Was the 911 attack avoidable?

Uindependent L.andeszentrum for D.privacy Schleswig-Holstein

When I saw the pictures on television on September 11, 2001, of terrorists steering two passenger planes into the high-rise towers of the World Trade Center, which then collapsed a little later and buried thousands of people under themselves, one of my first thoughts was: "These attacks will be have dire effects on freedom and data protection in modern western information societies. " I remember only too well the reactions of many security politicians in the past 30 years, who almost always demanded stricter laws, and above all stricter surveillance laws, after a cruel terrorist attack or other brutal criminal without any analysis of what happened. I feared that the liberal forces in Western democracies would not be able to counter this security policy reflex in the media in view of the obvious cruelty of the events. The bills in the drawers of law-and-order politicians would be pulled out and passed as quick bills without further debate.

This stimulus-response scheme has a long tradition. Calling for more repression, more control and more punishment has likely been the classic politician's response to serious crimes for millennia. This reaction has an almost ritual character and signals, on the one hand, the willingness and ability of the security forces to act, as well as the politics that direct them. At the same time, this ritual has a kind of purifying function: on behalf of the criminals who have not yet been caught or those behind the suicide attacks, those who could do something similar in the future are punished: through higher penalties, more surveillance, massive investigations. Retribution for the crime cannot - yet - hit those actually responsible, but it can hit those who are commonly assigned to the group of potentially responsible. Stricter surveillance laws are, so to speak, revenge for the cowardly crime of the - as yet - unknown perpetrators.

In the 1970s, that is to say, politically socialized in the post-1968, I know many examples of the political reaction I feared on September 11, 2001. A hitherto unknown wave of tightening of security laws went through the Federal Republic when, at the beginning of the 1970s, first the Bader Meinhof gang and later the so-called Red Army faction committed their crimes. A catchphrase at that time was the eavesdropping attack, which was directed e.g. against the nuclear scientist Klaus Traube or against those later imprisoned in Stuttgart-Stammheim. Another catchphrase was dredging. Raster search was a collective term for the new electronic search methods invented by the then President of the Federal Criminal Police Office - the BKA - Horst Herold. After his vision, convinced and fascinated by the possibilities of automated data processing, Herold wanted to be in front of the perpetrator at the crime scene in order to prevent him from completing the crime.

30 years ago, data protection was still publicly viewed by many as a "protection of acts" and as a hindrance to the police. The protest against the 1983 and 1987 censuses did nothing to change this. Even in the 1980s there were enough occasions to tighten security law. In addition to the terrorists as "enemies of society" or as the embodiment of "evil" came the mafia and "organized crime", the OK. These brought us and the media not only drugs, but also serious violent crimes. Again, the response to this was to use new technical methods of investigation and to expand the powers of the security authorities to do so. At the center of the desire was the so-called "large eavesdropping attack", which was not allowed at the time, and to legalize not only simple laws but also our constitution, the Basic Law, had to be changed.

The 90s of the last century then brought us a time with relatively few spectacular crimes, which, because of their organized international character, had to be perceived as particularly threatening. The OK and terror groups were no longer so present in the public eye, and were therefore not suitable for enforcing new powers. The east-west detente also seemed to question the raison d'etre of the secret services. And we actually experienced a social liberalization during this time, which did not manifest itself in the withdrawal of laws that had proven to be unnecessary. However, the security authorities did open up to society. Data protection has become widely recognized and popular. A cosmopolitan, freedom-friendly media reporting made its contribution to this liberalization. In order not to glamorize this 90s: In 1997 it was finally managed to carry out the great eavesdropping attack, but at the price of losing the then Minister of Justice, Sabine Leutheusser-Schnarrenberger, who - as it turned out to be justified in retrospect - was an unconstitutional intervention looked into the private sphere of the apartment.

