FECL 49 (December 1996/January 1997):


The Schengen Information System (SIS), the Schengen countries’ powerful police and security computer is little more than an index system, compared with its "extension", the secretive SIRENE structure for the exchange of "supplementary" information. This is the conclusion one is inclined to draw after reading a confidential Schengen document, the "SIRENE Manual". Among other things, the Manual establishes special procedures for the exchange of information between secret services.


Free movement under police surveillance

Government politicians and officials like to present Schengen membership as a means to abolish border controls and promote free movement of persons within Europe. Schengen citizens shall be allowed to travel "without passport" from Finland to Portugal. However, most of Schengen cooperation has little to do with promoting free movement of persons, and much more with increased policing and control of people.

The Schengen Implementing Convention of 1990 (SIC) provides for extensive police cooperation not only for the purpose of prosecuting crimes committed, but also for pro-active surveillance in the alleged interest of "public order and security" as well as "State security". This includes intelligence gathering and comprehensive automated data exchange on persons not suspected of any offence under criminal law.

The pro-active character and the remarkably wide scope of police action and cooperation allowed under the SIC is made particularly clear by four provisions of the treaty.

Article 39.1 SIC says that the police authorities of the Contracting Parties (CP) "shall, in compliance with national legislation and within the limits of their responsibilities, assist each other for the purposes of preventing and detecting criminal offences, insofar as national law does not stipulate that the request is to be made to the judicial authorities and provided the request or the implementation thereof does not involve the application of coercive measures by the requested Contracting Party" (our italics). This amounts to all but a blank cheque for the "police authorities". Instead of unequivocally prohibiting any form of cooperation and information exchange which is not explicitly authorised by the law of a CP concerned, the "police authorities" are generally empowered and invited to do anything they want, provided this is not explicitly prohibited by law. The wording of the provision also indicates a shift of power from the judiciary to the police. It suggests that, whenever possible, the judicial authorities of the CPs shall be kept out of mutual contacts aiming at crime prevention and detection.

According to Article 46 SIC, each CP may "without being asked, send the Contracting Party concerned any information which may be of interest to it in helping prevent future crime and to prevent offences against or threats to public order and security" (our italics).

Both articles stipulate that assistance requests and information exchange shall, in principle, run via one "central body responsible for international police cooperation" in each Schengen country, which shall see to it that requests for assistance and ensuing communication of information swiftly reach the responsible authority in the Schengen countries concerned.


SIS: the tip of an iceberg

The joint computerised database, Schengen Information System (SIS), is the best known - but, as will be shown below, far from the only tool enabling swift information exchange between the Schengen countries’ police authorities.

The SIS is clearly not just a criminal search database. Instead, according to article 93, its purpose is to "maintain public order and security, including state security" and to apply the rules of the SIC relating to the control of foreigners and the movement of persons on the Schengen territory. Though secret services and intelligence services are not mentioned in the SIC among the authorities with direct access to the SIS, the wording of article 93 clearly suggests a strong role for these services.


"Discreet surveillance" on State security grounds

Finally, article 99.3 SIC says that "at the request of the authorities responsible for State security", reports on persons may be stored in the SIS for the purposes of "discreet surveillance" or "specific checks", where "concrete evidence gives reason to suppose" that the information thereby gained is "necessary for the prevention of a serious threat by the person concerned or other threats to internal or external State security" (our italics). The provision is particularly questionable since it authorises secret registration in the SIS not only where a supposed threat is considered to originate from the reported person, but also in the alleged presence of "other threats" - i.e. threats not originating from the person reported in the SIS. Thereby, the Schengen Convention provides for an all but unrestricted registration and surveillance of innocent citizens on political grounds.


No rules on secret service cooperation in the Convention

However, the SIC does not establish any rules and procedures for secret service and state security cooperation. Direct access to the SIS (or parts of it) is explicitly reserved for the authorities responsible for border checks, police and customs checks carried out within a Schengen country and to aliens administration authorities. State security or intelligence services are not mentioned.

Moreover, a planned chapter on "mutual assistance between the State security services" was actually removed from the text of the SIC shortly before its signing in 1990, in an apparent effort to diffuse mounting concern in some countries that Schengen could lead to extensive political policing beyond any democratic accountability.

