Fighting terrorism, individually or together?

(1)

Fighting terrorism, individually or together?

A study into which factors influence cooperation between the intelligence and security services and their most important (inter)national partners, in times of terrorist attacks.

Master thesis Crisis and Security Management

Written by: Orline de Jong - S1426893 Supervisor and first reader: Dr. C. Hijzen Second reader: Mr. drs. W.J.M. Aerdts Leiden University

10 June 2018

(2)

5.4.5 Leadership ... 62 5.4.6 Quality ... 62 5.4.7 Network structure ... 63 5.4.8 Technology ... 63 5.4.9 Relationship ... 64 5.4.10 Policy ... 64 5.4.11 Kind of cooperation ... 65 5.4.12 Conclusion ... 65 5.5 Results ... 67 5.5.1 Number of actors ... 68 5.5.2 Goal consensus ... 68 5.5.3 Diversity ... 69

Chapter 6. Conclusion and reflection... 74

6.1 Conclusion ... 74

6.2 Limitations and recommendations... 77

Reference list ... 78

Appendix ... 82

(5)

Abstract

This research aims to provide more information regarding cooperation in general and cooperation during a terrorist attack in particular. A theoretical framework with ten cooperation factors was created on the basis of the literature of Provan and Kenis (2007), Kickert, Klijn and Koppejan (1997), and Whelan (2015). These factors are: the number of actors, goal consensus, diversity, political and social context, leadership, quality, network structure, relationship, technology, and policy.

The explanatory and descriptive research question reads:

Which factors influence the cooperation between the intelligence and security services and their most important (inter)national partners and how can this be explained?

In order to provide an answer to this research question, it is necessary to answer the sub-questions:

- What does the cooperation between the security and intelligence services and their most important (inter)national partners look like?

- To what extent do the cooperation factors according to Provan and Kenis (2007) influence the cooperation?

- To what extent do the factors according to Whelan (2015) influence the cooperation? - To what extent do the factors according to Kickert et al. (1997) influence the cooperation?

- Which combined cooperation factors influence the cooperation between the security and intelligence services and their most important (inter)national partners and how can this be explained?

Based on the analysis can be stated, that all cooperation factors of the created theoretical framework, do influence cooperation. In addition, the influence can be either positive or negative. Because they are related to each other, it is also relevant in which combination the factors occur. During the analysis of the various sources no other possible cooperation influencing factors were found. This shows that the theoretical framework is complete and executable.

(6)

Chapter 1. Introduction

In 2016 a total of 142 failed, foiled, and completed terrorist attacks were reported in the European Union (EU). The United Kingdom (UK) reported 76 attacks, France 23, Italy 17, Spain 10, Greece 6, Germany 5, Belgium 4 and the Netherlands 1. During these attacks, 142 victims died and 379 were injured. The only terrorist attack in the Netherlands was a right-wing terrorist attack on a mosque in Enschede. In this same year 45 people were arrested in the Netherlands on suspicion of terrorism related offences. The perpetrators were Jihadist (36), Separatist (1), Right-wing (6) and two not specified individuals (Europol, 2017).

The total number of 142 attacks in the EU is a continuation of a downward trend that started in 2014 when there were 226 attacks, followed by 211 in 2015 (Europol, 2017). This downward trend could be caused by the different measures against terrorism the members of the EU are taking. According to experts, measures such as banning extremist expressions on the internet hardly have any effect. However bureaucratic processes such as cooperation between national and international governmental departments do work effectively. Intensifying cooperation between governmental services might be, among others, an effective measure against terrorism (Versteegh, 2017).

After the attacks of 11 September 2001, many declarations of mutual cooperation in the fight against terrorism followed. The lack of cooperation between relevant security actors has often been mentioned as one of the causes. Subsequently many measures against terrorism were taken without any short-term effect. The concrete implementation of the measures took too long. The attacks in the heart of London once again forced Europe to face the facts: our societies are extremely vulnerable to the threat of terror. European government leaders are dedicated and call for closer and more thorough cooperation in the fight against terrorism. The various attacks show that national intelligence and security services and the police are individually not in a position to form a front against international terrorism (Ruys, Wouters, Verhoeven and Coppens, 2005).

Nowadays, on national and international level, there are different partnerships between intelligence and security services. One of these partnerships is the Dutch C(ontra)

(7)

T(errorism) Infobox. Since 2004, a growing number of Dutch government services have been working together in the this Infobox. Ten organizations such as the police, the intelligence services, tax authorities and social affairs exchange all sorts of information. By combining data, a continuously reasoned estimate is being made of risks to national security (Versteegh, 2017). In addition, the National Coordinator for Counterterrorism and Security (NCTV) plays a central role in the cooperation between governmental departments in the Netherlands. Together with the Dutch General Intelligence Service (AIVD), the Military Intelligence and Security Service (MIVD) and the National Police, they are important cooperation partners on a national level (AIVDa, 2018). Their main task is to monitor terrorist threats in the Netherlands. They act by providing requested and unrequested information to administrators, politicians, companies and other relevant (governmental) organizations and institutions. Subsequently these actors can take measures to counter threats in anticipation. On an international level the Netherlands cooperate with foreign intelligence and security services (AIVDb, 2018). The European security services increasingly cooperate intensively in the fight against terrorism and jihadist violence, for example within the Counter Terrorism Group. This is a partnership of intelligence and security services of the European member states, Norway, and Switzerland (AIVDa, 2018).

The importance of intensive and effective cooperation between the various actors of a security cooperation, has increased considerably. How can cooperation actually be stimulated? Which factors influence this?

1.1 Academical and societal relevance

According to the 9/11 Commission’s report (National Commission on Terrorist Attacks, 2004) the CIA, the FBI, and local law enforcement did not communicate with each other before the attacks. Many experts attribute the lack of cooperation to mistrust and cultural differences between the agencies. Furthermore, according to the London Assembly Committee (2006) the plans, systems and processes providing a framework for the response to major incidents in London, must be revised and improved. On July 7 communication within and between the emergency services did fail (London Assembly, 2006). In conclusion, when things do go wrong, cooperation often is the pointed out accused.

