You are here
In September 2020, we warned that the question of future security cooperation between the UK and the EU was not receiving sufficient attention for informed public debate. We highlighted the importance of getting this right at a time when the international security environment was becoming more complicated. We acknowledged the strong commitment of national services and individuals in both the UK and the EU to creating effective mechanisms for cooperation after Brexit. But we emphasised the challenges ahead and the rapidly growing importance of Europe-wide data sharing, largely conducted under the EU’s jurisdiction.
There is now a Brexit agreement. In the final document the elements covering ‘Law Enforcement and Judicial Cooperation’ are set out over 84 pages. The UK retains access to critical databases, including DNA information exchange (Prüm) and Passenger Name Records (PNR). There is a detailed mechanism for cooperation with Europol and Eurojust. However, UK access to the EU’s criminal records exchange (ECRIS) and instant operational alerts on the movement of people and objects (Schengen Information System 2) is not preserved in a formal sense. The agreement sets out what are intended to be alternative arrangements. The effectiveness of these arrangements will be tested by events in the period ahead. The consequences of the loss of access are not yet clear.
The relevant paragraphs of the UK government’s summary, published to explain the agreement, states that ‘the safety and security of our citizens is the government’s top priority’. For obvious reasons, given our professional backgrounds, we agree. But we remain concerned that informed public debate and understanding of the potential implications for security cooperation are still limited. This is a worry, given an international security context which has become even more complicated in the months since we first voiced our concerns.
Worsening International Security Setting
The return of ‘great power rivalry’ has now been accentuated by the global pandemic and in a manner which increases pressure on Western liberal democracies. Over the past year, China has become more authoritarian in domestic policy and more assertive and self-confident in international policy, including through the exercise of soft power within the West. The continuing growth of the Chinese economy (despite the global depression) is supporting diplomatic activity and achievements in East Asia and in Europe. This is despite controversial actions in Hong Kong and Xinjiang Province. The future of Taiwan is becoming an immediate source of tension, especially with the US. In terms of global leadership, China is increasingly well placed to challenge a US caught in the exceptional confusion of the presidential transition.
Russia may not have China’s economic power, but it too has become increasingly assertive. The recently discovered and remarkably effective cyber intrusion into complex US networks (government and private businesses) has taken the US authorities and their sophisticated cyber defences by surprise. This is a powerful reminder of the game changing potential for the aggressive deployment of information technology. Russian political and hybrid military activity in Central Europe and the Baltics and the promotion of disinformation is a growing global concern. Within Russia, the determination to suppress internal dissent and opposition, at a time of domestic political uncertainty, has been powerfully illustrated by the poisoning of Alexei Navalny.
The threat from non-state actors has not gone away, as we have been reminded by the terrorist attacks during the autumn in France, Austria and Germany. The Islamic State remains active in Iraq and Syria and has become a major player in the Sahel. Within our societies, online radicalisation has become increasingly significant. It is very difficult to detect. This too may well be accentuated by the restricted conditions imposed by the pandemic
Finally, international serious organised crime is becoming ever more complex and fast moving – an inevitable consequence of rapid technological change.
All these growing security and criminal threats are of shared concern to the UK and to member states of the EU – the UK and Europe have the same ‘operational backyard’. It is in this context that we assess the strengths and limitations of the Brexit agreement.
The fact that agreement was reached in this area is very welcome, as is its scope. Inevitably it is not the same as the cooperation among EU member states. But it delivers in several important areas. It is worth recalling that reaching an overall agreement on the future relationship was not always a given. And the discussions on security were long, drawn out and, at times, difficult. Despite the overarching mutual self-interest in finding ways to cooperate in tackling the range of shared threats the two sides did sometimes appear to talk past each other.
At the outset some on the EU side interpreted various statements by the UK government as seeking to use security cooperation as leverage in the wider negotiations. At the same time, the EU was resistant to UK proposals for a separate agreement on security. The EU was disappointed when the Johnson government made clear it was not interested in formal, structured cooperation on foreign policy and international security. And on internal security the EU started out asking more of the UK than it had or did of other non-EU countries it cooperates with on some of these issues.
But the two sides worked their way through to find an agreement on security cooperation that goes further than some expected. The EU accepted that the European Court of Justice’s (ECJ) writ would not run in Britain after 2020, including as far as security was concerned. The EU also accepted that it could not dictate how the UK would give effect to the commitment to uphold fundamental rights; both sides made it a condition of continued cooperation that the other would uphold fundamental rights, while respecting the independence of the respective legal systems. Questions over data protection were handled in a way both sides could accept. The UK accepted that arrangements on security cooperation are part of the wider deal, but with their own governance, suspension, termination and review clauses. The scope of cooperation was extended to issues like asset freezing and confiscation that the UK had been keen to see included.