However, the removal of the controversial provision was no more than a purely "cosmetic" measure aimed at deceiving the public.

This is the only conclusion to be drawn from the so-called SIRENE Manual, a classified Schengen document now available to FECL.


The SIRENE Manual

SIRENE stands for "Supplementary Information Request at the National Entry". SIRENE could best be described as a complex, network-like structure for bilateral and multilateral police and security cooperation between the Schengen countries, including central national offices and a sophisticated computerised information system, enabling the exchange of "supplementary" data on persons and items prior to the entry of a report in the SIS, or following a hit (positive search) in the SIS.


SIS little more than an index system for the SIRENEs

Compared with the amount and sensitivity of information that can be stored and exchanged by the SIRENE offices, the SIS is actually little more than an Index system. Nonetheless, while the Schengen Implementing Convention establishes comprehensive rules concerning the SIS, it does not even mention the SIRENE network.


SIRENE activity lacks legitimacy

This remarkable lack of a legal basis in the Convention for the SIRENE organisation was actually addressed by the Schengen countries’ own Joint Supervisory Authority (ACC). In February 1995, the ACC asked the Schengen Central Group (the powerful body of senior officials preparing all decisions of the Schengen ministers) to "indicate the measures envisaged by the Contracting Parties as a whole or by each of them for giving a satisfactory legal basis to the competencies of these [SIRENE] offices". The ACC considered that failing an amendment of the SIC, the Schengen countries should establish "on a central level" the appropriate rules for basing the competencies of the SIRENE offices on the national law of each CP in a harmonised way. To our knowledge, the ACC recommendations have as yet not entailed any action from the Central Group and the Executive Committee (the Schengen ministers).


An "indispensable structure" hard to define

Since the SIC does not even mention SIRENE, one has to resort to the confidential Manual to get to the truth.

In the Manual the SIRENEs are defined by turns as an "indispensable structure (the French version uses the term "organisation") for the functioning of the Schengen Information System", as a "summary description of proceedings" which shall enable the authorities of a CP to send supplementary information which the receiving CP needs in order to decide further action following a hit (positive search) in the SIS, and as an "operational organisation". An official Belgian report of 1994, first describes SIRENE as "the authority which constitutes the ‘human intermediary’ in the computer structure of the SIS for the treatment of reports", and later on as an "additional structure for the support of the computerised application".

Be that as it may, in substance, the SIRENE network consists of one central SIRENE office for each CP, and a computerised information system making it possible for the SIRENE offices to exchange information between each other, on a bilateral or multilateral basis.

The national SIRENE offices are the only points of contact between the member states as regards exchange of supplementary information relevant to reports in the SIS.


Crucial difference between the national SIS-units and the SIRENEs

The Manual refers to article 108 SIC as the legal basis of SIRENE. However, this provision merely requires the CPs to designate a national central authority responsible for the national units of the SIS (N-SIS), provided for by the Convention. Schengen officials have tried to justify the legitimacy of the SIRENE system by presenting it as a part of the SIS. This interpretation fails to convince. The SIRENEs clearly differ from the N-SIS both as regards their technical features and their purpose. As far as the first point is concerned, the data stored in each N-SIS are identical with the relatively restricted and standardised data in the central SIS support in Strasbourg (C-SIS). On the second point, a direct data exchange between the various N-SIS is not permitted by the Convention and technically not possible. By contrast, the SIRENE system enables the direct and computerised exchange round the clock of far more comprehensive information between two or more CPs, including free texts of unlimited length (i.e. non-standardised information) and comprehensive personal data that may not be stored in the SIS.


Any other "useful information"...

What is more, the use of the SIRENE system is not limited to information connected with reports in the SIS. The Manual actually stipulates that "the SIRENEs of the Contracting Parties may exchange any useful information within the limit of national arrangements made for the application of articles 39 and 46 [of the SIC]" (Manual, Chapter 3.2.1). "The cooperation between the Contracting Parties and police experts cannot be reduced to only the use of information stored in the SIS (...) The discovery of a report [in the SIS] can entail the discovery of an offence or a serious threat to public order or security. Consequently, it may prove necessary to identify with precision a person or an object".


Photographs and fingerprints sent by E-mail...

