Secrecy and security in transatlantic terrorism finance tracking

Abstract Access to and diffusion of information relating to the Terrorism Finance Tracking Programme (TFTP) has become a focal point for discussions about secrecy and democracy in the European Union. This paper analyses the dynamics of secrecy and publicity in the context of post-9/11 security programmes, in particular, the TFTP. Far from a binary between secrecy and transparency, the TFTP involves complex dynamics of knowledge, and strictly regulated information distribution. The purpose of the article is threefold. First, we contribute to debates on EU secrecy and democratic oversight, by advancing an understanding of secrecy as practice. Second, we document and discuss the longer trajectory of the contested secrecy and publicity of the TFTP, through examining three ‘secrecy controversies’. Third, we ask whether the logics of secrecy in the EU are being revised and challenged in the context of transatlantic security cooperation. The rationales of secrecy deployed in security practice hinge on particular notions of potential future harm that, we argue, are shifting in the face of current understandings of the terrorist threat.


Introduction: Terrorism Finance Tracking Programme secrecy
In January 2015, EU Ombudsperson Emily O'Reilly stated at a hearing before the LIBE Committee of the European Parliament that she had been 'unable to exercise [her] democratic powers' by being denied access to the inspection report of the Europol supervisory body JSB into the Terrorism Finance Tracking Programme (TFTP). After a fierce debate, O'Reilly concluded that 'the US has effectively been given a veto over the democratic oversight of EU institutions. ' 1 O'Reilly's strong wording shows how the TFTP dossier has become a focal point for discussions about secrecy and democracy in the EU, especially as they relate to post-9/11 security cooperation with the US (also Curtin 2011).
In fact, this battle over secrecy and publicity was only one of many since the creation of the TFTP. Initiated by the Bush government immediately after 9/11, this secret CIA program was disclosed by the New York Times in June 2006. Within the programme, large quantities of data are subpoenaed from financial telecommunications company SWIFT, transferred to US Treasury in encrypted form, and subjected to software-led analyses in the name of mapping terrorist networks and identifying suspect associates. Once disclosed, the European Parliament, the other EU institutions, and the US engaged in intense, years-long (2006-2010) negotiations on the inclusion of more data protection and privacy safeguards and on an increased insight into and oversight of the programme (Wesseling 2013). Even after the conclusion of a EU-US Treaty on the TFTP in 2010, the programme continued to be subject of recurring 'secrecy controversies, ' in which the visibility and oversight of transatlantic security cooperation were subject to public debate.
This article analyses the secrecy practices and secrecy controversies surrounding the TFTP. A detailed analysis of this case is warranted because it has broad relevance in the context of EU-US security cooperation. First, while intelligence-sharing and formal counter-terrorism cooperation between the EU and the US still proceed slowly (Rees 2009), the TFTP is significant because it has generated a standalone EU-US Treaty with law-making effects. It illustrates the novel types of transatlantic cooperation and exceptional measures taking shape in the post-9/11 context (Rees and Aldrich 2005). The TFTP leads to an unprecedented practical collaboration between the European Commission and Europol on the one hand, and CIA and US Treasury on the other. Since 2012, the EU has its own 'Overseer' inside the US Treasury to formally control the Treaty Agreements. In addition, more than 1500 intelligence leads have been shared transatlantically on the basis of the Agreement. As such, the Treaty is an example of the type of networked intelligence cooperation that, according to Davis Cross (2013) typifies EU security integration. Second, the TFTP has become a test-case for political secrecy and openness in the EU polity. Debates surrounding the TFTP have produced clashing understandings of the legitimation of secrecy, which -as we will show in this article -pit the EU Commission against the EU Ombudsperson, and the European Court of Justice against the EU-US Joint Review Team. The TFTP, then, is an exemplary programme of advancing EU-US intelligence cooperation and a key test case inside the EU polity.
Although there are numerous scholarly publications on the EU's counter-terrorism policies (e.g. Agromaniz 2011;Bendiek 2006;Bures 2011;Den Boer and Monar 2002;Kaunert 2010;Rees 2006;Spence 2007), the case of the TFTP is relatively unknown. In addition, the issue of secrecy and its relation to European security remains understudied. Existing studies on the TFTP (Amicelle 2011;De Hert and de Schutter 2008;Fuster, De Hert, and Gutwirth 2008;de Goede 2012ade Goede , 2012bMurphey 2012;Wesseling, de Goede, and Amoore 2012) have mostly focused on legal issues of data sharing and privacy, the pre-emptive and high-tech practices of intelligence-led security programmes and transatlantic security cooperation. This article aims to contribute to these literatures by highlighting the dynamics and significance of the practices of secrecy and publicity of the TFTP and other post 9/11 security programmes. It especially builds upon work on EU secrecy by Curtin (2014).
