10 years, 10 lessons: What we should learn from post-9/11 era

9/11 was a terrible shock: Within hours, al Qaeda had become a worldwide synonym for terrorism. In 2004 and 2005, al Qaeda reached European soil. The dreadful Madrid and London bombings prompted the creation of a European Union counterterrorism coordinator and the adoption of the EU’s own counterterrorism strategy.

But let’s be clear: My job, and counterterrorism in general, is not only about al Qaeda. And it is not at all about Islam. The EU rejects violence regardless of the motivation — be it right-wing or left-wing extremist, separatist or al Qaeda-related terrorism. 

My 10 key lessons of the last decade are: 

1. Having a counterterrorism strategy is vital. It prevents erratic ups and downs, including overreaction in the direct aftermath of an attack — a temptation many unfortunately fall prey to often — and “counterterrorism fatigue” in between attacks, equally unhelpful based on the paradoxical belief that when there have been no attacks there is no threat. 

2. Investing more and more creatively in preventing terrorism before it happens. We have collected best practice on such issues as training of religious leaders, radicalization in prisons, the role of local authorities, community policing and the Internet. But we still need to understand better the process of how people become radicalized into violence. We also need to improve the way we counter the al Qaeda narrative, especially on the Internet. Civil society, particularly victims and victims’ organizations, have powerful voices that need to be heard. Most importantly, in the Arab world, people are calling for dignity, democracy, freedom, economic opportunity and the rule of law. This is not the message of the terrorists, whose ideology and means have been rejected by the very people they claim to represent.

3. Respect of human rights and the rule of law. The EU has challenged the “Global War on Terror,” a paradigm of the previous U.S. administration. Terrorists have to be investigated, prosecuted and convicted according to the normal rules of criminal law. This takes the false glamour out of terrorism. The Madrid bombers are never referred to as “martyrs” like Guantánamo inmates. Why? Because they stood a fair trial and were convicted for their criminal acts. Emergency measures must not be made permanent. We strongly support President Obama’s moves to return the U.S. response to terrorism closer to the traditional law enforcement and criminal justice paradigm. In the long run, we can prevail in the fight against terrorism only if we respect our core values — the rule of law, human rights and international law.

4. Reinforcing data collection and data protection. Even “lone actors,” like Norway’s Anders Breivik, leave traces. We need to share more relevant information from law enforcement (DNA, fingerprints, criminal records) and also information held by the private sector (passenger name records, mobile phone data). But at the same time, we must design robust data-protection regimes, without which we will not get the support we need in parliaments and public opinion. 

5. More public-private partnerships. Counterterrorism, like customs, should learn from those actually running businesses how to design measures for maximum effect with minimum impact on the public. For example, the Yemen parcel-bomb plot of October 2010 led to many surprises: Terrorists exploited the different rules that existed for screening of passengers and their luggage, compared to those for cargo. 

6. Better security-related research. Research can increase both security and freedom (“privacy by design”). The challenge is for the internal security community to develop a culture of forward planning to identify its real needs — otherwise the choices will be made either by what the industry wants to supply or what scientists want to develop.  

7. Cybersecurity as a new challenge. Cyberattacks could cause huge damage, with a direct impact on such things as nuclear power plants or air traffic control. There is growing consensus in the EU on the need to increase preparedness, to adopt a strategy to bring together all relevant players and to start defining a code of conduct on how to behave in cyberspace.

8. Working more on resilience. To minimize the impact of any attack, we have to increase the resilience of our critical infrastructure, and the resilience of society. The more a society is willing to accept risks, the less its government is pushed to adopt intrusive counterterrorism measures that restrict freedom and privacy.

9. Integrating better the internal and external aspects of security. Most terrorist organizations have international connections. Terrorists travel to training camps in crisis regions and return. Terrorists do not respect borders. Law enforcement must do so, but needs to be more effective at working beyond them. 

10. A strategy to fully integrate development assistance and security. The EU recently adopted a comprehensive Strategy for the Sahel, where it is obvious that development needs security. The risk of kidnapping has made it too dangerous for development workers to operate in most places. Conversely, there won’t be any lasting security without development. Otherwise there are virtually no economic alternatives for young people, except smuggling and collaborating with the terrorists. This twin approach — development with security — should be taken up elsewhere. 

De Kerchove is the European Union’s counterterrorism coordinator.