(8)

Cooperation problems between governmental organizations have, in general, often been addressed in political science, public administration and sociology. This resulted, among other things, in the insights of Provan and Kenis (2007) and Kickert et al (1997). Within the intelligence studies, the cooperation issue has been discussed, both national – usually formulated as cooperation – and international – the intelligence liaisons Johnson (2010), Lander (2004), Lefebvre (2003), Whelan (2015) and Wiebes (2004). In chapter 2 these theories are explained in more detail. However, it appears that there is a gap as deep empirical research is still lacking in this field. This research is a normative research and focuses on empiricism.

The scientific relevance of this research consists of adding information about cooperation in the field of intelligence. Intelligence is one of the most secret parts of information and security work. Academically, this research is important to shed more light on this field. What do these partnerships look like and what does influence the cooperation? Finally, in general there is not much literature available about European and especially not about the Dutch intelligence services. Many theories are based on the American system. To what extent can these theories also be applied in the Netherlands?

The societal relevance of this research mainly focuses on safety and security. Cooperation is one of the most effective measures to counter terrorism. A serious threat may arise if the cooperation between intelligence and governmental services do not work effectively. This research provides insight into the cooperation between the intelligence and security services and its most important partners. It is important that there is sufficient knowledge about this subject. Finally, depending on the results and conclusions of this investigation, the various services might possibly adjust their policy. As a result, some factors can be stimulated, which promotes cooperation.

(9)

1.2 Research question

This research aims to investigate to what extent do the intelligence and security services, and their most important (inter)national partners, cooperate with each other and on which points could this be improved. The explanatory and descriptive research question reads:

Which factors influence the cooperation between the intelligence and security services and their most important (inter)national partners and how can this be explained?

In order to provide an answer to this research question, it is necessary to answer the sub-questions:

- What does the cooperation between the security and intelligence services and their most important (inter)national partners look like?

- To what extent do the cooperation factors according to Provan and Kenis (2007) influence the cooperation?

- To what extent do the factors according to Whelan (2015) influence the cooperation? - To what extent do the factors according to Kickert et al. (1997) influence the cooperation?

- Which combined cooperation factors influence the cooperation between the security and intelligence services and their most important (inter)national partners and how can this be explained?

In chapter 2 the theories of Kickert, Klijn and Koppejan (1997), Provan and Kenis (2007) and Whelan (2015) are mainly used for the theoretical framework. These theories determine which factors influence the cooperation in different ways. Kickert et al. (1997) use different cooperation factors. Provan and Kenis (2007) determine the degree of an efficient cooperation on the basis of the degree of presence of certain factors and the combination of these. Whelan (2015) explicitly focuses on cooperation factors within security networks. These three different approaches create a foundation for this research question and the sub-questions.

1.3 Readers guide

The theoretical framework that will be applied to the cases will be discussed in the next chapter. The different variables in the research question will be defined on the basis of

(10)

scientific literature. Together with indicators obtained from the literature, the research question and the sub-questions form the basis for the analysis. Chapter three will deal with the methodological framework. This chapter explains how this research was carried out and which choices were made. In chapter four the different cases are described. Chapter five is dedicated to analysis and the last part of this chapter to the results. The results will be described briefly in chapter six: the conclusion. In this chapter an answer will be given to the research question and the sub-questions. Besides there will be a reflection on the reliability and validity of this research. Finally, a number of recommendations will be made.

(11)

Chapter 2. Theoretical framework

In order to provide an answer to the research question and sub-questions, different theories are discussed in this chapter. This framework will help to clarify the main concepts of this research. This will help to categorize the data.

The definition of the concept intelligence (agencies) and intelligence studies will be explained on the basis of the studies of Johnson (2010), De Valk (2005) and Lowenthal (2009). This research focuses on the field on intelligence studies. Subsequently, the various types of cooperation between intelligence and security services (Lefebvre, 2003) and the various liaisons (Wiebes, 2004) will be examined in more detail. Thereafter, this study zooms in on the overall success factors of cooperation for intelligence and security services (Lefebvre, 2003 and Lander, 2004). In order to take a closer look at cooperation within intelligence studies, cooperation literature regarding the field of public administration will be added as this literature focuses on cooperation between public organizations. Whelan (2015) deals with the different factors of security networks. Provan and Kenis (2007) studied cooperation forms and made a distinction between different characteristics of a cooperation. Kickert et al (1997) distinguished several cooperation factors. Finally, this research focuses on the Western intelligence cooperation.

2.1 The concept intelligence

According to Johnson (2010) the author of the handbook of intelligence, the concept of intelligence can be defined in different ways. A broad standard definition of intelligence is the ‘knowledge and foreknowledge of the world around us - the prelude to Presidential decision and action’. This approach is called national security intelligence. The narrow definition is that of intelligence on specific battlefields of war (Johnson, 2010: 5). Johnson (2010) argues that intelligence is a matter of situational awareness that understands events and conditions throughout the world. Intelligence officers communicate the gathered information to policymakers through oral briefings, memoranda and formal reports. This communication has the ambition to be up to date regarding current events and provide policymakers with in-depth research (Johnson, 2010: 6). According to De Valk (2005) intelligence is described as a product, a process or an organization. It is also used for the analysis of information processes which play a role in the prevention of crime, fraud and infringement of a democratic legal order

(12)

(De Valk, 2005: 8). According to Lowenthal (2009) who has more than thirty years of experience within the intelligence field, intelligence is different from other government functions. First, much of what goes on is secret. Second, mainly in democratic countries, this secrecy can be a source of consternation. (Lowenthal, 2009: 1). In conclusion, intelligence could be a process, organization or product. It gathers specific information related to a question. This information is often, but not necessarily, kept secret. Intelligence reports are the result of gathering, processing and analysing information. The intelligence cycle is mainly used to describe this intelligence process. The intelligence cycle is a phase-model (CIA, 2018).

Figure 1. The intelligence cycle (Fas.org)

According to the CIA (2018) the first phase is planning and direction. This means making an inventory of the needs and plan what to do and how. The second phase is the collection of specified information. This information is gathered through overtly (openly) and covertly (secretly) sources. Overtly sources are newspapers, magazines, television and radio. Covertly sources are for example Sigint, Imint and Humint (CIA, 2018). Sigint is short for Signals intelligence. This is gathering information through tapping of cables or electronic signals. Imint, Imagery intelligence, deals with the exploitation, development, and dissemination of imageries. Humint stands for Human intelligence. This kind of intelligence is obtained through people. The third phase is

(13)

about processing. All the gathered information comes into an intelligence report or system. Johnson argues that this information could be anything, from a translated document to a description of a satellite photo. The next phase is analysis and production. This is the conversion of basic information into an intelligence analysis. This means that of all gathered information will be determined how it fits together, while concentrating on answering the original tasking. The intelligence agency assesses what is happening, why this is happening, what might occur next, and how it affects the different interests. The last phase, the dissemination, is about the distribution of the final written analysis to a consumer. This is the same person who started the cycle. This phase also concerns the reception and possible feedback of the consumer (Johnson, 2010: 15-21).

