The attack on Berlin’s Breitscheidplatz in December 2016 was arguably Germany’s 9/11. While German anti-terrorism law previously was influenced “only” by international and European law, since this attack it has undergone a fundamental reorientation toward a “comprehensive security law.” At the same time, Germany’s security architecture is subject to constant change, which is accelerating even faster as a result of the rise in right-wing terrorism, officially declared public enemy no. 1 after the Hanau attack on February 19, 2020.

With Germany’s universal jurisdiction cases against members of ISIS and Syrian government officials underway, many eyes are on the German criminal justice system. It is now more important than ever to be clear-eyed about how it is operating.

This fundamental reorientation of German security law can be summed up in the term “personalization.” Police and intelligence counterterrorism activities no longer are linked to a concrete act or threat, but instead relate to a “potentially dangerous person,” or Gefährder (literally an “endangerer”). Police and intelligence service powers are extending far into the preparatory stages of a concrete violation of legal rights or a concrete threat. Thus, a process of personalization based upon an agent-focused criminal law is taking place. This development forms the subject-matter of a recently published essay collection that has inspired the following reflections and will be discussed in detail elsewhere (here, essay collection contributions are quoted with the author’s name and page number).

Personalization as Opposed to a “Criminal Law of the Enemy”

In 1985, theorist Günther Jakobs described the German legal landscape as harnessing the familiar friend-enemy rhetoric of Carl Schmitt and developing a special “criminal law of the enemy” (Feindstrafrecht), which diverged from the framework governing police interference with citizens’ fundamental rights (Eingriffsrecht). Jakobs asserted that the increasing criminalization of preparatory acts and other acts with only a remote risk of harm turned the perpetrator into a “source of danger,” an “enemy of legally protected interests.” German criminal law was thus focusing on the “enemy” perpetrator as a dangerous person, rather than on their acts as dangerous acts, Jakobs argued.

When Jakobs first published this theory, Germany had already experienced almost two decades of semi-regular terrorist attacks. His theory then gained greater attention in the wake of 9/11. By this time Jakobs was no longer using the theory merely descriptively; he was advocating for removing terrorists, “who deny the legitimacy of the legal system on principle,” from the realm of regular criminal law and applying a “criminal law of the enemy” to them.

Jakobs’ “criminal law of the enemy” was vehemently rejected in many circles. Mainstream criminal law scholarship decried it. German institutions flatly denied it. As Andreas Paulus, Justice of the First Senate of the German Federal Constitutional Court, has put it, German constitutional law “knows neither a ‘criminal law of the enemy’ (Feindstrafrecht) nor a special police law for terrorists, regardless of their individual conduct,” but it does take “the threat of terrorism of various origins seriously” (Judge Paulus, p. 4).

The 2016 judgment of the Federal Constitutional Court on the Federal Criminal Police Office Act, which refers to surveillance measures, at first seems to support Paulus’ assertion that there is no “criminal law of the enemy” in Germany. Here, in margin number 112, the First Senate clearly acknowledges the admissibility of state intervention measures beyond “specific, directly imminent or present threats,” provided that “at least factual indications of the emergence of a specific threat” to important legally protected interests exist. However, for terrorism offenses, the First Senate dispenses with the requirement of an “occurrence that can be specified … and which is temporally foreseeable” because, the judges assert, such attacks are often “committed at unforeseeable locations, planned far in advance by individuals who have no criminal record, and carried out in very different ways.”

Thus, the First Senate found surveillance measures can be permissible under constitutional law if “the individual behaviour of a person substantiates the specific probability that the person will commit such offences in the near future” (emphasis added). This probability could, for example, arise from the fact that a person has recently completed military training in a terrorist training camp and is now entering, or re-entering, Germany.

Even if this judgment is not applied beyond the specific surveillance measures in question to general early-stage interventions (contra Bäcker, pp. 163-64.; Kießling, pp. 276-82), the First Senate has taken the step from an occurrence-dependent approach to a person-related one. Clearly, the person-related approach “differs categorically from the conventional intervention threshold of the concrete threat”, “since there is precisely no requirement for an imminent, roughly defined harmful event” (Bäcker, pp. 157-58).