The purpose of this article is twofold. First, we seek to contribute to debates on EU security politics and counter-terrorism by advancing an understanding of security and secrecy as practice. Building on the recent 'practice turn' in European Union studies (Adler-Nissen 2014; Adler-Nissen and Kropp 2015), we suggest that it is important to analyse how secrecy is a form of power and a social relationship. We analyse the social practices of secrecy and show how knowledge concerning the TFTP was constrained, partitioned and regulated. As we argue here, far from a binary between secrecy and transparency, the TFTP involves complex and modulating dynamics of knowledge and limited information distribution. Secondly, we take a longer historical approach to focus on three 'secrecy controversies' relating to the Downloaded by [UVA Universiteitsbibliotheek SZ] at 01:23 22 November 2017 TFTP (Walters, 2016;Walters and D'Aoust 2015). As Walters (2016: 441) has put it, 'It is when normal procedures fail, when eyewitnesses or operatives speak out, or when public inquiries examine wrongs, ' that the 'opaque world' of intelligence cooperation and transatlantic security 'becomes more fully visible. ' By focusing on three specific TFTP controversies -the debates after revelation of the programme; the contestation over the public availability of its documents; and the continuing secrecy of the number of data transfers -we seek to interrogate the 'opaque world' of transatlantic security cooperation. We highlight how the secrecy dynamics in this case became a key issue in the media and in political debates, and overshadowed discussions concerning the effectiveness and legitimacy of this programme. The article is structured according to this dual objective. After a first section that sets out our conceptual perspective on EU security practices, there are three subsequent sections that each focus on a secrecy controversy, before concluding reflections on the wider relevance of our case.

European counterterrorism and transatlantic cooperation
A rich and growing literature analyses the internal security capacities of the European Union, especially as they pertain to counter-terrorism cooperation. These authors have shown that the EU is both more prolific and more powerful in internal security than the commonly held notion of an EU 'capabilities gap' would suggest (Argomaniz 2009;Bossong 2008;Kaunert, Leonard, and Pawlak 2012). This literature describes the novel institutional forms of European security cooperation in terms of networked security and Agency-based cooperation (e.g. Bicchi and Carta 2012;Den Boer 2015;Den Boer, Hillebrand, and Nölke 2008). As Davis Cross (2013, 391) has argued, 'Analyses of member-state motivations and behavior when it comes to the Europeanization of intelligence tend to neglect the most interesting developments in the field: the relationship building and networking among intelligence professionals. ' However, Hillebrand (2012) expresses concern over the growth of networked intelligence in Europe and its implications for democratic legitimacy.
Questions of legitimacy are perhaps even more acute when it comes to transatlantic intelligence cooperation in the post-9/11 context (Den Boer and Monar 2002). Argomaniz (2009) argues that the EU has shown itself to be a 'norm-taker' in this regard -slowly accepting and appropriating US-led security programmes, including those based on analysing Passenger Name Records and financial wire transfer data. Mitsilegas (2014, 290) examines the clash between US-led security programmes and European values, and stresses 'the need for the European Union to uphold these values in its external action' as 'emphasised in the Lisbon Treaty. ' Indeed, research shows that the European Parliament has become a significant actor in the external dimension of counter-terrorism. The capacity, initiative and legitimacy of the European Parliament in transatlantic security negotiation has considerably increased since the 2009 Lisbon Treaty (Kaunert, Léonard, and MacKenzie 2015). The TFTP was a first, important, test case for European Parliament powers under the Lisbon Treaty (de Goede 2012b). After a historic rejection of the draft Treaty in a European Parliament vote in February 2010, the Parliament succeeded in having Articles concerning oversight, redress and rectification added to the TFTP Treaty. In practice, then, rather than a pure norm taking, the adoption of US-led security programmes in Europe takes a hybrid shape: initiatives are not copied unchanged or uncritically. Instead, they are appropriated by the European institutions, which graft on European checks and balances. Nevertheless, the influence of these Downloaded by [UVA Universiteitsbibliotheek SZ] at 01:23 22 November 2017 checks and balances are questioned and sometimes disappointing. For example, it is difficult if not impossible to exercise the hard-won rights of rectification and redress of the TFTP Treaty (European Commission 2011).
The hybrid nature of the TFTP Agreement -which combines US-led intelligence analytics with checks and balances modelled on European values -suggest that, more broadly, it is important to focus on practice in security research. Existing literatures have done much to chart the novel actors, institutions and policies in the realm of counterterrorism in the EU. However, much less is known about the ways in which these new policies and initiatives play out in practice (Bueger and Gadinger 2015). This is particularly important in the security domain, where EU-led policies are unevenly taken up by member states and differently appropriated. Moreover, it is in the domain of counter-terrorism that we have seen exceptional security programmes and novel forms of transatlantic cooperation. Security, in this sense, does not strictly follow policy or procedure, but operates in a relatively unchartered territory where knowledge is formed in practice. This includes but is not limited to programmes whereby the commercial data of airlines, banks and social media companies become deployed for security decisions.
