Matthew Finn, Managing Director at AUGMETIQ discusses the importance of building Europe’s capability to fight terrorism and serious transnational organised crime
For the better part of a decade, the European Union (EU) has been struggling to create a new legal basis to protect its 500 million citizens while respecting their fundamental right to privacy and the principle of free movement within Europe. The issue at stake is or rather was: “to use or not to use sensitive personal data for counter-terrorism and serious transnational organised crime”. The data in question is Passenger Name Record data or PNR – essentially the booking information created each time a passenger books a flight.
The recent attacks in Paris altered the landscape and transformed how European policy-makers view the demands of security in the context of personal privacy. The issue is no longer whether to use this data (that decision has been taken), the issue now is ‘how’ to use it – for what purpose, for how long, by whom, what constitutes a conspiracy to commit an act of terrorism and what defines serious transnational organised crime?
Creating the legal basis
In February this year, Timothy Kirkhope, the lead Member of the European Parliament dealing with this issue, tabled the latest draft for what will become the EU PNR Directive. In the weeks that followed, policy-makers from each of bloc’s 28 Member States evaluated the draft and came up with some 800 amendments to shape the final version to be laid before Parliament, negotiated, agreed and ultimately adopted by the European Council. Despite the scale of the task, EU Member States remain confident the new legal basis will be in place by the end of 2015.
The journey from policy to operations
As anyone working in this arena knows well: policy is one thing; operations another. Once the legal basis is in place, it will be down to each Member State to develop capabilities to acquire large volumes of PNR data, almost certainly including intra-EU flights, identify risks, target threats and ensure multiple actors on the ground, (e.g. police, counter-terrorism, customs, border control), are aligned, aware of their individual responsibilities and properly supported to conduct joint operations.
Arguably, acquiring the data and building a system to do something with it is the easier task. There are nonetheless inherent complexities in acquiring the right data in the right format at the right time, and having the right tools and skills in place to analyse patterns, behaviours and relationships that could reveal potential terrorist or criminal activity.
The harder task will be to bring multiple agencies together under one roof: create an environment that builds on the best practices of each, but leaves behind the cultures and practices that limit or inhibit working together as a high-performing team using an array of talents from multiple government departments. The Passenger Information Unit will be an entirely new environment, requiring new leadership, new thinking, new skills and a mature approach to learning and improving performance over time.
A typical and understandable response to the challenge is for governments to focus on the technology needed to build these capabilities. Indeed, technology will be a critically important component. However, there are invaluable lessons that can be learned beforehand, particularly from countries outside the EU in Asia and the Middle East, where a number of governments have experience of working with systems involving the real-time risk assessment of passenger data.
Several EU Member States have already identified an existing agency or department to lead the Passenger Information Unit (PIU). Others are still considering the possibility of creating an entirely new entity. Yet whichever department is ultimately accountable for the PIU, many other government departments will want to shape the thinking around what it can achieve, how it will be organised and how they can share information, ideas, skills and talents to ensure it delivers the right outcomes in the national interest, not just departmental targets.
The PIU must have a clear vision and a well-defined set of strategic aims. These will need the support of senior officials from all government departments that have a stake in seeing the PIU succeed for the benefit of the country’s national security.
From initiation to optimisation
The PIU’s vision and aims will set the parameters to inform how the unit is designed and managed. It will be important, particularly for ministers and the general public, to have a realistic understanding of what the unit can achieve by when.
On its first day of operation, systems, business processes, budgets and resources will be vague, ‘works in progress’ or altogether missing. As the unit matures, processes will be defined, systems will become operational and the knowledge and confidence of using passenger data for risk assessment much greater. This maturity will enable the unit’s capabilities and effectiveness to increase and allow the leadership team to focus on optimisation to drive more and better outcomes. With the right approach and support, the PIU can mature quickly and ultimately become one of the nation’s most valued assets in the fight against terrorism and organised crime.
The way forward
By late Summer 2015, we will have a clear idea of what the EU PNR Directive looks like and the legal basis that will enshrine each Member State’s acquisition and processing of passenger data. Assuming there are no further delays in the legislative process, 28 Member States will have a green light to establish a Passenger Information Unit at the end of 2015. This means the next 6 months present a valuable opportunity for Member States to advance the thinking process and deepen their understanding of their strategic aims, draw lessons from other countries’ experiences outside the EU, and work on some of the additional challenges they face in bringing together multiple government departments, creating new business processes, designing and interfacing new systems with existing ones (including systems such as those hosted at EU-LISA and INTERPOL) and developing new ways of working with data and intelligence. This will be vital to help Europe stand up to the growing threat of terrorism and organised crime that affects our societies, our economies and our European way of life.
About the author: Matthew Finn is the Chair of Smart Borders and Managing Director of AUGMENTIQ, a consultancy practice working internationally with government and industry to inspire new thinking, drive change and transform operations in homeland security.
Tel: +44 (0)203 41 63 222