At the level of statutory law, this approach means that police and criminal law engage with the preparatory stages of a potential act of terrorism. The security law repertoire ranges from the strategic surveillance of target persons to the investigation of (criminal) structures. Information gathered by intelligence services or the police during the preparatory phase serves as a basis for operational measures, while the criminalization of this phase serves as a starting point for criminal investigations by triggering an “initial suspicion.” Andrew Cornford and Anneke Petzsche recently described this as a “procedural ‘door opener’ function.”

The concept of an “imminent threat,” which refers to a person rather than any concrete dangerous act, has found its way into law regulating police conduct and allowing police intervention against such threats. Some instances are very broad, giving police general authority to intervene even in cases of danger to property, rather than life and liberty, as in Bavaria (Art. 11(2) no. 3 Police Law). Others are oriented toward specific intervention measures as in North Rhine-Westphalia (e.g. § 34b or § 34c in conjunction with § 8(4) Police Law). Scholars disagree as to whether an “imminent threat” is even necessary for possible attacks to be covered (affirmative, Möstl, p. 81; contra, Kießling, p. 283). On the level of criminal law, personalization is evident in the wide range of criminal liability for conduct in the preparatory stages of an offense in the German Criminal Code (e.g. § 89a).

If this is not Jakobs’ “criminal law of the enemy” at work, it certainly seems close by.

Focusing on Terrorists Without an Overarching Definition of Terrorism

A further issue of such “personalized international legal norms regulating obligations” is the lack “of a transnational understanding of key legal concepts” (Altwicker, p. 95). Most notably, there is no generally binding definition of terrorism.

From a practical point of view, this may appear to be a mere dispute over words, as counterterrorism has been taking place for decades without any kind of overarching definition. However, given personalization’s increasing focus on individuals, rather than actions, we must ask whether there is any shared understanding regarding what it means to be a terrorist.

While  we can infer from various international conventions certain common structural features of terrorist acts – namely the random, depersonalizing selection of victims on the one hand, and the threat that this poses to international security on the other – this does not capture the full concept.

Even the otherwise quite specific Terrorist Financing Convention of 1999 only defines terrorism implicitly as the killing or serious injury of a “civilian” with the aim “to intimidate a population, or to compel a Government or an international organization to do or to abstain from doing any act” (Art. 2(1)(b)). European law follows this approach, and national law likewise takes its bearings mostly from a catalogue of offenses linked to the perpetrator’s purpose or aims.

In Germany, section 129a of the Criminal Code, which relates to the formation of terrorist organizations, merely refers to a list of serious crimes that must be the final aim of the group’s activities in order to be considered a criminalized terrorist group. Section 89c, which was introduced in 2015 and relates to terrorist financing, contains the term “terrorism” only in its title. The elements of the crime themselves (para. 1) provide a definition only insofar as they list offenses along with their purported purposes. Similar definitions can be found in police law, such as section 8(4) of North Rhine-Westphalia’s regional Police Act.

Thus, in sum, an overarching, kind of meta-definition is lacking but there is a clear focus on a perpetrator’s internal thoughts and aims. Yet, these are extremely difficult to determine and this reliance on purpose in the context of the trend toward personalization leaves us without a clear, shared understanding of what terrorism actually is. Ultimately, we cannot be sure of who is a terrorist; often, it is merely an adscription based on personal ideological bias.

Assessing the Terrorist as a “Potentially Dangerous Person”

While the law on terrorism in a state governed by the rule of law should not be a (criminal) law of the enemy, friend-enemy thinking is revitalized via the German concept of the “potentially dangerous person” (Samour, pp. 53-59).

According to Germany’s federal police law, a person is considered “potentially dangerous” if there are “factual indications” that he or she “will commit major crimes in the near future.” Under the Residence Act, a foreign national can be assumed to pose a “terrorist threat” “on the basis of a prediction based on facts” and immediately deported if they are deemed to pose such a threat.

Apart from “potentially dangerous persons,” there are also “relevant persons” – leaders and supporters in the broader sense, for whom the same prediction about whether they pose a terrorist threat applies. While there is not supposed to be any overlap between these two categories, the distinction is not very convincing because the term “relevant person” also includes anyone who could commit a serious crime, just like a “potentially dangerous person.” In late 2019, 752 “potentially dangerous persons” and 778 “relevant persons” were known to the federal authorities.