A practice approach to analysing European security and counter-terrorism also directs attention to the evolving and complex landscape of secrecy in Europe. The European Union, as shown in the pioneering work of Curtin (2013aCurtin ( , 2013bCurtin ( , 2014, has developed its own elaborate regimes and rationales for secrecy and document classification (also Abazi 2015; Galloway 2014). Classification principles in the EU include the rationale of necessity (relating to executive power and security policy) and the process-based rationale (relating to the need for classification during decision-making and international negotiation processes). The principle of third-party classification -referred to as the main rationale for withholding the JSB report from the EU Ombudsperson during the LIBE Hearing -falls within the necessity rationale. This means that, in the context of security cooperation, third parties (in this case the US) can introduce classified information into the EU polity on the condition that it henceforth remains classified (Abazi 2015). For Curtin (2014, 696) one of the 'striking' elements about EU secrecy rules is 'the extent to which rule-making [on secrecy] takes place under the radar and by affected actors themselves as to the general principles, structures and limits. ' Though regimes and rationales of legal classification are important, they only tell part of the story of how secrecy operates and how knowledge is regulated. The patchy landscape of revelations and secret reports in the case of the TFTP illustrates how classification exceeds formal juridical decision, but is dynamically enacted and challenged in practice. In fact, the complex and evolving landscape of secrecy and publicity in the TFTP case confounds the relatively clear classifications and rationalities of secrecy as mapped by Curtin. Again, the TFTP is a pioneer case in this context. Put simply, the ways in which information about the TFTP was made public was, first, much more ad hoc and driven by political controversies than the formal classificatory rules would suggest. Second, the TFTP shows how EU secrecy classifications and rationalities are subject to challenge and change over time, especially in the context of counter-terrorism security cooperation with the US. As we will show, the principle of third party classification (one of the secrecy rationales documented by Curtin) challenges received practice in Europe, and slowly introduces US security rationales into EU institutional environments.
To unpack this ad hoc and dynamic nature of European secrecy, we draw on the work of Hugh Gusterson and others to understand secrecy as a practice and a mode of power. Understood thus, secrecy is less about the pure withholding of information and more about the production of a social order and particular professional subjectifications through (initiation) rituals and socialisation (Gusterson 1998, 80). In his study of a nuclear weapons laboratory in Livermore, California, Gusterson shows that 'the culture of secrecy tends to produce certain effects in its [weapon] scientists' , creating social orders and a particular relationship to the outside world (1998,68). In this sense, secrecy is a key element in the social knowledge practices that shape and enable transatlantic security communities -operating simultaneously to exclude and hide, and to establish new professional networks and connections (Adler-Nissen and Kropp 2015; also Bellanova and Duez 2012).
As Eva Horn (2011, 109) similarly suggests, one definition of secrecy is that of the secretum, understood less as something strictly 'locked away, ' and more as a 'relation between the known and the unknown' (Horn 2011, 109; emphasis added). Horn understands the secret -paradoxically -as a mode of political communication, and writes, the secretum is inextricably linked to communication; a secret locked into a single mind that is not at least potentially shareable is not a secret at all … In this sense, secrecy structures social or political relations of exclusion and inclusion. (2011,109) Understood as a relation, what becomes important to understand about the secret is less its hiding per se, and more the way in which it structures social relations, regulates communication, and distributes political power. The 'choreography' of social positions revolving around the secret says something about the distribution of power, according to Horn (2011, 109, 110).
The understanding of secrecy as a practice enables us to move away from understanding secrecy and publicity as binaries (information is either secret or public), to analyse instead the contested knowledge practices around classification and the sharing or withholding of knowledge. Secrecy/publicity dynamics play an important role in regulating knowledge, structuring the field of legitimate speakers, and influencing the direction and themes for public debate.
In the case of the TFTP, this approach draws attention to the complex regulation of knowledge about the programme, its methods and effects, and attendant power dynamics. For, it is not the case that no-one outside of the highest levels of the Bush government knew about this programme prior to its public 'revelation' in the New York Times in 2006. Instead, there was a complex regulation of knowledge in this case that speaks to (shifting) power distribution and the emergence of a transatlantic connections in the post-9/11 security landscape. For example, in 2002 Central Banks belonging to the G10 and the members of the Oversight Group that monitors SWIFT's activities were informed of the programme. In turn, some of the Central Banks, for instance, in the Netherlands, decided to inform parts (but not the head) of government (Ministerie van Financiën, The Netherlands 2007, 6). The group of insiders was again enlarged when NYT journalists discovered the programme and decided -after substantial deliberations -to publicise it. In the spring of 2006, a few more members of Congress and the Senate were told about the TFTP (Lichtblau 2009, 254) and one day before the NYT publication, the German government was informed (Atkins, Marschall, and Schieritz 2006).
