelligence? .............................................................................................. III. EU intelligence cycle .............................................................................................. IV. A strategic-level tool............................................................................................... B. Clients, customers and stakeholders............................................................................ I. Intelligence stakeholders in the EU .................................................................... II. The Council.............................................................................................................. III. EEAS .......................................................................................................................... IV. The EU Commission.............................................................................................. V. EU agencies and other EU bodies....................................................................... VI. Other EU customers............................................................................................... C. EU intelligence structures .............................................................................................. I. INTCEN .................................................................................................................... II. EUMS INT ............................................................................................................... III. EUROPOL ................................................................................................................ IV. SATCEN.................................................................................................................... V. FRONTEX ................................................................................................................ VI. EU ISS........................................................................................................................ VII. A WIDENED COMMUNITY ............................................................................. D. Perspectives of EU intelligence ..................................................................................... I. A question of models ............................................................................................. II. A EU intelligence agency?..................................................................................... III. The EU intelligence community.......................................................................... IV. Models: the JIC........................................................................................................ V. Models: the INR ...................................................................................................... E. Conclusions: Alternatives for the EU ..........................................................................

mn. 1 1 4 10 16 17 17 21 25 29 33 36 38 38 49 53 56 62 66 68 71 71 75 81 87 92 97

Bibliography: Antunes, Developing an Intelligence Capability. The European Union, in Studies in Intelligence, Vol 49, No. 4 (2005), pp. 65–70; Best Jr., Intelligence Issues for Congress, CRS Report for Congress, 12 July 2006; Bett, Enemies of Intelligence: Knowledge and Power in American National Security, Columbia University Press, 2009; Bigo et al., National security and secret evidence in legislation and before the courts: exploring the challenges, DG HOME, 2014; Bisbee, Sharing Secrets. Trends in European Intelligence, in Dan Bisbee’s blog, January 2004. Retrieved from http://danbisbee.blogspot.com/2004/01/ how-much-intelligence-is-there-in.html (17 May 2012); Clerix, Ilkka Salmi, the EU’s spymaster, MO, 4 March 2014. Retrieved from http://www.mo.be/en/interview/ilkka-salmi-eu-s-007 (22 January 2017); Cooper, The post-modern state and the world order, Demos 2000; Cross, The Limits of Epistemic Communities: EU Security Agencies, Politics and Governance Vol. 3, Issue 1 (2015), pp. 90–100; Davies, Ideas of Intelligence: Divergent Concepts and National Institutions, Harvard International Review 24, 3 (2002), pp. 62‐66; Davies, UK security will both gain and suffer from Brexit. The EU will only lose, in LSE Brexit blog, 7 November 2016. Retrieved from http://blogs.lse.ac.uk/brexit/2016/11/07/uk-securitywill-both-gain-and-suffer-from-brexit-the-eu-will-only-lose/(10 November 2016); Davies, Gustafson and Rigden, The Intelligence Cycle is dead, long live the Intelligence Cycle, in Phythian (ed), Understanding the Intelligence Cycle, Routledge, 2013, pp. 56–75; Den Boer, Counterterrorism, security and intelligence in the EU: Governance challenges for collection, exchange and analysis, Intelligence and National

Palacios

201

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:09 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation Security, Vol. 30, No. 2–3 (2015), pp. 402–419; Esteban Navarro, Glosario de Inteligencia, Ministerio de Defensa 2007; EU Institute for Security Studies, 2015 Activities Report, EUISS 2015; EU Satellite Centre, Annual Report 2015, Publications Office of the European Union 2016; European External Action Service, Factsheet EU Conflict Early Warning System, September 2014. Retrieved from https://eeas.europa.eu/sites/ eeas/files/201409_factsheet_conflict_earth_warning_en.pdf (18 February 2017); European Union, Shared Vision, Common Action: A Stronger Europe. A Global Strategy for the European Union’s Foreign and Security Policy, June 2016; Fägersten, Intelligence and decision-making within the Common Foreign and Security Policy, SIEPS, European Policy Analysis (2015); Fingar, Reducing Uncertainty: Intelligence Analysis and National Security, Stanford University Press 2011; Freeman, Strategic Management: A Stakeholder Approach, Pitman, 1984; Gros-Verheyde, L’IntCen… le lieu des échanges … d’analyses Top secret, in blog Bruxelles 2, 21 January 2015. Retrievable at http://www.bruxelles2.eu/2015/01/21/que-faitlintcen-europeen/(20 November 2016); Gruszczak, Intelligence Security in the European Union: Building a Strategic Intelligence Community, Palgrave McMillan 2016; Haag and Bernardo Anaya, The first ten years of military Intelligence Support for the work of the EU, in Impetus 11 (Spring/Summer 2011), pp. 8–9; Hertzberger, Counter-terrorism intelligence cooperation in the European Union, UNICRI, 2007; Hulnick, What’s Wrong with the Intelligence Cycle, in Intelligence and National Security, Vol 21, No. 6 (2006), pp. 959–979; Kent, Strategic Intelligence for American World Policy, 3rd printing, Princeton University Press, 1953; Lahneman, The Need for a New Intelligence Paradigm, International Journal of Intelligence and CounterIntelligence, Vol. 23, No. 2 (2010), pp. 201–225; Lowenthal, Intelligence: From secrets to policy, CQ press, 2016; Netherlands Defence Intelligence and Security Service, 2013 Annual Report, Central Staff of the Ministry of Defence; Ignatius, Spy World Success Story, in Washington Post 2 May 2004; Jeffreys-Jones, In Spies We Trust, Oxford University Press 2013; Johnston and Johnston, Testing the Intelligence Cycle Through Systems Modeling and Simulation, in Johnston, Analytic Culture in the U.S. Intelligence Community, Centre for the Study of Intelligence, 2005, pp. 45–57; Kaunert and Léonard, European security, terrorism and intelligence: Tackling new security challenges in Europe, Springer, 2013; Kent, Strategic Intelligence for American World Policy, 3rd printing, Princeton University Press, 1953; Lange, Slovenia and the European External Action Service, in: Balfour and Raik (ed), The European External Action Service and National Diplomacies, IPC 2013, pp. 107–116; Marrin, At Arm’s Length or At the Elbow?: Explaining the Distance between Analysts and Decisionmakers, in International Journal of Intelligence and Counter Intelligence 20 (2007), pp. 401–414; Missiroli (ed), Towards an EU Global Strategy, EUISS, 2015; Müller-Wille, For our eyes only, Shaping an intelligence community within the EU, Occasional paper no. 50, EUISS, 2004; NATO Standardization Office, AAP-6. NATO Glossary of Terms and Definitions (English and French), edition 2012; NATO Standardization Office, AAP-6. NATO Glossary of Terms and Definitions (English and French), edition 2015; Netherlands Defence Intelligence and Security Service, 2013 Annual Report; Nomikos, European Union Intelligence Agency: A Necessary Institution for Common Intelligence Policy?, in Koutrakou (ed.), Contemporary Issues and Debates in EU Policy: The European Union and International Relations, Manchester University Press, 2004, pp. 38–55; Omand, Is it time to move beyond the Intelligence Cycle? A UK practitioner perspective in Phythian (ed), Understanding the Intelligence Cycle, Routledge, 2013, pp. 134–148; Omand, “Reflections on Secret Intelligence”, lecture at Gresham College, 20 October 2005. Retrieved from http://www.gresham.ac.uk/ print/1891 (19 May 2012); Palacios, “Hacia un concepto europeo de inteligencia”, in Inteligencia y Seguridad. Revista de Análisis y Prospectiva, 16 (2104), pp. 99–123; Presidenza del Consiglio dei Ministri, “Il linguagio degli organismi informativi. Glossario Intelligence”, special issue of Gnosis (2013). Retrieved from https://www.sicurezzanazionale.gov.it/sisr.nsf/wp-content/uploads/2013/12/Glossario-intelligence2013.pdf (17 July 2017); Rettman, EU intelligence chief: No way of checking if information came from torture, EU Observer, 10 December 2014; Rood, Inside the one spy agency that got pre‐war intelligence on Iraq – and much else – right, in Washington Quarterly January/February 2005; Svendsen, The globalization of intelligence since 9/11: frameworks and operational parameters, Cambridge Review of International Affairs, Vol. 21, No. 1 (March 2008), pp. 129–144; Treverton, Reshaping national intelligence for an age of information, Cambridge University Press, 2003; Treverton, Toward a Theory of Intelligence, Rand (Workshop Report), 2006; UK Cabinet Office, National Intelligence Machinery, 2010, pp. 23–24; Warner, Wanted: a definition of intelligence, Studies in Intelligence, Vol.46, No. 3 (2002), pp. 15–22.

Intelligence cooperation and joint intelligence production are also part of European construction. As it will be seen in this chapter, the European institutions already have an important and growing role in this field, although, for the time being, efforts are mostly channelled through structures not affiliated with the European Union. If Europe wants to play in the future a more important role in international affairs, if it wants to be better prepared to protect its specific interests and those of its citizens it will probably need to develop its own intelligence system, designed to support the 202

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:10 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

work of the common institution and of the European Union as a whole. This will not necessarily entail the establishment of a EU intelligence agency, able to carry out all steps of the intelligence cycle.

A. Introduction I. European institutions and intelligence cooperation The European Union has been built by following two different approaches, one 1 supranational and one intergovernmental, and the complicated institutional architecture of the European Union has served well the interests of European integration on both tracks. Common institutions have been able to develop the supranational potential of the European idea and create a common framework for all EU citizens. Achievements such as the free movement of persons, services and capitals, the common currency or the Schengen area are the fruits of this supranational approach that some Member States support more enthusiastically than others. But the EU institutions have also played important roles in areas such as CFSP (Common Foreign and Security Policy) or JHA (Justice and Home Affairs), which remain basically intergovernmental. Without forgetting the important role played by what could be called “the wider EU”, a network of institutions not directly connected to the EU that also contribute to European construction. It is the case of the OSCE (Organisation for Security and Cooperation in Europe) and NATO (North Atlantic Treaty Organisation) for defence and security issues. It is also the case of the Council of Europe for promoting human rights, democracy and the rule of law in Europe. Additionally, also informal networks often play an important role in making European mechanisms run smoothly1. In the field of CFSP, a common institution, the European External Action Service 2 (EEAS), helps Member States to adopt and implement common positions, and a EU agency, the EU Satellite Centre (SATCEN), gathers and interprets satellite imagery. Commission departments such as DG NEAR (Neighbourhood and Enlargement Policy), DG DEVCO (International Cooperation and Development), DG ENER (Energy) and DG ECHO (Civil Protection and Humanitarian Aid Operations) also contribute to the EU external action, much in the same way as EUROPOL and FRONTEX (EU agencies), as well as DG HOME (Migration and Home Affairs) and DG JUST (Justice) support and supplement Member States’ efforts in the field of Justice and Home Affairs. Intelligence cooperation and joint intelligence production are also part of Eur- 3 opean construction. As it will be seen in this chapter, the European institutions already have an important and growing role in this field, although, for the time being, efforts are mostly channelled through structures not affiliated with the European Union. NATO, for instance, has a crucial role for military intelligence and so does the Counter-Terrorist Group (CTG), a forum bringing together the internal security services of EU Member States, Norway and Switzerland, for matters of counterterrorist coordination.

1 For a detailed discussion of the importance of networks, see Mai’a Cross Davis, The Merits of Informality: The European Transgovernmental Intelligence Network, Part 3 Chapter 2, in this volume.

Palacios

203

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:10 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

II. What is intelligence?2 In this chapter the word “intelligence” will be frequently used and it would probably be good to start with a definition of this term, which, in European conditions, is a very difficult thing to do. There are, obviously, some good official and academic definitions, but none of them is universally accepted. To a certain extent, it could be assumed that intelligence is, as defined in NATO glossary AAP-6 (2015 edition), “the product resulting from the directed collection and processing of information regarding the environment and the capabilities and intentions of actors, in order to identify threats and offer opportunities for exploitation by decision-makers”3. However, this recent definition still leaves a lot of space for different interpretations. 5 In practice, it is easy to recognise in contemporary Europe two main intelligence schools, using each a different concept of intelligence. In the British tradition, intelligence (or “secret intelligence” as they usually refer to it) is information obtained by special means. On the other hand, according to American tradition, at least since Sherman Kent, intelligence is knowledge, understanding, in support of decision-making4. As Philip Davies (2002) has pointed out, “the difference between British and US concepts of intelligence is that the United States approaches that information as a specific component of intelligence, while Britain approaches intelligence as a specific type of information”5. This is, of course, a rather schematic characterisation of the real situation, which is, both in Britain and the United States, much more nuanced and complex. In the United States, “secrets” are very often considered as a necessary component of any intelligence product. On the other hand, the British intelligence community is well aware of the role of analysis (assessment) and the value of non-secret information inputs, although the most important analytical products are elaborated in a body, like the Joint Intelligence Committee (JIC), which formally does not belong to the community. 6 In this discussion between British and American models, the various European intelligence schools have traditionally been much closer to the British one. In continental Europe, intelligence has been usually understood as “secret information” rather than as “knowledge”6, there is a clear tendency to relate “intelligence” to “secrets” and 4

2 Some works that can help readers understand the concept of intelligence and its recent evolution: Kent, Strategic Intelligence for American World Policy, 3rd printing, Princeton University Press, 1953; Treverton, Reshaping national intelligence for an age of information, Cambridge University Press, 2003; Fingar, Reducing Uncertainty: Intelligence Analysis and National Security, Stanford University Press 2011; Lowenthal, Intelligence: From secrets to policy, CQ press, 2016; Warner, “Wanted: a definition of intelligence”, Studies in Intelligence, Vol.46, No. 3 (2002), pp. 15–22; Bett, Enemies of Intelligence: Knowledge and Power in American National Security, Columbia University Press, 2009; Lahneman, “The Need for a New Intelligence Paradigm”, International Journal of Intelligence and CounterIntelligence, Vol. 23, No. 2 (2010), pp. 201–225; Svendsen, “The globalization of intelligence since 9/11: frameworks and operational parameters”, Cambridge Review of International Affairs, Vol. 21, No. 1 (March 2008), pp. 129–144.; Omand, “Reflections on Secret Intelligence”, lecture at Gresham College, 20 October 2005. Retrieved from http://www.gresham.ac.uk/print/1891 (19 May 2012). 3 NATO Standardization Office, AAP-6. NATO Glossary of Terms and Definitions (English and French), edition 2015, p. 2-I-6. 4 “Intelligence means knowledge” are the first words of Sherman Kent’s classical work Strategic Intelligence for American World Policy. See Kent, Strategic Intelligence for American World Policy, 3rd printing, Princeton University Press, 1953, p. 3. 5 Davies, “Ideas of Intelligence: Divergent Concepts and National Institutions”, Harvard International Review 24, 3 (2002), pp. 62‐66. 6 Palacios, “Hacia un concepto europeo de inteligencia”, in Inteligencia y Seguridad. Revista de Análisis y Prospectiva, 16 (2104), pp. 106.