For this purpose, the swift exchange of photographs or fingerprints must be possible, it says in the Manual. "Article 39 and 46 [SIC] provide for these means of action".

Modes of communication between the SIRENEs comprise oral and written messages, as well as images. Two categories of written messages can be sent: free texts and standard forms. Texts and images (e.g. photographs and fingerprints) shall, whenever possible, be sent via the SIRENEs’ own electronic mail link rather than by other means of telecommunication. However, messages shall mainly be communicated orally by telephone. The SIRENEs shall be able to reply to a request for supplementary information within a maximum 12 hours. Therefore the SIRENE of each CP shall hold at the disposal of the other CPs all supplementary information concerning the persons and items it has reported to the SIS (Manual, Chapter. 2.1.3a). This seems to imply either that the national SIRENEs run their own register containing all supplementary information on persons or items they have reported to the SIS, or that they have electronic access to the respective registers of the various national authorities (e.g. judicial authorities, aliens authorities, police).


"Supplementary information" stored in SIRENE databases?

The receiving SIRENE shall store the files and other messages sent by the other SIRENEs according to its national data protection legislation. This supplementary information "should, whenever possible, no longer be stored on the SIRENE level once the corresponding SIS report has been deleted" (our italics).

The Manual lists the national authorities in charge of the SIRENE offices for 6 Schengen member states. While, for example, Belgium has set up a particular body, the Belgian SIRENE Bureau, in Germany the SIRENE office is part of the BKA (Federal Office of Criminal Investigation). In several member states, the responsibility for the SIRENE is placed within the national police board. Portugal has designated the Department for Aliens and Frontiers (at the Ministry for Internal Administration), and in Greece the Ministry of Public Order is in charge of SIRENE.

In all member states the SIRENEs operate on the mere basis of what the Manual calls "national arrangements" - i.e. not legislation adopted by parliament but mere government ordinances or ministerial directives.


1994: 63 authorities allowed access to SIS and SIRENE

In 1994, the total number of national authorities and services (police, customs, judiciary, foreigners administration and State security authorities) allowed access to the SIS was 63(!) for 9 member states (Belgium: 13; Germany: 8; Greece: 5; Spain: 6; France: 7; Italy: 5; Luxembourg: 5; The Netherlands: 7; Portugal: 7). Consequently, in several member states the SIRENE staff is composed of officials representing different authorities (e.g. police, Customs, Ministry of Justice, Interior Ministry).


Technical intermediaries or operational organisations?

On the one hand, the Manual stresses that, "in most cases", the SIRENE offices are no more than technical and formal points of contact, whose task is limited basically to forward information to the responsible authorities concerned. On the other hand the same Manual stipulates that "in other cases, the competencies exerted by the SIRENEs must be defined on the national level". This is specified later under the chapter "Specific competencies as regards police and security" (Manual, Chapter. 3.2.2), where its says: "Title III of the Schengen Implementing Convention lays down numerous innovatory provisions in the field of police and justice cooperation. The SIRENEs provide an operational organisation that can prove very useful in certain cases while at the same time reducing the need for certain Contracting Parties to set up various additional structures".

This conception of the SIRENEs as "operational organisations" strikingly conflicts with their definition earlier in the same Manual as little more than post offices. Besides this, the very number and variety of authorities (63 services in 1994) with access to the SIS - and thereby involved in the exchange of supplementary information via the SIRENEs - suggests that the SIRENE offices are in an excellent position to gradually develop into powerful national inter-service information and co-ordination task forces in the broad field of public order and security.


SIRENE and the State security services

The Manual also lays down a special procedure for State security and secret service cooperation in connection with reports on persons in the SIS for the purpose of "discreet surveillance" and "specific checks" (Article 99.3 SIC).

Chapter 4.1.2 of the Manual says: "This very sensitive domain requires a special procedure in order to preserve the confidentiality of certain information. To this effect it is advisable to separate contacts between services responsible for State security from contacts between the SIRENEs". In cases concerning State security, the SIRENEs shall merely see to it that the consultation procedure runs lawfully and shall record its results, while the actual exchange of supplementary information runs directly between the specialised authorities of the CPs concerned. Prior to entering a report in the SIS, the security authority concerned directly contacts the security authorities of the other CPs. The services concerned exchange information, whereupon the security authority which intends to enter a report in the SIS informs its national SIRENE office of the results of this preliminary consultation - for example objections of other CPs against the inclusion of the planned report in the SIS. After this preliminary "internal" consultation between the State security authorities of the CPs, the SIRENE office of the national security authority demanding the inclusion of a report in the SIS informs the other SIRENE offices of this demand. Thus, the other CPs can claim their rights. As soon as the SIRENE of the reporting CP has recorded the satisfactory conclusion of the consultation procedure it authorises the integration of the report in the SIS.

