Gilles de Kerchove: Speedy access to e-evidence is crucial to fighting terrorism and organised crime

The legislative proposal for regulation brings our rules in line with the digital reality

EU Counter-Terrorism Coordinator Gilles de Kerchove

If we don't give our law enforcement and judicial authorities appropriate tools at hand to fight terrorism and serious and organised crime that is being carried out online, they go dark and there is impunity for crimes. They risk to be blind while many of the crimes are either planned or conducted online, says EU Counter-Terrorism Coordinator Gilles de Kerchove in an interview to Europost.

Mr Kerchove, at the beginning of December 2019, several European media outlets published your position on the access to electronic evidence. Was there any response and what was it?

Yes, indeed I got a lot of positive feedback from practitioners, prosecutors and law enforcement, who urgently need electronic evidence in their criminal investigations but do not yet have access to it. They find current procedures unworkable, as they are much too slow and cumbersome. Several prosecutors approached me afterwards and stated that they fully support my views and would like to co-sign it. This is why I decided to publish it on my institutional web-page with the wider group of co-signatures.

Why is this delay in the adoption of the regulation and its accompanying directive, which were proposed by the European Commission in April 2018?

Both are high-priority legislative proposals of the European Union in the field of security. That is why the EU Heads of State or Government emphasised already in the Conclusions of the European Council 18 October 2018 the importance of swift and cross-border access to electronic evidence in order to effectively fight terrorism and other serious and organised crime and called for an agreement on the electronic evidence proposals before the end of the legislature in May 2019, before the elections to the European Parliament.

In line with this, the Council adopted swiftly a general approach on the regulation on 7 December 2018. And in addition, in light of international developments, justice and home affairs ministers authorised the Commission to participate in the negotiations on the 2nd additional protocol to the Budapest Convention and to open negotiations with the US to conclude an agreement to facilitate the access to data. Unfortunately, even though the Council did all that was necessary on its side to enable the proposal on e-evidence to be adopted as soon as possible - the European Parliament, the co-legislator, has not done its part in this process yet. As a next step in the process, the European Parliament needs to adopt a position on the text, but this has not happened so far. Within the Parliament, the Civil Liberties, Justice and Home Affairs Committee (LIBE) was assigned to deal with the proposal on the regulation. The same rapporteur as in the last legislature was re-appointed. The rapporteur and her shadow rapporteurs (rapporteurs of each political group in the Parliament that negotiates the topic with the appointed rapporteur of the Parliament) took their positions in November 2019 suggesting over 800 amendments to the proposal. The proposal is still being discussed in the LIBE committee - since December 2018! If the Parliament were to adopt a position, we could finally start the trialogues between the EU's co-legislators (Council and Parliament) on the proposal! And only after consensus has been found in the trialogue, the regulation can be adopted and then enter into force after the period set in it (now 24 months). Can you imagine how hard it is for practitioners to wait so long for a legislative basis to act in terrorism or serious and organised crime cases?

How will you obligate companies registered in the US and complying with US law to cooperate with the European investigative authorities?

Many service providers operating in Europe are actually based in the US. The proposal for a directive on the appointment of legal representatives for the purpose of gathering evidence for criminal proceedings that complements the electronic evidence regulation envisages that service providers offering services in one or more EU Member States would need to appoint a legal representative. That legal representative will be in charge of the receipt, compliance and enforcement of production orders for electronic evidence - no matter where the service provider's headquarters is located or data is stored. The proposals for the regulation together provide for strong fundamental rights safeguards and effective remedies. It foresees for the service provider to have the right to request a review. It intends to bring clarity of the procedure and legal certainty for all the parties involved as well as to speed up the gathering of electronic evidence. It obliges service providers to respond within 10 days and in emergency cases within 6 hours. This would be a great improvement as currently requests based on existing mutual legal assistance agreements take so long that criminal authorities wait for a response 10 months on average. Existing rules are not fit for the digital age. This would be solved with the new legislation.

US legislation, however, prohibits US-based companies in certain situations from complying with orders from foreign jurisdictions requesting access to content data. Rather than risking a conflict of laws and leaving companies the burden of choosing which law to comply with, the EU has launched negotiations with the US on a bilateral agreement that would remove this potential conflict of laws.

On what legal grounds may such cooperation be requested, having in mind that national criminal and criminal procedure codes are not synchronised within the EU, and are different?