204

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:11 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

the practice of intelligence is frequently equated to espionage. However, and particularly over the last twenty years, the American concept of intelligence as understanding, as knowledge, has gradually entered the vocabulary of European experts and has been incorporated in different degrees into the national intelligence cultures of many EU Members States7. Bilateral cooperation in the field of intelligence has been a first and important way of extending American influence to European countries. This cooperation is essentially asymmetrical, given the marked disparity of means and technical sophistication between the US intelligence agencies and their European counterparts, and has served in many cases to transmit elements of the US intelligence culture. A second transmission belt, particularly effective in the realm of military intelligence, has been NATO. For over sixty years, NATO has made a great effort to standardise concepts and procedures, generally on the basis of US practice8. Finally, the emergence of academic intelligence studies, initially in the United States, is also serving as an effective vehicle for spreading in Europe the American concept of intelligence as “knowledge”. Although the aim of intelligence is not even mentioned by many of the most popular 7 definitions, it has been usually understood that intelligence is very closely related to “security”. Decision-makers look for intelligence (in both senses: special information or knowledge) on something or somebody as a way to reinforce their countries’ security. But security itself is a rather ambiguous concept subject to evolution. Nowadays, it is rather clear that security includes, at least, the two traditional fields of defence and internal security (in particular, from terrorist threats), but also some new disciplines, such as economic security, energy security, cyber security, etc. In practical terms, intelligence supports foreign policy (external action), law and justice activities and, to a lesser extent, other branches of public administration. And intelligence is used whenever there is a perception of threat or decision-makers are looking for opportunities or trying to envisage a future after a high-impact event. The development of EU intelligence is following a path similar to that already 8 followed in other fields of European construction. That is, the focus is on what Europeans have in common, rather than on the many existing differences. And, in case of problems, EU officials use an indirect approach to circumvent it, instead of losing time and wasting political capital in vain efforts to find definitive solutions. Large amounts of strategic ambiguity are serving well to bridge the gap between the old realities that are being left behind and the new realities that are hopefully emerging, which is absolutely necessary, because under the common European roof (described in detail in section C), contributing national agencies and seconded analysts stay faithful to their own national concepts. For some of them, “intelligence” is what national agencies share with the EU, while the role of common bodies consists in facilitating the exchange of national intelligence, as well as in “fusing” what they receive from Member States in order to make it more useful in the EU environment. Others, those understanding intelligence mostly as “analysis”, will sustain that EU intelligence bodies are able to produce their own intelligence with the assistance of Member States’ agencies. A common European concept of “intelligence” or, at least, a concept of intelligence 9 systematically used in the EU structures will probably take some time to emerge (to be 7 In Italy, for instance, “intelligence” is currently defined as “Il prodotto dell’elaborazione di una o più notizie di interesse per la sicurezza nazionale”. See Presidenza del Consiglio dei Ministri, “Il linguagio degli organismi informativi. Glossario Intelligence”, special issue of Gnosis (2013), p. 63. In Spain, it is the “Producto que resulta de la evaluación, la integración, el análisis y la interpretación de la información reunida por un servicio de inteligencia” (Esteban Navarro, Glosario de Inteligencia, Ministerio de Defensa 2007, p. 82). 8 See Masala/Scheffler Corvaja, NATO Intelligence and Common Foreign and Security Policy, Part 2 Chapter 5, in this volume.

Palacios

205

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:11 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

finally agreed upon). Because this discussion is not purely technical. It also reflects the existing differences on the future of European integration, with “federalists” in favour of reinforcing the powers of common institutions and their opponents insisting on the preservation of the primacy of Member States. For as long as the discussion on European construction is not positively solved, it will be very unlikely that European intelligence professionals can make progress towards a single intelligence concept, accepted by all actors and stakeholders.

III. EU intelligence cycle According to an old definition, official in NATO until 2013, intelligence may be a product, a process or an organisation9. Intelligence as a product has already been discussed and reference has been made to intelligence organisations, both at EU and national level. But it is also interesting to think of intelligence as a process, as a series of interrelated activities that allow us to create a “product”, which is used, in one way or another, in support of decision-making10. And it is interesting, because it gives us insight on the intrinsic complexity of intelligence, on the many different actors having a role in it. 11 Traditionally, the intelligence process has been described by using what is called “intelligence cycle”, that is, a “sequence of activities whereby information is obtained, assembled, converted into intelligence and made available to users”11. Contemporary specialists frequently dispute that the intelligence cycle is an accurate description of how intelligence is elaborated in practice and how policy-makers participate in the process. The sequential character of the cycle is particularly criticised, which has made some scholars propose its replacement by a non-sequential process comprising, maybe, the same elements (phases), but allowing their combination and interaction in almost every possible way12. Nevertheless, the intelligence cycle is still very useful for organisational and educational purposes. Even if the cycle is seen as a schematic description, without any prescriptive or normative value, it could also be useful as a first and simplified approximation to a rather complex activity or set of activities. 12 The EU lacks a single and officially sanctioned intelligence process, so that different institutions and agencies organise the intelligence work according to their own particular necessities and preferences. In the CFSP field, the EEAS has issued a Decision describing the Intelligence Support Architecture13, but the intelligence cycle is not explicitly part of it. Nevertheless, the contents or the Decision are clearly based on a 10

9 NATO Standardization Office, AAP-6. NATO Glossary of Terms and Definitions (English and French), edition 2012, p. 2-I-6. 10 For some interesting discussions of the concept of intelligence cycle, please see Davies, Gustafson and Rigden, “The Intelligence Cycle is dead, long live the Intelligence Cycle”, in Phythian (ed), Understanding the Intelligence Cycle, Routledge, 2013, pp. 56–75. ; Hulnick, “What’s Wrong with the Intelligence Cycle”, in Intelligence and National Security, Vol 21, No 6 (2006), pp. 959–979; Johnston and Johnston, “Testing the Intelligence Cycle Through Systems Modeling and Simulation”, in Johnston, Analytic Culture in the U.S. Intelligence Community, Center for the Study of Intelligence, 2005, pp. 45–57; Treverton, Toward a Theory of Intelligence, Rand (Workshop Report), 2006; Omand, “Is it time to move beyond the Intelligence Cycle? A UK practitioner perspective”, in Phythian (ed), Understanding the Intelligence Cycle, Routledge, 2013, pp- 134–148. 11 NATO Standardisation Office. 12 See, for instance, Johnston and Johnston, “Testing the Intelligence Cycle Through Systems Modeling and Simulation”, in Johnston, Analytic Culture in the U.S. Intelligence Community, Center for the Study of Intelligence, 2005, pp. 48–50. 13 HR decision of June 2012 establishing the organisation and functioning of the EEAS Intelligence Support Architecture. This decision bears no date and has not been officially published (July 2017).

206

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:12 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

sequential understanding of the intelligence process, that is, on a cycle. Unofficially, the different CFSP intelligence actors use NATO’s four-step cycle (direction, collection, processing and dissemination), or its CIA equivalent, where the processing step is split into two different ones: processing (that is, collation and evaluation) and analysis. In the law and justice field, the first Director of EUROPOL, Jürgen Storbeck, established in the 1990s a five-steps intelligence cycle for the agency: planning and direction; collection; processing; production; and dissemination and evaluation14. In a later Intelligence Model Framework, elaborated by EUROPOL’s Analysis Unit, the intelligence cycle is replaced by the somewhat wider concept of “intelligence process”, with the following steps: tasking, collection, evaluation, collation, analysis, dissemination/identification of projects. In reality, EUROPOL’s process is nothing else than a different systematisation of the elements of NATO’s cycle, with tasking and identification of projects being part of the direction step, and evaluation, collation and analysis, of processing. The classical intelligence cycle presupposes the existence of a single, well structured and 13 straightforward decision-making process, something which may be true to a certain extent at the national level, but for sure not in supranational entities such as the EU. In the EU, there are national and EU-level (common) actors interacting within a multiplicity of structures. National intelligence systems play a very important role by supporting key players (their own national governments), but also, in an indirect way (intelligence liaison) other actors, such as foreign governments and the European institutions. On the other hand, the EU intelligence structures are mainly designed to support the institutions, but they are also able to influence the perceptions of national actors. The classical intelligence cycle is not appropriate to describe the work of intelligence in such a complex decision-making system, but it can surely help us to understand what European intelligence structures can provide and what is still missing. And, to a certain extent, what can be improved and what is irredeemably linked to the current identity and structure of the European Union and will not probably change unless the very European Union undergoes profound changes in its being and functioning. The EU intelligence system, meaning by that the different intelligence structures 14 working at EU level, primarily in support of EU bodies or institutions, is able to carry out the direction step of NATO’s intelligence cycle. For CFSP matters, the Intelligence Steering Board, probably the key body in the Intelligence Support Architecture15, defines priorities and recommends the adoption of different procedures, in particular for tasking. EUROPOL, SATCEN, FRONTEX and other EU bodies performing intelligence tasks have their own mechanisms for tasking and prioritisation. At EU level, the Council and its dependent bodies can instruct the different intelligence structures, either individually or in cooperation, to elaborate analyses in support of its own activities. It has frequently done so with INTCEN and EUROPOL, and more episodically with FRONTEX and other structures16. The EU intelligence structures have been designed to focus on the processing and 15 dissemination steps of the intelligence cycle. On the other hand, they almost completely 14

See Ryder, European Criminal Intelligence, Part 3 Chapter 3, in this volume. The Intelligence Steering Board has ceased to meet regularly. Its role and the whole of the Intelligence Support Architecture may be reconsidered as a result of the implementation of the new European Global Strategy. 16 For examples of the Council tasking INTCEN and EUROPOL, please see the Update on the conclusions, recommendations and way forward on the INTCEN and Europol threat assessments mechanism (ST 6699 2017 REV 1) of 4 May 2017. Concerning FRONTEX, a typical case is explained in a note from the Presidency of the Council dated 11 September 2015 (11782/1/15 REV 1). In this note, FRONTEX together with EASO (European Asylum Support Office) and EUROPOL, was mandated to produce a joint analysis on secondary movements of migrants, to be discussed by Council working groups. 15

Palacios

207

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:12 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

lack means for collection, either clandestine or overt. For that reason, instead of collecting classified information from their own human or technical sources, they have to request it from Member States’ intelligence and security agencies. The satellite imagery processed by SATCEN is purchased from commercial providers or contributed by those Member States owning observation satellites (Helios 2, Pléiades, CosmoSkyMed, SAR-Lupe). And, although diplomatic information is part of the mix processed by EU intelligence structures, it is not collected by themselves, but by the diplomatic services of the EU and Member States, as well as by other EU institutions and bodies. One of the few exceptions is FRONTEX, which is able to collect part of the information it later processes. In any case, FRONTEX is not a pure intelligence structure, but an agency with a wider scope of action that produces intelligence in support of its own activities and, in some cases, of decision-making at EU level.

IV. A strategic-level tool 16

Decision-making at EU level is strategic in its very nature and the EU-level intelligence system that is being described in this chapter produces, precisely, strategic intelligence. Particular members of the EU family (EU institutions, EU agencies, CSDP missions and operations) may need the support of intelligence at the operational or tactical level and, in principle, they can establish their own operational or tactical analytical bodies, in charge of processing all the information available to them. This is especially true in case of CSDP missions and operations. The functioning of such intelligence/analytical structures is out of the scope of this chapter.

B. Clients, customers and stakeholders I. Intelligence stakeholders in the EU Intelligence is a service to decision makers and must be tailored to their needs, in particular to the way decision makers use knowledge in support of their activities. Different users may and do often require different kinds of intelligence assistance, which translates into different products and different interaction patterns. The EU is an international actor with its own interests and policies, but an actor of a different kind from traditional nation-states. Therefore, intelligence support in the EU environment has its own particularities, difficult to find at national level. By means of a permanent dialogue with the users of their services, the different EU intelligence bodies try to offer to decision makers the specialised knowledge they need in order to make well-informed decisions. 18 In this chapter the distinction between clients and customers made by some scholars and practitioners is used. Clients are those users “paying for the services” of the intelligence structures and in most cases are hierarchically placed above them. Customers are all the rest of users and, unlike clients, have only limited possibilities to request specific support from intelligence. Although in principle it might seem that intelligence structures should orient themselves almost exclusively to meet the requirements of their clients, in practice the opinion of customers is also very important. In such a collaborative, consensus-based, decision-making system as the one existing in the EU, the distinction between clients and customers is sometimes blurred and for intelligence 17

208

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:13 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

structures the satisfaction of users not belonging to their own hierarchy might be in some cases essential. The openness of modern Western societies, but also the unique characteristics of the 19 EU as a new kind of international actor, a sui generis construction specialised in projecting soft power, proud of its reputation as a champion of human rights, make it useful the introduction of a wider category, the “stakeholders”. Stakeholders are “groups and individuals who can affect, or are affected by, the achievement of an organization mission”17. Clients and customers are, obviously, important stakeholders. Academia, media, think tanks, NGOs, churches or other religious bodies with official status, international organisations and, in some cases, even third countries, that, under certain circumstances, are also entitled to receive some EU intelligence products can be added to the list of intelligence stakeholders. Due to classification constraints, most external stakeholders have no real access to EU 20 intelligence products, although EU formal regulations on transparency18, as well as informal practices, give them some insight on how intelligence analysis is conducted in the EU19. The relationship between EU intelligence and its stakeholders works also in the other sense. Many stakeholders have access to very interesting information and, under certain conditions, may be ready to share it with EU bodies, including intelligence. Some of them may feel that by providing information they can, at least in some degree, influence the intelligence products and, through them, EU decision-making.