According to Lowenthal (2009) intelligence agencies have been established to support policymakers. He argues that intelligence agencies exist for at least four reasons. The first is to avoid strategic surprises. The goal of an agency must be to keep track of threats, forces, events, and developments that are capable of endangering the nation’s existence. Secondly, intelligence agencies support the policy process. Policymakers have a need for customized intelligence which will provide for example background, context, warning, assessment of risks and likely outcomes. Their need is met by the intelligence agencies (Lowenthal, 2009: 2). Thirdly, these agencies maintain the secrecy of information, needs and methods. Secrecy makes intelligence exceptional (Lowenthal, 2009: 3). Finally, intelligence agencies provide long-term expertise (Lowenthal, 2009: 2).

2.2 Kind of cooperation between intelligence services

Lefebvre (2003), a strategic analyst, described as one of the first scientists the current cooperation between international intelligence services. According to Lefebvre (2003) a distinction between bilateral and multilateral arrangements can be made. Bilateral arrangements are formally or informally set up agreements between two agencies paying attention to the participants’ protection of their intelligence. They usually cover a wide range of issues, including the sharing of assessments, raw data, or training facilities and the conduct of joint operations, some of which could lay dormant at any given time (Lefebvre, 2003: 533). Multilateral arrangements are agreements between

(14)

several actors. Close allies routinely exchange intelligence through various means. However, the depth and breadth of these exchanges very much depends on their sharing a common perception of a threat (Lefebvre, 2003: 529).

2.3 Intelligence liaison

The main reason for cooperation, according to Wiebes (2004) Dutch intelligence expert, is that no intelligence agency can gather all intelligence by itself or know everything. After all, some services are better introduced than others in certain regions. Besides, states may not have their own diplomatic delegation in all countries. Therefore cooperation is important to fill up ‘information gaps’ in their own knowledge about subjects, countries, organizations and people. Thus intelligence professionals make deals when the opportunity for intelligence cooperation arises. Wiebes (2004) states, that cooperation and communication between intelligence officers or agencies, is called ‘liaison’. Liaisons include a wide range of forms of cooperation between intelligence and security services where information can be exchanged, joint operations can be carried out and intelligence support such as training, advice and resources are being given. Four categories of liaison can be distinguished: complete intelligence liaison; intelligence support; sharing intelligence about operations; and the exchange of collected intelligence (Wiebes, 2004: 73).

The complete intelligence liaison implies that intelligence will almost automatically be exchanged between different participants. The second category, intelligence support, comprises providing each other with resources and services such as advice and training. The third category implies that sharing intelligence about operations is customary. Sometimes sharing intelligence with a sister service is essential for the success of an operations being performed in a certain country. The final form of liaisons is the international exchange of gathered intelligence. This is the most common form. A distinction can be made between exchanging domestic intelligence for foreign intelligence, exchanging information in exchange for access to certain facilities and exchanging intelligence in anticipation of other rewards (Wiebes, 2004: 74).

2.4 Cooperation factors for intelligence services

(15)

(1) Differences in perceptions of a threat and the foreign policy objectives. This may prevent a coordinated, effective, and forceful approach in the fight against terrorism. (2) Differences in the distribution of power. This may lead to unequal relationships. (3) Poor human rights records of a partner. This may lead to a setback in the relationship. This is a sensitive issue for Western governments. They have to carefully balance the requirement to protect their citizens in combination with not assisting human rights violations through cooperation with a partner.

(4) Legal issues. The impact that judicial practice may have on a liaison arrangement must be taken into account by both parties. The fear exists that the intelligence exchanged through the relationship will be passed on to a third party without the originator’s permission.

(5) The intelligence exchanged through a liaison relationship could potentially be used for other unintended purposes.

According to Lander (2004) who was the former director general of the United Kingdom security service, there are more factors playing a role in the cooperation between intelligence services:

(1) Different countries have different gathering philosophies.

(2) Shared intelligence can create competition over who acts, where and when. (3) To share reporting there has to be a presumption that in-country coordination arrangements, including law enforcement, are effective.

(4) Legislation in Western countries often precludes the sharing of product outside national borders or to other than specified organizations.

(5) The problem of other allies.

2.5 Security networks

According to Klijn, Koppejan and Termeer (1993) a cooperation can be seen as a network. They were the first public administration scientists who researched how government organizations can benefit from networks through network management. They characterize networks by actors and the mutual relationships within their network. Dependence is an important reason for the existence and continuous existence of such relationships. There is dependency when actors cannot independently carry out processes in a satisfactory manner without the help of another actor. The

(16)

interdependence frames the core of the cooperation. This makes a group of actors a network (Klijn et al, 1993: 232).

Whelan (2015) was one of the first scientists who researched security networks form and function and identified a multi-level theoretical framework for analysing the properties of networks and the conditions shaping their performance. This framework involves five levels of analysis: structure, culture, policy, technology, and relationships. These levels represent important properties that are likely to significantly shape network performance. The levels are interdependent. Managerial interventions at one level are likely to have an impact on another (Whelan, 2015: 542). The first level relates to the network structure. This refers to the design of a network and how that design changes in response to certain contingencies. Network design is conceptualized in three basic designs: hub, all-channel and chain. These designs have varying implications for individual actors and the network. In the hub network each actor is tied to a central actor. This central actor controls the flow of information. In the all-channel network all the actors are connected to each other. None of the actors control the flow of information. A chain network involves a direct line where each actor must communicate through the one or two actors to whom he is directly tied. It is accurate to view networks as a dynamic process of organizing. Networks are not static but dynamic organizational forms (Whelan, 2015: 543).

The second level implies network culture. Culture is the main topic of debates in the social network literature. Culture can be defined as the beliefs, values, and attitudes which emerge over the course of a group’s history and which influence how the actor thinks and acts in relation to specific problems. There are different cultures in the networks in the field of national security. These cultures may be important to network performance since different ways of thinking and acting can promote positive outcomes. However, it is also important to recognize that cultural differences can impede cooperation significantly and undermine network performance (Whelan, 2015: 543-544).