In any case, we are always dealing with a predictive decision by the security authorities that involves major factual uncertainty with regard to future terrorist acts. At best we are dealing with “certain probabilities of the commission of violence.”

To reduce this uncertainty, the Federal Criminal Police Office has been using the risk assessment tool RADAR-iTE (“rule-based analysis of potentially destructive perpetrators to assess acute risk – Islamist terrorism”) since 2017. This tool, which is now in its second version (RADAR-iTE 2.0), enables a largely standardized, person-related assessment of risk by way of a quantitative and qualitative calculation. Following a 2019 adjustment, this risk assessment assigns persons to a two-stage risk scale: “high” and “moderate.” As of August 19, 2019, 497 persons were thus rated either “high” (186) or “moderate” (311) risks.

However, because of the inherent forecasting uncertainty, the instrument is designed to be “rather sensitive” and the mere classification of a person as high risk does not trigger any measures. Instead, police carry out a case-by-case assessment in a second stage, within the framework of RISKANT (“risk analysis of those inclined to act on Islamist motivations”), which was developed between 2017 and 2020. These evaluations are reviewed regularly.

RADAR-iTE is also supplemented by an eight-stage forecasting model that predicts the occurrence of potential harm; in this respect, the event-related and person-related approaches are combined. The eight-stage model’s application to right-wing extremist terrorism in principle now should take place via the tool “RADAR-rechts,” but the specialist scientific input required for this tool is being developed within the framework of a project that is expected to last until February 2022.

As Jérôme Endrass has written, important and useful as these (and the many other) analytical tools may be, most of them fail to demonstrate their validity with respect to the reliability of their forecasts and the effectiveness of their methods of threat prevention. Similarly, Michel Logvinov notes current forecasts are “based upon vague assumptions that have hardly been tested, or tested only superficially.” Thus it is hardly surprising that the Federal Administrative Court does not rely on RADAR-iTE or similar tools when reviewing the authorities’ predictive decisions.

In addition, predictive uncertainty regarding whether an individual is a “potentially dangerous person” increases the longer the period before the (potential) act, as does the risk of error (Bäcker, pp. 163-64; Kießling, p. 280). Moreover, it is in the nature of the personalized investigative approach that intervention measures are not limited in time or scope by a specific event or occurrence. The lack of this limitation increases the risk both of measures against harmless persons and of religiously or ethnically discriminatory applications (Samour, pp. 49-53). The increasing personalization of the law regulating infringements on citizens’ rights thus leads to sacrificing more citizens’ privacy. This sacrifice is often weighed against a mere appearance of increased security, as mostly harmless “endangerers” attract the attention of the security authorities (Bäcker, pp. 164-65).

This predictive uncertainty encumbers international law in much the same way, as shown not least by the killing of Iran’s General Soleimani, as Mary Ellen O’Connell, Marko Milanovic, Patryk I. Labuda, Adil Ahmad Haque, and I (in German and Spanish), among others, have discussed. In such cases, the invocation of the right to (preventive) self-defense depends first of all on whether an attack was actually imminent. This in turn requires a prediction, the criteria and requirements of which are unclear and highly controversial (Schiffbauer, pp. 181-90). Yet, we cannot speak of personalization where the (collective) right of self-defense is concerned, because what counts are objective facts, rather than the normative classification of a person as a (potential) “terrorist” (Schiffbauer, pp. 182, 191). At the same time, however, a personal classification forms the premise of any targeted killing. Personal classification is at the heart of both so-called “personality strikes,” which target individuals due to their position within an armed group, and for “signature strikes,” which target individuals who meet certain person- and conduct-related criteria through “patterns of life” or “behavior,” without any knowledge of their identity (Starski, pp. 239-40).

The question of whether this practice is admissible under human rights law is not answered by the possible affirmation of a collective right of self-defense as part of the law that governs the resort to the use of force by states (jus ad bellum) (ibid., p. 245). In the event of armed conflict, this admissibility is governed by the rules of international humanitarian law (jus in bello), supplemented by human rights provisions, in particular the right to life; in times of peace, only peacetime international law is applicable, in particular human rights. Judged by this standard, signature strikes – if only because of the breadth and indeterminacy of “signatures” (examples in ibid., pp. 257-58) – generally violate the principle of distinction under international humanitarian law, and a fortiori do not meet human rights requirements (ibid., p. 259). By contrast, personality strikes are likely to be permissible, at least under international humanitarian law, although this practice’s immanent tendency to “disenfranchise the individual concerned” (ibid.) is highly problematic in these cases, too.