II. The Council Intelligence is frequently associated with security, so that EU intelligence mostly 21 works in support of the Common Foreign and Security Policy, as well as in the field of Internal Security (Justice and Home Affairs). In both cases, Member States retain their sovereign authority and decisions on common policies are adopted by the Council by unanimity. Even if only a few EU intelligence structures (the agencies) are directly subordinate to the Council, all of them have the Council structures as their reference client. Because, at the end of the day, the institution in charge of adopting strategic decisions in the field of external and internal security is the Council and EU intelligence is necessarily strategic in nature. The European Council and, more often, the Council of the European Union in its 22 FAC (Foreign Affairs Council) and JHA (Justice and Home Affairs) configurations are at the top of the EU decision pyramid on intelligence matters. Positions and structures under the Council, such as the President of the European Council and his Cabinet, the Political and Security Committee or the regional and thematic working parties have regular access to the EU intelligence production, in written way as well as by means of oral briefings and presentations. In the field of Justice and Home Affairs, the Council’s Counter-Terrorism Coordinator, the COSI (Standing Committee on Operational Cooperation on Internal Security), the COTER (Working Party on Terrorism – International Aspects) and the TWP (Working Party on Terrorism) play a similar role as focal points for EU strategic counter-terrorist intelligence. The European Council, the Council of the European Union in its different configurations and, according to the 17

Freeman, Strategic Management: A Stakeholder Approach, Pitman, 1984, p. 52. Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents. 19 NGOs such as Statewatch (http://www.statewatch.org) have regularly reported on openness, secrecy and access to EU official documents, even of classified nature. 18

Palacios

209

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:13 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

established procedures, all the Council positions and bodies mentioned above can task the EU intelligence structures and receive support from them. 23 Decision-making is very complex in the EU, particularly when the unanimity of all Member States is required, as it is the case in CFSP and JHA. Building consensus is of paramount importance and, as a matter of fact, the Council bodies and officials are mostly focused in helping Member States to reach consensus. With national interests often diverging, consensus is made easier if a shared narrative, a common understanding of the relevant facts and their meaning, has already emerged and has been accepted by all Member States. Contributing to create this common understanding is maybe the most important of all functions performed by the different EU strategic intelligence structures in support of the Council. 24 A well-functioning decision-making process requires that all Member States are sufficiently and correctly informed. But intelligence is expensive, good intelligence even more expensive and an effective strategic intelligence system covering all the regions of the world where the EU has interests and on which EU bodies may be forced to take decision is beyond the reach of many EU Member States, except, perhaps, for a limited number of subjects of the highest national priority. As a Slovenian scholar has written, “an independent, neutral and objective analysis provided by the EEAS (INTCEN), and strongly advocated by the Slovenian MFA, would enable many Member States which do not have the capacity to invest in reporting and analysis on all EU policies, to be objectively informed when joining in decision-making processes. (…) With such independent information and analysis, decisions would be taken on the basis of informed consent and would lower the possibilities of a stalemate which otherwise occurs in such situations”20. In a similar line, former INTCEN Director Ilkka Salmi pointed out in December 2014 that “ambassadors from the bigger Member States will always have additional information. But at least they all have something – a common intelligence product – which they can count on”.21 This common intelligence product is made available to them by EU structures such as INTCEN22, EUMS INT23, EUROPOL and others (Section C).

III. EEAS 25

The Intelligence and Situation Centre (INTCEN) and the EUMS Intelligence Directorate (EUMS INT)24 are the two most conspicuous intelligence structures in the EU, and both of them are part of the European External Action Service. And, when eyes are turned to the planning and direction step of the intelligence cycle, the most important intelligence tasking and control arrangement in the EU, the Intelligence Support Architecture (ISA), was created by a decision of the High Representative25 and is chaired by her. In the frame of the Intelligence Support Architecture, an Intelligence Steering Board chaired by the High Representative or by the EEAS Executive Secretary 20 Lange, “Slovenia and the European External Action Service”, in: Balfour and Raik (ed), The European External Action Service and National Diplomacies, IPC 2013, p. 111. 21 Rettman, “EU intelligence chief: No way of checking if information came from torture”, EU Observer, 10 December 2014. 22 EU Intelligence and Situation Centre, previously known as Joint Situation Centre (SITCEN) and EU Intelligence Analysis Centre. 23 Intelligence Directorate (previously, Intelligence Division) of the EU Military Staff. 24 See Rauwolf, Intelligence in EU-led military missions and operations, Part 2 Chapter 4, in this volume. 25 HR decision of June 2012 establishing the organisation and functioning of the EEAS Intelligence Support Architecture.

210

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:13 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

General defines intelligence requirements, intelligence contributions to advance planning and priorities at the strategic level. According to the Article 2 of the Council Decision establishing the organisation and 26 functioning of the European External Action Service (26 July 2010), the EEAS supports the High Representative in fulfilling her mandate to conduct the Common Foreign and Security Policy. That is, the High Representative and the EEAS assist Member States to adopt strategic decisions, but, in practice, their specific role is of operational nature and it would seem logical that the EEAS intelligence structures would also be able to provide support at the operational level. This is an old ambition, dating back to the postHampton Court process (2006–2007)26 and it has never fully materialised. Intelligence support to CSDP missions and operations, as well as to operational diplomacy, would require improvements in the volume and sensitivity of the information provided by Member States, but also better access of the EEAS intelligence structures to all the information collected by other parts of the EEAS, in particular by EU Delegations. More staff with specific training would also be needed to process this growing amount of information and the dissemination system should allow a rapid and secure transmission of the produced intelligence to those in need of it. A lot has been done in that direction over the last few years, but the EEAS intelligence structures continue being far more effective at the strategic level than at the operational level. For the EEAS intelligence bodies, EU Delegations are providers of information, but 27 they are also their customers whenever the availability of secure communications so allows. The Delegations’ access to the EEAS intelligence production allows them to be more aware of the strategic discussions being conducted in the headquarters, which, in turn, may help them in their daily work. At the operational level the situation is even more complex. With very different schemes of interaction and levels of expectation, the heterogeneity of the EEAS staff and the existence in Europe of different intelligence traditions make it difficult to reduce relations between EEAS intelligence and the EU Delegations to a limited number of standardised cooperation patterns. Something similar could be said about civilian CSDP missions and operations. All of 28 them would be interested in receiving operational-level intelligence support from the headquarters, something that can be provided only in particular cases. The lack of sufficiently detailed and timely information inputs and the insufficient availability of secure communications systems in civilian missions are, probably, two of the problems hindering this process until now. In 2009 it was decided to create in the civilian missions small intelligence analysis cells (MAC)27 designed to enhance proactive situational awareness for the Head of Mission in theatre. According to the initial expectations, the MACs would allow missions to contribute more efficiently to the development of a common situational awareness shared with their chain of command and other EU actors, including the EEAS intelligence structures. Additionally, the MACs were meant to facilitate the sharing of information with non-EU partners in theatre as appropriate. Some of the missions that count or have counted with MACs in 26 The informal Hampton Court summit in 2005 opened the way for a rationalisation of crisis management structures within the Council Secretariat. The main results of the post-Hampton Court process were the creation of the Crisis Management Board and the Single Intelligence Analytical Capability, as well as the establishment of the Civilian Planning and Conduct Capability (CPCC). 27 Overarching principles for the establishment of an analytical Capability in Civilian ESDP Crisis Management Operations – Mission Analytical Capability (MAC) (Council doc. 15417/1/09 dated 6 November 2009)). Although the word intelligence was carefully avoided in the Overarching Principles on the establishment of MACs, the table of definitions appended to the Overarching principles included a series of standard intelligence definitions (with the word intelligence replaced by others, mostly by “analysis”), many of them directly taken from NATO’s AAP-6.

Palacios

211

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:14 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

their structure are EUPM (European Union Police Mission) in Bosnia and Herzegovina, EUMM (European Union Monitoring Mission) Georgia and EUCAP (European Union Capacity Building) Sahel Mali.

IV. The EU Commission The President of the European Commission, the Commissioner for the Security Union and the members of the RELEX group of Commissioners play important roles in the definition and implementation of EU policies, many of which have also an external dimension. At a lower level, the same could be said about such DGs such as NEAR (Neighbourhood and Enlargement), ECHO (Civil Protection and Humanitarian Aid Operations), DEVCO (International Cooperation and Development), ENER (Energy) or MOVE (Mobility and Transport), with intelligence support needs not significantly different from those of the EEAS. For this reason over the last few years, despite the very limited possibilities of the EU intelligence structures, the President of the Commission, a number of Commissioners and several DGs have gradually become important intelligence customers. 30 DG HOME and DG JUST are the main Commission structures in the field of Justice and Home Affairs. In particular, DG HOME, with a more practice-oriented profile, is an important intelligence customer in matters related to counter-terrorism and migration. EUROPOL and INTCEN are its main providers of counter-terrorist intelligence. On the other hand, FRONTEX, INTCEN and EUMS INT can supply DG HOME with intelligence of interest for understanding security-related aspects of the migration phenomenon. 31 Although the EU intelligence structures have not been designed for producing specialised economic intelligence, some of them have limited capabilities for economic intelligence analysis, particularly in areas such as energy or transportation and if the political dimension is important. EU INTCEN, EUMS INT and SATCEN are the main providers of this type of intelligence. 32 No specific intelligence structures are directly subordinated to the European Commission. For that reason, nothing similar to the EEAS Intelligence Support Architecture exists, or has ever existed, in the Commission. Representatives of the Commission are regularly invited to attend the meetings of the EEAS Intelligence Steering Board and, at least, DG HOME so always does. The Security Directorate of DG HR and other Commission bodies may request from INTCEN and EUMS INT specific intelligence products using a tasking mechanism approved by the Intelligence Steering Board. 29

V. EU agencies and other EU bodies EU agencies can also be important customers for some of the EU intelligence structures. The support they receive depends, mostly, on their specialisation. Agencies working in fields related to security are more likely to benefit from some degree of intelligence support. Until recently, the lack of appropriate facilities for handling classified information or the absence of secure communications with the headquarters and other EU facilities limited the possibilities of cooperation with structures such as INTCEN and EUMS INT that mostly produce classified intelligence. 34 One of the EU agencies, SATCEN, has primarily intelligence functions, in the particular field of interpretation of satellite imagery. SATCEN works in support to 33

212

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:14 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

INTCEN and EUMS INT, to the Council, to the EEAS and, in some cases, to EU Missions and Operations, other EU institutions and, with the approval of the Council, international organisations. At the same time, SATCEN is also a customer of other intelligence structures, such as INTCEN, EUMS INT and FRONTEX. The intelligence received from them allows SATCEN to better understand those bodies’ intelligence needs and provides SATCEN analysts with the context they need to interpret satellite images. EUROPOL’s and FRONTEX’s intelligence structures work primarily in support of 35 their own agencies, which are for them the priority clients. Both agencies also receive some intelligence support from other EU Intelligence structures, such as INTCEN, EUMS INT and SATCEN.

VI. Other EU customers The cooperation between the European Parliament and the EU intelligence struc- 36 tures is limited by the provisions of the Council and EEAS security regulations. The Director of INTCEN has sometimes attended sessions of different Committees and Subcommittees. In the past, INTCEN analysts have also provided security briefings to delegations of Members of the European Parliament travelling to countries of concern, at their request. The security services of the EU institutions can be intelligence customers in their own 37 right. This is particularly so if there is a credible terrorist threat against EU personnel and premises, in Brussels or abroad.

C. EU intelligence structures I. INTCEN28 The EU Intelligence and Situation Centre (EU INTCEN) is the main intelligence 38 structure in the EU. It was established in 2001 by the then Secretary General Javier Solana on the basis of a pre-existent Situation Centre, inherited from the Western European Union29. In the following years, under the direction of British diplomat William Shapcott, the EU Joint Situation Centre (SITCEN), which officially was a Directorate within Solana’s Cabinet, expanded rapidly. After the Madrid attacks of 2004 SITCEN incorporated a Counter-Terrorist Task Force, staffed with analysts 28 Some interesting works on European and EU intelligence, with special focus on INTCEN (SITCEN): Gruszczak, Intelligence Security in the European Union: Building a Strategic Intelligence Community, Palgrave McMillan 2016; Fägersten, “Intelligence and decision-making within the Common Foreign and Security Policy”, SIEPS, European Policy Analysis (2015); Nomikos, “European Union Intelligence Agency: A Necessary Institution for Common Intelligence Policy?”, in Koutrakou (ed.), Contemporary Issues and Debates in EU Policy: The European Union and International Relations , Manchester University Press, 2004, pp. 38–55; Cross, “The Limits of Epistemic Communities: EU Security Agencies”, Politics and Governance, Vol. 3, Issue 1 (2015), pp. 90–100; Müller-Wille, For our eyes only, Shaping an intelligence community within the EU, Occasional paper no. 50, EUISS, 2004; Hertzberger, Counter-terrorism intelligence cooperation in the European Union, UNICRI, 2007; Den Boer, “Counterterrorism, security and intelligence in the EU: Governance challenges for collection, exchange and analysis”, Intelligence and National Security, Vol. 30, No. 2–3 (2015), pp. 402–419; Kaunert and Léonard, European security, terrorism and intelligence: Tackling new security challenges in Europe, Springer, 2013. 29 Report by the Secretary General/High Representative to the Council on Intelligence Cooperation (SN 4546/1/01 REV1), dated 15 November 2011.

Palacios

213

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:15 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

seconded by European security services. With the time, SITCEN became a rather complex organisation, with elements specialised in intelligence analysis, early warning and alerting, support to CSDP missions, open sources processing, consular support, communications, security accreditation and other. SITCEN proved in practice to be a very flexible structure, able to assume different tasks and activities more or less related to secrets, to information or to both. When Solana’s mandate expired in late 2009, SITCEN consisted of three Units (Analysis, Operations and Communications/Consular Affairs), with an overall staff of more than 100, including EU officials and seconded national experts. 39 In January 2011 the EU INTCEN joined the just created European External Action Service. In the process, it lost the staff supporting the Council’s Security Accreditation Authority, but it absorbed the Commission’s Crisis Room, a small team specialised in crisis response and open sources intelligence belonging until then to DG RELEX (External Relations). Under the new Director, the Finn Ilkka Salmi, SITCEN reorganised in order to focus more on what was then understood to be its main function: intelligence analysis. In the summer of 2011, part of the EU SITCEN split to form the EU Situation Room and the Consular Crisis Division, both attached to the new Department for Crisis Response and Operational Coordination, headed by Dr. Agostino Miozzo, while the rest of SITCEN was reorganised into two Divisions (Analysis, and General and External Relations). In order to better reflect its new focus, in March 2012 SITCEN was renamed the EU Intelligence Analysis Centre (INTCEN). Between 2012 and 2015, the EU INTCEN counted around 70 people, 30 of them seconded by Members States’ Intelligence and Security Services30. 40 After the EEAS reorganisation in the summer of 2015, INTCEN recovered the Divisions it had lost four years earlier. Under a new name (EU Intelligence and Situation Centre), but keeping the same acronym, the EU INTCEN now comprises four Divisions: Intelligence Analysis, in charge of strategic intelligence analysis, both in the field of foreign and internal security intelligence; Open Source Intelligence, in charge of processing open sources; Situation Room, in charge of situation monitoring, and Consular Crises Management, in charge of helping Member States and the Union to provide appropriate assistance in the case of consular crises. With a different organisation and a reinforced analytical branch, the new INTCEN covers now most of the areas it used to cover under Solana. Since early 2016, INTCEN’s Director is Dr Gerhard Conrad, a career officer with the BND (German foreign intelligence agency). 41 Initially, the intelligence-related role of the Joint Situation Centre consisted in producing strategic intelligence analysis for the Secretary General and the Council’s structures (particularly, for the Political and Security Committee – PSC –) on the basis of information and analyses received from Member States’ intelligence agencies, EUproduced information and open sources. Very soon (2005), a counter-terrorist dimension was added and a close cooperation with Member States’ internal security agencies was established. As a British official explained in 2005 to the House of Commons: “The EU Joint Situation Centre (SITCEN) monitors and assesses events and situations worldwide on a 24-hour basis with a focus on potential crisis regions, terrorism and Weapons of Mass Destruction proliferation. The SITCEN also provides support to the EU High Representative, Special Representatives and other senior officials, as well as for EU crisis management operations”31. Ten years later, according 30 According to Ilkka Salmi. See Clerix, “Ilkka Salmi, the EU’s spymaster”, MO, 4 March 2014. Retrieved from http://www.mo.be/en/interview/ilkka-salmi-eu-s-007 (22 January 2017). 31 Clarke, Written Answer to Questions, 27 June 2005: column 1248W.

