Discussion Prompt:  Why don’t intelligence oversight bodies cooperate as well as intelligence agencies? And is there reason to believe that this could be changing?

Naturally, the effectiveness of intelligence oversight stands and falls with the degree to which it is able to emulate developments in and between the services. Attempts at oversight cooperation have been few and far between and their success is difficult to measure. Nonetheless, there is reason to hope that the more intelligence agencies cooperate, the more they will have to enforce formal standards for the exchange and use of data and the role of oversight.

In October 2018, five intelligence oversight bodies signed the Common Statement of Bern. In it, the authorities from Belgium, Denmark, the Netherlands, Norway, and Switzerland declared that they had “begun a new form of cooperation” in the form of a “joint project to exchange experiences and methods”. This effort addressed the risk of a growing oversight gap as international cooperation between intelligence and security services had intensified, and continued to do so, without there being a strong corresponding development on the part of oversight. The common statement, therefore, was deemed a natural response to the development of international security cooperation.

The oversight authorities of the five countries came to this conclusion after having had assessed, each at the national level, the nature and degree of international cooperation between intelligence services on the question of so-called ‘Foreign Terrorist Fighters’. They readily agreed that the issue, as many others, required different national intelligence services to work together. They simply demanded that oversight bodies followed suit, and so they did. What, then, is the significance of this unprecedented attempt at institutionalising oversight cooperation in Europe? Part of the answer lies in retracing the evolution of oversight cooperation, which I have been privileged to witness from a Belgian perspective over the last 25 years.

A brief history of Belgian oversight & oversight cooperation

In 1991, the Belgian Parliament adopted a law creating two independent committees to oversee the police services and the intelligence services respectively. To the best of my knowledge, the “Comité I” was the first European “civilian institution[s] (…) independent of both the intelligence services and the executive”, a paramount building block for effective oversight according to UN Special Rapporteur on human rights and counter terrorism Martin Scheinin’s 2010 report. The Fundamental Rights Agency’s (FRA) typology of oversight instances would classify them as “expert bodies”. The law’s purpose was, in my view, not so much to fundamentally innovate but to remedy major national security failures in the seventies and eighties. With regard to innovation, Belgium drew much inspiration from the Canadian oversight model, however. Hence, contacts with the Canadian Security and Intelligence Review Committee (SIRC), constituted the very first form of international cooperation for the Belgian Committee.

Soon after, the Belgian Committee discovered other already existing or newly created oversight bodies. In some countries, oversight is performed by parliamentary commissions, it can also be organised by the executive power, or — following the Anglo-Saxon tradition — by offices of Inspector-Generals [such as the New Zealand Inspector-General, read her piece on public engagement here]. Authorising bodies are also important, granting specific, usually intrusive powers to services (e.g. communication interceptions). They have a parliamentary, executive, or a specialised (“expert”) character, but they are all more or less independent.

In 2002, the Belgian Committee was first invited by the British Intelligence and Security Committee to attend the International Intelligence Review Agencies Conference (IIRAC) in London. Review authorities of all above-mentioned types participated. The Belgian Committee, alongside our Canadian colleagues, were the only two “expert bodies”. The vast majority of attending authorities were in fact Inspector-General’s offices or members of parliamentary commissions of the five-eyes countries.

The Belgian Committee also attended several of the Conferences of the Parliamentary Committees for the Oversight of Intelligence and Security Services of the European Union Member States. Its sixth instalment in Brussels was co-organised by us and the Belgian parliament. On that occasion, trying to champion the spirit of those meetings, we collectively launched what would later be known as the ENNIR project, a European Intelligence Review Agencies Knowledge Network. It was going to be both a database mapping the different intelligence authorities in Europe and a platform for information sharing between them. As promising as these meetings and the ENNIR project were, the Berlin conference in 2011 was the last of its kind. Unfortunately, the Belgian Committee will soon have no other choice but to close the ENNIR website for lack of staff and, even more, enthusiasm generated by this initiative.

Other meetings have been organised occasionally, such as those of the International Intelligence Oversight Forum (IIOF) on the initiative of UN Special Rapporteur on the right to privacy, Prof. Cannataci. The fourth meeting of the IIOF took place in London in early October this year. Another conference organised by the French CNCTR and our Belgian Committee was held in Paris 2018. It will be followed up in December 2019 with a gathering in The Hague.

Five, now six oversight bodies cooperate

These initiatives, some regrettably petered out, some well-established by now, are complemented by the five oversight bodies that met in Bern in 2015 to declare their cooperation. They are an informal group and still have no official name at the time of writing. The group was the result of informal contacts at the initiative of the chair of the Dutch CTIVD in 2014

Since issuing their common statement in 2018, the group has initiated a new project that will focus on (1) the development of oversight and audit standards and (2) oversight innovation. In 2019, the group expanded to now include the British oversight authority IPCO, and convened at board level in Brussels and at staff level in Copenhagen. Observer delegations from Germany and Sweden were present as well.