The third level, according to Whelan (2015), is about network policy. Network policy refers to the formal procedures. It can be understood as a mechanism of network control. The aim is to enhance the likelihood that network-level goals can be attained. This is mainly important to include exogenous factors shaping network performance, for example the national security information. A policy framework can be established

(17)

within networks in an attempt to specify which members require access to certain forms of information. Network policy has the potential to increase tensions between flexibility and stability. A more flexible network provides advantages over hierarchical forms of organization. Actors can work with one other on projects more efficiently and the network can evolve as it needs change. Stability in networks provides opportunities for members to develop long-term relationships with one another. It can be improved with policies and procedures. However, there is a trade-off between flexibility and stability. The policies can limit the networks adaptability capacity. (Whelan, 2015: 544-545).

The fourth level implies network technology. This concerns the technological infrastructure that supports networks. National security networks are information-intensive forms of organization. This infrastructure is directly related to the capacity of actors to share information and the performance of security networks. The most important aspects of this technological infrastructure concern how it is designed and used by network members. The technological infrastructure needs to connect network members and enables them to share information efficiently and effectively (Whelan, 2015: 545).

The last level that Whelan (2015) distinguishes is the network relationships level. Network relationships are central to the performance of most networks. The nature of relationships may matter more than the nature of resources in networked environments. The level of respect and trust between the network members is important for the relationships (Whelan, 2015: 546).

2.6 Kinds of cooperation between public actors

Nowadays there are networks everywhere with all sorts of advantages and disadvantages. They also exist in different forms. Public administrators Provan and Kenis (2007) developed useful models for public networks. Provan and Kenis (2007) state that the interaction between various organizations, positively influences the quality of the end product. An example of this is a crisis management network which is formed by a terrorist attack. An effective control of a crisis occurs when the activities of different organizations are coordinated in a certain way (Provan and Kenis, 2007: 229). In their research they describe effectiveness as achieving a positive result which was merely achieved through cooperation. An individual entity would not have been

(18)

able to achieve such result. The effectiveness of these networks is based on four key structural and relational aspects (Provan and Kenis, 2007: 237):

- Trust; according to Provan and Kenis (2007) trust can be explained as an aspect of a relationship that reflects the willingness to accept.

- Number of participants: as the number of actors in a cooperation grows, the number of potential relationships increases, and the cooperation becomes complex (Provan and Kenis, 2007: 238).

- Goal consensus: this allows actors to perform better than when there is conflict between their own goal and the cooperation's goal (Provan and Kenis, 2007: 239)

- The need for network-level competencies: according to Provan and Kenis (2007) actors join or form networks for several reasons, including the need to gain legitimacy, serve clients more effectively, attract more resources, and address complex problems. All actors are seeking to achieve some end, which they could not have achieved independently (Provan and Kenis, 2007: 240). Provan and Kenis (2007) distinguish three kinds of networks: Participant-Governed Network, Lead Organization-Governed Network and a Network Administrative Organization. Table 1 gives an overview of the different aspects and the different forms (Provan and Kenis, 2007: 232-237).

Table 1. Different indicators and network forms (Provan and Kenis, 2007:237).

The first type of network is the Shared Governance Network (Participant-Governed Network). This is the simplest form. The participants of the network manage themselves. Therefore, there is no question of establishing a new entity (Provan and Kenis, 2007: 234-235). Another type of network is the Lead organization network (Lead Organization-Governed Networks). In some situations, it is not efficient if all

(19)

actors are equally involved in the network. A centralized structure can be the solution. The leader organization network contains this structure (Provan and Kenis, 2007: 235-236). Finally, Provan and Kenis (2007) identified a Network Administrative Organization (NAO). This establishes a separate administrative entity that focuses on the network and its activities and communicates with each other through a central organization outside the network. This organization has a coordinating and facilitating role (Provan and Kenis, 2007: 236).

Provan and Kenis (2007) argue that it is important to mention that there is not one ultimate network model that matches with every organization under any circumstance. Each individual model has its own specific characteristics that determine whether the model will be successful or not (Provan and Kenis, 2007: 237).

2.7 Cooperation factors for actors

Not only Provan and Kenis (2007) researched success factors for networks. Kickert et al (1997), important founders of the Dutch school for 'network governance', also concluded that the number of actors and the goal consensus affects the ultimate success of a network. They added a new number of cooperation factors:

(1) Diversity, more diversity of actors will increase the complexity of the cooperation. A complex network requires more of a manager’s knowledge of the actors and their goals. Successful network management depends on the extent to which the presence of diversity should be taken into account when steering the actors (Kickert et al, 1997). (2) Openness, is about how a network responds to external signals. A closed network is highly self-regulating. For a manager, the possibilities to exert influence are limited (Kickert et al, 1997).

(3) Political and social context, the environment in which a network operates can influence its functioning (Kickert et al, 1997).

(4) Leadership, this plays an important role within a successful cooperation. The leader must ensure that both his own voice and that of the other organization, is being heard. It is essential that a leader creates commitment and consensus in the network. Therefore, a successful cooperation depends on the interpretation of the leadership and the dedication of the other actors (Kickert et al, 1997).

(5) Quality, is a condition for successful cooperation. When the right tactics and strategy are used, this can be beneficial for each actor within the network. This means

(20)

that everyone's quality can be optimally utilized. However, this requires a great deal of knowledge from and about the actors. Substantive knowledge and expertise increases the chance of success (Kickert et al, 1997).

2.8 The Western intelligence cooperation

According to Aldrich (2004) intelligence cooperation is about building confidence. Western security services have been developing their associations for decades. These services are now growing in importance. Consequently, security networks exchange less sensitive data and information. The cooperation between European security services and those of the United States of America is difficult. The American intelligence community has long been noted for its lack of one identity. Their main problems are ingrained reluctance to share and incompatible data systems (Aldrich, 2004: 737-741). In addition, the European intelligence services like the MI5 (the British intelligence service) focus on a broader set of socio-economic conditions. The USA has focus on the individuals who went too far and why they became a threat. Overall these countries approach problems differently. This makes cooperation complicated (Aldrich, 2004)

After the terrorist attacks of 9/11 2001 the government of the USA created a top-secret world. This has become so large, so unwieldy and so secretive that, according to Priest and Arkin (2010), no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work. Nowadays, many intelligence and security agencies do the same work, which creates redundancy. More than 50 federal organizations and military commands track the flow of money to and from terrorist networks (Priest and Arkin, 2010: 1-2). According to Georgescu, Zidaru and Dragan (2014) the USA and the other Western Countries separate their foreign and domestic intelligence collection, which is particularly exploitable by terrorists and non-state actors. They are a serious threat to international security. Clear rules must be formed to ensure both the best possible intelligence integration and the defence of civil liberties. This dictates how intelligence from these two spheres is collected and in what way and at what level it is being integrated and disseminated (Georgescu, Zidaru and Dragan, 2014: 13).