What follows from this brief mapping of the dynamic of knowledge concerning this secret security programme is insight into the post-9/11 choreography of transatlantic power -with Central Banks being informed before their governments or Ministries of Foreign Affairs; with commercial participants of the SWIFT board located in Belgium knowing more than US Downloaded by [UVA Universiteitsbibliotheek SZ] at 01:23 22 November 2017 parliamentary oversight committees; and with the British being the only government officially informed in Europe (while most other governments and the European institutions had to read about it in the newspaper) (Guha 2006). Secrets are often known by many people, and the key question is to understand how knowledge is partitioned and regulated. As Gusterson asserts, 'secrecy is a powerful means of making and breaking bonds ' (1998, 80). For example, the European Central Bank (ECB) was informed about the TFTP in 2002. When the programme became public, the ECB and other 'insiders' were interrogated about their complicity in the secret and their (apparent) disregard for data protection rights and civil liberties. The Bank justified its silence on the TFTP and tried to minimise its responsibility by arguing that although they were informed about the programme, they did not have any authority or legal competency for overseeing it (ECB 2007). Yet later the European Data Protection Supervisor (EDPS) contested this limited interpretation by the Bank of its own role and concluded that the issue did concern its role as overseer. In brief, being let in on the secret put the ECB in an uncomfortable position of co-responsibility.
The remainder of this article is structured around three 'secrecy controversies' during which the TFTP and its visibility became subject to public debate and contestation (cf. Walters and D'Aoust and 2015;Walters, 2016). We do not so much offer a chronological overview of the evolution of secrecy in the case of the TFTP, but focus on three distinct phases in which the legitimacy of the TFTP became subject of public contestation, through a debate over its secrecy. With 'secrecy controversy, ' we mean a phase of heightened (media) attention and political debate, during which this secret programme became publicly debated, leading to new arrangements and procedures for oversight. Two elements are important in this regard. First, there is a paradox at work when secret security programmes like the TFTP become subject to heightened debate, scrutiny, examination and reporting (Horn 2011). Despite -or perhaps because of -its secrecy, a substantial number of newspaper articles, diplomatic discussions, parliamentary hearings and audit reports have now appeared about it (some public, some secret and some leaked). In this paradox, the 'drama of concealment and revelation' (Birchall 2011b, 134;Birchall 2011a), takes centre stage in political debates, crowding out more substantive questions concerning the value and effectiveness of the security programme. Second, and building on the practice perspective, it important to see how secrecy controversies have lasting impact on the ways in which security programmes are structured and overseen. Specific practices of regulating information and producing accountability emerge in order to stabilise complex controversies (Schouten 2014). Examining these secrecy controversies in more detail, then, tells us something about the practical and ad hoc ways in which transatlantic security programmes are constructed, negotiated and executed more broadly.

Controversy I: secrecy dynamics after 'revelation'
The publication of the existence of the TFTP in front-page articles in the New York Times and the Los Angeles Times on 23 June 2006 is often understood to have been a moment of 'revelation. ' It is understood as the exposure of a hitherto secret security programme to a broad public, and the beginning of the possibility of holding government to account. However, as the EU Ombudsperson points out nearly 10 years after the first publication of the TFTP, there are still substantial concerns about the secrecy of aspects of this programme. Even after its formal disclosure then, the TFTP remained subject to a complex choreography of secrecy. We suggest that the 2006 moment of 'revelation' is better understood as one nodal point in a longer process of publication and politicisation. As Birchall (2011b, 145) notes, 'Revelation … is not the same as transparency. ' On the contrary, the dynamics of secrecy and the tight regulation of information intensified and took on new political urgency after 2006. Secrecy controversy 1, then, encompasses the period from 2006 onward, when the first publications about the programme led to a complex choreography of blame and responsibility.
Immediately following the New York Times publication of the programme, public controversy in the US ensued not over the legitimacy of the programme itself, but over the legitimacy of the newspaper to publish it, and the question whether this generated national security harm. It is important to note that the publication of the TFTP by the NYT in 2006 was risky, controversial, and not without danger to the reputation of the paper. Walters (2014) draws on Foucault's notion of parrhēsia to conceptualise the often dangerous processes of exposure, translation and visualisation of classified programmes or hidden practices in the age of digital media. The notion of 'fearless speech' suggests that it is difficult and dangerous work to participate in the social choreography of the secret. The NYT debated for months internally before deciding to publicise the existence of the TFTP, which it did only after nearly a year of research an extensive dialogue with the parties involved. As Aldrich (2015, 190) has shown, 'the landscape of [government] secrecy is … ambiguous territory for the journalist. ' In the debate that emerged in the US after the publication of the TFTP, it was not the legitimacy and effectiveness of the security programme that became subject to discussion, however, but the paper's decision to publicise it. The Bush government accused the paper of harming national security interests, with government officials calling the publication 'disgraceful' and arguing that it made it 'more difficult … to prevent future attacks' (Stolberg 2006;Stolberg and Lichtblau 2006). These 'shoot-the-messenger' accusations fostered a continued discussion by the paper's editors on the legitimacy of the revelation. Accused of being unpatriotic, unwise, and exposing the US to danger, the executive editor of the NYT, Bill Keller, defended the publication as proof of an independent and critical press and as a 'protective measure against the abuse of power in a democracy and an essential ingredient for self-government' (Keller 2006).