214

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:15 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

to the INTCEN Factsheet32, the Centre’s mission remains almost the same, with considerable emphasis being made now on the “exclusivity” of the information that INTCEN is able to provide, thanks to its privileged relation with the Member States’ intelligence and security services: – to provide exclusive information that is not available overtly or provided elsewhere; – to provide assessments and briefings and a range of products based on intelligence and open sources; – to act as a single entry point in the EU for classified information coming from Member States’ civilian intelligence and security services; – to support and assist the presidents of the European Council and Commission “in the exercise of their respective functions in the area of external relations. SITCEN was not primarily conceived as a sort of “intelligence hub” allowing an 42 easier exchange of intelligence products between Member States intelligence services. National security was, and is still, a reserved domain of Member States as underlined by Article 4 (2) TEU and they decide by themselves how to coordinate the work of their respective intelligence organisations. The creation of SITCEN was more an attempt to provide Javier Solana with the necessary intelligence support to allow him to perform his duties as High Representative. Those duties being of strategic nature, the kind of intelligence support Solana needed was also essentially strategic. The initial hope was that SITCEN could provide Solana with the consensus assessment of the European intelligence community, and, armed with this “consensus on the facts and tendencies”, the High Representative could more easily assist Member States to reach political consensus among themselves. At the time, some of the underlying assumptions were that: – Member States possessed significant intelligence capabilities; – to a certain extent, Member States’ capabilities were complementary (regional and thematic specialisation); – Member States would be ready to share with the EU a large part of what they knew; – better situation awareness and better understanding would necessarily translate into more efficient decision-making at EU level. SITCEN/INTCEN never had any clandestine collection capability of its own. 43 Although from the very beginning SITCEN was designed as an “all-sources” strategic analysis centre, it always stressed that its ability to reach to Member States’ intelligence agencies and receive from them sensitive information was what made it different from other analytical bodies in the EU institutions. SITCEN/INTCEN does not have either intelligence operatives or intelligence liaison officers around the world, in particular in EU Delegations. Although, exceptionally, SITCEN/INTCEN staff has been deployed for limited periods of time to EU Delegations and Missions, the Centre has been always very reluctant to explore the “grey area” of what could be labelled as “human collection” (HUMINT)33, even if conducted by non-clandestine means. Finally, it has no mandate to collect and database personal data34. SITCEN was established as a purely analytical centre and, despite its natural growth, internal reorganisations and changes in the reporting lines, fifteen years later the current INTCEN remains so. Initially, SITCEN was meant to support the Council’s Secretary General Javier Solana, 44 but also the Council itself and its working bodies. In practice, with the growth of its staff 32 A version of the Factsheet dated 5 February 2015 can be retrieved from the Statewatch site: http:// statewatch.org/news/2016/may/eu-intcen-factsheet.pdf (accessed 17 July 2017). 33 For a detailed discussion of the different intelligence collection disciplines, see Omand, Means and Methods of Modern Intelligence and their wider Implications, Part 1 Chapter 2, in this volume. 34 Rettman, Op.cit.

Palacios

215

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:15 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

and the expansion of its missions, SITCEN started providing support to other EU structures, in particular to the European Commission. The Council Decision establishing the EEAS placed SITCEN under the direct authority of the High Representative, although, in practice the operational control over SITCEN (INTCEN) fell on the shoulders of the EEAS “number two”, the Executive Secretary General. Apart from working for the High Representative and the EEAS structures, SITCEN (INTCEN) continued disseminating its products to a wide array of EU consumers, including the President of the Council, the President of the Commission, the Council and its working bodies, several Commission DGs, etc. In the field of Counter Terrorism, the CounterTerrorism Coordinator35, DG HOME, COSI, TWP and COTER are some of the main users of INTCEN intelligence. After the EEAS reorganisation of the summer of 2015, INTCEN’s work is coordinated by the Deputy Secretary General for CSDP and Crisis Response Operational Coordination, although the Centre continues sending written products and offering oral briefings to the same customers it used to serve until then. 45 SITCEN (the original name of INTCEN, until 2012) was established as a strategic analytical service and has mostly worked at that strategic level during its fifteen years of existence. Its main clients and customers (Member States’ Ambassadors, President of the Council, President of the Commission, High Representative, individual Commissioners, Counter Terrorist Coordinator, etc.) are strategic players and SITCEN/INTCEN’s flagship products are designed to support decision-making at strategic level. Typically, SITCEN/INTCEN analyses are periodic (frequently, six-monthly) or ad-hoc general assessments of the situation, with medium/long term estimates of its possible evolution. On a number of occasions, SITCEN/INTCEN has also tried to offer some intelligence support to certain EU operational activities, such as the conduct of CSDP missions or what could be called “operational diplomacy”36. However, there was always a problem with the kind of information that SITCEN/INTCEN possessed, as well as with the time necessary to receive new information if needed. Without any collection means of its own, SITCEN/INTCEN has always been very dependent on the information provided by Member States. An information which frequently arrived late and was too general for being useful at the operational level (for years, EU intelligence managers have spoken about a “gap” between supply and demand for this kind of information). As a result, William Shapcott had to admit in 2011 in the House of Lords that SITCEN could not go very far in that direction. 46 In 2006, in the framework of the post-Hampton Court process, the High Representative Javier Solana, proposed the establishment of a more effective situation and risk assessment capacity, combining the possibilities of the existing civilian and military intelligence assets. The idea was to bring together, in a functional way, the analytical capacities of both the EU Situation Centre (SITCEN) and EUMS INT, thus benefiting from a wider knowledge base for producing enhanced and more reliable intelligence. The Single Intelligence Analysis Capacity (SIAC) arrangement was signed the same year. Ever since, SITCEN and EUMS INT have been working in close cooperation to provide wide ranging all-source intelligence products. According to this arrangement’s provisions, one of the SIAC components is always taking the lead in the production process for a specific task. 35 See Kerchove/Höhn, The role of European Intelligence in Countering Terrorism, Part 2 Chapter 2, in this volume. 36 In diplomacy the “operational level” is “the level in foreign policy communities where practitioners plan, design, and conduct diplomacy to achieve objectives in the strategic national interest”. Ten Principles of Operational Diplomacy: A Framework by Paul Kreutzer, retrieved from http://adst.org/tenprinciples-of-operational-diplomacy-a-framework/(17 July 2017).

216

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:16 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

The INTCEN experience had unintended consequences for the functioning of the 47 European (largely informal) intelligence community. The fact that representatives of foreign intelligence and security services from different Member States were working together under the same roof, in close cooperation with their military counterparts, made INTCEN a natural place for meeting and, in some cases, for exchanging information, for helping each other. Over the last few years, INTCEN has been frequently referred to as the “EU intelligence hub” and this is a role that INTCEN has been increasingly willing to play. For intelligence and security services, INTCEN was an interesting, although indirect, channel of participation in EU-level decision-making. For officials in the EEAS and other EU institutions, INTCEN was a gateway to the unknown world of the secret services, an intermediary that could give them some access to the treasure trove of classified information generated by the EU intelligence community. As a distinguished former EEAS diplomat used to say, “soldiers talk to soldiers, spooks talk to spooks…”. INTCEN is a very small intelligence asset, unable to work autonomously in all steps 48 of the intelligence cycle. First, the direction step is in the hands of a body external to INTCEN, the Intelligence Steering Board, chaired by the High Representative. Secondly, INTCEN does not have any specific collection capability of its own. Concerning the third step of the cycle, INTCEN has some limited possibilities to process information, with its main focus being on analysis. Finally, INTCEN, together with the EUMS INT, is able to decide on the dissemination of the SIAC production, on the basis of the instructions adopted by the Intelligence Steering Board or guidance received from the High Representative. For the dissemination of written intelligence products, the SIAC bodies rely on the assistance of the classified information services (registries) of the EEAS and other EU institutions.

II. EUMS INT37 The European Union Military Staff (EUMS) was established by Council Decision of 49 22 January 2001 as a Council Secretariat department subordinate to the European Union Military Committee (EUMC)38. Under the EUMC guidance, EUMS main initial mission was to support the Military Committee in situation assessment and military aspects of strategic planning. This concerned the full range of Petersberg tasks39, including all EU-led operations. Directly attached to the Secretary-General/High Representative, the EUMS was also meant to provide support, upon the request of the Secretary General/High Representative or the Political and Security Committee (PSC), to temporary missions in third countries or to international organisations. In the field of intelligence, it was established that, as regards crisis management, the EUMS would request and process specific information from the Member States’ Defence Intelligence Organisations and other available sources. The EUMS was originally structured along classical military lines, with five divisions: Policy and Plans; Intelligence; Operations and Exercises; Logistics and Resources; and Communications, Information, and Security40. 37 For more details see Rauwolf, Intelligence in EU-led military missions and operations, Part 2 Chapter 4, in this volume. 38 Council Decision of 22 January 2001 on the establishment of the Military Staff of the European Union (2001/80/CFSP). 39 See Masala/Scheffler/Corvaja, NATO Intelligence and Common Foreign and Security Policy, Part 2 Chapter 5, in this volume. 40 For details on the establishment of EUMS INT, see ANTUNES, “Developing an Intelligence Capability. The European Union”, in Studies in Intelligence, Vol 49, No. 4 (2005), pp. 65–70.

Palacios

217

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:16 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

In 2005 a new Council Decision41 reformed the EUMS in the light of the experience acquired during its first four years of functioning. In particular, the Council Decision clarified the strategic planning orientation of its activities when it defined EUMS missions as “to perform early warning, situation assessment and strategic planning for missions and tasks referred to in Article 17(2) of the Treaty on European Union, including those identified in the European Security Strategy”. Two of those three missions (early warning and situation awareness) were very closely related to the production of intelligence. Among the tasks defined in the Council Decision, it was specified that the EUMS “monitors potential crises by relying on appropriate national and multinational intelligence capabilities”. The Decision also included an organisation chart, where an Intelligence Division composed of three branches was identified. 51 A third Council Decision42 introduced in 2008 new changes, with Divisions being renamed as Directorates. On 1 January 2011, the EUMS was transferred to the new European External Action Service. At that time, the missions of EUMS INT were defined as “to provide Early Warning and Situation Assessment, to contribute to Advance Planning and to provide Intelligence for Crisis Response Planning, Operations and Exercises”43. EUMS INT was, thus, supposed to offer the whole range of intelligence services, from strategic assessments to operational level inputs, although its very limited means did not match such ambitious objectives. Usually, it does so by working closely together with INTCEN within the SIAC framework. EUMS INT part in this joint venture had been both to contribute military expertise to SIAC joint products and to take the lead for products of typical military nature, as it has been in Georgia (2008), Ukraine (2014), Syria (since 2011), etc. Apart from contributing to the common intelligence function the work of its analysts and the information received from Member States’ Defence Intelligence Organisations, EUMS INT Policy Division is in the lead for developing concepts and regulations for the whole EEAS Intelligence Support Architecture. 52 EUMS INT attaches a great importance to the relations with Member States’ Defence Intelligence Organisations. The EU military intelligence structure does not have its own collection capabilities and depends almost entirely on Member States’ intelligence contributions. Its work is based on the Co-operation Framework Arrangement for Intelligence Support to the EU (CFAIS), an informal agreement between EUMS INT and national Defence Intelligence Organisations, which provides the basis for intelligence exchange. This arrangement helps Member States to have a good understanding of the EU intelligence requirements and current intelligence gaps, and EUMS INT to obtain a good knowledge of the possibilities and problems of Member States. To facilitate this shared situational awareness, for years the Policy Branch had been organising Intelligence Directors Conclaves (IDC), annual meetings allowing informal exchanges on EU intelligence matters between the directors of Defence Intelligence Organizations in the Member States and the EU Military Staff. “In 2013, the IDC became the Co-operation Framework Arrangement for Intelligence Support to the EU (CFAIS), a forum where the heads of military intelligence services of EU Member States enter into binding agreements on intelligence support provided by the European Action Service, particularly for EU missions”44. 50

41 Council Decision 2005/395/CFSP of 10 May 2005 amending Decision 2001/80/CFSP on the establishment of the Military Staff of the European Union. 42 Council Decision 2008/298/CFSP of 7 April 2008 amending Decision 2001/80/CFSP on the establishment of the Military Staff of the European Union. 43 Haag and Bernardo Anaya, “The first ten years of military Intelligence Support for the work of the EU”, in Impetus 11 (Spring/Summer 2011), pp. 8–9. 44 Netherlands Defence Intelligence and Security Service, 2013 Annual Report, p. 18.