The 9/11 attacks in New York, the one on the filmmaker Van Gogh in Amsterdam in 2004 and the one on 7/7 in London led to structural reforms within the intelligence

(21)

services. These terrorist attacks brought the intelligence community of the EU and US closer together (De Graaf and Hijzen, 2012: 215). In recent years the relation between the Netherlands and the USA became more divergent because of different views about privacy, proportionality and reciprocity. Intelligence liaisons however can only thrive if based on shared political goals, principles and strategies towards security threats. The difference between the Dutch community and the USA community persists. Furthermore, in the past decades Dutch intelligence agencies changed smoothly from being loyal into rather critical allies (De Graaf and Hijzen, 2012:217).

2.9 Hypotheses

The following hypotheses can be drawn on the basis of the arguments from the theoretical framework:

Hypothesis 1: Fewer actors stimulate the network to cooperate. Hypothesis 2: Similar goals stimulate the network to cooperate.

Hypothesis 3: Similar characteristics stimulate the network to cooperate

Hypothesis 4: A stable political and social context stimulates the network to cooperate. Hypothesis 5: Leadership stimulates the network to cooperate.

Hypothesis 6: Quality within a network stimulates the network to cooperate. Hypothesis 7: A dynamic network structure stimulates the network to cooperate. Hypothesis 8: Communication through technology stimulates the network to cooperate. Hypothesis 9: Good relationships between actors stimulate the network to cooperate. Hypothesis 10: Policy can stimulate the network to cooperate, as long as not too many formal procedures are drawn up.

(22)

Chapter 3. Methodology

This chapter clarifies the research methods used in this research and justifies the appropriateness of these methods. Finally, this chapter demonstrates how the literature was operationalized in order to collect the data that were needed to answer the research question.

3.1 Research design

A research design provides a framework for the collection and analysis of data. A choice of research design reflects decisions about the priority being given to different dimensions of the research process (Bryman, 2015: 46)

3.1.1 Research design and case selection

The research question is: Which factors influence the cooperation between the

intelligence and security services and their most important (inter)national partners and how can this be explained? This research consists of an international comparative case

study. This means that four cases will be compared, with the goal of drawing causal inferences. The key to the comparative design, is the ability to allow the distinguishing characteristics of two or more cases, to act as a springboard for theoretical reflections about contrasting findings (Bryman, 2015: 75).

The selected cases are the 9/11 attacks in New York in 2001, the attack on the Dutch filmmaker Theo van Gogh in 2004, the 7/7 attacks in London in 2005, and the attacks in Brussels in 2016. The selection of these cases is not random. In this study, the following criteria were used to make a selection. First, all of these cases were somewhat recent, having happened during the past fifteen years. Besides, there is a period of time between the various events. This makes it possible to examine to what extent the focus of the cooperation between the security actors changed over time. All these cases were crucial moments for the national and international intelligence and security communities in the last fifteen years. As a result of these attacks, various debates were held, and laws were drawn up to guarantee safety. Besides all these countries have the same kind of actors who cooperate with each other. Because of what is mentioned above, these cases can be well compared. Secondly, in the intelligence field one is depending on limited availability of materials and research. There was however sufficient information available regarding these attacks. Finally, although all

(23)

cases regard Western countries, they are spread over two continents. This allows the case studies to be compared properly and, at the same time, gather much information from a broad perspective.

The actors that are investigated in this research, are: • The national intelligence and security services • The police

• The national coordinator of counterterrorism • Foreign intelligence and security services

These actors are the most important actors before, during and after a terrorist attack according to the different sources (see Appendix A). All these different actors are active in the United States of America, the Netherlands, the United Kingdom, and Belgium. This makes it possible to compare these actors with each other. In each country, however, the actors are called differently. Table 3 shows an overview of the various actors.

National intelligence services

The police The national coordinator of counterterrorism

United States of America CIA, FBI NYPD National Counterterrorism Coordinator

The Netherlands AIVD, MIVD police NCTB

The United Kingdom MI5, MI6 police OSCT

Belgium VSSE police OCAD

Table 2. List of important actors in the different cases

The research strategy is qualitative. The cooperation factors, obtained from different theories, will be tested which makes this research deductive. The unit of analysis is the cooperation of the intelligence and security services. The unit of observation are the respective documents (see Appendix A).

3.1.2 Conceptualization and operationalization

Conceptualization ensures that it is clear what this research observes. It makes it function and instrumental for a research (Bryman, 2015: 29). According to Klijn et al (1993) the definition of cooperation is: More or less sustainable patterns of social

(24)

relations between mutually dependent actors who form around policy problems (Klijn

et al, 1993: 231). To conclude, they define cooperation as a kind of network.

Operationalization is the process at which the theoretical concepts are bent into measurable variables (Jonker and Pennink, 2010). The independent variable is the cooperation between the national intelligence services, the police, the national coordinator counterterrorism and the foreign intelligence and security services. The dependent variable is different cooperation factors.

The concepts that have been measured in this case study are discussed in the theoretical framework. The definition of some cooperation factors from different authors was the same. These factors were combined. Table 4 shows the various factors from the theory and were subdivided under a ‘head’ factor. For example, diversity covered the different gathering philosophies. In this way no information is lost, but the execution of the research becomes more compact. The actors that are used for this study can be found in table 5: the operationalization of the concepts and the indicators on the basis of the literature.