Importing Personalization

Personalization is not unique to Germany. On the level of international law, personalization is reflected in a “regulatory turn” toward regulating the conduct of private individuals, rather than only the conduct of states. In particular, international law seeks to prevent individuals from financing terrorism through the use of “blacklisting” in sanctions regimes, which the United Nations Security Council instructed states to employ in its Resolution 1373/2001.

However, the procedural regulation of international law regimes designed to counter terrorism has proven opaque and questionable in terms of the rule of law (Binder/Jackson, pp. 134-36). The intervention-intensive and diffuse international law approach (Altwicker, pp. 88-91) should not be blindly adopted into domestic systems – as mere “legal transplants,” as it were. Yet the demand that the national legislator adapt these norms for the domestic context when implementing them (Barczak, pp. 115-17) needs to be specified further. Where exactly do the insurmountable boundaries of the national legal order (“constitutional identity”) and the national or European ordre public lie? What scope for decision-making do the provisions of international or European law leave the national legislator? What criteria should be used as the basis for differentiation?

Boundaries on Personalization Set by the Rule of Law

In spite of the concerns raised above, there is no real alternative to personalization, and prediction-based terrorism security law can only be contained by the rule of law, not rejected reflexively. Even critics of a far-reaching fight against terrorism recognize that the framework governing police interference with the rights of ordinary citizens, with its orientation toward concrete events and dangers, is designed to be reactive and case-specific, making it insufficient in cases of diffuse, undefined threats arising during the preparatory stage (Bäcker, pp. 148-52). However, terrorism poses precisely such threats.

Human rights protections, as recognized by the U.N. Security Council, and constitutional law supply rule of law boundaries on personalization. They accomplish this by, among other things, requiring that restrictions on basic rights and freedom must be proportionate – that is, strictly limited and controlled by judges. As such, substantial interventions interfering with fundamental rights (such as detention and deportation orders) are generally disproportionate (Kießling, pp. 278-82), particularly because of the prognostic uncertainty mentioned above. Indeed, these measures forcefully limit basic rights, essentially removing the right to liberty, and do so mostly on the basis of highly uncertain predictions.

Germany has no “specific substantive criminal constitutional law” (Bäcker, p. 159), which would supply further limits on personalization, as of yet. This would, first of all, require a deep intradisciplinary dialogue between constitutional and criminal law experts, which we are still lacking. Only if such a dialogue produced results could legislators be expected to act.

In the meantime, to mitigate the potential for discrimination, law enforcement should consider not only trade-offs between freedom and security, but should also incorporate equality to create a freedom-equality-security triad (Samour, pp. 50, 66). However, such a change would require more precise rules regarding interest balancing and cultural changes in our law enforcement authorities and the societies they mirror.

Other areas offer more questions than answers. For example, does technologizing police work through the use of automated (situation- or person-related) forecasting systems (“predictive policing”) (Wischmeyer, pp. 193-210), such as the above-mentioned RADAR-iTE, create added value from a rule of law perspective? This would certainly require that they provide more reliable data. So far such systems rather seem to generate new, additional problems regarding, for example, the right to informational self-determination. We can readily endorse the demand to regulate such systems by means of a more conscious, critical use of technology (ibid., pp. 210-13), but this demand likewise needs to be defined in greater detail, including any operational specifics. Above all, this does not answer the normative question of whether we should allow ourselves to be governed by such systems in security policy (and elsewhere) when their superiority over human policing has not been clearly proven (ibid., p. 194), and – as has already been pointed out – they remain underdeveloped and prone to error.

The views expressed are those of the author and do not necessarily reflect the views of the Kosovo Specialist Chambers. The author thanks Margaret Hiley for her invaluable assistance in preparing this English version and Just Security for helpful editing.

Image: Members of the Bavarian police and the Bundeswehr, the German armed forces, intercept a vehicle at a checkpoint during a demonstration as part of the GETEX anti-terror exercises during a media event on March 9, 2017 in Murnau, Germany. (Photo by Philipp Guelland/Getty Images)