The Brexit agreement brokered on Christmas Eve between the UK and the EU on trade issues is leaving both parties diminished in their efforts to fight terrorists and cross-border crime gangs, experts have warned.
“The deal is a damage limitation exercise because it was about giving up a framework for co-operation which has been built up over the past decade,” said Julian King, former top UK diplomat and previously European commissioner for the security union.
A senior EU official is more blunt: “It’s one of those areas where it’s lose-lose. No one wins from a looser relationship from a security perspective.”
The UK’s Home Office insists that even if some crime-fighting tools have been lost — notably access to the so-called SIS II criminal database — high-level security co-operation also happens outside EU structures. Information on terror threats, for instance, is shared through a separate counter-terrorism group of around 30 European intelligence agencies.
Still, one of the biggest risks for the UK is not just the erosion of capabilities, but of influence. “What Britain has really lost is the leadership role in security,” warned David Anderson, former reviewer of UK terrorism legislation. “If you want these systems to be useful to you, you have to have a hand in designing them.”
What has the UK lost altogether?
Britain has been cut off from the SIS II database, which allows real-time sharing of information on wanted, or missing persons, or objects across the EU. Martin Hewitt, chair of the National Police Chiefs’ Council, said in November that it would have a “major operational impact”. SIS II, which holds more than 90m records, is plugged into member states’ systems, meaning that anyone circulated as wanted or missing is flagged to 27 countries. UK police checked the system more than 600m times in 2019.
“British bobbies used to be able to have access on their handheld devices to police databases across Europe, from the streets and literally within seconds,” a senior EU official said.
Having been disconnected from SIS II, the UK had to delete about 40,000 live SIS II alerts from its own crime databases at the end of the transition period. Police and spies will now switch to using Interpol’s “red notice” and “diffusion” systems, which circulate wanted alerts around the group’s 194 member countries.
As a result, Britain will rely on its European allies to upload proactively their SIS II alerts on to Interpol and these will not be available in real time. The UK will be able to exchange security alerts with EU countries bilaterally, but rather than being immediate, the information will typically take several days to arrive.
Sending alerts via Interpol also means sharing sensitive crime data around a wide network of countries. Interpol has come under increasing scrutiny over what critics charge is abuse of its systems by authoritarian governments to target political opponents. “Working with 193 partners not all of whom, to put it politely, share the same approach to tackling questions of serious crime and terrorism is a challenge,” Sir Julian said.
What tools will change?
The European Arrest Warrant has been replaced with a new surrender agreement similar to those the EU has with Norway and Iceland. Under this deal, extradition can be refused if there are fears the individual’s human rights might be infringed or if the offences are not serious enough. UK officials claim it will be “as fast” to extradite someone as under the EAW, but with better safeguards.
But it is a less efficient process than the EAW, EU officials said. EU member states will now be able to refuse to extradite their own nationals to the UK. In some countries, such as Germany, curbs on such extraditions are enshrined in the constitution.
British police officers said privately it remains to be seen how well the new arrangements work in practice; their benchmark is the extradition in 2005 of failed London bomber Hussain Osman, who was arrested in Italy and brought to the UK for trial in just 56 days under the EAW.
The UK will also forfeit its membership of Europol, the EU’s law enforcement agency, and Eurojust, its legal agency, becoming a “third country” that can co-operate with investigations and operations but without any decision-making input.
Concessions on the EU side, which differentiate the UK from other third countries such as the US, include allowing British liaison officers to work in Europol headquarters to help cross-border co-operation, and an agreement that British law enforcement will have access to Europol’s secure messaging system.
What has the UK kept?
Britain has negotiated continued access to the Prüm system for sharing fingerprints and DNA, and in future, vehicle registration data. This has never been granted to a third country outside the Schengen area, although officials in Brussels insist the search for matches will not be in “real time” but via a decentralised database.
Prüm is a less potent and intrusive crime-fighting tool than SIS II, EU officials remark. UK investigators will be told if there are matches, but will then have to apply to the relevant national authorities to access the underlying data. The UK also dropped its longstanding opposition to sharing British criminal suspects’ DNA records.
The UK has secured ongoing access to the Passenger Name Record network for sharing information on people arriving at UK and EU airports, and now has three years to implement data safeguards to make sure the data privacy of normal travellers is not infringed.
Negotiations are not over
One of the hurdles is the commission’s decision on data adequacy, which will be made within the next six months. Data sharing cannot go ahead unless the EU decides that UK data protection standards match the EU’s GDPR regulations. Concern is likely to focus on how UK security agencies such as GCHQ are protecting EU citizens’ privacy during data surveillance.
Camino Mortera-Martinez, an expert in EU justice and security at the Centre for European Reform, foresees difficulties in reconciling the EU’s perceived data protection “gold standard” with the UK becoming laxer to boost innovation. There will be some “difficult and challenging questions” about UK spies’ activities, Sir Julian adds.
Even if the EU accepts UK data sharing, European Court of Justice rulings could force changes in the arrangements. For example, the privacy activist Max Schrems last year won an ECJ ruling that invalidated Privacy Shield, the transatlantic agreement companies use to transfer data from the EU to the US.
There is scope for improvement
The UK is upgrading its data-sharing technology so it can automate the process of Interpol information being uploaded to frontline police systems. Officials in London are also exploring the creation of a network for sharing real-time information on people, documents and objects with “trusted countries” such as the Five Eyes intelligence alliance, as a replacement for SIS II.
Ms Mortera-Martinez also hopes the EU might be able to rethink its security co-operation with non-EU Schengen countries — such as Switzerland and Norway — and third countries such as the UK, US and Canada. “The EU did not want to give other countries . . . any perks lest the UK could take it as a cue to ask for more,” she said.