EU anti-terror czar: ‘The threat is coming from inside Europe’

"We had to amend the Schengen border code to check EU citizens systematically. Now we’ve reached the conclusion that our citizens are the main threat," says Gilles de Kerchove, the EU's counter-terrorism coordinator. [Frédéric Simon]

A year after the Brussels attacks, Gilles de Kerchove told about the fast pace of development of EU security policy, calling for the “systematic use of biometrics” and “batch comparison” of databases in order to boost security in the Schengen area.

Gilles de Kerchove is the EU’s counter-terrorism coordinator. He spoke to EURACTIV’s publisher and editor, Frédéric Simon. (Editor’s note: this transcript was amended on 23 March).

On 22 March, Belgium commemorates the anniversary of the Brussels terrorist attacks. As a Belgian national, were you surprised when the attacks took place?

Surprised, no, because, for years, we were aware of the determination of Daesh to strike in Europe. We already had the attacks in Paris and we knew some of the authors were still at large, and that a strike in Brussels was among the possibilities. I was very sad that we were not able to prevent this from happening, but not surprised.

Did this happen because national intelligence agencies weren’t collaborating enough?

I really don’t want to answer that question specifically because there is a Parliamentary inquiry committee that has not finalised its conclusions. It’s probably more interesting to see what those conclusions will be.

Over the last two years, we have been working in many directions and information sharing among security services is only one aspect. It’s a set of measures on the preventive side, on the repressive side, and closer work with our neighbourhood.

So I think it would be inaccurate to say that the attacks took place just because the security services are not sharing—they do. That’s not the issue. The problem is not necessarily a lack of data, but the ability to analyse the data properly. There is a lot of work on the issue of data collection, data sharing and data analysis. We’ve been working hard on this, but it’s not the only issue.

Did the Belgian authorities bury their heads in the sand regarding information they had about neighbourhoods like Molenbeek?

It’s up to the special inquiry committee to draw conclusions. Molenbeek is not the epicentre of terrorism in Europe. If you look at our neighbours, the French have had more than 1,000 of their citizens or legal residents who left for Syria and Iraq.

In ten to fifteen EU member states, there is indeed an issue of young Europeans who get radicalised, who were attracted by the rhetoric of Daesh, and the crisis in Syria. The fact that there was a civil war, a caliphate, added something new. We had foreign terrorist fighters in the ’90s in Afghanistan but never on that scale. Why? Because there was this much more aggressive use of the Internet, and the control of a territory, which seems to be more attractive than the Sahel.

Of course, Molenbeek in itself raises difficult questions as to the integration process of immigrants, the fight against discrimination, the fight against Islamophobia, but that begs the question about the drivers of radicalisation. To simply equal Molenbeek and terrorism is a bit too short, I think.

Molenbeek urges Belgium to share information on returning fighters

Sarah Turine is at the forefront in the fight against radicalisation in Molenbeek. Although she detects that fewer people from her commune have left to join ISIS than suggested in the press, she asked for more resources and access to …

So the fact that these neighbourhoods were socially excluded, you think, was a big part of the explanation?

When I look at the drivers of radicalisation I usually look at three sets of factors.

One is, in a way, all the elements why people may be vulnerable. Indeed, often there is a question of identity—you are a second-generation migrant, you don’t know exactly if you still belong to Morocco or Belgium; a problem of social discrimination—access to housing, bad education or no jobs; the family environment—often parents have been divorced; and so on. The feeling of injustice as well—very often people experience badly the war against the Muslim or the war against the Sunnis. So there may be a full set of factors that in themselves are not enough to explain the process of radicalisation but play a role.

The second set of factors is linked to ideology, on which scholars are divided. For some it’s not a driver, it only plays a role at the end of the process of radicalisation. A sort of black and white, simplistic and conservative interpretation of Islam provides arguments why you can use violence to push your ideas.

