For months, E.U. officials have faced criticism for failing to prevent the Paris and Brussels attacks, with many intelligence experts blaming the lack of information sharing. Away from the debate and out of the spotlight, the E.U’s law-enforcement agency Europol has quietly tried to piece together the terror threats, working out of its sleek, modern headquarters in the small Dutch capital of The Hague.
Europol has not escaped criticism, too: Some E.U. lawmakers fear some European officials want the organization to become a “European CIA.” However, the organization is tiny by comparison to the CIA, with a staff of about 1,000 and a budget in 2015 of €94.4 million ($106 million). On May 13, exactly six months after the Paris attacks, the organization invited TIME into its fortress-like building to discuss the ongoing terrorist threat in Europe with Europol director Rob Wainwright.
Wainwright’s assessment is sobering, including that “several hundred” battle-trained European jihadists are likely plotting further major attacks, and that his agency is supporting some 50 ongoing terrorist investigations. Wainwright, who is British, is also convinced his country will be far less secure if Britons vote on June 23 to leave the E.U. in a so-called “Brexit.” As for Europe as a whole, he says: “The threat is alive and current. Another attempted attack is almost certain.”
The following interview has been edited and condensed for clarity:
TIME: Is the terrorist threat to Europe still at the highest level?
Wainwright: This is the highest terrorist threat we have faced in Europe since the days of 9/11. We have 5,000 Europeans who have been radicalized by [ISIS] and have traveled to Syria and Iraq and engaged in conflict experience. We suspect that about one-third of them have come back: That is our best guess. We don’t know for sure. Of course many have come back and are not planning to engage in terrorist activity. Some are in rehab programs, some are in prison. That still leaves, however, maybe several hundred that are potential terrorists.
Our real concern is that there are other networks, either in Europe already, or who are being trained in Syria for further action. We know that [ISIS] last year took a strategic decision to establish an external operations command, a division to plan exactly the kind of attacks we have now seen. We think that they are still active and planning to do that. The threat is alive and current. Another attempted attack is almost certain. Whether it gets through depends of course. I am concerned about [ISIS’s] clearly expressed desire for the spectacular.
So did this system fail before Paris and before Brussels? Some of the attackers were on the radar of one EU state but not another.
Obviously what happened in Paris and Brussels represents somewhere along the line a failure. Of course it does. Because our aim is to prevent every terrorist attack. In fact, the security community in Europe manages to do that nearly every time. Nearly every terrorist attack is thwarted. Some get through, because it represents the complexity of the threat we are facing. Five thousand people have been radicalized and we have a fragmented intelligence picture about who they are. Among that community, any one of them could potentially come back as a potential terrorist.
What is the biggest challenge to identifying potential attackers?
The speed of radicalization is often startling. It can be a matter of weeks, in some cases, for vulnerable young men or young women to have their minds turned by this ugly propaganda and to turn themselves into people capable of going to Syria or Iraq and engaging in conflict there, and in some cases carrying out terrorism. So the intelligence timeline for identifying these, for tracking their path towards terrorism is much shorter than it was in the past. It is not possible to monitor all of the knowns, let alone all of the unknowns, all of the time. And that means some of the attacks get through. Having said that, there is more we can do to plug the gaps.
How bad is the lack of intelligence sharing among EU countries?
It’s a lot better since Paris. We have seen almost overnight a huge amount of intelligence that is now shared through our channel. But it’s not yet there. Of the 5,000 European nationals we have data collected on around 3,000 of them, to give you one example. We have many more in our files that are non-European. We are currently supporting about 50 ongoing terrorist investigations around Europe. That tells you something about how lively the threat is at the moment.
How many of the EU countries are actually feeding information to Europol’s new European Counter Terrorism Center?
We have all 28 [EU countries] doing that at different levels. Not all member states have equal amounts of intelligence to share, of course. Others to be honest have different views, different cultural attitudes, towards sharing. There is still a cultural journey that the whole community is on, to open up a little bit more the posture of sharing, given the traditional mindset of intelligence officers needing to hold on to information, to protect sources.
How has the nature of terrorism changed in recent years?
The link between terrorism and crime is much more prevalent now than any any other time in the past. The recruits we are seeing now are more and more from a criminal background, a criminal lifestyle. We are dealing with disaffected young men, coming up through a gang culture, perhaps, or at least having been engaged in petty crime. And it’s that rather disaffected community that has become the breeding ground for radicalization.
Six out of 10 Paris attackers had a criminal background. All six known attackers in Brussels had a criminal background. And there is a growing dimension of the criminal market providing fake documents to support people smuggling, principally, also now having customers in the terrorist trade. Not to mention firearms suppliers.
It means the traditional intelligence exchange is not enough anymore. The information about who these people are, where they come from, who they are in contact with, are going to be in police files, in police systems. If they were involved in petty crime five years ago, we need to know that from the local drug squad. Not so long ago, the path towards radicalization was longer. Some came from criminal backgrounds, but not many. There is an opportunity here to find out much more about these people from information already resting in police information systems, if only we can find the right mechanism. That is what we are trying to build here at Europol.
How common is it for police and security services to share information?
In some countries it is; in the UK, there are very close exchanges between Scotland Yard and MI5. In Germany, there’s a very enterprising center, the National Counter Terrorism Center, which was started by police officers from many different agencies. But not in every country do we see this and certainly not on a EU level. The national efforts now need to be replicated and elevated in a similar standard in Europe because the threat has become so much more European. And we have millions of records at Europol about criminals in drug trafficking, money laundering, people smuggling, fraud – all of which could potentially connect to a terrorist case.
What can Europol do to prevent another Paris or Brussels?
If there is one thing Paris and Brussels taught us in Europe, it is that we need to improve collection and shared information on a European landscape. These are threats that are inherently cross-border in nature, and require a transnational response. Within Europe we have architectures like Europol and information systems such as we have developed here, that can play a major role in providing a more modern response, a more modern architecture to this transnational phenomenon.
Is “Brexit” as big a security issue as Prime Minister David Cameron says it is? What happens if Britain leaves the EU?
Britain becomes less safe. Britain would have access to fewer capabilities in a less effective way, which at the moment plays one big part in the way Britain secures its borders and deals with the threat from terrorism and crime.
But doesn’t the U.K. just become a partner of Europol, like the U.S.?
The U.K. would become an associate partner like the U.S. But there are important limitations. They would no longer have direct access to our data bases. They would no longer be able to run any of our projects. They would no longer be able to influence how our organization sets its priorities.
In other areas there are even more concerns. The Schengen Information System [the E.U. database of people crossing into the E.U.’s passport-free zone] has become a principal instrument—the largest securing data base in Europe—to identify sex offenders or drug traffickers, for example, as they seek to cross into the U.K. There is no precedent for a country that is outside the E.U. and outside the Schengen free travel area continuing to have access to that system. That doesn’t mean that the U.K. could not try negotiate a historic first for itself. Maybe it can. But my point is that there is uncertainty about what it would bring.
What is the next big threat to Europe?
The European Football Championships in France obviously represents a potential target. There is an elaborate security plan operating on multiple layers, driven a lot by intelligence of who we know, and there is a lot of work done in advance. The security protections are multilayered at the sites, the approaches to the sites. There is a lot of CCTV coverage, closed-circuit TV, and bag searches in certain areas. It’s impossible to reduce the threat to zero. But [ISIS] will find it difficult to mount an attack. They may wish for one but they will find it difficult.