Few days ago Polish Government Center of Legislation has released updated draft of new act on antiterrorist measures introduced supposedly to aid Polish special services in preventing terrorist attacks and conducting efficient counter-terrorism operations in case an attack occurs. It is worth noting that original text of the act was initially released by NGO Panoptykon Foundation, who received it from an anonymous source – official document was published day later by the Ministry of Interior. Given that Poland has never been target of terrorist attack it was hard to justify introduction of such initiative based on threat level. However forthcoming World Youth Days, NATO summit and terrorist attacks in Paris and Brussels were more than enough for the government to announce the need for widening authority of special services – mainly Internal Security Agency (ABW).
As expected from earlier official announcements and various leaks, new act in broad strokes extends surveillance capabilities of ABW and introduces whole system of direct, uncontrolled access to various databases. However what is really troubling is disregard for rights of Polish residents who are not citizens of Poland, which seems to be symptom of scaremongering based in current immigration crisis. This is a topic for a different discussion thought, so let’s dive straight into most controversial provisions.
First group of provisions concerns new powers to gather data on persons who might be engaged in terrorist activities. Most striking is the ability to authorise targeted surveillance by director of ABW without judicial oversight. Such operation can be targeted against non-citizens and last for up to three months. Surveillance includes whole range of operations – phone wiretapping, audio-visual surveillance, interception of email and letters and remote access to computer networks. This is basically the same capabilities that are available to special services within ‘operational control’ which normally requires a warrant. Here only oversight is provided by requirement to inform attorney general about the operation. Director of ABW can also demand access to databases of basically every government entity – also without any oversight. Furthermore police, ABW and border guard are authorised to gather fingerprints and take photograph of any non-citizens with as little as suspicion about the identity of the person, or suspicion that she or he crossed the border illegally. ABW will also maintain database that will include gathered information on all persons involved in terrorist activity, suspected of engaging in terrorism or even suspected of possibly preparing to conduct terrorist operation.
Act also introduces ‘threat level’ system similar to those introduced in the US or the UK. It is divided into traditional and cyber threat and includes four tiers of threat level for both systems. In case of third and fourth level, government may order ban on public gatherings and, if law enforcement resources will be insufficient, order armed forces to be deployed on domestic soil. These provisions are extremely worrying given that neither third nor fourth threat level requires actual attack to happen. Only requirement is obtaining information about planned attack (third level) or obtaining information about advanced preparations to commit terrorist act (fourth level) and both theses situations are essentially unverifiable for the public. In this context it is important to note that, again given example of US and UK, threat levels once introduced tend not to fall to below second or third highest level. Also domestic deployment of military generally should be considered only as a last resort – it would be hard to argue that potential threat to Poland is so severe that it is necessary to include provisions, which allow such measures purely on the basis of the decision of Minister of Defence. Furthermore, given the way the provisions are written, those forces would be coordinated by local law enforcement, meaning that LEO will be effectively forced to give orders (through the usual chain of command though) to the soldiers.
In terms of criminal law, act adds offences of taking part in terrorist training and crossing border to commit a terrorist act. It is still unclear however what will specifically constitute ‘training’ or what would be sufficient to determine that terrorist activity is the reason for crossing border. The very worst scenario of actual use of these provisions might mean that even encryption and information security tutorials will fall under the definition.
Finally, draft contains provisions that enables director of ABW, after receiving authorisation from Attorney General, to force administrator of computer system to block access to it or use ABW resource to take it down for up to 30 days. The decision has to be approved by court within five days, but blocking access during those first five days are entirely within discretion of the director of ABW.
To be fair, draft is not entirely unacceptable. Articles that introduces register of security breaches and requirement to regularly update emergency plans of building, which might become targets, are steps in the right direction. Few good points however pales in comparison to blatantly unconstitutional provisions that severely limits rights of non-citizens and basically subject them to uncontrolled surveillance. And that is just ‘cyber’ side of the issue – further provisions of the draft enables measures such as administrative order that forces non-citizen to leave the country. Such measures become especially worrying given government’s attempts to block the Constitutional Tribunal and are unfortunately very much in line with previously passed bills (such as act on police or act on public prosecution) that significantly increase authority provided to law enforcement and domestic intelligence. It has to be noted that after significant public backlash draft was send back to legislative work. Hopefully final draft will at least bit more acceptable than current proposal.