But other people like Gilles Kepel believe that ideology in itself can be a driver and attract people. We see a lot of people finding in this brand of Islam a sort of redemption process. Many of them have a criminal past, and going through this very simplistic but hard interpretation of Islam, is a sort of redemption process. So ideology may play a role, but it’s country-specific or people-specific.

And the third set of factors are what I call the facilitation factors: prisons—many of those who have perpetrated attacks in Europe have been radicalised in prison; and the Internet.

So I believe that you have to work on these three sets of factors. And concentrating on neighbourhoods like Molenbeek is only one. You need to address those who are propagating the ideology, address the Internet, and address radicalisation in prison.

Molenbeek mayor: ‘Poverty is no excuse for radicalism’

The Brussels commune of Molenbeek has made international news over the last few months because of its ties to terrorism. Its mayor, Françoise Schepmans, spoke to EURACTIV’s partner Tagesspiegel about the area, ghettoisation and family reunification.

Françoise Schepmans is …

You mentioned the Internet. Are you happy with the level of collaboration of social media companies like Facebook and Twitter when it comes to removing jihadist content?

We’ve taken major steps. I was invited to join Commissioner Avramopoulos last week in California to visit Facebook, Google and Twitter. We’ve made progress, and the IT forum, as a public-private partnership, is now delivering results on many aspects.

The first aspect is the removal of unlawful content. The good news is the relationship that Europol has built with the companies to form the Internet Referral Unit, which allows Europol to flag unlawful content with more success. 90% of the time, content which has been flagged is removed by the companies, while when you and I flag the content, it’s only 30% of the time. That’s the first step.

The second step is a pilot by the companies that was announced in December, to create a common database to prevent unlawful content that has already been removed to be re-uploaded. And it’s important that all the companies, all those platforms in Silicon Valley, use this database, which is still in the development phase.

The third step, which will take more time, is automatic detection of unlawful content so that we rely on an algorithm to identify content which, after a review by a team of experts, has to be removed. And the companies are working on that.

This team of experts is acting like a safeguard against internet censorship?

Yes. It’s not automatic removal but automatic detection because we’re talking about hundreds of thousands of posts. In the UK, for instance, a lot of companies have stopped advertising on Google because they believe Google is not removing enough extremist content. That’s one step.

The second, more positive step, is to discuss with social media companies how they can help empower a more a moderate voice on the Internet. The European Commission is launching this week a €10 million Civil Society Empowerment Program to support credible voices in civil society (and not in government—we’re not credible voices) to counter the narrative of Daesh and al-Qaeda.

We would like internet companies to bring something too—not only money but expertise. Twitter, for instance, has a three-day training program to tweet in an efficient manner. It supported the second presidential campaign of Barack Obama, so technical expertise is something Twitter can bring.

We are also currently discussing with these companies the issue of electronic or digital evidence—how to get direct and swift access to digital evidence. In most cases of foreign terrorist fighters, we only have digital evidence that they have been fighting alongside Daesh and Jabhat al-Nusra. And if we want to secure convictions, that’s the only way to do it.

What kind of digital evidence are you talking about?

For example a WhatsApp message, an email, a video, a picture or geolocation data of the suspected jihadist in Syria or Raqqa. For instance, the Dutch judges consider it sufficient that your mobile was localised in Raqqa to secure conviction—it is simply impossible to survive in there unless you are with Daesh. So we are discussing a new mechanism in order to get access to this data, because it is often stored in the cloud in California, and we have to use mutual legal assistance procedures, which are long and cumbersome.

Another issue is encryption. After the Snowden leaks, these companies were very afraid to lose the European market because they know we do care about privacy a lot. So they started developing encryption even up to what they call end-to-end encryption such as Telegram, for instance, or WhatsApp. And it’s even difficult for the company to get access to the product that they are providing themselves. So how do we go around encryption is another issue which the French and the German ministries have asked the Commission to dig into and come up with a proposal.

Are encryption backdoors an idea that you would support?

The Commission is currently working on the technical and the legal aspects of the file. It’s much too early to say that backdoor would be a solution.