The proposal on the electronic evidence regulation is based on Article 82(1) of the Treaty on the Functioning of the EU. This Article 82(1) specifies that judicial cooperation in criminal matters shall be based on the principle of mutual recognition, i.e. measures may be adopted to lay down rules and procedures for ensuring recognition throughout the Union of all forms of judgments and judicial decisions. However, the proposal introduces a new dimension in mutual recognition, beyond the traditional judicial cooperation in the Union, which so far is based on procedures involving two judicial authorities, one in the issuing State and another in the executing State. The draft regulation provides that the authorities in the enforcing State (where the legal representative is established) can intervene if the order is not complied with. Furthermore the enforcing State is the one being notified whenever content data is being sought of persons not residing in the territory of the issuing State. This is an additional safeguard that the proposal, as modified in the Council position, sets out.

The company Apple even now provides information about its customers. Every six months it publishes a report of the requests it has received, for what data and from which countries, how many of them were granted and how many were turned down. Is this not sufficient?

No, unfortunately such voluntary actions by the companies are not sufficient, companies have different practices. Public consultations of the EU Commission with all relevant stakeholders for over a year have identified exactly this problem. The result was by and large that the increased use of internet-based communication services and tools presents a challenge for law enforcement: the process to obtain e-evidence is too lengthy and recognised as one of the main obstacles. Other key issues public authorities highlighted include the lack of reliable cooperation with service providers, lack of transparency, and legal uncertainty surrounding jurisdiction for investigative measures. Direct cross-border cooperation between law enforcement and digital service providers is considered to add value in a criminal investigation. Service providers and some civil society organisations indicated the need to ensure legal certainty when cooperating with public authorities and to avoid conflicts of law. In addition, our own EU legislation on data protection requires a clear legal basis for the processing of personal data inherent in responding to a request, and a legal obligation puts the companies on much more solid footing here.

Apart from US law, these companies also comply with their own internal regulations and codes. The requests sent to Apple, for instance, are considered by the company's legal team which decides whether they have valid legal grounds. Do you think that a European directive can change that?

Yes, the proposed directive makes it mandatory for the companies to appoint a legal representative within the EU who would be the addressee of a European Production or European Preservation Order. The companies would have to execute the order on the basis of the legal grounds set out in the regulation, if they have doubts on the legality of the order they have legal remedies. However, they cannot just decide whether to respond or not, based on their corporate guidelines. Rather, the law sets out a horizontal standard that applies in the same way to all. This is by far a more transparent and legally certain way than a standard set by the private sector. The standards applied by private companies are often not transparent and unclear, each company seems to have their own way to decide the cases and it is unclear when and why a certain decision to deny electronic evidence is given. In addition, voluntary cooperation is not possible for content and there are no deadlines for voluntary cooperation.

It is noteworthy that most of the prosecutors who backed your position are from Italy and other Member States whose problem is not terrorism but organised crime. Isn't the Mafia the more serious challenge?

Access to digital evidence has become a problem across the board, for all forms of crime. Most criminals, including terrorists, now make use of the internet and online tools. The Mafia is a challenge in parts of Europe where they are active, no doubt. But to reduce organised crime only to the Mafia would miss the point. With regard to today's digital world, serious and organised crimes such as child exploitation or financial crimes online are much more widespread. To conclude, speedy and reliable access for law enforcement and prosecutors to digital evidence is crucial for counter-terrorism and other serious and organised crime, as more and more of the evidence is on the internet and hence needed to avoid impunity.

In your position you prioritise the fight against terrorist organisations, such as Daesh and al-Qaeda. Aren't these fears a little over exaggerated?

Not at all. The opposite is the case. In the case of Daesh in particular, the threat through the use of internet has even grown since Daesh's loss of the physical territory it had under its control. The organisation communicates, instructs and recruits massively through the internet. This has become such a scale that experts speak of the “virtual caliphate”. The threat by the use of the internet through Al Qaeda is similar. Both organisations use the internet for their propaganda campaigns and address the public and their supporters via the internet. In addition, terrorist suspects may communicate via services such as WhatsApp or Telegram, which might contain important information for investigations and prosecutions.

According to the Global Terrorism Database, between 1987 and 2004, the so-called domestic terrorism in Western Europe (the Baader-Meinhof gang in Germany, the Red Brigades in Italy, the IRA in the UK, Basque and Catalan terrorism in Spain, and Kosovar terrorism in the former Yugoslavia) has caused the deaths of 1,833 people - twice as many when compared to the 996 victims of so-called Islamic terrorists in the period of 2000-2017. How would you comment on these numbers?