Keller and others challenged the argument that the publication of the TFTP could help terrorists, and pointed out that the US government itself had already made extensive reference to the existence of the financial surveillance programmes and actively sought to render some of its efforts public (Lichtblau 2009, 252). A former US diplomat involved in the UN efforts to combat terrorism financing states, 'unless they [terrorists] were pretty dumb, they had to assume their transactions were being monitored' (quoted in Bender 2006). However, in later publications, NYT editor Byron Calame stated that although he initially strongly supported the decision for publication (2006a), he 'altered [his] conclusion' , considering that he 'was off base' , and even spoke in terms of a 'mea culpa' (Calame 2006b(Calame , 2006c). Calame's reversed position was not the result of new information that had convinced him of the effectiveness of the TFTP, but was based on a deduction that the programme was apparently not illegal and there were no reported abuses (Calame 2006b).
The public and political debate on the TFTP thus increasingly focused on questions surrounding the secrecy and visibility of the programme itself, its documents and details, rather than on more substantive questions of data-led security, effectiveness or privacy. In this sense, the secrecy of the TFTP is not just a 'stumbling block' to be overcome on the road to Downloaded by [UVA Universiteitsbibliotheek SZ] at 01:23 22 November 2017 transparency, but an active participant in regulating and focusing the way in which public discussion of the program has unfolded. Even after the 2006 NYT publication, secrecy issues surrounding the TFTP remain important, leading to a patchy landscape of public analyses, revealed relations, classified documents, leaked reports, rumours and elements that remain profoundly unknown outside the US Treasury (Amicelle 2011;Wesseling 2013). This uneven landscape of (non)information has significance beyond the details of the TFTP case, because it has come to play a key role in transatlantic dialogues and disputes over security classification, as well as intra-European debates about access to documents, as shown by the intervention of the Ombudsperson.

Controversy II: contested documents
This section focuses on a second secrecy controversy concerning the TFTP, namely the ways in which access to relevant documents and other information became contested and regulated. Charting this debate shows the evolving, ad hoc, and contested nature of security secrecy in the context of transatlantic counter-terrorism cooperation. Secrecy controversy 2, then, takes place after the conclusion of the EU-US TFTP Treaty in 2010, and centres on the question of access to documents and the continued contestation over regulation of knowledge concerning the details of the programme.
A small transatlantic row took place when in 2010, a classified document setting out so-called Technical Modalities relating to the EU-US Agreement on the transfer of SWIFT data was placed online after having been provided to German parliamentarians. This document stipulates that 'no information transmitted by the U.S. Treasury Department, including information regarding types or categories of messages, is permitted to be shared' (quoted in §12). 2 This leak led the US to insist that all documents relating to aspects of the Agreement should henceforth be treated as formally classified (EU SECRET). 3 However, the far-reaching decision to classify all documents -including European ones -relating to the TFTP Agreement is remarkable when one considers that the leaked Technical Modalities document itself reveals very little concerning operational details. The document sets out the role of European police agency Europol in the TFTP arrangements, and outlines in the most abstract terms the procedure by which US data requests are to be verified. However, the document says nothing about the amount of data transferred, the risk focus of requested data in terms of geographical areas, the selection mechanisms for extracting data, let alone about the methods deployed to analyse SWIFT data and identify suspect leads. 4 The transatlantic dispute over the leaking of the technical modalities document is but one episode in a lengthy struggle over access to TFTP-related information, including access to public information about its oversight structures. In addition to the denial of access to European documents to the EU Ombudsperson mentioned in the introduction, there have been lengthy struggles by MEPs to be informed about the still secret identities of first the interim and later the permanent Washington-based EU-Overseer tasked with controlling TFTP-related searches within the US Treasury to assess whether they are in accordance with the Agreement. Likewise, the oversight reports by Europol's Joint Supervisory Board (JSB) are available only in abbreviated form. 5 This was strongly resisted by the EU Ombudsperson -without result -and is in fact lamented by JSB itself, which writes: 'The JSB is of the opinion that both Europol and the US, while ensuring that information is kept confidential where needed … can be more open about the workings of the Agreement' (JSB 2012, 4).

Downloaded by [UVA Universiteitsbibliotheek SZ] at 01:23 22 November 2017
In the midst of these struggles over openness of information, the TFTP became a test case for public access to legal documents concerning security policy in Europe. Member of European Parliament Sophie in 't Veld conducted proceedings before the EU General Court in order to seek access to documents in which the legal basis for Europe's negotiation remit in the case of the TFTP were set out. This document was classified on the grounds that its publication might harm the EU's negotiating position -but it was rumoured to also raise profound questions concerning the authorisation and democratic legitimation to conduct the negotiations (also Curtin 2013a, 31). The details of this complex legal case are beyond the remit of this paper (see Curtin 2013a), but it is important to note that it pivoted on the 'reasonably foreseeable' nature of the risk to the 'protected interest' of the European Union's negations. The Court requested of the EU Council that they demonstrate that access to the undisclosed documents 'could have specifically and actually' undermined the public interest (General Court 2012, § 30).
