European Commission proposes law enforcement access to EURODAC

The European Commission on Wednesday (30 May) proposed to allow law enforcement authorities access to EURODAC, a biometric database of asylum seekers. The proposal will be presented to the Home Affairs Ministers at the next Justice and Home Affairs Council on 7-8 June 2012. The Commission has yet to release the full details of the proposal. Member state law enforcement authorities and EUROPOL would be able to request the comparison of fingerprint data with those already stored in the EURODAC central database, but under strict conditions. The comparison with the EURODAC database for law enforcement purposes would be strictly limited to the prevention, detection or investigation of terrorist offences as defined in the Council Framework Decision on combating terrorism (2002/475/JHA) and of other serious criminal offences as defined in the Council Framework Decision on the European Arrest Warrant (2002/584/JHA).

 The new proposal introduces the possibility for Member States’ law enforcement authorities and Europol to request comparison of fingerprint data with those stored in the EURODAC central database in a specific case when they seek to establish the exact identity of or get further information about a person who is suspected of a serious crime or is a victim of crime. Law enforcement authorities may only request the comparison with EURODAC data if there are reasonable grounds to consider that such comparison will substantially contribute to the prevention, detection or investigation of the serious criminal offence in question. The proposal makes clear that the comparison of fingerprint data using EURODAC may only be made after national fingerprint databases and the Automated Fingerprint Databases of other Member States under Council Decision 2008/615/JHA (the Prüm Agreements) were consulted and have returned negative results. A comparison using the EURODAC database will provide result on a ‘hit’/’no hit’ basis. Following a hit, the available information on the person (related to his/her asylum application) can then be requested from that Member State by using existing instruments for information exchange, such as Framework Decision 2006/960/JHA on simplifying the exchange of information and intelligence between law enforcement authorities. The proposal excludes that the EURODAC database be searched by law enforcement authorities on a systematic basis, and prohibits them from sharing personal data obtained with third countries, organisations or other entities. According to responsible Commissioner Malmstrom, “robust safeguards have been introduced to guarantee full the respect of fundamental rights and of privacy and in order to ensure that the right to asylum is not in any way adversely affected.” But Melita Sunjic, spokeswoman for the United Nations High Commissioner for Refugees (UNHCR) in Brussels, told EUobserver that law enforcement access to the database would equate asylum seekers with criminality. A similar proposal was already tabled by the Commission in 2009 but was quickly shot down the European Data Protection Supervisor (EDPS) and the Meijers Committee, a group of experts on international immigration, refugee and criminal law. According to Dr. Maarten den Heijer, a member of the Meijers Committee: “The proposal would effectively transform all asylum seekers whose data is stored into criminal suspects and it will, indeed, increase the chance of prosecution of asylum seekers solely on the basis that they have once lodged an asylum claim somewhere,” said Dr den Heijer. Furthermore, Dr den Heijer argues the proposal would violate a data protection principle of ‘purpose limitation’ which holds that stored personal data may only be used for the purpose it was initially collected for. He cited a case brought against Germany by an Austrian national at the European Court of Justice in 2008 which ruled that a system for processing personal data specific to foreign nationals for the purpose of fighting crime is not permissible.

Ex-GCHQ head calls for a revise of RIPA to regulate social media intelligence

At the end of April the think-tank Demos issued #intelligence, a report that was co-written by Sir David Omand, who was the director of the UK Government Communications Headquarters (GCHQ) between 1996 and 1997. The report stresses the value of ‘SOCMINT’, intelligence gathered from social media, as a ‘decisive’ source of information that contributes to public safety. At the same time it stresses that the gathering and use of ‘socmint’ by the state needs to based on a ‘publicly argued and sound legal footing’ – which is currently not the case. In that context the report calls for an overhaul of the UK’s Regulation of Investigatory Powers Act from 2000, which regulates police and intelligence agencies’ access to online data. “An interdepartmental review must review what types of SOCMINT might fall under RIPA 2000 parts I and II, and the relevant degrees and type of authorisation required. Existing mechanisms of oversight for all intelligence and policing work, including the Parliamentary Intelligence and Security Committee and the independent police commissioners, need to determine how SOCMINT should relate to their current procedures and operations.” Public vs private The report also emphasised the distinction between information made openly available on social media sites by users, and that which is protected by privacy barriers such as a password. The report states that only the latter information amounts to ‘intrusive’ or ‘surveillance’ SOCMINT. Open source, ‘non-intrusive’ SOCMINT information would not be used to identify individuals, or as a means of criminal investigation, but would only be used to crowdsource information through Twitter or Facebook in order to gain for instance ‘situational awareness’ in the event of public disorder. If criminal or ‘possible criminal’ activity is found using non-intrusive socmint, state-specific powers should be used to identify individuals and access private information. Access to the latter require a warrant issued by a minister or a judge if the authorities wish to access it. Six key principles The report follows a huge public outcry over a preview of the UK government’s CCDP plans for wider state access to email and digital communications. The report proposes six principles that seem to be inspired by the Europan Court of Human Rights proportionality test, on which the use of SOCMINT by the state – including the Communications Capabilities Development Programme – should be based on. Principle 1: there must be sufficient, sustainable cause Principle 2: there must be integrity of motive Principle 3: the methods used must be proportionate and necessary Principle 4: there must be right authority, validated by external oversight Principle 5: recourse to secret intelligence must be a last resort if more open sources can be used Principle 6: there must be reasonable prospect of success The report further calls on the UK Government to publish a green paper subject to public consultation about how it plans to use and manage social media analysis in the public interest, including for the purposes of public security.