Factors Corresponding theory

Number of actors Number of actors (Provan and Kenis, 2007), number of actors (Kickert et al, 1997)

Goal consensus Goal consensus (Provan and Kenis, 2007), goal consensus (Kickert et al, 1997)

Diversity Differences in perceptions of a threat (Lefebvre, 2003), different gathering philosophies (Lander 2004), network culture (Whelan, 2015), diversity (Kickert et al, 1997)

Political and social context

Need for network-level competencies (Provan and Kenis, 2007), political and social context (Kickert et al. (1997), openness (Kickert et al, 1997)

Leadership Differences in the distribution of power (Lefebvre, 2003), leadership (Kickert et al, 1997)

Quality Quality (Kickert et al, 1997)

Network structure Network structure (Whelan, 2015)

Technology Technology (Whelan, 2015)

Relationship Poor human rights records of a partner (Lefebvre, 2003), gathered intelligence used for unintended purposes (Lefebvre, 2003), competition (Lander, 2004), relationship (Whelan, 2015), trust (Provan and Kenis (2007)

Policy Legal issues (Lefebvre, 2003), legislation (Lander, 2004), policy (Whelan, 2015)

(25)

Theory Concept Definition Indicators A number of factors

affect the cooperation. Kickert, Klijn and Koppejan (1997). The degree of influence of a cooperation depends on the presence of certain factors and the combination of these. Provan and Kenis (2007). A number of factors influence the cooperation of a security network. Whelan (2015). ‘Cooperation factors’

Kickert, Klijn and Koppejan (1997), Provan and Kenis (2007), and Whelan (2015) identified a number of cooperation factors: • Number of actors • Goal consensus • Diversity • Context • Leadership • Quality • Network structure • Technology • Relationship • Policy 1) Number of actors

- The number of actors who plays a role in the cooperation.

2) Goal consensus.

- The goals of the actors are similar.

- The goals of the actors are different.

3) Diversity.

- The actor has the same characteristics.

- The actor has different characteristics.

4) Context

- The political/social context in which a network operates influences the actors.

- The political/social context in which a network operates does not influence the actors. 5) Leadership

- There is a leader within the cooperation.

- There is no leader within the cooperation.

6) Quality

- The actors use tactics and strategy.

- The actors do not use tactics and strategy.

7) Network structure

- Hub network (one central actor)

- All-channel network (actors are tied to each other) - Chain network (intermediate

actor) 8) Technology

- Through technology the actors are connected with each other.

- Technology is not important for the communication between the actors.

9) Relationship

- The actors have respect and trust each other.

- The actors do not have respect and trust in each other. 10) Policy

- There are formal procedures. - There are no formal

procedures.

(26)

3.2 Research methods

The triangulation of methods for this research consists of document analysis. Various documents were used for the literature study, like annual reports of the national intelligence services and the associated oversight committee, the national coordinator of counterterrorism, the police and special reports regarding this topic from external committees, and policy letters/debates.

The USA U.S. Department of State (2004), U.S. Department of Justice (2009), National Commission on Terrorist Attacks (2004)

The Netherlands CTIVD (2008), Letter to the parliament (2004, November) - Donner and Remkesb, Report Havermans (2004)

The United Kingdom London Assembly Report (2006), Intelligence and Security Committee Report (2006), Report from the House of Commons (2006)

Belgium Parlementaire onderzoekscommissie (2017)

Table 5. List of sources

Appendix A contains an extensive source list with criticism. Only public sources are used in this study. They are usually seen as the most reliable. These sources outline a certain perspective, but this perspective may differ from the one that the media displays. This is taken into account in this study. Besides, within the field of intelligence studies, there often is little to choose. One must work with limited available information. Therefore, this research looks at different types of sources. This is taken into account during this research

3.2.1 Analysis

Comparative study protocol is important since it enhances replication potential by explaining in a transparent way, which steps have been taken when conducting the study (Gibbert, Ruigrok and Wicki, 2008). Table 6 shows the study protocol of this research.

(27)

Used

cooperation factors

Step 1 Download textual sources

Step 2 Read closely and assign codes, related to different cooperation factors, to words, sentences and paragraphs through the programme Atlas.ti

Step 3 Create an overview in tables of the results of the different cooperation factors.

Step 4 Write down results and illustrate with words, sentences or paragraphs.

Table 6. Comparative study protocol

The exploitation and assessment were done on the basis of the indicators of the theoretical framework and the operationalization regarding table 5. Through encoding the indicators, the information will be assessed. All codes can be seen in table 8. The computer program Atlas.ti was used to systematically and transparently analyse all the data. The output of this program has been added to the appendix B.

All the gathered information was analysed. There are four sub-questions in this research. Every sub-question was answered through the gathered information.

(28)

Table 7: Code system different cooperation factors

Code/Label Description

Number of actors The number of actors who play a role in the cooperation.

Goal consensus- similar The goals of the actors are similar. Goal consensus- different The goals of the actors are different. Diversity- same characteristics The actor has the same characteristics. Diversity- different characteristics The actor has different characteristics.

Political context- influence The political and social context in which a network operates influences the actors.

Political context- no influence The political context in which a network operates does not influence the actors.

Social context- influence The social context in which a network operates influences the actors.

Social context- no influence The social context in which a network operates does not influence the actors.

Leadership- leader There is a leader within the cooperation. Leadership- no leader There is no leader within the cooperation. Quality- tactics and strategy The actors use tactics and strategy. Quality- no tactics and strategy The actors do not use tactics and strategy.

Network structure – hub The actors are tied to a central actor within the network.

Network structure – all channel The actors are tied to each other within the network. Network structure - chain The actors are tied to one or two actors within the

network.

Technology – connection The actors are connected with each other through technology.

Technology – no connection The actors are not connected with each other through technology.

Relationship – respect and trust The actors have respect and trust each other. Relationship – no respect and trust The actors do not have respect and trust each other.

Policy – formal procedures The actors are bound by formal procedures. Policy – no formal procedures The actors are not bound by formal procedures.

(29)

3.2.2 Internal and external validity

The internal validity reflects the means of measurement and the analysis of the data (Bryman, 2015: 59). The use of the programme Atlas.ti results in a consistent working method. Various cooperation factors are described on the basis of the literature. This means that a factor can only be defined in one way. This definition is encoded in the available and relevant sources. The coding is done through Atlas.ti. The quotations (the results) are systematically represented through this program. The amount of particular quotes is not important. It is not about the number of quotes but about the content. There are some possible pitfalls, for example the secrecy around intelligence services can make it difficult to have access to documents. Furthermore, in the intelligence field there is a limitation to sources and information. This led to the use of different types of sources during this research. This will be taken into account in the analysis and results. Finally, it is possible that there is an unknown factor that influences the outcome of this research: the omitted variable bias. This is taken into account and this factor will be added if there is one.

