Europe's police agency, Europol, is getting new powers to combat terrorism, cyber-crime and other cross-border threats, after more than 440 people were killed in terrorist attacks last month, including the Paris attacks.
Europol will immediately be able to set up new police units to counter emerging threats from terrorists, cyber-gangs and other organised criminals. And it will be free to directly contact firms such as Facebook to remove web pages containing ISIS and other terrorist content, under rules agreed last week by the European Parliament and ratified yesterday by 43-5 votes by the influential Civil Liberties Committee of MEPs.
"The new Europol rules are the best answer that we can give to the terrorist threat,” said lead MEP, Augustin Díaz de Mera. “In the last month alone, 446 people have been killed. As lawmakers, we have a responsibility to face up to this challenge and act. We owe it to the citizens and to the victims."
But despite the strong backing, the new powers will not come into force until April 2017 because of the extended process for bringing in EU-wide regulations. Commenting on the timeframe, UK cyber-crime expert and Europol adviser Professor Alan Woodward from Surrey University said: “Welcome to the European Union.”
But Woodward told SCMagazineUK.com he is in favour of the new powers: “One lesson from the Paris attacks is that there is a silo mentality - countries and sometimes organisations within countries don't share information. And one of the great successes of Europol is that it can co-ordinate activity against organised crime across borders. It has been particularly successful in tackling cyber-crime.
“They are trying to expand Europol's mandate so that it can act as a clearing house for information about terrorism. I am definitely in favour. They have been such a big success in countering cyber-crime that this is an obvious thing to do.”
Woodward also suggested action could take place before Europol's new powers are officially ratified in 2017. “Unfortunately getting any regulation that obliges member states to do something takes a long time - but if member states have any sense, they'll be picking up the phone and talking to Europol today. The thing they are really lacking at the moment is the sharing of key information.”
Independent security consultant Brian Honan, head of Ireland's CSIRT and a special advisor on internet security to Europol, also supported the changes. He told SCMagazineUK.com via email: “This initiative is a welcome step forward in the ability of law enforcement to better share intelligence data in a timely manner. Looking at previous terrorist atrocities, in a number of cases the terrorists were already known to law enforcement but the relevant information did not get to the appropriate authorities in time or in the right manner. Having a central ‘clearing house' with close contacts with anti-terrorism units in police forces in the EU member states should hopefully go a long way to addressing this problem.”
According to an EU parliamentary source, the new regulation formalises the process for setting up new specialised law enforcement units and also gives Europol more scope to fight cyber-crime - for example by allowing it to exchange data directly with companies in certain cases. It also formalises the role of the existing European Cyber Crime Centre (EC3).
The EU insists strong data privacy controls will be put in place over Europol: “The new powers will go hand in hand with increased data protection safeguards and parliamentary scrutiny. The European Data Protection Supervisor will be responsible for monitoring Europol's work and there will be a clear complaints procedure under EU law for citizens. Europol's work will be overseen by a Joint Parliamentary Scrutiny Group with members from both national parliaments and the European Parliament.”
Brian Honan commented on this: “It is essential in any such initiative that appropriate steps are taken to ensure the right data is identified without abusing the rights of individuals. I am glad to see the data protection controls that have been put in place and would hope these are regularly reviewed to ensure there is no abuse or misuse of any personal data by any law enforcement agencies.”
Europol's new powers are due to be formally approved by the EU Council of Ministers later this month, and then by the full European Parliament in a vote scheduled for April 2016. They would then take effect in all EU member states on 1 April 2017.
Professor Woodward does not believe the change marks a shift away from the EU's recent focus on data privacy and protection, in the wake of the Paris attacks. He said the incoming new pan-European Data Protection Directive “means the bedrock for protecting information is already there. This is more of an evolution than a revolution”.