With this historical background, on September 11, 2001, I saw the collapse of the Twin Towers in New York on the screen. I feared a resurgence of Law and Order. So I was all the more surprised at the first reactions of German security politicians, regardless of what color, who urged everyone to be prudent. In fact, in the first few days after the attacks, the focus was on the shock and dismay at what had happened - beyond party or specialist political profiling. However, it did not take a week before the shown reluctance was abandoned. It is noteworthy that the signal of a change in security policy did not come from one of the well-known, authority-fixated, eternal yesterday's politicians, but from a man named Schily, who in the 1970s was still considered a trademark for the defense of civil liberties against the authoritarian state against a state that tries to make the fight against the extreme case of "terrorism" the norm. And it was Otto Schily who - before everyone else - said that the entire security policy must now be redefined under the auspices of the fight against terrorism.

The first anti-terrorism law was presented, known at the time under the name "Otto I", which is still closely related to the events of 9/11. oriented, for example through the tightening of the Money Laundering Act, the abolition of the religious privilege in association law, the extension of criminal liability to foreign terrorist organizations and the implementation of security checks. Within a few days, however, the computer search to find so-called terrorist sleepers was launched, even if there was in some cases no valid legal basis for making the entire group of young Arab students into terror suspects.

And it took just six weeks for the Federal Ministry of the Interior to present the second anti-terrorism package. "Otto II" now had nothing to do with the attacks. Without having carried out a needs analysis beforehand, the focus was on a massive expansion of the powers of the German secret services, the expansion of general surveillance of foreigners and the introduction of biometric travel documents. A parliamentary opposition to these measures could not be identified, just as little as to the various extensions of security powers that followed, which amounted to

  • that in many respects completely unsuspicious and uninvolved persons come into the focus of the security authorities due to certain characteristics,
  • that with the help of clandestine investigations covertly data about the persons concerned are collected and
  • that modern bio technology, but above all information and communication technology, is being used more and more.

There was initially only little extra-parliamentary opposition to the legislative procedures now initiated at all levels, i.e. at federal and state level, but this increased rapidly, particularly in the context of the screening of young Arab people. A comparable development can be observed in all western countries, with the USA and Great Britain in particular standing out, which granted the security authorities the greatest possible powers with the Patriot Act and the Regulation of Investigatory Powers Act (RIPA). In 2006 the US FBI built a database with 659 million records to combat terrorism, the "Investigative Data Warehouse". Legislative activities were given a boost with further terrorist attacks, in particular the attack on a local train in Madrid on March 11, 2004 and in an underground station in London on July 7, 2005. Shortly after the last-mentioned attack, a tightened anti-terror law was passed in Italy. At the end of 2005, the French parliament passed an anti-terror law which, among other things, provides for an expansion of video surveillance and internet control. British Prime Minister Gordon Brown then announced another series of anti-terror laws in late 2007. Terrorism opened the door to executive powers of intervention, and not just at the national level. The European Union, the EU, has repeatedly shown itself to be both a guarantor of security and an incentive for a national security policy that is restrictive from the point of view of freedom, for example when it comes to the storage of passenger data or the retention of TC data.

The most important politically active force against the expansion of the new security powers and for the free basic rights, in particular the right to informational self-determination, developed the constitutional courts of the federal and state governments. Even before, but especially after September 2001, they repeatedly declared legislative or executive measures in the security sector to be unconstitutional. Public attention is wrongly focused on the Federal Constitutional Court. Some pioneering decisions were made by the state constitutional courts, for example in 1994 in Saxony on the police law and in 1999 and 2000 in Mecklenburg-Western Pomerania on the veil search and large eavesdropping. The Saxon Constitutional Court continued to use opportunities in 2003 and 2005 to express its criticism of police checkpoints and eavesdropping by the Office for the Protection of the Constitution. Even the Bavarian Constitutional Court, which had not previously been particularly liberal, saw itself compelled in 2006 to set limits to the police veil search practiced in the Free State.

These state decisions flanked the jurisprudence of the Federal Constitutional Court, which to this day never tires of putting the excessive control and monitoring ideas of the federal and state legislators in their place. The Federal Constitutional Court started with a bang, at least two and a half years after September 11, 2001, with the decision on a major eavesdropping. Since then, the court has had to take action again and again, which I would only like to substantiate with a few, particularly important decisions: 2004 on telecommunications surveillance according to the Foreign Trade Act, 2006 on raster searches, 2007 on telecommunications surveillance in Lower Saxony, 2008 on clandestine online searches, on motor vehicles - Number plate scanning and for the storage of TK connection data and very current on February 17th, 2009 on the Bavarian Assembly Act.