To what extent do these six oversight bodies inspire hope that intelligence oversight cooperation in Europe is beginning to catch up with intelligence cooperation? I must admit that at this point the results of the cooperation seem rather meagre. Some conferences and statements are the only visible results, so far. But then again, measuring the success of these collaborative efforts is no easy feat. In contrast, oversight platforms from related sectors — such as privacy and data protection, police oversight and complaints authorities, none of which I am privy to, however — do not appear to me to be far ahead. (This should come as no surprise because most of these oversight authorities were created at the same time as intelligence oversight).

Obstacles to oversight cooperation

Every sector claims to be very specific, and that is true to some extent, but intelligence oversight has its unique peculiarities and challenges. This has much to do with the nature of intelligence and security work itself, which almost all states consider to be the last stronghold of national sovereignty largely covered by secrecy. Until recently, and with the notable exception of the Five Eyes, intelligence cooperation (in Europe) was mainly informal (such as the Club de Berne) and primarily bilateral. Only after the 2015 Paris attacks, European national intelligence services set up a permanent platform and a common database, exclusively focused on the fight against terrorism. The booming cooperation between services and the structured exchange of data is thus a fairly recent development. Oversight bodies do not question that it is a much-needed one, but nonetheless find themselves confronted with major problems when seeking to execute their mandate, which, naturally, is limited to the services of their country.

When data are exchanged with other intelligence services, it is difficult, if not sometimes impossible, to verify the correctness and legality of the information. It can neither be assumed that foreign services have the same capabilities and apply the same practices, nor that independent oversight is operational or even existent. And how to cope with complaints lodged by a citizen facing difficulties at border control and discovering that they have been placed on a list?

Experienced oversight authorities understand the need for cooperation at the level of services very well, and they all realise that both the matter of cooperation and the concrete exchange of information are very fragile and sensitive. They do not want to add further complications at all. However, they have to identify certain risks and ways to avoid them. For this to be achieved in the best possible manner, they have to meet with their foreign colleagues using similar standards.

Oversight cooperation is not only handicapped by the very different structures, mandates, and powers assigned to the oversight authorities by the legislator. Given that national security is explicitly excluded from the purview of the European Union, there is also little hope that it will intervene in these matters (the exception being when the European parliament asked the FRA to investigate the protection of fundamental rights in the context of large-scale surveillance in the wake of the Snowden revelations). It should be kept in mind that oversight, certainly that which is performed by independent external authorities, is a quite recent phenomenon. Moreover, even where established, it is not always in a position to impress. In the absence of a central, supranational facilitator, the group of six oversight authorities came to the conclusion that they had to develop a form of cooperation by themselves, at least to learn from each other and exchange expertise, even without any formal mandate.

Why oversight cooperation is essential

When Belgian oversight was established in the previous century, it was derived from a basic knowledge of poorly developed legal standards, some operational understanding, and a lot of common sense. However, with the development of advanced intelligence techniques (such as profiling and data mining, bulk interception, surveillance and intrusion possibilities, disruptive measures, etc.) also in smaller countries, oversight must have at least some technical understanding of operational functionalities to be effective. Since for oversight to obtain the same kind of state-of-the-art expertise that the services wield is probably mere fiction, exchanging insights among oversight bodies is crucial in attempting to keep apace with rapidly transforming intelligence practice. This development has become such a necessity that it reaches an existential level for oversight.

So what to expect from oversight cooperation in the future? I am convinced that the more intelligence services cooperate and exchange data in a necessary reaction to common threats (not limited to terrorism), which is then also increasingly translated into practical measures, the more they have to enforce formal standards for the exchange and use of data and the role of oversight. In this era of digital communication the need for the proper protection of data has become fundamental. This must be regulated and submitted to oversight so as to protect our citizens against abuse in the private sector and against cyber crime. Above and beyond these major threats, however, our security and intelligence services must also be reviewed to ensure that privacy intrusions always have a legal basis and are necessary and proportional. This applies to the exchange between intelligence services as well.

Oversight is still not fully and systematically recognised by parts of the security sector. This is a grave misfortune given that oversight is also supposed to offer the people leading and working at the services the reassurance that the way they exercise their craft is in fact lawful and effective. High-quality oversight must be developed in an international context with countries sharing the same basic legal standards. In the future, these standards should be improved by granting oversight authorities the possibility to cooperate with their foreign counterparts in Europe.