LP Magazine EU

ItemOptix-banner_V2.gif

DeArm_banner.jpg

Loss_Prevention_Magazine_300x250__Nov_2023.jpg

Jan_2024.png

UK_Banner_ad_5-01.png

industry focus

Don't leave me this way

The tectonic plates of Europe underwent a seismic shift on 23 June when Britain decided in a referendum to be the first ever country to exit (Brexit) the European Union (EU). On both sides of the Channel, the political fallout has been enormous with acrimony and resignations including that of the British Prime Minister David Cameron who had pledged to hold the referendum in the first instance, but backed the remain camp.

The dust has now settled with Prime Minister Theresa May in office, the former British Home Secretary who held the ministerial post of looking after security and Britain's borders for six years. But she has indicated to German Chancellor Angela Merkel that she is in no hurry to trigger Article 50, the treaty that would commence the exit, until the start of 2017 at the earliest.

So what now happens to trade with our European partners and, moreover, international cooperation on fighting organised crime and terrorism in the interim and longer term?

In August, Sir Julian King, a career diplomat, was appointed as Britain's new European commissioner to spearhead EU efforts to tackle terrorism, organised crime, and cyber security. He replaces Lord Hill, who resigned after the Brexit vote. European Commission President Jean-Claude Juncker - who made the appointment - said security was a "pressing challenge," and the wave of terror attacks in France, Germany and Brussels underlined the need for "swift progress."

However, this is an interim measure until Britain finally exits, a process that will take a minimum of two years once Article 50 - the so-called nuclear button - is activated. What happens then in terms of pressing matters closer to home? What happens to the economy, for example? Equally, what happens to cross-border law enforcement and collaboration involving member states?

Ireland

There is genuine concern in both Northern Ireland and the Republic of Ireland about the border between the two provinces. The 500-kilometer Irish border is not only the gateway between the UK and Ireland, but also the only land link between Britain and Europe.

Since the vote to leave, a debate between Nationalists and Unionists has been raging over next steps because under the Good Friday Agreement, border checkpoints were abolished to allow the free movement of people and goods. Northern Ireland Assembly First Minister Arlene Foster argues that the "Common Travel Agreement" - set up before the Good Friday Agreement and the Republic's accession into the EU and becoming part of the euro - would remain. However, her deputy, Nationalist Martin McGuiness, said there was no way that it could do so in its current form when the UK triggers its exit. In other words, some form of border control would have to be introduced.

This has been an intense discussion, especially in light of the fact that few have an appetite for EU officials carrying out vehicle stops along the border and that the people of Northern Ireland, like Scotland, voted overwhelmingly to remain part of the EU.

Nationalists in both the north and south of Ireland have suggested that there should be another referendum in Ireland on a United Ireland that would still form part of the EU. 

European Arrest Warrant

Border control between the two provinces of Ireland is only one security issue troubling experts. Whatever happens after the exit, doubts remain about the efficacy of the European Arrest Warrant (EAW) and Britain's relationship with crime-fighting bodies such as Europol.

Under the EAW, foreign criminals can be returned to the UK from the twenty-eight member states to face justice, with extradition taking an average of three months compared to ten months for non-EU countries. The classic EAW success story is that of failed 21 July London bomber Hussain Osman, who was returned from Italy in eight weeks.

Britain is a popular destination for organised criminals, and between 2010 and 2014 Britain surrendered 5,365 criminals (95 per cent of whom were foreign nationals) to other EU countries. Among those were seventy wanted on child sex offences, 100 for rape, 115 for murder, and 497 on drug trafficking charges. In the same period, other EU countries using the EAW surrendered to Britain 675 people, 189 of whom were handed over by Spain's so called "Costa del Crime."

For all the genuine criminals extradited, there are occasional horror stories. British teenager Andrew Symeou was extradited to Greece in 2009, charged with killing a man in a nightclub in Zakynthos. He spent nearly a year in a Greek jail - considered among Europe's worst - before his case was eventually thrown out for flawed evidence.

However, crime is becoming increasingly internationalised, so cooperation between European countries in even more important. Europol speaks of a "travelling criminal gang phenomenon" originating in Eastern Europe. The Association of Chief Police Officers described the EAW as "an essential weapon" whilst a Europol official said, "It has transformed the nature of international police cooperation."

The unwanted consequences of allowing free movement of goods and people under EU law are the free movement of criminals and crime. EU criminal law was created to deal with this problem. So the effect on the UK in this area depends on the extent of free movement after a vote to leave.

Europol

The most obvious downsides would arise if the UK pulled out of European crime-fighting bodies and no longer took part in the mutual recognition deals and Police cooperation. In each case, however, the risk of damage could be mitigated, at least to some extent. The UK could probably reach agreements to cooperate with EU crime-fighting agencies, in particular Europol and Eurojust. But the UK would have little or no say in their policies or the way these organisations were run.