The Europol T-SAT report provides a good overview over the threat picture in the EU each year, in particular the serious threat of jihadist terrorism. The threat posed by home-grown individuals who get inspired or instructed by Islamist terrorist organisations remains serious. In addition, persons convicted for terrorism have started to leave prisons after serving their sentence and might still pose a threat, as some attacks have shown. Violent right-wing extremism and terrorism is on the rise in a number of Member States. Only to give a very recent example: law enforcement authorities in Germany have raided the houses of a right-wing group of persons (“Group S”) that aimed to attack mosques and prayer houses and persons of immigrant background to create an atmosphere of civil war in the country. The group first met as like-minded persons on the internet and discussed their plans on a social platform. Only after their online meetings did they meet physically, in the real world. The online communication of these persons contains valuable electronic evidence in the terrorism prosecutions against them.

Are there any grounds for the concerns that the regulation proposed by the EC does not guarantee the protection of basic human rights? What are its weak points, in your opinion?

I don't believe so. The proposal includes many legal safeguards based on fundamental rights and increases the checks and balances compared to most existing national systems. This is true for the rights of the service providers as well as the individual suspects or accused persons.

The Regulation introduces binding European Production and Preservation Orders that need to be issued or validated by a judicial authority of a Member State. An order can be issued only to seek preservation or production of data that is stored by a service provider located in another jurisdiction and that is necessary as evidence in criminal investigations or criminal proceedings. Such Orders may also only be issued if a similar measure is available for the same criminal offence in a comparable domestic situation in the issuing State. This means the order is issued or validated by a judicial authority in a specific criminal procedure after an individual evaluation of the proportionality and necessity in every single case. The order refers to specific known or unknown perpetrators of a criminal offence that has already taken place.

The Orders are limited to what is necessary and proportionate for the purposes of relevant criminal proceedings and allows service providers to seek clarifications from issuing authorities where necessary. If these issues cannot be solved and the issuing authority decides to pursue enforcement, service providers may use legal remedies to oppose enforcement. In addition, a specific procedure is set up for situations where the obligation to provide data conflicts with a competing obligation arising from a third country law.

The European Preservation Order allows only to request the preservation of data that is already stored at the time of receipt of the Order, not the access to data at a future point in time.

The proposal also includes other safeguards such as that the Orders to produce subscriber and access data can be issued for any criminal offence whilst the Order for producing transactional or content data may only be issued for criminal offences punishable in the issuing State by a custodial sentence of a maximum of at least three years, or for specific crimes which are referred to in the proposal and where there is a specific link to electronic tools and offences, including those covered by the Terrorism Directive 2017/541/EU.

The rights of the suspects and the accused in criminal proceedings are also safeguarded. With regard to the persons whose data is being sought, the proposal provides additional procedural safeguards. They includes the possibility to challenge the legality, necessity or the proportionality of the Order. The rights under the law of the enforcing State are fully respected by ensuring that they are taken into account by the issuing State. This is especially the case where they provide for a higher protection than the law of the issuing State.

More rights or more security - is this the choice that we face? Is there any reasonable boundary and where can it be drawn?

By no means, no. This is not the choice we face. The proposal for a regulation on electronic evidence is exactly the example for a measure with which we want to achieve the complete opposite: we are preserving the rights of the individual and allow for more security. The boundaries are clear. The fundamental rights of the suspect or accused and the rule of law principle are carefully respected. Why should law enforcement authorities have access to text messages that terrorist suspects send but not WhatsApp messages? The e-evidence package brings our rules in line with the digital reality. If we don't give our law enforcement and judicial authorities appropriate tools at hand to fight terrorism and serious and organised crime that is being carried out online, they go dark and there is impunity for crimes. They risk to be blind while many of the crimes are either planned or conducted online. State authorities have an obligation to protect the rights and freedoms, and we need to enable them to do so.


Gilles de Kerchove was born on 3 October 1956 in Uccle/Ukkel, Belgium. He obtained his law degree from the University of Louvain in 1979, later followed by a master's in law from Yale Law School in 1984. From 1986 to 1995, he worked for the Belgium government. From 1995 to 2007, he was director in the General Directorate of Justice and Home Affairs in the General Secretariat of the Council of the European Union. During his time in office, he had a central role in the negotiations for Eurojust and the European Arrest Warrant. He was also Deputy Secretary of the Convention which drafted the Charter of Fundamental Rights of the European Union from 1999 to 2000.

Since 2007, he holds the office of EU Counter-Terrorism Coordinator.

Similar articles