One of the most important achievements of the European Union is free movement. The Schengen Borders Code, which defines the relations between its member countries in a manner that eliminates almost all forms of border control for intra-EU travel, clarifies the matters. The EU’s visa liberalization program has heightened fears about illegal migration and the escalating threat of international terrorist attacks. This led to panic in Europe.
Europe suffered three major terrorist attacks in 2015-2016 alone. Experts believe this was because of uncontrolled migration and international terror. These are the following:
- Paris Attacks of 2015
- The 2016 Brussels Airport Bombings
- Attack on the 2016 Berlin Christmas Market
The authorities were forced to create new border management systems after the dark period in Schengen. Three centralized information systems were proposed by them:
- The European Travel Information and Authorization System, (ETIAS).
- The Entry-Exit System, (EES).
- The European Criminal Record Information System (ECRIS-TCN), for third-country citizens
It is important to realize that these systems will not replace the existing security and information databases. They will work in concert with existing authorities, parties, and data sources. Europol’s role in the successful implementation and screening of migrants in the region is immense.
How and why did EU’s border systems fail
As European Union advocates the absence of borders between its member states it is crucial to have several security and information systems coordinating in-between each other to monitor the people crossing external borders of the EU. Border authorities and law enforcement officials of different member states must communicate to timely detect and follow-up whenever a certain traveler imposes a risk.
The issues that European border management system had were mostly about governance, geographical coverage and the data storage management of the security/information systems. Now, it all led to blind spots and gaps in proper information exchange between the authorities. As a result, those individuals who actually posed a security risk and were suspected in some countries of EU managed to escape the detection in other European countries.
Let’s discuss the three cases of the organized crime that we mentioned above to illustrate the point.
The 2015 Paris attack
The main suspect as an organizer of the 2015 Paris attack – Abdelhamid Abaaoud was carrying a Belgian passport. He traveled between the European Union and Syria more than once before the initial attack while also being the subject of an EU arrest warrant.
Another participant of the terrorist attack was registered in Greece as an offender with his fingerprints stored well. However, he managed to seek asylum in Serbia before the Paris attack.
This kind of information should have been stored in Eurodac system and must have been available to the French law enforcement officials, or the border control officers who admitted Abdelhamid through an EU border even though he was a criminal in search.
The Brussels Airport bombing 2016
Ibrahim el-Bakroui was one of the suicide bombers in the 2016 Brussels Airport Bombings. He had a long criminal history in Belgium. In June 2015, el-Bakraoui, a suicide bomber, was taken into custody in Gaziantep (Turkey) and then deported to the Netherlands.
El-Bakraoui was legally allowed to be deported to any Schengen country because he had a Schengen passport. Belgian authorities did not consider el-Bakraoui a terrorist threat at that time. Interpol and Europol also did not place him on their lists of fugitives.
The Turkish authorities did not have access to the Schengen information system and so they did not notify the Netherlands that elBakraoui was a suspected foreign fighter terrorist fighter. However, the notification was sent to the Netherlands without the proper categorization. This message was not noticed. Consequently, el-Bakraoui was not arrested or signalled to be taken into custody upon his deportation.
However, the Terrorist Screening Center of the FBI added el-Bakraoui to a watchlist in 25 September 2015. This case highlights problems in information exchange, not only between Schengen countries but also with non Schengen partners. This leads to gaps in information exchange.
The 2016 Berlin Christmas market attack
Anis Amri’s case further highlights the security gaps within the Schengen-zone. It also illustrates the difficulties faced by an asylum seeker who has had his request for asylum rejected.
Amri was a petty felon in Tunisia when he fled to seek asylum in Italy in 2011 but this case is a further reminder of the security gaps in the Schengen-zone. Although his asylum application was denied, he couldn’t be deported back to his home country because he had not received the proper travel documents.
He moved to Germany in 2015, where he applied for asylum identifying himself as a politically-persecuted Egyptian. His asylum application was denied as his identity couldn’t be verified. However, he cannot be deported in the same way as in Italy because his asylum request was not approved. Amri used 14 identities during the year he was in Germany. It was difficult to get him under control.
Amri was allowed to travel from the Netherlands, Belgium and France after the Berlin attack of 19th December. After a routine check of identity papers, Amri was fatally shot by local officers in Sesto San Giovanni four days later.