We all agree that we have to balance two concerns. One is allowing the security services, police, and law enforcement agencies to get access to the content, which is important for security reasons.

And at the same time, we need a very strong internet—we don’t want to create vulnerabilities. And the question is, can you open a backdoor for Europol only, or would that at the same time create a vulnerability and open a backdoor for the Russian mafia or third party state spies?

This is part of the discussion but we are not there yet. There is internal work—it’s a tricky issue. If you remember the fight between the CEO of Apple and the FBI to allow the FBI to access to the encrypted content of an iPhone, you see that during the Obama Administration they were unable to find a solution even in the US to go around that problem. So it’s not something that we can solve overnight.

EU anti-terrorism chief: Communications should be accessible to security services

The European Union should consider forcing Internet firms to help security services tap into coded emails and calls as part of a new strategy to combat militant attacks, the EU counter-terrorism coordinator says.

Going back to the commemoration of the Brussels attacks, a number of initiatives were launched at European level after the Charlie Hebdo killings in Paris. What changed after the Brussels attacks? Did it help push forward some new initiatives?

First, on the overall framework, all this terrorism activity has led Commission President Juncker to launch the concept of a Security Union, which is quite ambitious. It’s really a conceptual change. We’re not just supporting member states. We are building a common Security Union like you have a Monetary Union.

82% of European citizens do mention security and counter-terrorism as an area in which they would like to see more Europe. And European Council President Donald Tusk, when reflecting on what could be done to re-energise the EU after Brexit also picked security as the main topic.

On a more practical level, we have finalised a lot of legislation: the directive on terrorism, the common definition of terrorism in all its aspects among the 28. We also finalised legislation on arms and especially semiautomatic arms.

…which was a bit watered down in Parliament.

Indeed, it was a bit watered down. In Europe too, we have a National Rifle Association-type lobby.

We have the systematic check on EU citizens when they cross the external border—the amendment to the Schengen border code. And we are working on a fifth amendment to the money laundering and counter-financing terrorism directive, which is proceeding well and is not very contentious.  The PNR of course was adopted too.

On the more concrete cooperation level, the European Counter-Terrorism Centre (ECTC) within Europol is now really up to speed after one year.

Can you expand on this?

The ECTC is a centre of excellence which was created a year ago and which put together bits and pieces that already existed but when put together create added value—the different databases that Europol has on crime, like trafficking human beings, trafficking of stolen documents, trafficking in drugs, arms trafficking, etc.

On terrorism, there are two specific databases: one on Islamist-related terrorism and another on other forms of terrorism. There is also the Internet Referral Unit, the Financial Intelligence Unit network (FIU), the Terrorist Financing Tracking Program (TFPT) mechanism with the US and dedicated analysts working together on the fight against terrorism.

By the way, there is only one occasion where member states have asked Europol to support a live investigation: that was after the killing of four or five Israelis in Burgas in Bulgaria, three or four years ago. But besides that, until recently member states were not inviting Europol to support a live investigation.

For the first time after the Paris and Brussels attacks, Europol has been invited to be on the investigation team from day one. That shows that member states believe that Europol can bring added value. This is very important. That’s on the law enforcement side.

On the intelligence side, the security services club, which is called the CTG, the Counter-terrorism Group, has decided to structure its cooperation much more by creating a common human and IT platform.

Who are the members of that group?

They are the 28 EU national security services, plus Norway and Switzerland. And that’s a sort of subsidiary of the Berne Club of security services which was created 20 or 25 years ago. The Berne Club covers not only the fight against terrorism but also counterintelligence, counterespionage, and hybrid wars, like the one we experience today.

The CTG is a specific group dedicated to counter-terrorism. It has been working a lot since 9/11, but it had no real structured platform. It now has one. Now we’ve asked them to explore what they could do together with the ECTC. And they are working on that at the moment.

And even though the bulk of the threat is not coming from outside, we are much more aggressive at the external border through the systematic check of EU citizens, but also through the so-called hotspots where all the agencies—Europol, EuroJust, Frontex, EASO, and member states’ liaison officers—are working together to perform security checks on all the persons entering into the Schengen zone.

