Euro Security Watch with Mathew J. Schwartz

Governance , Legislation & Litigation , Privacy

Police After Brexit: Keep Calm and Carry On

But UK Law Enforcement Agencies Face Intelligence Disruptions
Police After Brexit: Keep Calm and Carry On

Britain's exit from the EU - "Brexit" - means that U.K. law enforcement agencies, at least in the short term, will likely have a harder time taking a bite out of cybercrime as well-regarded intelligence-sharing relationships get severed and must be renegotiated (see Brexit: What's Next for Privacy, Policing, Surveillance?).

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

Britain currently works closely with the other 27 EU member states via the EU's law enforcement intelligence agency, Europol, as well as its European Cybercrime Center, or EC3. Europol has coordinated a number of operations, including those related to cybercrime gangs and disruptions, and has notched up some impressive arrests in its relatively short existence.

"We must be able to cooperate closely and share intelligence in an agile way." 

But it's unclear how closely Britain will be able to work with Europol or EC3 (see Brexit Referendum: 5 Cybersecurity Implications ). Ironically, both Europol and EC3 are currently led by British citizens, and it's questionable if they'd be allowed to continue in those roles once Britain exits the EU or officially signals its intention to do so.

A Europol spokesman didn't immediately respond to a request for comment.

Brian Honan, a cybersecurity adviser to Europol, as well as head of Dublin-based BH Consulting, says the degree to which U.K. law enforcement and police agencies can continue to work with Europol depends on the new treaties negotiated by Britain and the extent to which the U.K. aligns its post-EU laws with the EU General Data Protection Regulation and the EU Network Information Security Directive.

The U.K. Information Commissioner's Office, which enforces the country's data privacy and protection laws, has already called on Parliament to fully comply with the GDPR if it hopes to do business with the EU going forward.

But new treaties take time to hammer out and are subject to unexpected political turns, and in the short term, Lynne Owens, director general of the National Crime Agency - Britain's national law enforcement and police agency - has said there may be related disruptions.

"The NCA works with partners in over 150 countries because organized crime is not constrained by geographical or jurisdictional boundaries," she says in a statement. "To tackle it effectively we must be able to cooperate closely and share intelligence in an agile way. If it cannot be met through EU mechanisms we will find others."

What's unclear is if organizations such as NCA will find themselves suddenly scrambling as previous EU institutions and information flows potentially get suspended until the U.K. gets new treaties in place. "For now, ongoing operations against international crime threats continue as before," Owens says. "We will be working closely with government to understand what the implications of exit will be for us and to plan the steps we need to take with our law enforcement partners to keep people in the U.K. safe."

Britain Must Comply With Certain EU Laws

Of course, Britain should be able to negotiate new intelligence-sharing arrangements with the EU. "With relation to international cooperation against cybercrime, the close working relationships between law enforcement within the U.K. and the EU should continue to work. However, there may be implications under the EU data protection regime with regards to the sharing of certain intelligence between both parties," says Honan, who also leads Ireland's computer emergency response team.

Notably, the GDPR prohibits personal data from being transferred outside the EU unless appropriate safeguards are in place (see 'Privacy Shield' to Replace Safe Harbor).

"It is too early to determine what the impact of the Brexit will be, but hopefully, cybersecurity and data protection are topics that will be dealt with by both sides with the importance and gravity they deserve," Honan tells me.

Next Move, Britain?

Of course, that's just a microcosm of the bigger political picture. In the wake of a majority of the U.K. population voting with the "Leave" camp rather than the "Remain" one, no one seems clear about exactly what will happen next, or when. One principle Leave architect, ex-London mayor Boris Johnson - currently seen as the frontrunner for Conservative Party leadership and thus potentially the country's new prime minster later this year - says in a column in today's Telegraph newspaper there's not "any great rush" for Britain to leave, and that "there will continue to be free trade, and access to the [EU's] single market." In particular, he says the U.K. doesn't yet plan to invoke "Article 50" of the Treaty on European Union, which would give Britain up to two years to leave. Some other pro-Leave officials have also reversed earlier claims that a vote to leave was a vote to depart the single market.

But officials at EU headquarters in Brussels have said that they may invoke Article 50 June 28, thus putting more pressure on the U.K. to immediately begin related negotiations.

Once Article 50 gets invoked, "negotiations will have to take place as to how the U.K. will interact with the EU, not just on economic matters but also in areas such as cybersecurity, data protection, financial regulations, other regulatory regimes and national security," Honan says.



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.