These cases highlight that the current operational environment of EU border management systems information systems has gaps in information exchange between authorities. These cases also show problems in detecting identity fraud and failures in registration systems (Eurodac). As well as difficulties in returning asylum seekers who have been rejected. They have different geographical coverages. They use different data storage criteria and designate different authorities to process or transmit the information.
With the support of the Council and European Parliament, the Commission is pushing for reforms that will improve the interoperability between border management systems. What does this mean? Are the proposed measures fully compatible with fundamental rights?
How does EU plan to enhance interoperability of information systems?
In 2017, the Commission introduced a regulation to ensure interoperability between centralized information systems. This was in the framework of police cooperation and judicial cooperation in relation to asylum and migration. Interoperability is the ability to cross-check data stored in various information systems to eliminate potential blind spots and combat identity fraud. Interoperability, as it is short, allows authorities to access information.
We will not be discussing immediate agencies created for a sole purpose of securing EU borders, such as EBCG, EBGTs, etc. We will dive into the largest and most crucial organisations and decentrilised systems involved in overall border management of the European Union and Schengen Area.
The Commission proposes three new EU centralised information systems in addition to the existing centralized systems. These are the European Travel Information and Authorization System (ETIAS), Entry-Exit System(EES), and an updated version of the European Criminal Record Information System for 3rd-country nationals (ECRIS-TCN). This section will briefly discuss interoperability between centralized information systems before we get into the details.
What does interoperability mean?
Personal data, such as biometrics and travel documents, can be interoperable with the proposed framework for border management. Personal data (e.g., biometrics or travel documents) can be checked against other systems using the proposed interoperable border management framework.
The European Search Portal will consult all the information systems simultaneously: the Entry/Exist System, European Travel Information and Authorisation System ETIAS, Visa Information System VIS, Eurodac and the European Criminal Record Information System Third-Country Nationals (ECRISTCN), Schengen Information System SIS and Europol and Interpol data. Many believe that ETIAS will be based on the fundamentals of AFSJ policies, thus the 9 agencies that work closely on AFSJ may also contribute to the development of the new visa waiver system in Europe.
The proposal states that only member state authorities or EU bodies have access the ESP. This is in addition to information systems already in use, and information systems being developed. Law enforcement as well as non-law enforcement agencies (e.g. The ESP is available to law enforcement and non-law enforcement authorities (e.g. border guars and immigration officers). One could argue that the interoperability between centralized information systems may blur the distinction between law enforcement and non-law enforcement authorities’ access rights.
For example, systems like Eurodac and VIS, EES and ETIAS don’t serve law enforcement as a primary goal. Interoperability would still mean that law enforcement officers could access this data after they submit a query to the ESP. The proposal includes safeguards to prevent the sharing of information with authorities that should not have it.
Information access and retrieval
Law enforcement officers may have access to information systems that are not under the control of law enforcement for the purposes of investigating, detecting, and persecuting terrorism or other serious crimes. A two-step procedure is required in this instance. After submitting their query via the ESP, law enforcement officials will not be able to access the data directly but will be provided with information about the information system where the data is stored. The officer responsible must then request access to that system via a designated authority.
The proposal doesn’t specify the name of the designated authority. This indicates that it is up to the Member States who will decide which body will handle access requests. Interviews revealed that some EU Agencies and national competent authorities have these bodies integrated into their organization structures. While other Member States will have separate organs processing access requests. Although the process should be quick, it will depend on the number of requests and the availability of staff. The grounds on which law enforcement officers could gain full access to data retrieved after their query in the ESP are still broadly defined.
How new border management systems threaten the fundamental rights?
The broad availability of personal data raises concerns about potential infringements of fundamental rights. For example the right for privacy and the right to protect personal data. Although the Commission’s proposal for interoperability recognizes the infringement, it states that interference is necessary to ensure the Union’s internal security and borders are secure. It also explains why irregular migration can be prevented. As justification, the proposal states that existing EU information systems were created with the same goals.
This seems circular reasoning and ignores the reasons why different systems were created to achieve different goals. Although the case-studies show that information sharing between national authorities is an urgent necessity, the interoperability proposal fails to adequately address concerns about violations of fundamental rights.
Are the new information systems able to account for the principles of necessity, proportionality? Are the operational problems identified in the case studies actually being solved by the proposed measures?