Since September 11, 2001, the standard justification for almost every other security authority authority has been the "fight against terrorism", even if the specific measure is not or only remotely suitable for making a contribution. For example, the fight against terrorism is attempted to justify

  • that all international bank transactions worldwide are screened by US authorities,
  • that for all flight movements to and from the USA the passenger lists with approx. 20 pieces of information per person are transmitted to the US authorities in advance,
  • that this instrument of the so-called Passenger Name Records is enforced even for intra-European traffic in Great Britain and the European Commission made a corresponding proposal with a planned storage period of more than 10 years,
  • that so-called naked scanners are increasingly being used at airports, with which the control staff can examine the passengers down to the bare skin, a measure whose full release within the EU could only be prevented after strong resistance at the end of 2008,
  • that all TC connection data in Europe must be kept for at least six months exclusively for security purposes,
  • that people are saved on international so-called terror lists without having any legal protection options, which is inadmissible according to the judgments of European courts,
  • that since the beginning of 2009 the Federal Criminal Police Office has been granted all the previous powers of the state police and a little more, such as those for clandestine online searches.

More than 7 years after the shock of September 11, 2001, it can be seen that politicians are also expressing criticism of the surveillance measures based on terrorism. The British House of Lords recently published a report in February 2009 which, among other things, speaks out against excessive video surveillance and excessive recording of genetic fingerprints. In Canada, the Canadian parliament rejected the extension of the Anti-Terrorism Act in February 2007 by 159 votes to 124.

It is therefore undeniable that September 11, 2001 had a massive and lasting impact on security policy around the world. This can hardly be explained in quantitative terms despite the high number of victims of over 3,000 people. One reason for this effect is surely that the center of world power number 1, the USA, has been successfully attacked, and that the USA then set guidelines and standards with its counter-terrorism measures worldwide.

Let me come back to the initial question: were these attacks against data protection? According to the criminal-law subjective action categories, the perpetrators undoubtedly did not act with the intention of damaging data protection. There is undoubtedly a conditional resolution. With the intended death of thousands of people, the perpetrators have accepted that the rule of law and liberal principles will be given up by free constitutional states, by the USA and many other states, to combat this danger, which has been recognized as particularly threatening. In this respect, however, the perpetrators certainly lacked an awareness of injustice. Data protection is - as yet - not a recognized category of global law. Assuming that the perpetrators and their backers are actually devout Muslims, they shouldn't have cared about the fact that their act triggers a disaster for data protection. Data protection and, in general, the fundamental legal value of individual privacy to secure freedom in a society are categories that Islam does not know about.

But the attacks of September 11th were and are to be understood as attacks on Western societies and their values. Without even having understood the relevance of this, the terrorists should rejoice that, as a result of their attack, they succeeded in making Western states question their own constitutional basis in their reaction. The fact that they only succeeded in doing this to a limited extent in Germany is partly thanks to a critical public, but then above all to the Federal Constitutional Court. This cannot be pointed out sustainably enough - especially with regard to the current 60th anniversary of the creation of our Basic Law. The German legal system, shaped by the Basic Law - so my assessment - has so far fully proven itself in the face of the challenges of international terrorism.

At the supra- and international level, counter-forces of this kind have not yet been identified. The most recent decision of the European Court of Justice of February 10, 2009, with which it at least formally approved the data retention directive, raises doubts as to whether European case law will act as a guarantor of civil rights against excessive security efforts. At the same time, the European and even more so the international legal framework for data protection leaves something to be desired. Article 8 of the European Charter of Fundamental Rights, which may soon apply and which expressly raises data protection across Europe to the level of fundamental rights, has not - yet - been established as a living civil right in many EU countries. Terrorist attacks against this European "fundamental right at birth" are all the more dangerous in view of this unstable situation.