The external validity refers to the extent to which the results are generalizable (Bryman, 2005: 69). To conduct a fair and reliable investigation, the research investigates terrorism attacks that have been committed over the past fifteen years. This creates a versatile context. Moreover, these attacks have been committed in all different countries. A broad perspective was taken. This research only investigates four cases, which is not enough to generalize the results. However this is not the purpose of this research.

3.2.3 Reliability

Reliability represents the degree of reproducing the same outcome when one would do this research again. All steps made in this research are outlined in the methodology (table 7) of this research or in the appendix. This is done to enable a transparent backtracking of analytical interpretations. Besides, the programme Atlas.ti was used for the content analysis. This program has an output. This output ensures that you can execute this research again, with the same results. As a result, one can follow which conclusions based on which data from which sources have been drawn in which way.

(30)

Chapter 4. Case description

In this chapter an answer will be given on the sub-question: what does the cooperation

between the security and intelligence services and their most important (inter)national partners looks like? Four different cases are described in this chapter: the 9/11 attacks

in New York in 2001, the attack on film producer Theo van Gogh in Amsterdam in 2004, the 7/7 attacks in London in 2005, and the attack in Brussels in 2016. These cases describe what happened, what was the reaction of the intelligence and security services and was there knowledge of any threat before the attacks?

4.1 The 9/11 attacks in New York

On 11 September 2001 the most lethal international terrorist attack ever— involving four separate but coordinated aircraft hijackings—occurred in the United States of America on September 11, 2001. The 19 hijackers were all member of al-Qaida, a terrorist network (U.S. Department of State, 2004). The attacks on the World Trade Center and the Pentagon, two icons of American commercial and military power, were unprecedented (U.S. Departement of Justice, 2009).

The first notification of a hijack on flight American Airlines 11 from Boston to Los Angeles came on Tuesday morning 11 September 2001 at 8:14 am. At 8:46:40 am the plane crashed into the North Tower of the World Trade Center in New York City. All on board, along with an unknown number of people in the tower, were killed instantly. The second hijack was on United Airlines flight 175 which was scheduled to depart for Los Angeles at 8:00 am. The hijackers attacked between 8:42 am and 8:46 am. All on board, along with an unknown number of people in the tower, were killed instantly. At 9:03 am United Airlines flight 175 crashed into the South Tower of the World Trade Center. All on board, along with an unknown number of people in the tower, were killed instantly. The third hijack started at 8:51am on American Airlines flight 77 from Washington for Los Angeles. At 9:37:46 am American Airlines flight 77 crashed into the Pentagon. The last hijack was different than expected. At 8:42 am United Airlines Flight 93 took off from Newark bound for San Francisco. The first 46 minutes of United Airlines flight 93 proceeded routinely. At 9:24 am warnings about the other hijacks received United Airlines flight 93. Subsequently, the hijackers attacked at 9:28 am. For some passengers it was possible to communicate with the ground during the hijack. They told the FBI that the hijackers wielded knives and

(31)

claimed to have a bomb. Then the FBI told the passengers that at the other three flights the hijackers also claimed that they had a bomb, but the FBI found no trace of explosives at the crash sites. The passengers voted on whether to rush the terrorists in an attempt to retake the plane. They decided and acted. All passengers stormed into the cockpit. This action forced the hijackers to crash the plane earlier than planned. With the sounds of the passenger counterattack continuing, the aircraft crashed into an empty field. About 20 minutes flying time from Washington which was the final destination (National Commission on Terrorist Attacks, 2004: 1-14).

In total more than 3000 persons were killed in these four attacks. According to former President Bush the attack was an act of war against the United States of America; freedom and democracy were under attack (U.S. Department of State, 2004).

4.1.1 The World Trade Center

At 8:46 am the first plane crashed into the North Tower of the World Trade Center. The 911 system was not equipped to handle the enormous volume of calls after this crash. In the 17-minute period between 8:46 am and 9:03 am (time of the second crash) New York City Police and the Port Authority of NewYork and New Jersey mobilized the largest rescue operation in the history of New York. A huge evacuation had begun (National Commission on Terrorist Attacks, 2004: 286).

After the second crash the emergency response effort escalated quickly. As a consequence communication and control became increasingly critical and difficult. After the first moments of the crash the first responders assisted thousands of civilians in evacuating the towers. After the second crash the situation was chaotic. Incident commanders from responding agencies lacked knowledge of what other agencies and, in some cases, their own responders were doing. Everyone did their best to save as many people as possible. Nobody had the overview (National Commission on Terrorist Attacks, 2004: 305).

The South Tower collapsed 56 minutes after the crash. The North Tower collapsed 29 minutes later (National Commission on Terrorist Attacks, 2004: 285).

(32)

4.1.2 The Pentagon

The emergency response at the Pentagon represented a mix of local, state, and federal jurisdictions and was generally effective. Because of the nature of the event—a plane crash, fire, and partial building collapse—the Arlington County Fire Department served as incident commander. After the first attack, they ordered a full evacuation because of the warning of an approaching hijacked aircraft passed along by the FBI. The evacuation order was well communicated and well-coordinated (National Commission on Terrorist Attacks, 2004: 314).

The attack on the Pentagon was a single attack and relatively easy to secure and contain. There were no other buildings in the immediate area. There was no collateral damage beyond the Pentagon (National Commission on Terrorist Attacks, 2004: 315). Less information is available about this attack, because of the relatively flexible emergency response. Therefore the focus in this research is on the cooperation around the World Trade Center.

4.1.3 What was already known?

In the summer of 2001 most of the intelligence community recognized that the number of threat reports was unprecedented. Many officials knew that something terrible was being planned, and they were desperate to stop it. Despite their large number, the received threats contained few specifics regarding time, place, method, or target. Besides the 9/11 attacks fell into the void between foreign and domestic threats. The foreign intelligence agencies were watching overseas, alert to foreign threats to U.S. interests there. The domestic agencies were waiting for evidence of a domestic threat from sleeper cells within the United States. No one was looking for a foreign threat towards domestic targets. The coming threat was foreign—but from foreigners who had infiltrated into the United States (National Commission on Terrorist Attacks, 2004:

(33)

4.2 Theo van Gogh

In the morning of 2 November 2004 the Dutch director, television producer, columnist and opinion maker Theo van Gogh was murdered in Amsterdam. Shortly after the attack Mohammed B. (member of the Hofstadgroep) was arrested as suspect and sentenced to life imprisonment on 26 July 2005 (CTIVD, 2008: 2).

