The Brexit deal brokered on Christmas Eve between the UK and the EU on trade issues leaves both sides constrained in their efforts to tackle terrorists and cross-border criminal gangs, experts have warned.
“The deal is a damage limitation exercise because it was about abandoning a framework of cooperation that has been put in place over the past decade,” said Julian King, former British senior diplomat and former EU commissioner for the security union.
A senior EU official is more blunt: “This is one of those areas where it’s lose-lose. No one wins in a looser relationship from a security standpoint. “
The UK Home Office insists that although some tools to fight crime have been lost – including access to the so-called SIS II criminal database – high-level cooperation security also occurs outside EU structures. Information on terrorist threats, for example, is shared by a separate counterterrorism group of around 30 European intelligence agencies.
Yet one of the biggest risks for the UK is not just the erosion of capacity, but also of influence. “What Britain has really lost is the leadership role in security,” warned David Anderson, a former UK terrorism law reviewer. “If you want these systems to be useful to you, you have to be involved in their design.”
What has the UK lost in total?
Britain has been cut off from the SIS II database, which allows real-time sharing of information on wanted or missing persons, or objects across the EU. Martin Hewitt, chairman of the National Council of Chiefs of Police, said in November that this would have a “major operational impact”. SIS II, which holds more than 90 million cases, is connected to Member States’ systems, which means that any person disseminated as wanted or missing is reported in 27 countries. British police checked the system over 600 million times in 2019.
“British bobbies could access police databases across Europe on their portable devices, from the streets and literally within seconds,” said a senior EU official.
Having been disconnected from SIS II, the UK had to delete around 40,000 live SIS II alerts from its own criminal databases at the end of the transition period. Police and spies will now use Interpol’s “red notice” and “broadcast” systems, which broadcast wanted alerts in the group’s 194 member countries.
As a result, Britain will count on its European allies to proactively upload their SIS II alerts to Interpol and these will not be available in real time. The UK will be able to exchange security alerts bilaterally with EU countries, but rather than being immediate, information will typically take several days to arrive.
Sending alerts through Interpol also means sharing tort data across a vast network of countries. Interpol has come under increasing scrutiny for what critics accuse of abusing its systems by authoritarian governments to target political opponents. “Working with 193 partners who, to put it politely, do not all share the same approach to tackling serious crime and terrorism issues is a challenge,” said Sir Julian.
What tools will change?
The European arrest warrant has been replaced by a new surrender agreement similar to those the EU has with Norway and Iceland. Under this agreement, extradition can be refused if there are concerns that the individual’s human rights are being violated or if the offenses are not serious enough. British officials say it will be “as quick” to extradite someone as under the EAW, but with better guarantees.
But it’s a less efficient process than the EAW, EU officials said. EU member states will now be able to refuse to extradite their own nationals to the UK. In some countries, such as Germany, restrictions on such extraditions are written into the Constitution.
British police have said privately that it remains to be seen how well the new arrangements work in practice; their reference is the 2005 extradition of London bomber Hussain Osman, who was arrested in Italy and taken to the UK to stand trial in just 56 days under the EAW.
The UK will also renounce its membership in Europol, the EU law enforcement agency, and Eurojust, its legal agency, thus becoming a ‘third country’ which can cooperate in investigations and operations, but without any decisional participation.
The concessions on the EU side, which differentiate the UK from other third countries such as the US, include the possibility for UK liaison officers to work at Europol headquarters to help with cross-border cooperation, and an agreement whereby British law enforcement agencies will have access to the services of Europol’s secure messaging system.
What did the UK keep?
Britain has negotiated continued access to the Prüm system for sharing fingerprints and DNA, and in the future, vehicle registration data. This has never been granted to a third country outside the Schengen area, although Brussels officials insist that the search for matches will not be done in “real time” but via a decentralized database.
Prüm is a less powerful and intrusive crime-fighting tool than SIS II, EU officials note. UK investigators will be notified if there are any matches, but will then have to turn to the relevant national authorities to access the underlying data. The UK has also dropped its longstanding opposition to sharing DNA files of British criminal suspects.
The UK has gained permanent access to the Passenger Name Record network for sharing information about people arriving at UK and EU airports, and now has three years to implement data protection measures to ensure that the confidentiality of the data of normal travelers is not violated.
Negotiations are not over
One of the obstacles is the commission’s decision on the adequacy of the data, which will be taken within the next six months. Data sharing can only take place if the EU decides that the UK data protection standards match EU GDPR regulations. Concerns will likely revolve around how UK security agencies such as GCHQ protect the privacy of EU citizens when monitoring data.
Camino Mortera-Martinez, an EU justice and security expert at the Center for European Reform, foresees difficulties in reconciling the ‘golden standard’ of data protection perceived by the EU and the UK becoming more lax to stimulate innovation. There will be some “difficult and stimulating questions” about the activities of British spies, adds Sir Julian.
Even if the EU accepts data sharing in the UK, rulings by the European Court of Justice could force changes to the arrangements. For example, privacy activist Max Schrems last year won an ECJ ruling which invalidated Privacy Shield, the transatlantic agreement used by companies to transfer data from the EU to the United States.
There is room for improvement
The UK is upgrading its data sharing technology to automate the process of uploading information from Interpol to frontline police systems. London officials are also planning to create a network for sharing real-time information on people, documents and objects with “trusted countries” such as the Five Eyes Intelligence Alliance, replacing SIS II.
Ms Mortera-Martinez also hopes that the EU might be able to rethink its security cooperation with non-EU Schengen countries – such as Switzerland and Norway – and third countries such as the UK. United, the United States and Canada. “The EU did not want to give to other countries. . . all the advantages lest the UK be inspired to ask for more, ”she said.