Know your enemy: How to break the EU’s gridlock on security measures

Insight
Camino Mortera-Martinez
03 June 2015

Terrorism and organised crime are serious threats to Europe. The EU is better placed than the member-states to deal with the transnational aspects of these threats. But disagreements between the Council and the Parliament result in gridlock over security measures. One reason is that sensitive information cannot be shared with MEPs, leaving them in the dark about both the threats and the means to deal with them. If the EU wants to tackle the threat of terrorism effectively, MEPs should be given adequate access to confidential information.

In February 2010, three months after the Lisbon treaty entered into force, the European Parliament rejected, for the first time, an international agreement concluded by the EU. The Lisbon treaty gave the European Parliament powers in the field of Justice and Home Affairs, including the power to ratify international agreements on security and counter-terrorism. The Parliament refused to ratify an agreement with the US on a Terrorist Finance Tracking Program (TFTP). The Council of Ministers and the US had spent the previous three years negotiating this agreement to trace the financial data of potential terrorists. TFTP used data provided by SWIFT, a Belgium-based company that processes international bank transfers. After the Council and the administration of George W Bush managed to reach an understanding, the European Parliament posed an unexpected obstacle. Amongst other things, the Parliament claimed that the Council had not provided MEPs with the necessary security information to show why the TFTP system was needed. The Council, however, was reluctant to disclose too much sensitive information on threats and foiled plots. And so the EU’s struggles in the area of privacy and security started.

Five years later, these struggles are far from over: institutional rows between the European Parliament and the Council have stopped the passage of several pieces of legislation (such as the EU Passenger Name Records directive (EU PNR), Europe’s system for exchanging information about airline passengers departing for or arriving from third countries). Revelations by former US National Security Administration contractor Edward Snowden on the breadth of US spying programme have eroded support for transatlantic data-sharing and other forms of co-operation (like the Transatlantic Trade and Investment Partnership, TTIP). For the first time ever, the European Court of Justice has annulled a directive (the data retention directive, which required telecoms companies to retain certain data for a period of up to two years and was championed by the UK). And international partners have definitely not figured out who to call in Europe to discuss security issues. The EU is suffering from a worrying paralysis on security measures.

This gridlock is risky: as exemplified by the recent attacks in Brussels, Paris and Copenhagen, terrorism and organised crime are, more than ever, international phenomena that require supranational responses; if the institutions do not manage to sort out the problems derived from the post-Lisbon arrangements, the EU’s security could be endangered.

When facing cross-border criminal activities, such as terrorism, having 28 different systems and legal frameworks in place is inefficient and expensive. Different standards in data sharing systems, for example, can lead to situations where information is not transmitted quickly enough between member-states. This can result in suspects being able to cross borders without being detected and make it harder to foil transnational plots. It also means more costs for the companies that need to implement the various standards (such as banks or aviation companies). Despite recent events, however, the current tendency seems to be towards less, rather than more Europe. Member-states retain many competences in the field of internal security. Unlike in other areas, such as Schengen, EU action is not compulsory. The blocking of the EU PNR directive, which has been under discussion since 2011, has prompted the adoption of national PNR systems, funded by the European Commission. While however, some member-states (like Germany) are very sensitive to data protection issues, others (like the UK) are not. Having several PNR systems in place, with different sets of safeguards and protections, will make the system less efficient and more expensive. An EU PNR system would ensure, in absolute terms, a more effective system with a higher level of data protection that would apply uniformly across the EU.

The gridlock over security measures in the EU is also detrimental to Europe’s transatlantic relations. The EU is currently negotiating a ‘Data Protection Umbrella’ agreement with the US. This deal will establish a general data protection framework applicable to all transatlantic data transfers for law enforcement purposes. With this agreement, the EU and the US hope to avoid having to negotiate data protection clauses every time a deal on information sharing is on the table.

The EU and the US are considering including transatlantic ‘data flows’ as part of the negotiations for a Transatlantic Trade and Investment Partnership (TTIP). In the wake of the Snowden revelations, there has been a public backlash against this move, due to concerns about the US framework for protecting private data. Dialogue between the EU and the US has become more constructive, but America is still unsure of who would be at the end of the line when it calls Europe to discuss security matters. And the US is getting frustrated by the institutional rows that break out every time security is at stake. The US may eventually bypass the EU as an institution and negotiate bilateral agreements directly with the member-states. This would be detrimental to the EU’s role in promoting global security, and to the efficiency of the fight against security threats in Europe.

There is a way to overcome this stand-off in the field of security. At present, the European Parliament is left in the dark about both the nature of the threats Europe faces and the kinds of tools law enforcement agencies and intelligence services need to combat them. The result is suspicion and misunderstanding. The Parliament should receive enough information to assess the real utility of security measures. This would help it to take informed decisions in the security field and contribute to a more productive dialogue between the Parliament, the Council and third parties, such as the US.

Under the current framework, the Council can only give access to confidential information to MEPs if they already have the necessary security clearances. Because security clearances are a matter of national competence, the process for obtaining them differs greatly from country to country. Some MEPs may find it easier to obtain their clearance than others. Some national administrations may not even want to issue clearances to their MEPs at all: in Ireland, for example, national MPs are not given access to any sort of confidential information. It would be difficult for the Irish administration to justify why its own national MPs do not get to access such documents while their European peers do. Moreover, many MEPs regard national vetting processes (which may include interviewing and researching friends and relatives) as highly intrusive. For these or other reasons, few MEPs are currently security vetted.

An EU security clearance system would help solve some of these issues. But such a system is currently out of the question: the EU does not have either the competence or a security agency of its own to conduct the investigations. One way to solve the problem of access to confidential information would be to set up a small group of MEPs with the necessary security clearances from their own states. The security-cleared body would have to have long-term, fixed membership. This group of MEPs would be responsible for evaluating the usefulness of tools such as PNR or TFTP on the basis of the confidential information it received. Such a group would facilitate communication between the Parliament and the Council, and would help to break the institutional gridlock, both within Europe and in the EU’s international agreements with partners such as the US.

For this system to work, both the Parliament and the Council would need to make concessions. The Council should step up its efforts to explain sensitive internal security matters to parliamentarians. It should also encourage national administrations, which may be reluctant to issue clearances for their MEPs, to do so. MEPs (and, specifically, members of the proposed security-cleared group) should accept that they will have to undergo the same security clearance procedure as any EU or national official who has access to confidential information.

The European Parliament is no angel, nor is the Council the devil. They represent different interests but they are both equally necessary for ensuring the EU’s security. They should put aside their differences over the Lisbon treaty division of labour and start working together. Europe’s security and transatlantic relations depend on this.

Camino Mortera-Martinez is a research fellow at the Centre for European Reform.