In the aftermath of al-Qaeda’s attack on New York and Washington, DC, on 11 September 2001, the US government set up, in great  secrecy, a scheme called the Terrorist Finance Tracking Programme (TFTP).

The programme used administrative mandates to tap data on international bank transfers conducted through the SWIFT network, a financial messaging service owned by a group of banks. At the time, SWIFT, which is based in Brussels, used servers in the US.

Counter-terrorist officials on both sides of the Atlantic claim that the TFTP has been successful – a claim that it is difficult to assess independently. Since its inception, the TFTP has provided more than 1,500 terrorist leads to European counterparts, the US says.

When the existence of the TFTP and its access to SWIFT data was exposed by several US newspapers in 2006, the two sides put mechanisms in place so that the programme could continue. This included the presence of SWIFT staff and independent auditors in the TFTP offices, monitoring any queries in real time. It also accepted oversight by Jean-Louis Bruguière, a French judge who was appointed by the European Commission in March 2008 to review how the programme is run.

The Lisbon effect

The two sides began negotiations to create a sound legal basis for data transfers and to provide continued access ahead of an anticipated change in SWIFT’s set-up. Last summer, they agreed an interim deal that was endorsed by EU interior ministers on 30 November and was supposed to enter into force on 1 February. But on 1 December, the EU’s Lisbon treaty took effect and changed the equation.

“Through to 31 December [2009], we were finding current, very valuable information that was pointing toward terrorist activity that was not available through any other source,” a senior US official said. “Then the lights went out.”

Click Here: pinko shop cheap

On 1 January, SWIFT changed its server architecture and relocated to secret locations in Switzerland and The Netherlands, removing European messaging data from the reach of the TFTP. The interim agreement was to restore that access on a sound legal basis – but the Lisbon treaty meant that MEPs had to agree, and they did not (see article, right).

Fact File

MEPS and Data Protection

MEPs have led the fight against the US Terrorist Finance Tracking Program (TFTP), a measure many in the European Parliament think does not live up to EU data-protection rules.

It was a surprise in February when MEPs boldly rejected the interim EU-US deal permitting the transfer of banking data from EU citizens to the US. But it won the Parliament increased respect in some quarters and, in effect, a stepped-up role when negotiations begin on a new, permanent deal with the US.

Under the Lisbon treaty, in force since last December, the Parliament now has power to reject any international agreement the EU reaches with other countries. It used that new power for the first time in February.

A key issue for MEPs has been how much data is transferred under the deal, says Simon Busuttil, a Maltese centre-right MEP. Other issues of concern include recourse for EU citizens under US law to object to the use of their personal financial data by US authorities, how long the banking data is stored, and to what extent the data is shared with law-enforcement agencies other than the US Treasury.

Permanent agreement

In the coming weeks, the Commission will begin negotiations with the US on a permanent agreement. The Commission hopes to enshrine its governing principles in a separate framework agreement on EU-US data exchanges, being negotiated in parallel. US officials expect the talks to be “tough”, but they stress that both sides had an interest in resuming the programme. They speak of a “real, very meaningful attempt” on both sides to have a “serious discussion” on the outstanding questions. Some sources suggested that EU member states lacked the technical capacity of the US TFTP and were therefore eager to receive leads from their US partners. Both sides hope that the negotiations can be wrapped up within weeks of commencing, after which MEPs need to vote on the agreement.

An EU source said that the disruption of the programme had created a “security gap”. How much of a gap is impossible to assess, however. “We cannot know what we do not know,” the US official said.