About a year ago, police stopped a young man in the airport of Bologna, a town in northern Italy. Youssef Zaghba, an Italian citizen of Moroccan origin, had raised suspicions because he was to embark on a one-way ticket for Istanbul: They feared he was trying to reach Syria through Turkey to join a terror group.
After Islamic State propaganda materials were found on his smartphone, Zaghba was arrested and briefly detained between March and April 2016. (Attempting to join a foreign militia is a crime in Italy, since a special law was introduced in 2015.)
Eventually authorities had to release him because his lawyer found irregularities in the arrest, but the secret services kept monitoring him and put his name in the Schengen Information System (SIS), the database where European Union member states share security information, so that other countries could be alerted that Zaghba posed a danger.
On June 3 of this year, Zaghba participated in the London Bridge attack that left eight people dead, along with the three terrorists.
Despite being in the E.U.'s watch list, Zaghba was let into Britain at least twice. Moreover, according to the local media, he was not considered “a subject of interest” by British security. Most recently, Zaghba traveled between two countries in January: He was briefly questioned in London's Stansted airport. (It is unclear if the British failed to go through a check of the SIS database, or if they saw his name on the database and simply ignored the warning, as the newspaper Repubblica suggests.)
How could a terror suspect be on Italy's watch list and not in the British one? And why didn't the presence of Zaghba's name in the SIS prompt U.K. authorities to keep an eye on him?
The London Bridge attack raises issue about the sharing of security information between European countries, at a time when terrorists have been shown to move often across the E.U.'s open borders.
It is not unusual after an attack to learn that the perpetrators were already known to anti-terror agencies. Some analysts argue that this doesn’t always imply a security failure, because there are too many people on watch-lists to monitor effectively all of them: There are some 23,000 “subjects of interests” for anti-terror agencies in the U.K. and 15,000 in France.
“Since it takes at least four agents to monitor a single suspect, it becomes apparent that many European countries lack the resources to monitor all of them and that there's an overload of security information,” said Arturo Varvelli, the head of the Terrorism Program at ISPI, a think tank in Milan.
However, Zaghba’s case is different — and the way he slipped by, despite all the warnings, might not be just the result of an overburdened security system but also symptomatic of a different problem: European countries still haven't fully learned how to read (and perhaps trust) each other's red flags.
“It's the second time, in less than a year, that a terrorist already known to Italian authorities has carried an attack in another European country,” notes Francesco Strazzari, a security expert at the Sant'Anna School of Advanced Studies in Pisa, referring to last winter's attack in Berlin. The Christmas Market attack was carried by a Tunisian man who immigrated to Italy, and whom Italian authorities had tried to deport because they were aware of his radical tendencies.
In an interview, Strazzari recalled that the November 2015 attacks in France were also carried out by terrorists that had ties to a different country, Belgium, and who seemed to move freely between the two.
Critics of the E.U. have blamed its open borders for security failures, while its supporters point out that assets such as the SIS database are actually supposed to improve the security of each country. But Strazzari says that the main problem is that sometimes information gets “lost in translation.”
The E.U., he says, doesn't really have a pan-European security apparatus, but only a system that aims at coordinating the security services of each of its member states: “Each country has its own judicial and security system, its own bureaucracy and, most importantly, different priorities. So the same individual that might have seemed very dangerous to the country that first issued the warning, might appear not so dangerous to the country that receives it.”
Varvelli, the ISPI researcher, argues that lack of trust might also pose a problem. Red flags about individuals are not clear cut, he explains: “Security officials need to interpret them, in order to grasp the level of danger, and knowing where that information comes from plays an important part in the process.”
But while they are bound to share information, the secret services of different countries aren't keen on sharing with each other how they gathered that information — which ends up making the information less useful.
Varvelli said that the Islamic State is “well aware” of this weakness and are exploiting it: “Terrorists have realized that if they are closely monitored in the country they are based in, a good strategy is to move to a different country.”