You once said there was no risk that some terrorists might be hiding among the refugees. Would you maintain this today?

The main threat is coming from people who are not travelling, who are sometimes not even linked to Daesh or al-Qaeda. They just get radicalised in Europe, mount an attack and claim that it’s linked to Daesh or al-Qaeda, but quite often it’s not.

And we’ve seen Daesh change its propaganda. Between 2013 and 2016 the message was, ‘Leave your country, and come here to build the caliphate’. But since the caliphate is collapsing, now the message is different. Now, it’s ‘Don’t move, don’t travel, mount an attack where you live with the means you have, it’s not necessary to travel anymore’. And of course there might be one terrorist among the refugees from time to time, but it’s very marginal. And we have improved significantly the way we spot and stop people at the external border.

EU counter-terrorism czar: Terrorists among asylum seekers? Unlikely

The refugee crisis is a major challenge by itself. If you start mixing it with terrorism, you confuse the logic, EU counter-terrorism coordinator Gilles de Kerchove told EURACTIV Czech Republic in an exclusive interview.

What changes do you think need to be made to Schengen to prevent the circulation of jihadists?

The circulation of people inside the Schengen zone is intrinsically linked to the project. If you want to rebuild borders, reinstall borders, I wish you luck. It will be awfully expensive. And will it be effective? I doubt it.

Then what is the answer?

You may reinstall border checks for a short period of time. But there is no discussion as to a permanent re-establishment of internal border checks, this is nonsense.

The project is to keep developing what we call the flanking measures, which is an endless process. The most known flanking measures are the Schengen Information System, common visa policy, common asylum policy, and common rules at the external borders.

All of which have not made tremendous progress…

It has made a lot of progress, but it will never stop because the nature of the threat has changed. For years we were looking at third country nationals. Then we discovered that a new threat was coming from Europe and that it was our own citizens going abroad and coming back.

What did we do? We had to amend the Schengen border code to check EU citizens systematically. At the very beginning, the Commission was a bit reluctant because that was not the mindset. Now we’ve reached the conclusion that our citizens are the main threat. So maybe tomorrow we will need another flanking measure. I think we need to keep developing these flanking measures according to the development of the threat.

And probably what has been the least developed is the world of intelligence because member states have decided to keep it outside of the EU framework. That’s their decision. But they are making progress on that as well, outside the EU framework.

Not all member states are willing to share sensitive information with all the others…

There is a misunderstanding on that, and even myself sometimes misunderstood. I don’t suggest that they are not sharing intelligence. This is untrue. Do you believe for one second that the heads of national security in France and Belgium are not serious people who want to prevent an attack?

On a bilateral basis, yes, but not on an EU-wide level.

No—as a goal, they want to do everything possible to prevent an attack on their territory.

But that’s bilateral collaboration.

The way they work is different, but the determination is very strong. I have never met the head of a security service who is stupid, who does not want to protect his country. They do share, bilaterally or multilaterally, and more and more multilaterally.

I did refer to the platform before. The question is how structured it should be and that’s up to them to decide because it’s outside the EU framework. The second question is the sort of link that you want to build between this platform and Europol, which is an EU agency. And this is something they are currently discussing. But that’s the decision of the EU member states to keep this cooperation outside the EU framework.

Activists wary of ‘data super-authority’ Europol as reform looms

EU police agency Europol wants to track down and delete terrorist propaganda on the internet and have the practice enshrined in EU law. Data protection activists are sceptical. EURACTIV’s partner Der Tagesspiegel reports.

Belgian Prime Minister Charles Michel has called for some kind of European FBI although he may have meant CIA. Do you support this idea?

He said CIA and he meant FBI because it’s not about spying outside of Europe on other states. It’s more what the Americans did after 9/11 when they decided to create an intelligence division inside the FBI, having in the same agency intelligence and law enforcement information.