What Is Covered by the Agreement
The UK will maintain a working relationship with the main EU-wide law enforcement agencies, Europol and Eurojust, which provide platforms for sharing information, mounting joint investigations, operations and prosecutions. The detailed arrangements for how day-to-day cooperation will work are largely left to further discussion in the various management bodies, which is welcome because it means the details will be worked out between frontline practitioners with direct experience of the mutual benefits. There are also some potentially important arrangements for maintaining and building practical cooperation on cybercrime, cybersecurity, and the security of emerging technologies, including working with the EU Agency for Cybersecurity.
There are provisions for law enforcement and judicial cooperation on anti-money laundering, tackling the funding of terrorism, as well as asset freezing and confiscation. And, most importantly, on extradition. The European Arrest Warrant has in the past been the subject of debate and was unpopular with some in Conservative circles. But practitioners point out it has been used thousands of times over recent years. There were concerns the UK’s position on the ECJ could make this difficult. But the agreement includes provision for mutual surrender of those wanted for more serious crimes, built on the model of the EU surrender agreement with Norway and Iceland which came into force recently. Crucially, this relies on political dispute settlement rather than ECJ arbitration.
The agreement maintains UK links with some of the law enforcement databases which have been central to strengthening police cooperation across Europe in recent years, in particular, the Prüm network for sharing information on vehicles, fingerprints and DNA, which has been important on the ground for example in Northern Ireland, and which will continue to develop potentially to cover other crime scene forensics, and the key PNR network for sharing information on arrivals at UK and European airports. The UK will need to review some aspects of how such data is handled but has up to three years to do so. There are proposals to effectively build a new network for exchanging information on criminal records. Here, and with wider mutual legal assistance, arrangements build on but go further than existing international Council of Europe agreements.
What Remains to be Done
There remain some important outstanding issues. The biggest potential operational gap is that the UK loses access to the Schengen Information System, the main database for sharing alerts about individuals and objects of interest. UK police and border guards were consulting this hundreds of millions of times a year. But, as things stand, it is not open to, and there is no framework for cooperation with, non-Schengen countries. Losing this access represents a serious challenge, as the National Crime Agency and the Metropolitan Police have detailed in evidence to Parliament. The agreement with the EU does include a legal basis for exchanging security alerts bilaterally. But that is not the same operationally as an officer on the frontline being able to consult directly the Europe-wide database in real time.
This issue had been flagged for some time, and the government has been working to address it and plug the gap. It has been encouraging EU member states to make more use of the various Interpol serious crime and terrorism databases to share alerts. At the same time the government is working to make access to the Interpol systems for frontline officers via the national police system as effective as possible. This requires EU member states and the government to invest time and effort in sharing information across these systems and making them work, so this is an area to watch. The government is also seeking to build a new network for exchanging real time alerts with 'trusted countries’, including the Five Eyes intelligence partners, but that remains a work in progress for now.
All these arrangements are subject to a dedicated review, in parallel with the review of the wider agreement, every five years, though there are various provisions to suspend or terminate all or some of them earlier than that if problems or disputes arise. So, another key thing to watch is the stability of these arrangements over time.
One area of potential difficulty is the protection of personal data, which goes wider than security but is obviously central to security cooperation. The European Commission has up to six months to make its unilateral determination on whether the UK delivers essentially equivalent protection of EU citizens’ personal data, so called 'data adequacy'. One of the main considerations in granting adequacy to a third country is how that country’s security agencies carry out surveillance of EU nationals. Concerns about this led last year to the adequacy arrangement with the US being challenged and struck down, for the second time in recent years. So we should expect the practices of the UK security authorities, including the care with which the police handle databases, to come under close scrutiny, as will UK data legislation and arrangements for onward transfer of data to other countries, especially to the US. The UK government point out that were there to be issues, now or in future, around data adequacy that need not lead automatically to suspension of security cooperation under the terms of the agreement, but it certainly would not make things easier.
Given the wider security environment, the strong shared interests in tackling what are largely shared threats, and the engagement of security and law enforcement professionals in finding ways to make the projected arrangements work, we must hope they will provide the basis for building cooperation in the future. But security challenges do not exist in a vacuum and they will inevitably be affected by the wider UK–EU relationship.
The views expressed in this Commentary are the authors', and do not represent those of RUSI or any other institution.
BANNER IMAGE: Courtesy of Darren Baker