218

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:16 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

III. EUROPOL45 EUROPOL is the law enforcement agency of the European Union46. Although it has 53 existed in different organisational forms since 1994, it was not until January 2010 when it was transformed into a EU agency by the Council Decision of 6 April 2009 establishing the European Police Office (Europol) (2009/371/JHA)47. The mission of EUROPOL is “to support and strengthen action by the competent authorities of the Member States and their mutual cooperation in preventing and combating organised crime, terrorism and other forms of serious crime affecting two or more Member States” (Article 3). Three of its defined tasks (Article 5) fall directly in the field of security or criminal intelligence: – to collect, store, process, analyse and exchange information and intelligence; – to provide intelligence and analytical support to Member States in connection with major international events; – to prepare threat assessments, strategic analyses and general situation reports relating to its objective, including organised crime threat assessments. There is a certain overlap between EUROPOL and INTCEN tasks and products, 54 particularly in the field of Counter-Terrorism. Clients show a clear preference for having a single consolidated version on every important subject and have repeatedly asked EUROPOL and EU INTCEN to work together. As a result, both structures cooperate regularly, although institutional rivalries between police forces and security services in some Member States, as well as the different attitude towards secrecy and national legal restraints in view of protection of personal data have precluded until now a deeper and more intense cooperation. INTCEN has an important role in several reports produced yearly by EUROPOL in 55 cooperation with national law enforcement agencies: the Terrorism Situation and Trend Report (TE-SAT), the Serious and Organised Crime Threat Assessment (SOCTA) and the Internet Organised Crime Threat Assessment (IOCTA). Apart from that, EUROPOL also publishes non-periodic analysis, generally without INTCEN participation48. Many of those reports are unclassified and can be easily accessed by stakeholders other than the EU institutions and Member States governments, which increases their impact on public opinion. For the SIAC bodies, INTCEN and EUMS INT, secrecy is a requirement of national security and a necessary characteristic of the work of intelligence organisations. For EUROPOL, however, secrecy very often has the function of safeguarding privacy and protecting the integrity of criminal investigations. This important difference in the respective professional cultures of INTCEN and EUMS INT, on the one hand, and EUROPOL, on the other, makes it sometimes difficult for those structures to cooperate as intensely as their common political masters would wish. 45 Gruszczak, Intelligence Security in the European Union: Building a Strategic Intelligence Community, Palgrave McMillan, 2016, P. 172 et seq. 46 For more details see: Ryder, European Criminal Intelligence, Part 3 Chapter 3, in this volume. 47 In 2016 the Council Decision of 2009 was replaced by a new Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/ 934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA. 48 As an example of this kind of products, the reader can access the report Changes in Modus Operandi of Islamic State (IS) revisited, released in November 2016. As many other EUROPOL products, this report is unclassified. https://www.europol.europa.eu/publications-documents/changes-in-modus-operandi-ofislamic-state-revisited (Read: 7 January 2017).

Palacios

219

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:17 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

IV. SATCEN 56

57

58

59

60

The European Union Satellite Centre (EU SATCEN) is a EU agency specialised in interpreting satellite imagery as well as geospatial intelligence in support of EU decision-making, particularly in the field of CFSP. It was founded in 1992 as the Western European Union Satellite Centre and incorporated as a EU agency in 200249. In June 2014, a Council Decision modified SATCEN’s mission, enlarging the list of potential users in order to align it with the recent evolution of CSDP50. The Centre is located in Torrejón de Ardoz, near Madrid (Spain). SATCEN has no collection capabilities of its own and its primary sources of imagery are commercial providers. By agreement with some Member States, it can also make use of governmental imagery: Helios-2 (France, Belgium, Spain, Greece), SAR-Lupe (Germany), COSMO-SkyMed (Italy) and Pléiades (France). Contextual information (basic intelligence, political situation, etc.) is obtained from open sources or provided by EU intelligence structures, other EU institutions and agencies and, exceptionally, by external partners51. In 2015, SATCEN released 1348 products of various levels of classification to a large community of customers. Its main partners, the EU Military Staff, the EU Intelligence and Situation Centre (INTCEN) and the Civilian Planning and Conduct Capability (CPCC), belong all to the EEAS. Other important customers are CSDP missions and operations, the European Commission and some EU agencies (particularly, FRONTEX). Third states and international organisations like the United Nations, OSCE and the Organisation for the Prohibition of Chemical Weapons (OPCW) can also request the support of the Centre. All Member States receive the whole of SATCEN production, which is particularly important for smaller countries, unable to operate similar facilities of their own. Over the last few years, demand and production have been steadily rising, as a result of the intensification of Member States tasking as well as the request for support to international organisations. SATCEN describes itself as a “unique operational asset”52 and is, indeed, stronger at the operational than at the strategic level. SATCEN’s reports in support of strategic intelligence are usually produced at the request of the SIAC bodies (INTCEN and EUMS INT). Those reports are crucially important in the field of counter proliferation and may also be useful when some verification of the situation in the field can have strategic value. At a lower level, some good examples of SATCEN’s operational production are the analyses of military activity and equipment to support the OSCE Special Monitoring Mission to Ukraine (SMM Ukraine), or the monitoring of coastal activity and external border activity related to the migration crises (in support of FRONTEX)53. SATCEN is an intelligence structure specialised in the processing step of the cycle. A cycle that works independently from those in the EEAS or EUROPOL, although it is loosely connected to them. The Direction step is in the hands of the SATCEN board 49 Council Joint Action of 20 July 2001 on the establishment of a European Union Satellite Centre (2001/ 555/CFSP). 50 Council Decision 2014/401/CFSP of 26 June 2014 on the European Union Satellite Centre and repealing Joint Action 2001/555/CFSP on the establishment of a European Union Satellite Centre. 51 For more details on SATCEN, please see EU Satellite Centre, Annual Report 2015, Publications Office of the European Union 2016, p. 10. 52 Ibidem, p. 9. 53 Ibidem, p. 14–15.

220

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:17 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

that approves its annual long-term working programme. Additionally, the High Representative can also authorise SATCEN to provide services to customers outside the CFSP frame if the Centre has enough resources for it. In some cases, but not always, SATCEN products feed the SIAC analytical process. SATCEN products are relatively easy to use by the EU for the purposes of strength- 61 ening international cooperation. Some of the reasons are: – Products are based on commercial imagery and can usually be released at unclassified or EU Restricted level, which makes it easier to share with outside partners; – SATCEN products can be made available very quickly, which represents a comparative advantage in the rapidly evolving situations typical for CFSP and, particularly, CSDP. Because of the necessity of requesting and receiving specific Member States’ contributions, the reaction time for the SIAC bodies, INTCEN and EUMS INT, are usually much longer; – SATCEN products do not contain political analysis, so that SATCEN is not perceived as a potential competitor by the policy-making community in the EU institutions and Member States.

V. FRONTEX FRONTEX is a EU agency with headquarters in Warsaw (Poland) and has been in 62 existence since 200454. Border control is the exclusive responsibility of Member States, and FRONTEX role consists in building the capacity of Member States in areas related to border control (training, best practices), as well as in providing them with additional human and technical means whenever a crisis situation develops in such a way that the national resources of a given country (or group of countries) are insufficient to cope with it. Although intelligence is not at the centre of FRONTEX activities, the agency produces intelligence in support of its own operations, of Member States and of the EUlevel decision-making in matters related to border control. At the strategic level, FRONTEX contributes to the EU-wide situational awareness 63 and risk analysis in the field of border control55. Once an area of weakness in relation to the management of the EU external border has been identified, FRONTEX provides advice on how this weakness could be remedied. FRONTEX brings together the information collected by its own means and information received from a wide range of different partners: EU agencies (particularly, SATCEN and EUROPOL), other members of the EU family (DG HOME and other parts of the European Commission, EEAS, EASO, EUROSTAT, etc.), border authorities of Member States, non-EU countries, international organisations (UNHCR, IOM, EUROPOL), think tanks, academia and the media. A large proportion of FRONTEX strategic products are unclassified and freely available. At the operational level, FRONTEX pays attention to the daily developments in the 64 areas of its joint operations at the external borders. Information collected by its own means is supplemented by information contributed by Member States’ coordination 54 A new legal regulation for FRONTEX was adopted in 2016. See Regulation (EU) 2016/1624 of the European Parliament and of the Council of 14 September 2016 on the European Border and Coast Guard and amending Regulation (EU) 2016/399 of the European Parliament and of the Council and repealing Regulation (EC) No 863/2007 of the European Parliament and of the Council, Council Regulation (EC) No 2007/2004 and Council Decision 2005/267/EC. 55 See, for instance, “Council conclusions on migrant smuggling”, 10 March 2016. http://www.consilium.europa.eu/en/press/press-releases/2016/03/10-council-conclusions-on-migrant-smuggling/(read 2 August 2016).

Palacios

221

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:18 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

centres, third countries, international organisations and media. In some occasions, intelligence produced by SATCEN may be of crucial importance in support to FRONTEX operational activities. 65 FRONTEX intelligence cycle is self-standing. Because of classification problems, FRONTEX has difficulties to receive information from other EU intelligence bodies, such as INTCEN and EUMS INT. On the other hand, personal information collected by FRONTEX can be shared, with the appropriate safeguards and guarantees, with EUROPOL, but not with the SIAC bodies (INTCEN and EUMS INT), whose mandate does not cover personal investigations. INTCEN Director has repeatedly stated that the Centre is not collecting nor storing personal data. Currently (2016–2017), FRONTEX and EUNAVFOR MED operation SOPHIA are sharing personal information in the framework of the fight against illegal migration to Europe. A liaison position has been established to that end.

VI. EU ISS The EU Institute for Security Studies (EU ISS) was set up as an EU agency in 2002 and is based in Paris. The Institute had been originally established in 198956 with the aim of stimulating academic research on European security. Currently, its activities are regulated by the Council Decision 2014/75/CFSP of 10 February 2014 and one of its main missions is the “conduct of policy-oriented analysis, information, dissemination and debate”, in particular by becoming the natural “interface between the Union institutions and the world of external experts, including security actors”. 67 The EU ISS does not consider itself an intelligence asset, although its production contributes to a significant degree to the EU strategic situation awareness and strategic early warning. As Björn Fägersten has rightly pointed out, the EU ISS carries out longterm analyses, which is one of the main tasks of strategic intelligence. Furthermore, since Director Dr. Antonio Missiroli, assumed office in 2012, the EU ISS has made an effort to attune its analysis closer to the needs of the CFSP main actors, in particular, the EEAS57. The EU ISS has participated in the development of the EU Global Strategy58, published strategic reports (six in 2015, seven in 2016, for instance) and an important number of shorter-term briefs and alerts. Its products are unclassified and, what would not be usual in the intelligence world, target the international expert community as well as public opinion at large. But the EU ISS can also work more directly in support of EU institutions (on cyber capacity-building, hybrid threats, and the strategic environment, for instance). By organising seminars, workshops and other similar activities, it can transmit their analyses to the institutions in a non-conventional, but rather modern and effective way59. 66

VII. A WIDENED COMMUNITY 68

At the strategic level, intelligence is almost synonymous with “sense making”. EU decision-makers not only take advantage of the production of the EU intelligence 56 Décision ministerielle rélative à la création d’un “Institut d’Études de la Securité de l’UEO”, Bruxelles, 13 November 1989. http://www.cvce.eu/content/publication/2008/6/30/393ce01a-b38a-412fbed4-cba6e62862dc/publishable_fr.pdf Read 3 August 2016. 57 Fägersten, “Intelligence and decision-making within the Common Foreign and Security Policy”, SIEPS, European Policy Analysis (2015), p. 4. 58 Missiroli (ed), Towards an EU Global Strategy, EUISS, 2015. 59 See EU Institute for Security Studies, 2015 Activities Report, EUISS 2015, pp. 7–8.

222

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:18 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

structures, but also of many other EU means that contribute to make sense of apparently contradictory information in complex situations. The European Societal Security Research Group (Stockholm University, Swedish National Defence College, etc.) keeps track of (hopefully) all EU sense-making systems and in the summer of 2016 counted as many as 84 of different institutional affiliation. Many other bodies, which are not linked institutionally to the EU, but, nevertheless, help to shape the perceptions of EU decision-makers could also be added. Newspapers, opinion leaders, blogs, journals, think tanks, lobbies… all of them are part of what could be called the “EU expanded intelligence community”. EU institutions are aware of the existence of this alternative “expanded community” 69 and the important role that some of its members play in strategic decision-making. Different outreach programmes try to associate elements of the expanded community to the official assessment process and to establish collaborative relations to the benefit of all participants. As an example, the EU Conflict Early Warning System60 was developed with the engagement of academics, analysts and civil society organisations. Working together may be relatively simple in some cases, but it becomes more difficult when cooperation implies some degree of access by external partners to classified information. Given that intelligence structures such as INTCEN or EUMS INT mostly work in a classified environment, cooperation with academic institutions and other civil society partners is mostly unilateral, with outsiders contributing their knowledge and hoping to obtain in exchange some degree of indirect influence on EU decision-making. In this section the different elements of the EU intelligence community have been 70 sketched out. A community that does not formally exist, but is nonetheless able to effectively perform intelligence functions in support of EU strategic decision-making and, in an imperfect way, to the benefit of operational activities of particular EU institutions and agencies61. A loosely structured community without fixed membership, common rules of the game or a conceptual base accepted and respected by all. A community where the existence of a common strategic client, the Council, is the main element of cohesion.

D. Perspectives of EU intelligence I. A question of models As it has been seen in the previous sections a multiplicity of intelligence structures 71 (or, to be more precise, of structures which can carry out intelligence functions) give support to different EU actors involved in decision-making at strategic level. And now it could be hypothesised that the intelligence support system’s architecture is in some way related to the institutional architecture of the Union and to the formal and informal rules by which decisions are made. Given that European construction is still work in progress, that institutions and procedures are in continuous evolution, it could be asked how this ever changing environment is influencing and may influence in the future the role of intelligence in the EU, as well as the way intelligence support is organised in 60 European External Action Service, Factsheet EU Conflict Early Warning System, September 2014. Retrieved from https://eeas.europa.eu/sites/eeas/files/201409_factsheet_conflict_earth_warning_en.pdf (18 February 2017). 61 For a more detailed explanation of this argument, please see Gruszczak, Intelligence Security in the European Union: Building a Strategic Intelligence Community, Palgrave McMillan 2016.