And that’s part of the achievement of the last few months. We managed to convince the member states to feed more and more intelligence into the Schengen Information System and Europol. Do they feed 100%? No. But they have started doing that. So if you take what we call in the Brussels jargon an Article 36(3) alert, we now have intelligence information put in by security services in the SIS, which is an EU tool.

Security services share all the names of foreign terrorist fighters in the SIS, which is used by all the member states. And we have one mechanism, which is the SIS Article 36(3) where all the names, and, I hope soon, all the biometrical data, of all the foreign terrorist fighters, are shared among the 28 plus the Schengen non-member states. So when someone is checked at the external border, they can determine if it’s someone that they should arrest or if it is someone they should put under discreet surveillance. This is already one step.

Sharing with Europol is coming gradually, but our member states prefer doing that at the national level. It’s up to the national law enforcement agency to feed Europol. It’s not entirely true to say that they’re not sharing. They do.

But they do selectively only.

First, I don’t know, because I don’t have access to the pipeline. I cannot say that they share 100%, 80% or less. And you don’t know either. I don’t know if it’s a question of data sharing, it may be a collection of factors that led to the attacks.

But there were indeed some weaknesses. For instance, when Salah Abdeslam was checked by the French gendarmerie on the morning after the Bataclan attacks took place, he was under Article 36(2) and not 36(3), and the response of the Belgian police was probably not quick enough. He could have been arrested.

Allowing the gendarmes to have access to that particular set of data would have helped arrest Abdeslam?

They had access, they knew that Abdeslam was in ISIS. But it was not explicit that he was a terrorist. He was there under Article 36(2) of the Regulation creating the SIS, which is related to data provided by the police on all sorts of criminals which means he could have been just a drug dealer. And neither 36(2) nor 36(3) are sufficient for asking the arrest of a person—it’s only there to inform the state which fed the information in the database that the person has been controlled. The gendarme did in a way what he had to do, but if he had been signalled as a terrorist, maybe they would have arrested him.

Can you explain what is currently covered by Article 36 (2) and 36(3)?

There is a regulation creating the Schengen Information System (SIS) which covers all the information that you put in the database—on missing children, on people who cannot enter the Schengen zone, on people who are under a European arrest warrant. So there are maybe ten categories of alert.

36(2) covers information put most of the time by the police on crooks, criminals, drug dealers, traffickers of human beings, etc. Nobody wants to arrest those people at this stage, but police want to have as much information as possible about them. For example, if such a person is controlled in Greece, the Greek police will inform the Belgians that Mr X has been controlled, that he was in a car with other people. You collect information but you don’t show to the person that he is in the system. It’s discreet surveillance.

36(3), most of the time is information put by the security service. It’s intelligence. For instance, when Mehdi Nemmouche entered the Schengen zone in Frankfurt, he was detected by the Germans who informed the French. But in the system at the time it was not clear that Nemmouche was a foreign terrorist fighter. After this, we changed the system to make sure that when someone is put under 36(3), the system shows to the border guard that the person is a foreign terrorist fighter. The border guard can then in real time call the state which put the data in and ask whether he should let the person go, arrest him or ask further questions.

Council pushes for broad collection of flight passenger data after Paris attacks

Justice and Home Affairs ministers from EU member states are meeting today (20 November) in Brussels to discuss new security measures following the terrorist attacks in Paris last weekend that left 129 people dead.

And this is now in place?

After Nemmouche, we refined the system, and after the Abdeslam case, the Belgians are now feeding 36(3) more systematically, when they were using 36(2) before. We always try to refine the system.

Do you support this idea of a European FBI, or is it too early?

First, we have to work in the current legal framework. There is no treaty negotiation soon, so we have to work within the current system.

Over the last two years, I have encouraged the security services to cooperate more, and they have started doing it. They’ve created a common platform—a human and IT platform—which is located in the Netherlands, close to Europol. That’s a very significant improvement.

The second one is to encourage national security services to explore with Europol what sort of cooperation could be developed between the Europol ECTC and the CTG platform that I just mentioned. So that’s, I think, a step in the right direction.