Although In 't Veld was only partially successful in her challenge -winning the right of access to parts of the classified document -what is important is that the court finds that documents on international relations or negotiations 'should not be automatically exempted from the principle of openness of government' (General Court 2014, § 51).This has clear relevance beyond the TFTP case as it opens up the right to access to documents relating to other controversial international agreements such as the TTIP, even if negotiations are still ongoing. According to Onno Brouwer, the lawyer representing In 't Veld in her claim, the fact that a 'European institution must demonstrate that the disclosure of a document effectively harms the public interest' is of great importance to the European public sphere (Crisp 2014).
More generally, the Joint review reports, the Ombudsperson hearing and the In 't Veld court case underscore how the TFTP is a key test case for the shape of transatlantic security cooperation and its accompanying logics of secrecy. The In 't Veld case contributed to setting a more transparent standard for the handling of security documents in the European Union. However, in her own report about the case, EU Ombudsperson O'Reilly asks the European Commission to rethink secrecy arrangements in transatlantic security cooperation. In particular, she questions the legitimacy and status of the Technical Modalities arrangements that have been agreed as a separate document from the actual TFTP Treaty. The Ombudsperson concludes that 'the manner in which the technical modalities were adopted … reflects a democratic deficit at the level of the EU which must be addressed. ' 6 According to the Ombudsperson, the conclusion of a technical agreement next to the high-level transatlantic treaty raises continued questions about oversight and democracy in relation to European security programmes.

Controversy III: secret numbers and 'mosaic secrecy'
The third secrecy controversy discussed in this paper concerns the way in which seemingly mundane and innocuous information about the TFTP became secrecy sensitive -which, as we argue, signals the introduction of a 'mosaic logic' of secrecy into the European polity (Pozen 2005). This controversy centres on a contestation over the disclosure of the number of data-records transferred transatlantically since the coming into force of the 2010 TFTP Treaty. While seemingly a technical issue, the transfer of bulk data is a violation of European privacy law, and therefore the question of the number of data(sets) transferred from Brusselsbased SWIFT to the US Treasury is key in the TFTP Treaty. The Treaty stipulates that US Treasury Downloaded by [UVA Universiteitsbibliotheek SZ] at 01:23 22 November 2017 data requests have to be 'tailored as narrowly as possible' (Article 4.2.c). Prior to the conclusion of this Treaty, the size of data transfer was estimated to be 'enormously high, ' for example millions for 2005 alone (Belgian Privacy Commission 2006, 3, 5). However, the three EU-US Review reports about the TFTP that have been published to date do not include quantitative information on the number of data records transferred.
In this section, we unpack the secrecy controversy over the question of numbers, and argue that is has relevance beyond the TFTP case because the debate introduces new security rationales in the European polity. Understanding secrecy as practice, as we have done in this article, shows how logics of secrecy are contested and reworked in the context of post-9/11 security cooperation. Secrecy practices, as Horn (2011, 113) has put it, have their 'own rules and limits, rules of caution, rational foresight, and strategic shrewdness. ' Notions of foresight and potential future harm are of key importance in the transatlantic disputes over the secrecy/ publicity of the TFTP. As this section explores, these discussions inscribe the security-sensitive nature of seemingly banal information into transatlantic negotiations and reports.
As we saw in the previous section, secrecy practices have come to structure key areas of post-9/11 transatlantic dialogue and negotiations over security cooperation (Fahey and Curtin 2014). As one high-level European Commission bureaucrat put it, the Americans … always fear that, the more elements you give on the functioning of [a program], the less functioning it will become. … [S]o the more you make this transparent and the more you have safeguards and the more you discuss [the program], you might kill the whole thing. 7 This logic is increasingly appropriated within the European polity. Despite repeated EU calls for information concerning the scope of the data-transfer to be made public -and for publication of the numbers of data records moved from SWIFT to US treasury, the US has resisted publication of the numbers. The rationale for this is set out in the reports that the EU-US joint review team produces annually. The report notes that revealing too detailed information on data volumes would in fact provide indications as to the message types and geographical regions sought (in combination with other publicly available information) and would lead to the effect that terrorists would try to avoid such message types in those regions. (European Commission 2012, 5) Revealing data concerning the size of the subpoenaed data flows, it is argued, could in combination with other publicly available information alert terrorists to the notions of suspiciousness deployed within the programme. This argumentation inscribes terrorist (financiers) with the ability to cross-check public sources on SWIFT systems, message types, data volumes and country reports, in order to draw conclusions concerning the global financial transaction flows most likely subject to monitoring.
