Detecting foreign fighters: the reinvigoration of the Schengen Information System in the wake of terrorist attacks
By Niovi Vavoula, Queen Mary, University of London
Since the past two decades, the exploitation of new technologies and the emphasis on collecting and exchanging information have been key aspects of the EU counter-terrorism strategy. An array of information exchange schemes have been developed on the basis of an intelligence-led approach, according to which the more data available, the more efficient the policies may be (for an overview of EU information exchange mechanisms see here).
The aim of the present blog post is to assess the role of the Schengen Information System (SIS) in the fight against the growing phenomenon of the “Foreign Fighters”. Landmarks in this context are, apart the terrorist events of 9/11 and the Madrid bombings in 2004, the recent attacks in Paris in January and November 2015 as well as in Brussels on 22 March 2016. It is demonstrated the extent to which the functionalities and the potential of the SIS have been slowly revisited in the wake of events with limited progress up to date. Despite the growing overreliance to this system has not been accompanied by proven effectiveness, the EU legislator calls for further exploitation of the database at the expense of fundamental rights and EU citizenship. The Commission proposal amending the Schengen Borders Code regarding the control of the crossing of external borders by foreign fighters should finally make the system effective but it could violate the principle of proportionality.
The SIS II in a nutshell
At the heart of the compensatory measures for the abolition of internal border controls, the SIS was established under the Schengen Convention and came into operation in 1995. Its overarching purpose was twofold; to maintain public order and security and to apply the provisions of the Convention relating to the movement of persons in the Schengen Area. On the criminal law side, it held basic alphanumeric data categorised in the form of ‘alerts’ on people or objects wanted for criminal law and policing purposes, such as persons wanted for arrest to be surrendered/extradited or missing persons. On the immigration law side, which in practice dominated the content of the database, it stored data on third-country nationals to be refused entry to the Schengen area. The system functioned on a hit / no hit basis, but it was supplemented by the SIRENE, which provided the infrastructure for exchanging additional information between national authorities.
Since April 2013, the SIS has been substituted by the SIS II so as to accommodate the new Member States after the enlargements of 2004 and 2007 and insert new functionalities. In this context, the current legal framework of the SIS II comprises of Regulation 1987/2006 involving the immigration functions of the system, Council Decision 2007/533/JHA regarding its use for policing and criminal law purposes and Regulation 1986/2006 concerning access by vehicle registration authorities. The overarching purpose of ensuring a high level of security remains the same, albeit worded more broadly.
First round: new functionalities of the SIS after 9/11 and Madrid bombings
In-between the transition from the SIS to the SIS II, the system underwent a series of important changes as a response to the terrorist events of 9/11 and the 2004 Madrid bombings. In the Extraordinary Meeting that took place on 20 September 2001 it was announced that a possible expansion of the public services accessing the system with regard to the cooperation between police and intelligence services would be examined. Furthermore, Member States were invited to provide more systematic input of alerts to the database. At a Spanish initiative comprising of two proposals, Regulation 871/2004 and Council Decision 2005/211/JHA were adopted aiming at enhancing the functions of the database and improve its capabilities in order to make it a more powerful tool against terrorism. The new functionalities of the SIS II should also be seen in the light of counter-terrorism (Council Conclusions 10089/02). At that time the agreement involved the inclusion of biometric data, the addition of new categories of data, the possibility of interlinking the alerts and the possibility of conducting searches based on incomplete data. With the exception of the latter element, the remainings have been introduced in the system.
Overall, it is evident that the EU approach to counter-terrorism involves the maximisation of the functionalities through an opening up of the database both in terms of what more information can be obtained and in terms of who will be able to handle this information. A proper evaluation of the efficiency of the system was not prioritised, rather the exceptional circumstances of the events progressively led to the introduction of new features, some of which had already been discussed in the past, but did not produce the expected results.
Second round: Addressing the threat of ‘foreign fighters’ through the SIS II
In comparison to the terrorist events that took place in the early 2000’s, an important change has taken place. While in the previous era the focus was placed on third-country nationals and the prevention of their movement, thus deepening the ‘us’/’others’ divide, progressively came the realisation that the threat was to be found from within the ‘us’. Key in this context, is the -arguably confusing-term of ‘foreign fighters’ understood as EU citizens leaving Europe to join insurgencies abroad motivated by ideological or religious consideration, an old issue that acquired new dimensions since the Syrian war.