Palacios

223

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:19 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

order to better assist EU clients and customers. This big question can be split into some more precise ones: – Is intelligence widely accepted in the EU as a useful tool in support of policy making and policy implementation? – Can national models of intelligence organisation and management be easily adapted for their use in the EU? – In particular, is the model of “intelligence community”, which has existed in the US for decades and has been more recently adapted by some EU Member States, an effective way of managing diversity at EU level? – If so, should a future EU intelligence community replicate the institutional architecture of the EU in order to better adapt to the structure of the EU decision-making system? – Should EU intelligence exist only at the strategic level? Alternatively, do institutions have any room for developing operational and tactical-level intelligence structures in the frame of the Treaties? – Is it possible and necessary to form an EU-wide single intelligence agency? If so, how would such a single agency look like? 72 The concept of intelligence has been gradually accepted in the European institutions. It is true that for years there was some resistance in EU circles to use the “i-word”, probably because of its perceived close association with clandestine collection and cover action. Intelligence was something that could be practised by Member States, something the results of which should be shared with other Member States and with the institutions, but definitely not an activity in which EU institutions could be directly involved. In a report to the European Council issued on 15 November 2001 (the “foundational act of SITCEN”)62 the then High Representative Javier Solana referred to intelligence precisely in this sense, as sensitive material produced by Member States that European institutions would like to be allowed to use, not as something the institutions would aspire to elaborate themselves. And for years the main EU civilian intelligence body, the EU Situation Centre, was mostly seen by many decision makers as a sort of fusion centre, where contributions from Member States were collated and synthesised. The very name of this body, EU Situation Centre, did not include the word intelligence and suggested that the Centre’s main function was situational awareness. This started to change in the last years of Solana’s incumbency and has continued changing after the establishment of the EEAS in 2011. The EU Situation Centre was renamed EU Intelligence Analysis Centre (2012) and, later, EU Intelligence and Situation Centre (2015). Intelligence matters have been included in the EEAS common training programme and the word “intelligence” can be found regularly in the Council documents. Intelligence has been finally accepted as an important tool in the toolbox of European construction. 73 Once the idea that intelligence has an important role to play in support of EU-level decision making has been generally accepted, the question arises as in which way this intelligence support can be best organised. And, in principle, two main models are possible. A single intelligence agency with a legal status similar to that of other EU agencies (EUROPOL, FRONTEX, etc.) could eventually be created. This is a possibility that has been often raised, particularly by medium and small Member States after a serious geopolitical crisis or a particularly vicious terrorist attack63. Alternatively, a 62 Report by the Secretary General/High Representative to the Council on Intelligence Cooperation (SN 4546/1/01 REV1), dated 15 November 2011. 63 Guy Verhofstadt, the former Belgian Prime Minister, said in 2015 after the Charlie Hebdo attack that the EU should “create a fully-fledged EU intelligence agency, a Eurintel. (…) In all major terrorist

224

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:19 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

formal or informal community could play a similar role, which would have some advantages and disadvantages. This community could be built around a coordinating body (maybe around one component endowed with coordinating functions) or could be organised as a network where the nodes are not arranged hierarchically. Most big and some medium-sized democratic countries adhere to the community model, as it shows good cost-effectiveness and adapts well to the complexity of democratic decision making. In any case, in the same sense as the EU is a new type of international subject, which behaves in the international arena in ways different from those used by national states, it is very questionable whether in the field of intelligence organisational models taken from national experience can also be useful at EU level. If intelligence is a service provided to decision makers, it could maybe be expected that every important decision maker will have its own intelligence support and that the EU-wide intelligence system (community) will replicate, to a certain extent, the structure of the EU decision-making process. Needless to say, the landscape will look differently depending on the height of the 74 observation. The lower one flies, the easier it will be to find a suitable model. At tactical level, some departments can establish their own intelligence units, that is, units specialised in processing information to create knowledge, in the framework of their mandates and applicable legal rules. And they are doing so, although the “i word” is not necessarily used in the official names of such units. Particularly interesting, however, is the case of strategic intelligence. Because it is precisely at the strategic level where a real EU-wide decision-making system exists. In the rest of this section focus will be precisely on the strategic level of EU intelligence.

II. A EU intelligence agency? The idea of creating a EU intelligence agency is almost as old as the CFSP and 75 discussions on this issue have resurfaced every time Europe has been confronted with a major crisis affecting the security of the continent, such as those created by the recent terrorist attacks in Paris and Brussels, or by the massive influx of refugees from Africa and the Middle East. For the most radical European federalists, a common EU intelligence agency is a necessary component of the federal state they aspire to build or, at least, a step towards greater federalisation of Europe64. For some pragmatists, a EU intelligence agency would be an adequate answer to a number of challenges our societies are facing with increasing frequency, challenges across national borders requiring EUattacks over the past 10 years, the perpetrators were known, but we haven’t worked together as effectively as we could”. Nielsen, “No new mandate for EU intelligence centre”, in EU Observer, 6 February 2015. Retrieved from https://euobserver.com/justice/127352 (6 February 2015). Two years earlier, the EU Justice Commissioner Viviane Reding, a Luxembourgish politician, had said that “the Union should create its own intelligence service by 2020”. Rettman, “EU should create own spy agency, Reding says”, EU Observer, 4 November 2013. Retrieved from http://euobserver.com/justice/121979 (5 November 2013). 64 In September 2016 the Chairpersons of the Parliaments (Lower Chambers) of Italy, France, Germany and Luxembourg adopted a joint declaration under the title “Greater European Integration: The Way Forward”. In the declaration it was said that the Brexit offered “an opportunity to move forward with European political integration, which could lead to a federal union of States” and that the integration process “include all matters pertaining to the European ideal ‐ social and cultural affairs as well as foreign, security and defence policy”. Although intelligence was not explicitly mentioned, it was clearly covered by the reference to “security”. Retrieved from http://www.camera.it/application/xmanager/projects/leg17/ attachments/shadow_mostra/altro_file_pdfs/000/024/057/Rome_Conference_on_Europe_Declaration_ EN.pdf (18 July 2017).

Palacios

225

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:20 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

76

77

78

79

wide collective action65. Most such debates end with the conclusion that in the current institutional and political environment it is not possible to create a single intelligence agency for the EU. Very often the conclusion is even more radical. For many intelligence professionals, decision-makers and scholars the single intelligence agency will never be possible. And, perhaps, it will even be undesirable. As it has already been seen, the very concept of intelligence is unclear in Europe, so that it is not surprising that there is no generally accepted definition of what is an “intelligence agency”, what are its functions, organisation, dependence and authority. In practice, an intelligence agency is an organisation recognised as such by the law of its own country, by other intelligence agencies (through the establishment of bilateral relations or the common belonging to networks or clubs of intelligence agencies) or by the academic community. There are agencies such as the CIA that are able to work and deliver in all four/five steps of the intelligence cycle and also have the capacity to carry out covert actions. There are agencies without any covert action function, working exclusively in the field of information collection and knowledge building, but able to develop all the steps of the cycle. Finally, there are also agencies specialised in only one step of the cycle. In the US, for instance, the Bureau of Intelligence and Research -INR- is a purely analytical intelligence agency. Despite the enthusiasm of some politicians, EU officials and scholars, the intelligence professionals have generally been against the idea of a single EU intelligence agency, and the argument most frequently used by them is that, according to the Treaty on the European Union, as amended by the Lisbon Treaty of 2007, “national security remains the sole responsibility of each Member State” (Article 4(2)). But the Treaty itself does not define what should be understood under “national security”66 and national definitions, whenever they exist, are not necessarily identical67. In common use, the notion of national security mostly includes matters such as those related to the military defence from foreign powers, but also protection from espionage and particularly serious criminal activities, including terrorism. Today, the most extended interpretation of this legal provision, particularly among high-ranking European intelligence professionals, is that the Treaty on European Union effectively precludes the possibility of establishing a European intelligence agency in the future. In the current legal framework, it would be very difficult to create a European agency capable of collecting information by special or clandestine means. This type of collection requires adequate legal regulation and efficient mechanisms for judicial and parliamentary control. Particularly, but not only, concerning internal security intelligence. Such regulation, such mechanisms exist in the Member States, but not at the EU level. And within the framework of the current Treaty, it seems unlikely that they can be created. However, there should be no legal problem to establish under EU institutions, missions or agencies specialised bodies (units) for non- clandestine intelligence collection, processing and analysis. Such bodies can or cannot be labelled as “intelligence” depending on the definition of intelligence that we accept. A second important problem is that of the “client”, which, in EU conditions, is not always easy to identify. In national states, particular intelligence agencies do not support “the government” as a whole, but concrete participants in the decision-making process. 65

Viviane Reding’s and Guy Verhofstadt’s remarks (fn. 61) were made from a pragmatic perspective. Please see Sule, National Security and EU Law Restraints on Intelligence Activity, Part 4 Chapter 2, in this volume. 67 As a matter of fact, according to the findings of a study commissioned by the LIBE Committee (European Parliament), “the concept of ‘national security’ seems to be either absent from, or very loosely defined by, EUMS’ legal systems”. See Bigo et alt., National security and secret evidence in legislation and before the courts: exploring the challenges, DG HOME, p. 34. 66

226

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:20 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

In countries with only one intelligence or security agency, the “client” is usually at the top of the state hierarchy: the head of state or government. In more sophisticated government systems there may be several agencies each supporting a different top level decision-maker or government department. In the US, for instance, the CIA is primarily focused on producing intelligence for the President, the DIA for the Secretary of Defence, the INR for the State Secretary, and the CGI (Coast Guard Intelligence) for the Coast Guard. If we translate this approach to European conditions, we would find it difficult to establish an intelligence agency supporting the EU as a whole, or even its top-level decision-makers, simply because in such complex decision-making system as that of the EU, their identification would be highly problematic. The apex of the pyramid is occupied by the European Council, that is, by Member States that are already supported by their own intelligence systems. However, from this point of view there should be no major problem for establishing intelligence structures in the European External Action Service or the European Commission. Both institutions assist Member States to take decisions in matters related to European security (CFSP and Justice/Home Affairs, in particular) and have a leading role in their implementation. An intelligence body working directly for them would clearly improve the knowledge available to both, which should help them to perform their important role. In this sense, although it is clear that there is no EU-wide intelligence agency so far 80 and it seems very unlikely that it can be established any time soon, we already have several EU intelligence bodies. All the structures listed in Section C can be considered as such.

III. The EU intelligence community As it has been seen in the previous sub-section, creating a single intelligence agency 81 for the European Union is not really an option today. On the other hand, we have also seen that different EU actors already have what could be called “intelligence assets” at their disposal, or at least would be able to set them up. However, none of those assets is really autonomous, in the sense that none is able to develop by its own means all the four/five steps of the intelligence cycle (process). Then again, most of the existing intelligence assets (and those that could eventually be established) are relatively specialised and work mostly for the benefit of concrete stakeholders, rather than for the EU decision-making process as a whole. A EU-level intelligence community would eventually allow the whole of the EU to take advantage of all the existing intelligence assets and make them work in an integrated way, in support of a single and comprehensive decision-making process. Easier said than done, however, as having a wellfunctioning EU intelligence community requires to solve first a series of practical problems. To begin with, there is a conceptual problem and a problem with the model to follow. 82 In the same way as some people may reject the very idea of an entity such as the EU, which is not a nation-state, possessing its own intelligence agencies68, some others would argue that a real intelligence community is not conceivable outside the framework of the nation-state. According to this view, at the EU level there is, of course, intelligence cooperation (international cooperation), but there should not exist any real intelligence 68 Robert Gerald Livingston has written that “one reason for institutional tight-fistedness is that intelligence collection, analysis, and exchange remain the most proto-national of a country’s activities”. As cited by Dan Bisbee, “Sharing Secrets. Trends in European Intelligence”, retrieved from http:// danbisbee.blogspot.com/2004/01/how-much-intelligence-is-there-in.html (17 May 2012).

Palacios

227

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:20 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

community. Simply because the sense of common interest, the feeling of deep solidarity that makes mutual trust possible even in closed environments like the intelligence profession are achievable in a nation state, but not yet in a (still amorphous) supranational structure such as the EU. At the end of the day, this school of thinking would argue, the small EU intelligence assets are critically dependent on contributions from Member States’ agencies, and the latter have no other loyalty than to their own countries. In other terms, the EU common institutions cannot expect to receive from them any help other than what Member States themselves consider is in their particular interest. 83 Some elements of community do, however, exist. On the one hand, given that the European Council is the central institution of the European Union, decisions by the Council translate into tasks for the different members of the EU family (institutions, agencies…), including their intelligence assets. This ensures a certain coherence of the direction of intelligence activities at EU level. For instance, in the field of counterterrorism, the Council gave green light to the creation of a CT task force within SITCEN in 2004 and has institutionalised a system of strategic reporting with contributions by EUROPOL and INTCEN (SITCEN), under the lead of the former. At a lower level, the EEAS has created a sophisticated system (the Intelligence Support Architecture) to coordinate intelligence support, mostly in the field of CFSP. In its area of competence, DG HOME has also done similarly when it has defined methodologies for assessing money laundering, aviation security, etc, with intelligence contributions coming from INTCEN, EUROPOL, Member States and the financial intelligence units. Informally, the different EU intelligence assets share the kind of collaborative culture that characterises the institutions and, in a natural way, tend to cooperate among themselves and with other EU actors. 84 National intelligence agencies are an important part of the widened EU intelligence community and participate in different ways in the common work: – Through their involvement in different coordination structures and activities, such as the CFAIS (EUMS INT) or the INTCEN Conference; – through the EU-related tasks received from their own national clients; – through their membership of non-EU intelligence clubs, forums and coordination structures at European or regional level. The best known of such structures is the Counter Terrorist Group (CTG)69. 85 The EU informal intelligence community is even wider. Although some of the elements we will list below would not accept that they are part of any “EU intelligence community” and others will even reject the very idea that their activities are intelligence or have anything in common with intelligence, they may be regarded as parts of an intelligence system in the sense that all of them willingly contribute to the best information of EU decision-makers, much in the same way as Member States’ intelligence agencies and EU intelligence assets do. Parts of this informal network are: – Bilateral exchanges with the United States and the US agencies. For many European countries such exchanges provide an important part of the intelligence collection they need; – NATO intelligence structures: the new Assistant Secretary-General for intelligence and security, the NATO Intelligence Fusion Centre, the IMS Intelligence Division, the Intelligence Unit, etc. Most EU members also belong to NATO and both organisations are committed to work together in order to avoid duplications and inconsistencies; 69 For more details see: de Kerchove/Höhn, The Role of European Intelligence in Countering Terrorism, Part 2 Chapter 2, in this volume.

228

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:21 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

– bilateral exchanges with Western countries belonging neither to the EU nor NATO; – exchanges with strategic partners and other third countries; – academic institutions and think tanks; – media, as well as centres, institutions and firms specialised in processing open sources. For the time being, there seems to be little alternative to the community model for 86 organising the EU intelligence system. And, because of the complication of EU decisionmaking, the heterogeneity of the eventual members of the community and the lack of solid commitments to cooperate, as the ones we can see at national level, the EU-level intelligence community will be partly informal and will have a variable geometry. In such circumstances, it seems important that at least one component of the community, if possible attached to the centre of EU decision making (that is, the Council) can play some kind of, probably informal, coordinating role. This component might be a special coordinating unit (with, perhaps, a certain analytical capacity of its own) or one of the intelligence production assets. An excellent example of the first solution would be the JIC in the UK. Concerning the second, we have the US system before a Director of National Intelligence was appointed in 2004, with the all-sources agencies (mostly the CIA, but also the DIA and the INR) drawing on the resources of the whole community to prepare products in support of their priority clients (the President, the Secretary of Defence and the State Secretary). Both the JIC and the INR have been mentioned as possible sources of inspiration for the SITCEN/INTCEN, generally recognised (together with its military counterpart, EUMS INT) as the cornerstone of the EU-level intelligence system.