Nobody can be accused of having carried out an attack on a non-existent civil right. This accusation cannot be made even more if this attack only has an indirect effect, i.e., from a legal point of view, the causality is disputed. The Al Qaeda terrorists are at best indirect perpetrators or instigators. Those who actually carried out the attack are politicians in our western countries. This behavior that respects data protection, despite the terrorist challenge, is possible, not only subjectively, but also objectively.Germany in particular is the best example of - in this respect, non-technical speaking - lawful alternative behavior: it is recognized, despite the terrorist threat that we are also undisputed, that Germany is a world leader not only in maintaining security, but also in guaranteeing data protection occupies. This has to be fought over and over again against the efforts of some law-and-order politicians in Germany, among other things by a critical public and by the jurisprudence, especially also of the Federal Constitutional Court.

Security and the protection of liberty are mutually dependent factors not only in Germany, but globally. Achieving these goals at the national or regional level is an extremely difficult undertaking. The prerequisites for this can not only be set by security policy, but also demand action, especially in the economic, social and cultural areas. Prosperity, work, social integration, cultural and religious tolerance make it difficult for terrorists to find supporters and supporters. Therefore, when responding to terrorist attacks, there must be no exclusive fixation on security policy. Given the fact that Islamic fundamentalism is one of the ideological germ cells of current terrorism, practiced religious tolerance and religious exchange combined with a clear commitment to the values ​​of democracy and the rule of law are of great importance. Sections of society that are potentially susceptible to terrorism must not be excluded. Rather, an attempt must be made to give them a perspective that goes beyond terrorism-prone fanaticism. In this respect, the grid manhunt carried out in 2002 was the wrong thing that could be done. Not only that this immensely complex measure could and did not bring any knowledge about sleepers. The official signal came from the computer search that young men of Islamic faith with an Arab background were to be treated as potential sleepers, i.e. as potential terrorists. Such stigmatization was a state confirmation of the Islamist-fundamentalist declaration of enemy, which did not deter vulnerable people from terrorism, but rather drove them into the arms of hate preachers and terrorism.

While it is difficult to establish an anti-terrorist social climate in a regional context, this seems almost hopeless on a global level. But this must not prevent us from trying everything possible. This includes, on the one hand, the outlawing of terror as a political means, an outlaw to which the western world has to submit not only verbally, but also actually. This also includes supporting societies all over the world in setting up their own security infrastructure and their own constitutional system that does not copy the systems in the West, but builds on the local cultural conditions. This is far from an easy task. On the other hand, this includes, in a positive sense, promoting social and economic equilibrium - both globally and in the respective countries. This is a task that seems almost impossible to achieve in our global, competitive society.

Back to security and data protection policy in the narrower sense: At the European and international level, there is a great need for action, particularly with regard to data protection. The standard set by the data protection framework decision in the European Union for the 3rd pillar of domestic and judicial policy is - to be honest - a catastrophe from a fundamental rights point of view. Outside of Europe there is - as yet - nothing of the kind. The data protection standards in many western industrialized countries, especially in the USA and Great Britain, are just as modest. In many other countries around the world, with which the German security authorities sometimes not only provide administrative and legal assistance, but also closer and systematic police and judicial cooperation, there is still no normative protection of informational self-determination at all. It is precisely because of the global threat posed by international terrorism that this cooperation must be expanded further. In order not to sacrifice our national data protection, which should at the same time be an international civil right, on the altar of this cooperation, we must carry this protection of fundamental rights to our security partners in the other states. Our policy is free to do this, as free as it has been with its previous terrorism legislation.

The question in the title of my lecture can and must therefore be answered with "yes" from a historical point of view. The attacks of September 11, 2001 were also attacks against data protection. Looking into the future, however, terrorist attacks can be the reason to cooperate more intensively on data protection in view of the closer security cooperation that is becoming necessary. Then terrorist attacks, which cannot be completely avoided in our global risk society in the future, would not be conducive to data protection. But they can and must be a reason for the democratic and free parts of our world to stand closer together in matters of data protection, to learn from one another and to support one another in establishing measured standards of fundamental rights.