Theo van Gogh was shot at about 8.45 am. He rode on his bike. The suspect, also on the bicycle, came alongside and shot Van Gogh. Van Gogh fell off his bicycle and was able to reach the other side of the street. There Van Gogh was subsequently shot several times and stabbed in his chest. A letter was left on his body. Van Gogh died on the spot. A witness was hit when the suspect was shooting. This bystander walked to the police station and alarmed the police. The police office is located a few dozen meters away from the place of the attack (Donner and Remkes a, 2004). This terrorist attack had a major impact in The Netherlands. Partly because of the way the murder was committed and the motive behind it, partly because of the conclusion that some in our society radicalized. This had an impact on the liveability of society and the mutual relationship of Dutch populations (Donner and Remkes a, 2004).

On the day of the murder, the Minister of the Interior and Kingdom Relations (BZK) informed the House of Representatives in a letter that Mohammed B. (the suspect) was a known suspect of the AIVD. This subsequently raised many questions in the political and public domain (CTIVD, 2008: 2).

Before the attack the AIVD had information that members of the Hofstadgroep felt that certain publicly known persons deserved death. However, the AIVD was not aware that Theo van Gogh was one of them. The service was familiar with threats against Theo van Gogh, but did not have any information before November 2 2004 showing a link between the threats against Theo van Gogh and Mohammed B (CTIVD, 2008: 45). The AIVD knew though that the Hofstadgroep was ‘working on something’. These signals ensured that they had the intention to intensify the investigation regarding this group at the end of October 2004. However they did not start with it (CTIVD, 2008: 44).

(34)

4.3 The 7/7 attacks in London

On 7 July 2005 around 8:50 am there were three explosions in the London Underground. The first explosion was on the Circle line between Aldgate and Liverpool Street, the second at Edgware Road station and the third on the Piccadilly line between Russell Square and King’s Cross. At 9:47 am there was a fourth explosion in a bus. In total fifty-two people were killed in these terrorist attacks and several hundreds were injured (Intelligence and Security Committee, 2006: 2).

In the first instance the different security actors were confused over the nature of the incidents with reports of power surges, explosions and suspicious packages at various locations. Local police officers were quickly at the place of the attacks and the police Gold Command (special team) took over the operational command function that led to safety and response to the incidents (House of Commons, 2006: 7).

A massive police and intelligence effort was launched in the hours and days after the attacks. Their aim was to identify those who were responsible and to prevent any further attacks. After one week, the police had strong evidence that Khan, Tanweer, Hussain and Lindsay were the responsible bombers and that they had died in the attacks (House of Commons, 2006: 7)

The group showed good security awareness and planning discipline. They employed methods which seemed to have been effective in disguising what they were doing. As a result, the attack came as a surprise. Any indications of the motivation of the group are set out in Khan’s video statement, which the police found after the attack. The video focuses on perceived injustices, carried out by the West, against Muslims justifying violence through their own twisted interpretation of Islam (House of Commons, 2006: 19). The extent of Al Qaida involvement is unclear. However the Al Qaida’s deputy leader had claimed responsibility for the attacks (House of Commons, 2006: 26).

MI5 (the British intelligence service) knew two of four perpetrators of the 7 July bombers. Therefore it is frustrating to think how close they were preventing the attacks. However according to the report of the Intelligence and Security Committee (2006) it is not that simple. Only with the benefit of hindsight, one is able to consider past events,

(35)

connect them and understand what might have been happening (Intelligence and Security Committee, 2006: 40).

In the bomber backgrounds there were a few indicators that marked them out as particularly vulnerable to radicalisation. In contrary to Lindsay, Khan, Tanweer and Hussain were very well integrated into British society. Lindsay’s life was more instable, but not exceptionally. The process of indoctrinating of these men probably runs through personal contact and group bonding. This is not for sure because of the absence of evidence of other methods. Lindsay was strongly influenced by a known extremist preacher. This is less certain for the others. They would have had the opportunity to attend lectures, watch videos and read material by extremists. However their indoctrination took place away from places with known links to extremism (House of Commons, 2006: 26).

(36)

4.4 Attacks in Brussels

On 22 March 2016, Belgium was startled by terrorist attacks. First the airport of Zaventem was hit, 73 minutes later there was an explosion in metro station Maalbeek. Thirty-two civilians and three perpetrators were killed. More than 300 people were injured. Islamic State of Iraq and the Levant (ISIL) claimed responsibility for the attacks. This was the deadliest act of terrorism in Belgium's history (Paelinck and Vandeputte, 2016).

At 7:55 am the three suspected attackers arrived at Zaventem Airport in a taxi. At 7:58 am there were two explosions in the hall of the airport, 9 seconds after each other. Meanwhile, the police called a central crisis center to inquire what had happened. At 8:50 am the metro was evacuated preventively. Then the Coordinating Body for Threat Analysis (OCAD) announced that the threat level is going to the highest, meaning that the threat was very serious and very near. Less than a minute later, the federal emergency plan for terrorist attacks was activated. At 9:05 am the army was sent to the various metros, as this was a logical target (Paelinck and Vandeputte, 2016).

At 9:11 am there was an explosion in Brussels Maalbeek metrostation. The perpetrator blew himself up in the metro train that had just left the station in the direction of the center. This bomb killed at least 20 people. At 9:27 am all the public transport was suspended. In the end, it took more than half an hour before all metro trains and metro stations were evacuated (Paelinck and Vandeputte, 2016).

In the afternoon of March 22 the Belgian police detonated a package at Brussels Airport. This was a nail bomb that did not explode. At the same time, several house searches were made as one of the perpetrators was still fugitive. An IS flag, a nail bomb and chemical items were found during these house searches (HLN, 2016).

The three terrorists, two brothers and a friend, travelled to the airport by taxi. The taxi driver noticed that he was not allowed to help the suspects with their luggage. The driver remembered where he picked up the men. The investigators have been able to trace the home of the fugitive third terrorist suspect. The suspect himself was not there (HLN, 2016).

Fighting terrorism, individually or together?