Indeed, since the past few years, identifying and dealing with foreign fighters has been the cause of a major headache to the EU. According to Europol’s estimations, up to 5000 EU citizens have travelled to conflict zones and possibly joined the ISIS forces. In this context, the first discussions commenced in 2013 when the EU Counter-Terrorism Coordinator put forward a wide range of considerations on measures in response to this threat, including the ‘increased and harmonised use of the SIS alert system’ (Council Document 9946/13, but also see Council Document 9280/14). In August 2014, the European Council requested the accelerated implementation of a package of measures as agreed by the Council the year before. The overall target was the ‘detection of terrorist travel’ which in relation to the SIS II involved analyses on how the database was being used by national authorities (in essence the amount and content of alerts) and revision of the Schengen Borders Code as regards the conduct of checks against databases on EU nationals and other individuals enjoying free movement rights (see also Council Document 13146/14).
In particular, Article 7(2) of the Schengen Borders Code stipulates that “All persons shall undergo a minimum check in order to establish their identities on the basis of the production or presentation of their travel documents. Such a minimum check shall consist of a rapid and straightforward verification, where appropriate by using technical devices and by consulting, in the relevant databases, information exclusively on stolen, misappropriated, lost and invalidated documents, of the validity of the document authorising the legitimate holder to cross the border and of the presence of signs of falsification or counterfeiting”. The minimum check referred above is the rule for persons enjoying the right of free movement under Union law, meaning EU citizens, their family members under Directive 2004/38 and citizens from Norway, Iceland, Liechtenstein and Switzerland under bilateral agreements signed by those countries with the EU. However, on a non-systematic basis, border guards may consult national and European databases in order to ensure that those persons do not represent a genuine, present and sufficiently serious threat to the internal security, public policy, international relations of the Member States or a threat to the public health.
In October 2014, the JHA Council called for improved checks at external borders and in response the Commission released in December 2014 a series of informal recommendations addressed to Member States as regards checks on travel documents against relevant databases. In particular, it called for ‘intensified consultation’ of the relevant databases on the grounds of a risk-based approach. In Commission’s own words, this approach entailed the conduct of analyses at the national level of ‘the risks for internal security’ and of ‘the threats that may affect the security of external borders’ on the basis of which border guards would be allowed to perform systematic checks. An example in this regard would be the systematic check on particular travel patterns, such as flights coming from the geographical areas in the vicinity of conflict zones. However, even in such cases, only a certain category of persons would fall under the risk assessment, but no further indications were submitted.
The weeks following the Charlie Hebdo events in January 2015 witnessed fresh interest in revising the Schengen Borders Code. Then, the non-binding Recommendations as set out above, including the emphasis on a risk-based approach, were incorporated in the revised Handbook on Border Guards released in June 2015. Unsurprisingly, immediately after the terrorist attacks in Paris in November 2015, the Council called for a threefold plan of action as regards the use of the SIS II in the fight against foreign fighters (Council Document 14438/15).
First, it invited the Commission to propose a targeted revision of the Schengen Borders Code to provide for systematic controls of EU nationals, including the verification of biometric information against relevant databases at external borders of the Schengen area. In other words, from the risk-sensitive approach of the informal recommendations on the basis of specific factors to be taken into account by border guards, the former initiatives would become even tighter than before by bringing checks on EU citizens and third-country nationals not subject to visa requirements one step closer.
A second strand of action was to ensure that national authorities enter systematically data on suspected foreign terrorist fighters into the SIS II, in particular under Article 36(3), carry out awareness raising and training on the use of the database and define a common approach to the use of the SIS II data relating to foreign fighters. The reason why this was necessary lies in a questionnaire circulated among Member States a few weeks before (Council Document 13059/15). On the bright side, the national replies revealed that in absolute terms there had been a significant increase of alerts entered in SIS under Art. 36(2) and (3) in 2015 in comparison to 2014. However, its use was still not adequate as evidenced by heavy variations among Member States. This under-exploitation should be seen as a sign of reluctance on behalf of national authorities both in relation to the entry of alerts and in relation to the conduct of non-systematic checks to EU nationals at the external borders. In particular, there was disparity between the actual threat posed to some EU Member States and the amount of alerts entered. Alerts entered under Art. 36(3) remained generally very low and several Member States did not use this option at all. As for those who have use the new tool of immediate reporting, practices varied. In any case, the new possibility as introduced in February 2015 is under-used. Furthermore, statistics provided did not clarify whether the number of alerts entered under Art. 36(2) or (3) were related to foreign fighters. As for the consultation of databases, that was also unsatisfactory: between 1,5 and 34 % of persons enjoying the right to free movement have been checked (Switzerland checks 100 %) (see also Council Document 14911/15). Overall, despite the efforts to reinforce the use of the SIS II in the fight against terrorism and foreign fighters, the Council acknowledged that these did not materialise in a comprehensive and consistent action on behalf of the Member States.
On 15 December 2015, the Commission tabled a proposal concerning amendments to the Schengen Borders Code with a view to the reinforcement of checks against relevant databases at the external borders. It inserts to Article 7(2) of the Code an obligation for border guards to carry out systematic checks on persons enjoying the right of free movement under EU law when they cross the external border both at entry and at exit against databases on lost and stolen documents as well as in order to verify that the persons do not represent a threat to public order and internal security.