I’ve also worked a lot to monitor how member states are feeding the SIS with intelligence under Article 36(3) and they have improved a lot. And I’m encouraging member states to feed Europol as much as possible. If Europol is more and more involved in live counter-terrorism investigations, member states will feel much more confident, they will see the added value and they will naturally feed Europol more. You cannot force the security service to feed Europol—it doesn’t work like this. Creating this trust relationship will take some time.

Overall, if we achieve all this, I think it would already be a major improvement. If later on member states decide to create an intel branch inside Europol, we will see. But the large member states are not in favour.

Looking forward now, what remaining gaps should be addressed as a matter of priority?

I would mention the high-level expert group on interoperability, which is currently exploring how we can cross more EU databases with batch comparison. That would allow better access to the Eurodac fingerprint database by the police for example.

We have a Europol database, Interpol database, Schengen Information System, visa information system, Eurodac. We’ll have the ETIAS database soon on the entry-exit mechanism—so how do we use that in a more effective manner?

The second urgent challenge is to start feeding and being in a position to query these databases with biometrical data and especially facial imaging. Fingerprints are the biometric data of the 19th century, DNA is the biometric data of the 20th century, and facial recognition is the biometric data of the 21st century. We need it because many people entering Europe are travelling with no documents or false documents or stolen documents. Biometrical data is the only way to identify these people.

EU proposes Minority Report-style facial recognition for refugees

In its attempts to bring the refugee crisis to heel, the European Commission wants to expand its fingerprint database, introduce facial recognition software, store the information for even longer than before and include minors in the process. EURACTIV Germany reports.

Interoperability between the databases, systematic use of biometrics, going further with internet companies on the removal of unlawful websites and automatic detection of them, encryption, digital evidence, and developing counter-terrorism partnerships with the neighbouring countries in the Euromed area—all of these measures are needed at the same time.

We started negotiating counter-terrorism partnerships with countries from Morocco to Turkey, including the Western Balkans, but we need to keep doing that quickly, because they, too, are vulnerable. A country like Tunisia has more than 3,000 of its citizens who left to fight in Syria, Iraq or Lybia. They will return, so how can we help this country digest these returns?

It’s a collective challenge for all the countries around the Mediterranean to cope with the threat, but many of them are less prepared than Europe is. And some of them are dual citizens—they are Belgo-Morroccans or French-Tunisian or French-Algerian—and they may use their two passports to go below the radar. This is another challenge. I’m working hard with the European External Action Service at the request of Ms Mogherini to build this counter-terrorism partnership.

And, finally, we need to step up cooperation with Gulf countries on how we can reduce the spread of the most extremist brand of Islam. That’s a list of challenges

To conclude, are you concerned about Brexit in the context of counter-terrorism?

The whole environment is changing with the election of President Trump. The Americans are sharing a lot of data with our services and we want to keep that and work very strongly together.

And the same applies to the Brits. Britain has always been at the forefront of the fight against terrorism. They have very effective security services. Conceptually, they are the ones who shaped our policy, which is inspired by the four P’s: prevent, pursue, protect, prepare. They’ve always played a leading role and it’s very sad to see them leaving.

We need them, but they need us as well. Even though I’m not authorised to discuss what will happen after Brexit, it seems clear that it will be of mutual interest to find ways of keeping both sides safe. It’s too early to determine how we will do it, but Britain is important in the counter-terrorism fight.

Given that Britain is already outside of EU justice and police cooperation, it shouldn’t make a big difference…

Yes and no. After the Brexit referendum, Theresa May, who was home secretary at the time, convinced Parliament that Britain should opt back into Europol. That’s quite significant. They now have a full-time Commissioner, Julian King, who is working hard to show that Britain does matter. And they are connected to the SIS.

And that can survive Brexit?

We’ll see. As I said, we’ll probably need each other later on, but I don’t want to express myself on how we will do it because that’s another story.

Subscribe to our newsletters