In conclusion, by setting up the SIRENE network, the Schengen countries have provided themselves with organisational and technical structures allowing swift information exchange and consultation between their secret services concerning "State security" matters. The very elastic wording of Articles 46 and 99.3 SIC implies that this activity will comprise the exchange between the "competent authorities" of the CPs of comprehensive data on persons who are neither guilty nor suspected of any criminal behaviour. This secret service cooperation makes use of both the SIS and its "extension", the SIRENEs. The fact that the secret services have no direct access to the SIS and are not represented in the SIRENE offices has little practical significance, since the secret services of the CPs can have reports entered in the SIS and will be informed of hits in the SIS via the intermediary SIRENE structure.


Protection of personal data an illusion

The secretive SIRENE structure reduces any talk about data protection and legal control in the field of Schengen police cooperation to wishful thinking. Which data protection authority - national or international - will have the budget, the personnel and the technical means to control the legitimacy of the constant flow of information - from informal phone calls to electronic image files? How can there be any legal security, when the rules concerning the processing, storing and communication of data are not the same in every Schengen member country? It is true that a CP may communicate data to another CP’s authorities only if this is authorised by its national law. However, once transmitted, the data will be stored and processed according to the law of the receiving CP. The receiving CP, it is true, shall in principle not use the data for any other than the initial purpose of their collection. Exceptions to this rule can be made only upon authorisation by the sending CP. But how can the authorities of the sending CP check what really happens with their data in the receiving CP? And are they really interested in knowing? The question is all the more pertinent since both the wording of the relevant provisions in the SIC and the composition and operation of the national SIRENE offices suggest that it will not be the judiciary, but police and security authorities who will produce and control most of the information exchanged in the framework of Schengen cooperation.


Schengen, Interpol, Europol: a common desire for "supplementary information"

Finally, the history of the genesis of the SIRENE structure suggests, that whenever a computerised information system permitting access to some information is created, this almost automatically leads to demands for "supplementary information" - i.e. more information, which can be found in other information systems and databases. Thus, it is not at all surprising that the SIRENE Manual emphasises the need for "rules of cooperation between the SIRENE offices and the Contracting Parties’ central Interpol offices (NCB)" and that the exchange of information between the national SIRENEs and the NCBs shall be regulated by national law. A K.4 report of February 1996 says the Europol computer system, "or rather ensemble of systems" will have to be defined in a way that will allow it to "link" up with "the systems of national units". It further recommends "taking into account other national and international systems, such as the Schengen Information System and that of Interpol".

Indeed, once information is released, it generates a desire for "supplementary information". And, as both the example of Europol and the SIS-SIRENE show, information systems tend to develop into "ensembles of systems" which in their turn are likely to eventually link up with other ensembles of systems - on a national, a European and an intercontinental level...



Sources: SIRENE Manual, Brussels, 28.3.94, SCH/OR.SIS-SIRENE (92) 26, 9 rev, 7 corr, confidential (all quotations from the Manual are our translations from Danish and French); ‘The Schengen Information System and its implementation in Belgium, report by the Belgian SIRENE office, December 1994; Schengen Implementing Convention, 19.6.90; List of competent authorities with direct access to the data in the Schengen Information System, Comité d’orientation SIS, Brussels, 17.6.94, SCH/OR.SIS (94) 18, 3 rev (in French); Décision de l’Autorité de Contrôle Commune Provisoire: Fondement juridique des bureaux SIRENE et du Manuel SIRENE, Brussels, 22.2.95, SCH/Aut-contr (94) déc. 3 rev.; The Europol Computer System and Draft of the additional budget for 1996 for the post-Convention phase of Europol, report to the JHA Council, 12869/95, agreed on 26-27.2.96.