IV. Models: the JIC The British intelligence model has strongly influenced the development of EU 87 intelligence and, in particular, of its most conspicuous element, the SITCEN/INTCEN. SITCEN’s first Director William Shapcott was familiar with the functioning of the intelligence and assessment system in the UK and, in agreement with the first contributing intelligence agencies, introduced some characteristic elements of the British system in the structure and working practices of SITCEN. By his own assertion, SITCEN “was a bit like the JIC or the assessment staff but in a more modest way”70. A EU intelligence community based on the JIC model would not be strictly regulated and would have at its core an analytical centre able to integrate contributions from all the different intelligence and information structures, both at EU-level and in the Member States, but also from policy staff. The British system and practices have been particularly influential in the develop- 88 ment of EU intelligence and there are good reasons for that, with the UK at that time being a EU Member State, British models were perceived as part of Europe’s common culture and had thus a clear advantage over their American equivalents. On the other hand having English become in practice the working language of the European institutions, British models are more easily accessible than any of their continental alternatives. Last, but not least, some key people in the development of the EU intelligence system (notably, William Shapcott, SITCEN’s first Director, and Catherine 70 Evidence given by William Shapcott before the Select Committee on the European Union, House of Lords, on 6 December 2010. Retrieved from http://www.parliament.uk/documents/lords-committees/eusub-com-f/ISS/cEUF061210ev2ISS.pdf (23 January 2017).

Palacios

229

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:21 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

Ashton, the first High Representative after Lisbon), as British citizens, were familiar with the structure and work of the UK intelligence community. Under such conditions it is not surprising that an official British explanation of the functioning of the JIC could also be used for describing the role of SITCEN/INTCEN in the EU-level assessment process: “The JIC is supported by the Assessments Staff, which consists of a range of analytical staff seconded from various departments, services and disciplines. It is responsible for drafting all‐source assessments of strategic issues and issues of current concern, and providing warnings of threats to British interests. Its staff draws on a range of reporting, primarily from the Agencies but also including UK diplomatic reporting and open source material. The Assessments Staff work closely with the Agencies and other Government departments in analysing and interpreting the reporting”71. 89 As former Security and Intelligence Co-Ordinator in the Cabinet Office Sir David Omand has stated, the “Joint Intelligence Committee or JIC has for over 60 years had the responsibility of producing predictive strategic judgements for the highest levels of Government. The key senior policy officials from the Cabinet Office, FCO, MOD, Home Office, HM Treasury, DTI etc are JIC members as well as the intelligence professionals and all have to dip their hands in the blood of the collective judgments, however unwelcome they may be.”72Much of this could also be said to apply to the role of SITCEN/INTCEN in EU-level decision-making. Although Omand claims that the “JIC process is (…) unique around the world”73, many of its most salient features have been replicated in SITCEN/INTCEN: – All-source approach; – intelligence professionals and decision-makers working together; – search of consensus in the intelligence-policy community. 90 As Philip Davies has recently reminded, the SIAC (INTCEN and EUMS INT) operating model is based on the JIC74. On the one hand, SIAC’s flagship products, the strategic level “intelligence assessments”, are conceptually similar to the JIC’s assessments and are written in a very similar format. Furthermore, working procedures are also inspired, at least in part, by those used in the JIC. From the moment of SITCEN’s creation, analysts leading a project were expected to draw on contributions received from Member States intelligence agencies, most of them of an analytical nature, and to discuss findings and conclusions with other SITCEN and EUMS INT colleagues, but also with counterparts in several policy-making bodies (Council’s General Secretariat, European Commission, other institutions or agencies). Once the final draft was ready, counterparts were usually invited to a drafting meeting and, although the consensus was not formally necessary, analysts were encouraged to try to reach it by incorporating suggestions from all participants. Such rules of the game are still in use within the SIAC. 91 The question arises whether it is possible to adapt this characteristic element of the British administrative culture to a completely different environment, the EU, where formal and informal procedures for decision-making are substantially different. As Stephen Marrin has pointed out, in the case of Britain “integration of the analysis into decision making is facilitated by the collegial and collaborative aspects of British national 71

UK Cabinet Office, National Intelligence Machinery, 2010, pp. 23–24. Omand, “Reflections on Secret Intelligence”, lecture at Gresham College, 20 October 2005. Retrieved from http://www.gresham.ac.uk/print/1891 (19 May 2012). 73 Ibidem. 74 Davies, “UK security will both gain and suffer from Brexit. The EU will only lose”, in LSE Brexit blog, 7 November 2016. Retrievable from http://blogs.lse.ac.uk/brexit/2016/11/07/uk-security-will-both-gainand-suffer-from-brexit-the-eu-will-only-lose/(10 November 2016). 72

230

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:22 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

security decision making”75. The EU environment is competitive rather than collaborative, with Member States fighting for influence, trying to be able to impose their own preferences. Officials seconded by Member States, as most EU INTCEN and EUMS INT analysts are, may in some occasions feel that their duty is to defend national interest by all means available to them, including, in the case of intelligence officers, the defence of an analytical line (a narrative) basically supportive of their own countries’ political objectives. Unlike what is the case in the United Kingdom, INTCEN’s rules emphasising consensus are not necessarily conducive to an integrative result. On occasions, such rules might be used by Member States to prevent that a message contrary to their preferred line of action finds its way to the final version of the assessments.

V. Models: the INR There is, however, a second option for structuring a community. If it is not possible 92 to set up a proper coordination body, then the alternative is to make one of the intelligence agencies play a similar role, although in a more simplified way. That was the system adopted in the United States in the National Security Act of 1947, with a new agency, the CIA, working directly for the President through the National Security Council and being located thus at the very centre of the decision-making and intelligence systems. With some frequency, European enthusiasts of intelligence integration have demanded the creation of nothing else than a European CIA, although this model would be almost impossible to replicate in the EU current legal and institutional framework. Clandestine collection and covert actions, two of the central missions of the CIA, cannot be carried out by European common bodies (agencies) in the absence of appropriate legal basis and suitable mechanisms for supervision. That is why on some occasions another US intelligence agency, the State Department’s Bureau of Intelligence and Research (INR), has been mentioned as a possible model for the EU INTCEN and, in general, for common European intelligence bodies (agencies)76. The Bureau of Intelligence and Research, better known by the acronym INR, is the 93 intelligence agency of the US State Department. Frequently praised by the high quality of its products77, INR conducts all-source analysis based on diplomatic information, open sources and intelligence produced by other parts of the intelligence community. A purely analytical body, INR is not allowed to engage in clandestine activity. The analytical staff is composed of civil servants, often with academic background, and career diplomats who usually have spent one or several diplomatic tours in the country or region they are focusing on at INR. A blend not very different from the one we can find in INTCEN. Because of its relatively small size, its staffing model and the sources it uses, INR 94 could be a practical model for INTCEN. Being part of the EEAS, INTCEN has the 75 Marrin, “At Arm’s Length or At the Elbow?: Explaining the Distance between Analysts and Decisionmakers”, in International Journal of Intelligence and CounterIntelligence 20 (2007), p. 407. 76 See, for instance, Jeffreys-Jones, In Spies We Trust, Oxford University Press 2013, p. 226: “SITCEN resembled Britain’s JIC and the US Department of State’s Bureau of Intelligence and Research (INR)”. Or, more recently, Gros-Verheyde, “L’IntCen… le lieu des échanges … d’analyses Top secret”, in blog Bruxelles 2, 21 January 2015. Retrievable at http://www.bruxelles2.eu/2015/01/21/que-fait-lintcen-europeen/ (20 November 2016): “Nous ne sommes pas la CIA. Si on veut nous comparer, ce serait plutôt à l’INR”. 77 There are plenty of examples of praising the INR. For instance, Best Jr., Intelligence Issues for Congress, CRS Report for Congress, 12 July 2006; Rood, “Inside the one spy agency that got pre‐war intelligence on Iraq – and much else – right”, in Washington Quarterly January/February 2005; Ignatius, “Spy World Success Story”, in Washington Post 2 May 2004.

Palacios

231

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:22 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

advantage that it can rely on the information gathered by the well-developed network of EU diplomatic representations, as well as crisis management missions and operations around the world. And this is, generally, high quality information, very well adapted to the needs of CFSP. As Tom Fingar, the former head of INR, has written, “most analysts like diplomatic reporting – one always knows where it came from and that the person conveying the information wanted it to be made available to the U.S. Government. That did not necessarily ensure that it was accurate, but it did reflect what the individual or organization involved wanted U.S. officials to hear”78. 95 In practice, the adaptation of the INR model to the EU would be rather difficult. Although in some important Western countries, such as the US, Australia, Japan or Israel, the respective Ministries of Foreign Affairs have their own intelligence analysis agencies, this is not the case in Europe. In most EU countries, foreign political analysis is clearly separated from intelligence and is performed by diplomats. In the UK, the FCO has a Research and Analysis Department, but, unlike the INR, is not part of the intelligence community and is not independently represented in the JIC. For many European diplomats, INR-like products are not really necessary as in their perception such products duplicate the analytical work they already do. From their point of view, the role of intelligence would be to supplement the work of diplomats with what diplomats themselves cannot gather by their own means. That is, with secrets. 96 But even if the INR model could be successfully implemented in the EU, it would not provide a practical way of coordinating the rather unstructured EU intelligence community. Unlike the CIA, the INR is a departmental agency and does not directly support the top level of decision-making. Similarly, an INTCEN working on the basis of the INR model could maybe be an efficient departmental intelligence asset, but it would face serious problems to provide any kind of coordination or guidance to the whole of the community, particularly in matters other than CFSP.

E. Conclusions: Alternatives for the EU After briefly discussing the current situation of the EU intelligence system some interesting tendencies have been detected: – Dependence from Member States’ national intelligence systems, particularly for human and technical collection. Ultimately, the system heavily relies on the cooperation with other Western allies, mostly with the US. – Lack of a common intelligence culture. So far, there is no agreement on what is intelligence, on the means of intelligence, on the limits of its powers, on its control. Some of the EU bodies mentioned in this chapter as “intelligence structures” would maybe reject the very idea that they are producing intelligence. – Informal, weakly structured community. There is no generally agreed and comprehensive list of members, no regulations governing the community, no chain of command, no formal structure. The main element of cohesion for this unstructured community is the existence of a supreme client, the European Council, that in a more or less direct way is supported by all intelligence structures of the EU and its Member States. 98 In a way, the system described in this chapter reproduces many of the most marking features of the EU institutional architecture. Some people may judge it to be insuffi97

78 Fingar, Reducing Uncertainty: Intelligence Analysis and National Security, Stanford University Press 2011, p. 101.

232

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:23 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 1. EU intelligence: On the road to a European Intelligence Agency?

ciently effective, but it is maybe because of the big differences it presents with what we can see at the national level, particularly in countries with a certain size and a developed intelligence system, countries that could serve us as models. The current solutions, imperfect as they may be, represent a practical and rather successful compromise between ambitions and possibilities. And it could even be said that, at least in some occasions, the community’s structural similarity to the current EU-level decisionmaking system makes it easier to deliver well-targeted, timely and cost-efficient answers to the challenges the EU is currently facing. Such an intelligence architecture assumes that the interests of the different EU 99 Member States are very similar and do not significantly differ from those of the Union as a whole. As a matter of fact, this is not always the case. As Robert Cooper has shrewdly observed, “the EU is an organisation not for pursuing a European interest, but for pursuing national interests more effectively”79, and the interests of different Member States are not necessarily the same. In this game, the EU provides a framework for settling disputes using “some mixture of law, bargaining and arbitration”80. And for every Member State, the ability to shape a common narrative consistent with their views is an important factor to make those views prevail. It is unrealistic to expect that Member States’ intelligence services will not use INTCEN’s and EUMS INT’s dependence on their contributions to try to influence the orientation of intelligence assessments. Something similar can be said about the dependence of European intelligence from 100 the intelligence systems of other Western countries, particularly the US. The current situation is satisfactory if the focus is on facing serious threats menacing the very existence of the EU (or the West) as a community of free, market-oriented and welfare states. In such issues, the interests of all Western countries coincide or are very similar. In the post-modern world, however, we rarely have to face existential threats. Politics is often about making our own preferences prevail or about gaining competitive advantages against partners that may not be (in general, they are not) our enemies. And here, the positions and interests of the EU as a supranational entity and other Western countries will from time to time diverge. Any critical dependence from the Western partners and allies will hamper the EU ability to conduct its own foreign and security policy, to protect the Europeans’ particular interests whenever they do not coincide with those of other Western states. A different approach would maybe consist in trying to gain value by helping to address 101 the ever greater difficulty in adopting common decisions and the risk that such decisions would not be optimal. Europe’s diversity is probably one of the EU’s strengths, but managing it may be some times complicated. Due to the increasing institutional complexity of the EU, there is a danger that decisions may sometimes be made taking more into account the process than the desirable outcome. Common institutions, such as the European Commission or the EEAS can play an important role in helping Member States to reach consensus. And intelligence is, probably, one of the best tools they can use, provided that is regarded by all actors as independent, objective and professional. An alternative way of organising the intelligence community at EU level would have as its goal to allow the community to play a genuine consensus-building role. That would probably require the setting up of appropriate strategic intelligence bodies working specifically for the major EU institutions and able to perform their basic duties even without significant help from Member States’ agencies. Which do not necessarily entail the establishment of a EU intelligence agency, able to carry out all steps of the intelligence cycle. 79 80

Cooper, The post-modern state and the world order, Demos 2000, p. 26. Ibidem.

Palacios

233

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:23 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

The Brexit will probably have a certain impact on the way European intelligence is organised and works. Britain possesses an excellent intelligence system and has been very active in most European initiatives in favour of further cooperation in the field of intelligence. Britain is part of Europe and, even if its leaves the EU, many intelligence problems (particularly, but not only, in such sensitive areas as counter-terrorism or counterproliferation) cannot have an effective European answer without British participation. In any case, the intense European intelligence cooperation has until now been channelled through structures (NATO, the CTG, for instance) that do not form part of the EU institutional architecture and that will continue working for as long as participating states feel that it is in their best interest. On the other hand, the impact of Brexit will be significant in the sphere of strategic intelligence. There, the EU-level bodies will lose regular access to the UK strategic intelligence production, and Britain will lose a chance to influence EU decision-making by directly contributing to shape EU intelligence assessments. 103 The new EU Global Strategy of June 2016 calls for the strengthening of cooperation between European law enforcement, judicial and intelligence services and asks Member States and EU institutions to provide greater support for the EU INTCEN81. In the Implementation Plan on Security and Defence (November 2016) one of the identified actions requires from Member States to consider upgrading EU INTCEN and EUMS INT capabilities and to reinforce links between both EU intelligence structures and Member States’ entities providing situational awareness. The message is clear: the EU would like to improve the intelligence support it receives, but without modifying the current architecture of the (largely informal) EU intelligence community. Only time will tell whether these objectives can be attained. 102

81 European Union, Shared Vision, Common Action: A Stronger Europe. A Global Strategy for the European Union’s Foreign And Security Policy, Brussels, June 2016. Pg. 50.

