Oversight of international intelligence cooperation
When assessing the general level of human rights
compliance, some Member States focus their analysis
on specific rights, such as data protection and the
protection of sources. This is the case, for instance, in
Denmark,425 Germany426 and Slovenia,427 where ensuring
that a data protection framework exists in the recipient
state is a pre-condition for any information sharing
and disclosure of personal data. In addition, some
Member States, such as Luxembourg,428 require specific
protection of sources of information.
Reliability of data: caveats and reliability
assessments
“Intelligence services should ensure that caveats are attached to information shared with foreign partners.”
“Caveats should set out in unambiguous terms the use
to which that information may be put and with whom it
may be shared.”
“Reliability assessments should be attached to intelligence shared with foreign partners, particularly where it
relates to identifiable individuals.”
Born, H., Leigh, I. and Wills, A. (2015), pp. 114 and 115
Reliability of the received data is, indeed, crucial – not
only to ensure a correct implementation of intelligence
strategies, but also for the protection of fundamental
rights. To secure reliability of the data, Member States
may attach a specific caveat429 to the transfer of data and/
or conduct data reliability assessments. Germany, for
instance, includes “appropriations clauses” that specify
that the data cannot be used for a different purpose
than the one for which they were originally collected,
and that the use must respect democratic principles.430
It is difficult for intelligence officers to know the source
of the data collected by foreign organisations or the
conditions under which they were collected. There is
therefore a potential for misguided decisions, affecting
the implementation of intelligence strategies and the
protection of fundamental rights.
425 Denmark, Act on the Danish Security and Intelligence
Service, section 10(2) and (4), cf. section 7.
426 Germany, G10 Act, S. 7a (1).
427 Slovenia, Slovene Intelligence and Security Agency Act,
Art. 12 (11).
428 Luxembourg, Act of 5 July 2016 on the reorganisation of the
State Intelligence Service, Art. 11 (4).
429 Born, H., Leigh, I. and Wills, A. define ‘caveat’ as “conditions
restricting the use of information shared with a partner
intelligence service”, Born, H., Leigh, I. and Wills, A. (2015),
p. 97.
430 Germany, BNDG, S. 13 (3).
A well-known example of the reliability question
crystallised around the source of information that
led the US into the 2003 Iraq invasion. Crucial data
collected by the German intelligence service (BND)
through an Iraqi source known as the “Curveball”
was handed over to the CIA, but the reliability of the
source, and consequently of the data transmitted, was
later questioned. 431 The BND highlighted that doubts
about the reliability of such information were earlier
communicated to their American partners through
caveats. This example illustrates the difficulties faced
by agents in assessing the data they receive, and the
vital importance for all intelligence services, senders
and receivers, to attach data reliability assessments
and caveats to the data transferred.
Caveats may also ensure greater transparency on
the use of the data received, and therefore, more
accountability on the lawful purpose for exchanging
data. As emphasised by experts, 432 one of the risks
inherent in international sharing of data is the possibility
for intelligence services to circumvent domestic
obligations by getting partners to collect or process data
in ways that would have been deemed unlawful under
national law. Such a practice is explicitly prohibited in
the United Kingdom.433 In Germany, both the BNDG and
the G10 Act provide that intelligence services must seek
written agreements from their foreign counterparts
that guarantee that the information received was not
collected or processed through activities contrary to
rule of law principles.434
This is important to ensure compliance of intelligence
measures with fundamental rights. As pointed out
by several civil society organisations, the increasing
practice of intelligence-sharing has reinforced the risk of
such arrangements being used to infringe fundamental
rights principles. Several civil society organisations
around the globe – including three from EU Member
States, specifically Hungary, Ireland and the United
Kingdom – have decided to challenge the secrecy
governing international intelligence cooperation by
requesting access to the agreements under freedom
of information rules.435
431 See Born, H., Leigh, I. and Wills, A. (2015), p. 39; see also
Lefebvre N. (2015), p. 29.
432 See Born, H., Leigh, I. and Wills, A. (2015), pp. 48-50, and UN,
Human Rights Council, Scheinin, M. (2010), p. 29.
433 United Kingdom, Investigatory Powers Act, s. 9 and s. 10.
434 Germany, BNDG, S. 13 (3) and Germany, G10 Act, S. 7a
435 See International Network of Civil Liberties Organisations
(INCLO) (2017), International Intelligence-Sharing Project,
and Privacy International v. National Security Agency, Office
of the Director of National intelligence, Department of State,
and National Archives and Records Administration (Five
Eyes FOIA), 5 July 2017.
103