The reasoning for keeping the data volumes secret displays a logic of classification akin to the so-called 'mosaic theory' that legal scholar David Pozen (2005, 630) analyses in the context of its deployment with regard to the US Freedom of Information Act (FOIA). The mosaic theory of secrecy holds that seemingly innocuous pieces of information 'though individually of limited or no utility to their possessor' can reveal sensitive information 'when combined with other items of information … so that the resulting mosaic is worth more than the sum of its parts. ' In other words, the mosaic holds that 'apparently harmless pieces of information when assembled together could reveal a damaging picture' (Pozen 2005, 630). The mosaic logic is often invoked in official responses to FOIA requests, and -as Pozen shows -has been deployed more regularly since 9/11. When considering the security risk with regard to publicising documents, this theory holds, one should take into account not Downloaded by [UVA Universiteitsbibliotheek SZ] at 01:23 22 November 2017 just the document's content but also 'the possible mosaics to which the document might contribute' (Pozen 2005, 633). In this sense, the mosaic logic of secrecy is closely related to the way in which a politics of preemption values mundane data and inscribes them with meaning (e.g. Amoore 2011; Aradau and van Munster 2011).
A mosaic logic seems to be at work in the EU-US Joint Review Report and its continued refusal to publicise the statistics concerning the volume of data transferred from SWIFT to the US Treasury. Knowledge concerning the mere numbers of data transfer is reconfigured into sensitive security information on the basis of its potential (re)combination with other elements known about SWIFT's business and a specific set of analyses that adversaries might potentially undertake (Pozen 2005, 633). It is important to note that the temporality of security risk in the mosaic logic is very different from the classic secrecy rationales. For example, in the In 't Veld case discussed above, the courts requested the executive to demonstrate a specific and actual harm to the protected interest that would arise from publication of specific documents relating to international negotiations. In contrast, the mosaic logic operates on a much more speculative basis (cf. de Goede 2012a). Threats to national security in a mosaic logic arise from complex scenarios whereby terrorists deduce investigation foci from disparate and seemingly innocuous information. The 'potential future harm' identified in a mosaic logic thus contrasts quite sharply with the General Court's measure of actual and specific future harm (Pozen 2005, 665, 666).
The mosaic rationale is not purely put forward by the US, but has made its way into the joint review report, which is a document co-authored by EU and US representatives. Simply put, the review report introduces the logic of mosaic secrecy into the European polity, where it is becoming part of accepted repertoire. Moreover, the secrecy surrounding the TFTP increasingly pertains to the oversight structures themselves -including the JSB oversight reports and the key question of the number of SWIFT records transferred.
Consequently, the continuing secrecy surrounding aspects of the TFTP prohibit an assessment of whether the protections as set out in the TFTP Treaty are being meaningfully implemented. As MEP Jan Albrecht put it during the LIBE Hearing, it is important to know whether Europol is 'rubber-stamping' US data requests, or whether real, meaningful scrutiny is taking place. 8 The TFTP Treaty entails potentially far-reaching stipulations concerning the limitation of data transfers, as well as citizen rights of access and rectification. In this context, the 4-page unclassified summary of the contested JSB report notes that 'the US must improve the information provided in the [SWIFT data] requests. Specific, relevant and up-to-date information particular to each request is key … This is particularly important considering the amount of non-suspects' data inevitably involved in such a program' (JSB 2012, 3; emphasis added). This raises profound questions about the way in which notion of proportionality is defined within transatlantic security cooperation more broadly.
Finally, it is important to emphasise one further effect of secrecy practices that has so far gone unnoticed in European debates. We suggest that one of the effects of TFTP secrecy is to produce a powerful suggestion of actual effectiveness of the programme through what Derrida calls the 'secrecy effect. ' As Derrida (1994, 245) notes, there is a certain 'value' to the secret, a 'secrecy value' or even a 'capital of the secret' that forms a basis for authority. In this sense, secrecy's value entails something like a 'magical reification' of the professional in possession of the secret. In the context of the TFTP, the secrecy effect has to do with the production of the supposition of the actual effectiveness of the TFTP and its success in preventing terrorism and prosecuting its financiers. The data yielded through the TFTP Downloaded by [UVA Universiteitsbibliotheek SZ] at 01:23 22 November 2017 -including the more than 1500 security leads that were shared between US Treasury and European secrecy services -become inscribed with indispensable security value. Indeed, despite the fact that no public information is available concerning the way in which TFTP data were used in actual security interventions and court cases, the 'proven effectiveness' of the TFTP has now become noted in official EU documents. 9 Absence of public information on the means and methods of the TFTP renders an assessment of its effectiveness as yet impossible. Insofar as public documents assert such effectiveness, it is underpinned by a secrecy effect rather than by public knowledge of proven successful cases.