According to the proposal, this obligation shall apply at all external borders (air, sea and land borders). However, where a systematic consultation of databases is not possible, targeted checks should take place. The proposal makes a distinction between air and other external borders, to take into account the passenger flow and infrastructure at the different types of borders. Where a systematic check may lead to a disproportionate impact on the flow of traffic, it could be dispensed with at land and sea borders provided that a risk assessment shows this does not lead to risks related to internal security, public policy, international relations of the Member States or a threat to the public health. Therefore, in comparison to the current regime, the nature of risk assessment is reversed in a twofold manner: while it is used to decide whether an individual should undergo a systematic check, therefore it was primarily personalised, in the future it will be used to support whether groups of individuals crossing the external borders should not be placed under scrutiny irrespective of their personal circumstances, therefore it is depersonalised.
The negotiations to the aforementioned changes are currently moving rapidly. The Council general approach was released on 3 March 2016 (Council Document 6673/16) and the EP draft report adopted on 5 April 2016. Central in the discussions has been the extent to which Member States would be allowed to conduct targeted checks. To this end, it has been suggested to further restrict this possibility by allowing Member States to decide the conduct of targeted checks only in relation to specified crossing-points. Furthermore, it has been added that the scope and duration of the temporary introduction of targeted checks shall not exceed what is necessary according to the risk assessment, which shall be updated regularly depending on the duration of the measure. Moreover, the risk assessment established by the Member State concerned shall explain the reasons for the temporary introduction of targeted checks and shall take into account, inter alia, the disproportionate impact on the flow of traffic and assess the possible risks and provide for statistics on passengers and incidents related to cross border crime (Council Document 5208/16). More contentious has been the extent to which the possibility of targeted checks could be extended to air borders as well (Council Document 5753/16 and Council Document 5808/16). While this is not included in the proposal, it has been agreed that the derogation may be applied also in relation to air borders, however for a limited transitional period only. The duration of this transitional period is the only outstanding issue, so once this is settled the negotiations will move forward (Council Document 6181/16 and Council Document 6310/1/16) with the general approach favouring six months.
Towards disproportionate controls on the basis of inadequate data?
The changes in the Schengen Borders Code will bring the abolition of minimum checks on EU nationals and other persons enjoying free movement rights when crossing the external borders both at entry and at exit. This intensification of border controls signifies a negative turn in the relationship between a citizen and the State in that in principle all EU nationals travelling outside the Schengen irrespective of the means of transportation, the destination, the purpose of travel and the personal circumstances are considered as potential risks, are placed under suspicion and therefore their movement needs to be regulated and monitored. In terms of the protection of fundamental rights, the mandatory consultation of the SIS II at the external borders for all beneficiaries of free movement rights entails an interference with their rights to privacy and data protection. According to the Commission however, in the light of the operation of the SIS II on a hit / no hit basis coupled with the need to enhance EU security, such concerns are outweighed.
The extent to which this statement holds true is debatable and proportionality concerns may be arguably raised especially if one considers the amount of people to whom these checks will be performed in relation to the potential benefits that the EU may gain from the changes. These benefits are particularly called into question given that the use of the system to enter alerts on persons to be placed under discreet or specified checks by national authorities is still inadequate. In this context, EU nationals may have to undergo systematic checks in vain, if the database is not fed with information to which their data is checked against. More data, however, will equally necessitate enhanced cross-border cooperation between national authorities, trust to the effectiveness of the system and clear-cut criteria. The development of common risk denominators for inclusion of alerts may equally be problematic on non-discrimination grounds. If these conditions are not met, reliance to a non-efficient database at the expense of EU citizens rights is simply not a viable solution. At the same time and at least to a certain extent, enhancing surveillance by performing checks to EU nationals may cause them a so-called ‘chilling effect’ in that they may consider that pursuing a legitimate everyday activity, such as travel, may also have implications about other aspects of their private life such as their personal associations and beliefs. This is particularly relevant in cases where the national arrives from potentially risky areas.
Overall, there is no doubt that the terrorist attacks of 2015 helped to unblock a number of measures that would otherwise meet resistance and the SIS II is a prime example of the over-reliance to technological means. However, the nature of these measures fosters and deepens the intertwining of criminality with mobility and blurs the distinction between a citizen and a foreigner since immigration-type measures are increasingly favored to regulate their movement. In the past, such efforts found resistance (e.g. the inclusion of EU citizens to the PNR system), however, in the light of the recent events such objections evidently may be more easily curtailed. The conduct of systematic checks at the external borders for everyone may be only the first in an array of measures and perhaps signifies a shift from securitisation of migration to securitisation of mobility and the end of citizenship as we know it.