234

Palacios

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:24 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2 The Merits of Informality: The European Transgovernmental Intelligence Network Mai’a K. Davis Cross Outline A. Introduction ...................................................................................................................... B. Why is intelligence cooperation so difficult?............................................................. C. The European Intelligence Space.................................................................................. I. Structural changes................................................................................................... II. New threats .............................................................................................................. III. EU governance and secrecy .................................................................................. D. Conclusion .........................................................................................................................

mn. 1 6 13 17 26 31 39

Bibliography: Adler and Pouliot, International Practices, 3 International Theory 1 (2011), pp. 1–36; Adler, The Power of Ideology: The Quest for Technological Autonomy in Argentina and Brazil, University of California Press 1987; Calvani, Foreword, in: Hertzberger Counter-Terrorism Intelligence Cooperation in the EU 2007; Chivvis, Understanding Russian “Hybrid Warfare” And What Can Be Done About It, Testimony, Rand Corporation, 2017; Collins, The Sociology of Philosophies: A Global Theory of Intellectual Change, Harvard University Press 1998; Council of the EU Document 5626/11, 24 January 2011, Brussels. Still Classified; Cross, The European Diplomatic Corps: Diplomats and International Cooperation from Westphalia to Maastricht, Palgrave 2007; Cross, Security Integration in Europe: How Knowledge-based Networks are Transforming the European Union, University of Michigan Press 2011; Cross, A European Transgovernmental Intelligence Network and the Role of IntCen. Special Issue: Agency Governance in the European Union’s Area of Freedom, Security and Justice, 14 Perspectives on European Politics and Society, 3 (2013): 388–402; Cross, The Politics of Crisis in Europe, Cambridge University Press, 2017; Dyèvre, Innovation and information Technologies for the European Security and Intelligence Community, EUROSINT Forum Workshop, Paris, 9 December 2016; Edwards and Meyer, Introduction: Charting a Contested Transformation, 46 Journal of Common Market Studies, 1 (2008), pp. 1–25; Eurosint Forum, Innovation and Information Technologies for the European Security and Intelligence Community, Paris, 09 December 2016; Fägersten, European Intelligence Cooperation, in: Duyvesteyn, Jong, and van Reijn (Eds.), The Future of Intelligence – Challenges in the 21st century, Routledge, 2014; Gruszczak, Intelligence Security in the European Union: Building a Strategic Intelligence Community, Springer, 2016; Haas, Introduction: Epistemic Communities and International Policy Coordination, 46 International Organization 1 (1992), pp. 1–35; Hansard, House of Commons, 27 June 2005; Hertzberger, Counter-Terrorism Intelligence Cooperation in the EU, European Foreign and Security Studies Policy Program UNICRI 2007; Horn, Logics of political secrecy. 28 Theory, Culture & Society 7–8 (2011): 103–122; Johnstone, The Power of Interpretive Communities, in: M. Barnett and R. Duvall (Eds), Power in Global Governance, Cambridge University Press 2005, pp. 185–204; Keck and Sikkink, Activists Beyond Borders: Advocacy Networks in International Politics, Cornell University Press 1998; Keohane and Nye, Transgovernmental Relations and International Organizations, 27 World Politics 1 (1974), pp. 39–62; Müller-Wille, For Our Eyes Only: Shaping an Intelligence Community Within the EU, Occasional Paper 50, Paris: European Union Institute for Security Studies 2004; Müller-Wille, The Effect of International Terrorism on EU Intelligence Cooperation, 48 Journal of Common Market Studies, 1 (2008), pp. 49–73; Radaelli, The public policy of the European Union: whither politics of expertise? 6 Journal of European Public Policy, 1 (1999), pp. 757–774; Rettman, Secret documents group was like “bad Le Carre novel”, MEP says, EUObserver.com, 18 November 2010; Rettman, EU intelligence services opening up to collaboration, EUObserver.com, 18 January 2011; Sjursen, Integration without democracy? Three conceptions of European Security Policy in transformation, ARENA Centre for European Studies, Working Paper No. 7, 2008; Slaughter, A New World Order, Princeton University Press 2004; Steele, Open Source Intelligence, in Handbook of Intelligence Studies, edited by Loch Johnson, Routledge 2007, pp. 129–147; Thompson, Democratic secrecy. 114 Political Science Quarterly 2 (1999): 181–193; Todd, Could Europe do Better on Pooling Intelligence? Security & Defence Agenda Round Table Report, October 26, Brussels 2009; Verdun, The role of the Delors Committee in the creation of EMU: an epistemic community? 6 Journal of European Public Policy 2(1999), pp. 308–28; Vries, The European response to terrorism. ACI Security Summit, Brussels, 23 November 2016; Walsh, Intelligence-Sharing in the European Union: Institutions Are Not Enough, 44 Journal of Common Market Studies, 3 (2006),

Cross

235

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:24 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation pp. 625–43; Walters, Secrecy, publicity and the milieu of security, 5 Dialogues in Human Geography 3 (2015), pp. 287–290; Zito, Epistemic communities, collective entrepreneurship and European integration, 8 Journal of European Public Policy 4 (2001), pp. 585–603.

A. Introduction With the intensification of numerous security threats in Europe – especially the series of terrorist attacks in 2015 and 2016 – the importance of intelligence, defined as “information that is tailored to assist a certain receiver’s decision-making,”1 has taken on new importance. At the same time, in light of the stunning Snowden revelations that began in 2014, there is also more concern surrounding what intelligence professionals actually do, especially in democracies. Given these circumstances, the time is ripe to explore how intelligence cooperation in Europe has evolved in recent years, especially since the 2009 Lisbon Treaty, and the nature of it today. While many observers and the media tend to assume that intelligence sharing is virtually non-existent or nascent in the European setting, it is clear that the European intelligence space is actually reaching a new level of maturity in large part because of an increasingly consolidated transgovernmental network of intelligence professionals in Europe. There are several reasons for the growth of this network, which will be elaborated upon in this chapter: (1) the structural changes to the EU’s intelligence apparatus that take intelligence sharing more seriously, (2) the emergence of new threats, especially in the form of terrorism and public misinformation, and (3) the increasing recognition of the role of secrecy in the proper functioning of governance. All of these points to the responsiveness and adaptability of the intelligence profession in Europe as well as the importance of informality in sharing best practices and information. 2 A transgovernmental network is comprised of government professionals from different countries interacting and cooperating with each other to share best practices and knowhow, separately from nation states.2 Anne-Marie Slaughter argues that transgovernmental networks – like judges, legislators, and regulators – across the globe are increasingly working together in this way, informally participating in these networks so that they can do their jobs better.3 This chapter contends that this dynamic is now visible in the European sphere of intelligence, and has led to the creation of a kind of European intelligence space. While there is certainly a difference between sharing best practices and sharing substantive information, it is suggested that the former could be paving the way for the latter, and that the prevalence of open-source intelligence (OSINT) is also freeing intelligence professionals from reliance on Member States to provide them with intelligence.4 3 Why might the emergence of a transgovernmental intelligence network in Europe be surprising? In general, the political science literature focuses on the difficulties intelligence cooperation presents. Even in a region where integration – the pooling of sovereignty among Member States – has a long track record of over six decades, it is widely assumed that EU Member States are risk averse when it comes to any initiatives that push them towards sharing their own intelligence with others. The scholarly literature on this topic argues there is a low level of political will among Member States to cooperate, and a lack of desire to make use of the formal institutions set up to 1

1

Müller-Wille, JCMS 2008, 49 (52). Keohane and Nye, World Politics 1974, 39. 3 Slaughter, A New World Order, 2004. 4 Cross, Perspectives on European Politics and Society 2013, 388. 2

236

Cross

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:25 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Merits of Informality: The European Transgovernmental Intelligence Network

facilitate this.5 Member States tend to resist sharing intelligence with each other unless they are able to overcome the trust issues that go along with relinquishing sensitive data, and the inherent dangers related to this, like putting human sources at risk. In looking at Member-State motivations, most scholars have concluded that the current state of EU intelligence cooperation is quite dismal, with little hope of improving. According to some scholars, the only way in which Member States might change their minds is for normative (trust) or functional (efficiency) reasons, but the bar is set high.6 By contrast, it is argued that an exclusive focus on formal cooperation among 4 Member States is only a narrow lens through which to understand this policy area, as there is much that happens informally. To be sure, intelligence sharing is not easy to achieve, even in a region as tight-knit as Europe, and the degree of intelligence sharing that does occur today is still relatively new. EU Member States have been sharing intelligence since at least the 1970s, but in a more ad hoc or bilateral way.7 It was during the late 1990s in the wake of the Bosnian War that this process became more institutionalized. Also, 9/11 and the subsequent terrorist attacks in Madrid and London served as major impetuses towards increased intelligence sharing as well as the establishment of the EU’s Intelligence Centre, known today as IntCen.8 Even though the EU has created formal structures for sharing intelligence, informal interactions among national and European intelligence professionals are increasing, likely indicating that the EU is starting to take the role of secrecy in democratic governance more seriously. The chapter proceeds as follows. First, it reviews the literature pertaining to intelli- 5 gence cooperation, and situates the main argument of this chapter in these various perspectives. Second, it describes the shifts that are underway in the realm of informal intelligence cooperation. Finally, the chapter offers some conclusions on the future prognosis for European intelligence sharing, given today’s challenges and threats.

B. Why is intelligence cooperation so difficult? There is a robust literature on intelligence more generally, but relatively little on EU 6 intelligence specifically. Since EU intelligence is handled by several different groupings – IntCen, national intelligence services, Europol, the EU Military Staff, the European Satellite Centre, and others – the limited amount of research that has been conducted on this issue is spread out, focusing on different institutions and agencies. Empirically, there is a dearth of information about how intelligence cooperation works in Europe, even while there is a more robust theoretical debate. The fundamental dilemma that the political science literature addresses is that Member 7 States intuitively have a strong interest in sharing intelligence given their similar security concerns, but are highly reluctant to give up sovereignty in such a secretive and sensitive area. They acknowledge that the internally borderless nature of the Schengen area, the existence of the Common Foreign and Security Policy (CFSP), and growing security challenges in the region mean that European security efforts will fall far short without a comprehensive approach to intelligence that includes all Member States. As Björn MüllerWille writes, “sharing knowledge is a first step towards harmonizing views, formulating 5 Müller-Wille, European Union Institute for Security Studies, 2004; Walsh, JCMS 2006, 625; Edwards and Meyer, JCMS 2008, 1; See Palacios, EU intelligence: On the road to a European Intelligence Agency?, Part 3 Chapter 1, in this volume. 6 Ibid. 7 Walsh, JCMS 2006, 625. 8 Todd, Security & Defence Agenda Round Table Report, 2009.

Cross

237

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:25 3B2 9.1.580; Page size: 160.00mm  240.00mm

Part 3. European Intelligence Cooperation

8

9

10

11

and implementing common policies, and exploiting potential synergies in the fight against new threats”.9 The EU already strives to work together in combating illegal immigration, terrorism, cybercrime, organized crime, and human trafficking, among other things. A common source of intelligence analysis provides the necessary background for conducting these policies as effectively as possible. Despite this clear need, Müller-Wille finds that Member States still hold back from cooperating fully because of (1) distrust of what others will do with the intelligence, (2) concern that more EU intelligence sharing jeopardizes bilateral intelligence sharing with the US, (3) risk of free-riding, (4) loss of privileged or superior influence, and (5) fear that the intelligence will be manipulated for different ends. Geoffrey Edwards and Christoph Meyer echo the arguments about trust and free-riding, focusing in particular on the difference between those Member States that are more intelligence-oriented and those that are less. They write, “the gap in trust coupled with the risk for sources and free-riding between the national ‘haves’ and ‘have-nots’ in intelligence terms prevents a quicker evolution, institutionalization and task expansion of bodies such as [IntCen]”.10 Eveline Hertzberger’s interviews of intelligence experts confirm that there is a gap between those Member States like the UK, Spain, and Germany that have a lot of experience in the intelligence sector, and newer Member States like Poland and Slovenia, that are relatively inexperienced.11 James Walsh elaborates upon lack of trust as the central impediment to intelligence sharing among Member States.12 He argues that intelligence and trust intersect in a number of ways. First, any shared data must be protected to the satisfaction of all parties involved. Second, there must be trust that the information will not be used in a way detrimental to the interests of any of the actors. Third, intra-EU intelligence sharing must not be perceived as a threat to external forms of bilateral or multilateral intelligence sharing. His study concludes that existing EU institutions provide the technical mechanisms for sharing information, but do little to foster trust.13 Thus, there is a consensus in the literature that intelligence cooperation in the EU is particularly weak, and that EU institutions play only a minor role. One area where intelligence sharing is less problematic for Member States is in dealing with external issues that all agree upon. Member States provide information only if there is a direct interest or benefit in doing so. For example, in areas of operational information pertaining to Common Security and Defence Policy (CSDP) operations, they are far more willing to cooperate since their own soldiers’ protection in the field depends on this.14 EU intelligence institutions seem to have an easier time adding value on the analysis side of the equation, as opposed to the collection side. In contrast to these various findings, it is argued that the situation is actually changing in recent years, particularly when it comes to informal interactions among intelligence professionals. Also, while it is true that national governments tend to be resistant to sharing certain kinds of intelligence, their willingness is not necessarily a prerequisite for the development of a European intelligence space. An exclusive focus on Member-State motivations and behavior tends to neglect more important developments in the field, particularly the relationship building and networking among intelligence professionals. 9 Müller-Wille, European Union Institute for Security Studies 2004, 1 (13); See Palacios, EU intelligence: On the road to a European Intelligence Agency?, Part 3 Chapter 1, in this volume. 10 Edwards and Meyer, Journal of Common Market Studies, 2008, 1 (14). 11 Hertzberger, European Foreign and Security Studies Policy Program 2007, 1 (73). 12 Walsh, JCMS 2006, 625. 13 For more on trust, also see Gruszczak 2016; Fägersten 2014. 14 Hertzberger, European Foreign and Security Studies Policy Program, 2007, 1 (69).

238

Cross

Reemers Publishing Services GmbH O:/Beck/Dietrich_Sule/3d/Part 3.3d from 30.09.2019 13:57:26 3B2 9.1.580; Page size: 160.00mm  240.00mm

Chapter 2. The Merits of Informality: The European Transgovernmental Intelligence Network

Increasingly, they share best practices and knowhow so that they can improve their professional skills given the new challenges they face in terms of security. As a result, their transgovernmental ne