Conclusion
This paper has advanced an understanding of secrecy as practice in order to analyse the dynamics of secrecy and revelation in relation to post-9/11 security programmes, in particular the TFTP, which has become a focus for debates in Europe. We argue that three secrecy controversies played a role in the way in which the transatlantic security cooperation in the case of the TFTP programme took shape and was overseen. This has relevance beyond the specific case, because, in a variety of ways, the TFTP has become a test case for the oversight of transatlantic security cooperation. From the EU Ombudsperson's investigation to the In 't Veld court case, the TFTP is generating broader debates and jurisprudence concerning secrecy practices in Europe. Secrets continue to haunt the public-ness of post-9/11 security programmes, in the sense that they entail complex regulations of knowledge and have a material effect on how public debate is (not) able to unfold.
Despite the vibrancy of the public discussions on the TFTP analysed in this paper, however, we still know very little about the operation of the programme itself. We have argued in this paper that the public disputes over the accessibility of relevant documents and reportsbetween the EU and the US, as well as between the European Commission on the one hand, and LIBE and the EU Ombudsperson on the other -continue to crowd out meaningful discussion concerning the scope and effectiveness of the TFTP. There is a continued lack of public knowledge concerning the effectiveness of the programme and the way in which it has played a role in key counter-terrorism cases. Many questions remain about the ways in which the TFTP draws creative connections across social networks and inscribes them with suspicion. If there is public concern over the politics of deploying wire transfer data for security decisions, it is a concern motivated by debates over secrecy, rather than by questions about the security practices here deployed.
In conclusion, we identify three key dynamics of secrecy/publicity that -we believe -have relevance for other recent cases, for example the PRISM disclosures. First, the secrecy practices surrounding the TFTP entail complex and modulating social maps of knowledge. These social maps do not follow conventional structures of (inter)national information sharing but seem to emerge in a rather improvised and selective fashion, suggesting that new modes of in/exclusion and power sharing are at work in the post-9/11 security environment. In relation to PRISM, we can similarly observe that, despite Snowden's sensational revelations, the regulation of knowledge with regard to these security secrets preceded the moment of revelation and initiated private companies like Bell and Google into these secrets prior to many governments. To some extent, Snowden's revelations were not shocking, in the sense that we have 'known' about companies' ambitions and technical projects to creatively connect social media data and to anticipate and locate potential danger in advance for some Downloaded by [UVA Universiteitsbibliotheek SZ] at 01:23 22 November 2017 time now (Amoore 2013). The social choreography of the secret in both the TFTP and the PRISM case, moreover, speaks to shifting geopolitical power relations and transnational connectivities that exceed formal channels of diplomatic engagement and information sharing.
Second, we have shown that journalistic, political and legal debates on the TFTP have increasingly focussed on the question secrecy itself, rather than on substantive elements of this controversial security programme. Here, the 'drama of concealment and revelation' crowds out more substantive questions concerning security programme's operational details (Birchall 2011b, 134;Dean 2004). The parallels with the disclosure of the PRISM programme are illustrative. Like the TFTP, the disclosure of the secret NSA programme was quickly condemned and further inquiries into the programme were silenced through a 'shootthe-messenger' strategy. Debates focussed on delegitimating Snowden and the media publishing his information. Like the NYT journalists accused of being unpatriotic and of letting prevail commercial interests, Snowden's acts were delegitimised by labelling them as treasonous and through attempts to find unstable or deviant behaviour in his background and private life (Lewis 2013;Reuters 2013;Smith and Pearson 2013). In addition, whereas the debates on the TFTP became focussed on the newspaper's decision to publish, news about the PRISM programme became initially framed around Snowden's flight and his attempts to obtain political asylum in different Latin-American countries. In both cases, a depoliticisation of a secret and potentially very controversial security programme is taking place through the active displacement of the discussion to the issues of visibility and secrecy.
Third, we have argued that post-9/11 preemptive security entails its own logics of secrecy that parallel its particular valuation of mundane data. Put simply, when mundane data become inscribed with the potential to reveal future danger in advance, such data themselves become considered sensitive and subject to security regulation. In this sense, preemptive security offers a rationality for classifying mundane and admittedly innocuous data. Surely, this is not entirely new post 9/11 -Gusterson, for example, reminds us how in the Cold War era, 'trivial information' like the number of toilet rolls bought by a nuclear weapons facility was classified, lest it was used to divine the number of employees at the facility (1998,69). However, in Gusterson's example the picture to be built based upon classified information was determined in advance. In contrast, in a mosaic logic, the damaging picture to be built by adversaries on the basis of innocuous data-elements may not be known in advance or by the classifying institution. This sense of multiple, unknown but potentially damaging pictures, inferred from particular (re)combinations of mundane information, offers far-reaching logics of secrecy that are now making their way into European legal reasoning. The mosaic logics as well as the other aspects of what we have called secrecy practice, necessitate a further rethinking of the relationship between security, secrecy and democracy in Europe.