To replace mutual recognition and police cooperation instruments would be more difficult. In principle these could be replaced by new intergovernmental agreements negotiated bilaterally with individual EU members. But that would be a long and complex process.

Professor Mark Button, a criminologist specialising in international law and fraud at the University of Portsmouth, UK, and a member of the Europol Intellectual Property Group, has grave concerns over UK involvement.

"The focus at the moment is negotiating trade deals and not about security and cooperation around crime fighting," said Button, "And my fear is that the UK role in Europol, which has been very effective, will not be the same going forward. We are key players in the organisation, and the current chair, Rob Wainwright, is also British. So we are well placed to lead and steer that part of European integration. It is imperative that we continue to share intelligence at a time when the threat of terrorism has never been greater."

He said the City of London Police - the UK lead on fraud matters - also plays an active role in fraud cooperation at Europol. After Brexit, their role would also be removed along with their expertise.

Cyber

The UK vote to leave the EU is also not good news for cyber security, according to Paul C. Dwyer, one of Europe's leading online experts. The man spearheading the International Cyber Threat Task Force (ICTTF) told subscribers to the Cyber Risk Newsletter that there are a number of reasons Brexit is not good for cyber security in the UK, or indeed EU.

The cornerstone of cyber law in the UK is the DPA (Data Protection Act). This was written in 1995, three years before Google was incorporated. Legislation is struggling to catch up with innovation. It is planned to morph and develop the DPA into the GDPR (General Data Protection Regulation) on 25 May 2018. The concept is to be an even-handed holistic approach across the EU in relation to data protection. The legislation will have the added teeth of large fines based on up to 4 per cent of global turnover or £20 million.

This cocktail of legislation is going to create an even greater challenge for UK businesses. For example, let's throw in the new Directive for Police and Criminal Justice that is set for 6 May 2018 and the "cyber directive" that is the NIS (Network Information Security) Directive that came into play in Europe in August this year. Based on the Lisbon Treaty, the Brexit vote signals "notice" of leaving Europe, so those directives would still apply for a portion of time as there is a minimum two-year notice period to leave the EU. During any potential notice period, UK companies processing the information of EU citizens will still have to comply, but can only influence further policy developments from outside the camp.

Secondly Dwyer fears for the future of so-called "cyber sharing." 

"One of the most positive aspects of the upcoming cyber directive, NIS, is that it will act as a positive catalyst for businesses to share cyber threat intelligence. The "me today you tomorrow" acknowledgement of a pan-European cyber neighbourhood watch for business, sharing and exchanging actionable cyber intelligence via a competent authority framework, is a huge step against the bad guys. The UK not being "in will diminish the effectiveness and capacity of that aspect," said Dwyer.

Law enforcement is a major concern for the ICTTF. Dwyer said, "The EC3 (European Cybercrime Centre) and J-CAT (Joint Cybercrime Action Taskforce) initiatives are the poster children for how law enforcement can successfully collaborate in dealing with cyber threats across Europe. The Secure Information Exchange Network Application (SIENA) enables that process, and if the UK is no longer part of that it, it will have negative consequences."

Geopolitics also plays a direct role in cyber threats. Dwyer said, "What happens in the real physical world from a political stand point immediately effects the cyber virtual world. Many recent cases come to mind, including the Ukraine, whereby US companies were attacked online. Physical borders being reinstated and other real-world nuances could feed into the ideology of online groups, or simply those wishing to be part of an online protest. We observe these ideologically motivated cyber threats from countless sources including the Syrian Electronic Army, ISIS, and splinter groups from other major groups such as Anonymous."

Critical national infrastructure and the ability to protect it from cyber attacks forms the fifth pillar of Dwyer's concerns. "On 23rd December 2015, the electricity grid of the Ukraine suffered a cyber attack - more evidence of conscious collusion between nation states, criminal groups, and indeed the capacity of those with the wherewithal to affect a "kinetic" cyber attack. This means in the real world, utilities such as gas, electricity, and indeed the Internet itself are interconnected as CNI (critical national infrastructure) from the UK across Europe. 

"Again, another positive part of a holistic and harmonious approach to establishing a cyber security baseline across Europe via the NIS Directive, was to protect the infrastructure that supports our way of life," Dwyer said. "The entire EU will lose when the UK leaves. Indeed, it is losing the member with the most global outlook, the strongest military, and the best diplomatic, intelligence, and cyber capabilities."

It is estimated that the NIS Directive will add £500 billion to the GDP of Europe. This is one of the many benefits that will be derived from it. The reality is that the UK is the front runner in Europe at maturing its cyber resilience and arguably best placed to benefit from the commercial fruits of the NIS Directive. However, if the UK starts creating its own versions of these directives, it will not avail of these commercial benefits. Just look at the US post 9/11. If we review the negative effect the US Patriot Act and indeed the complexities "safe harbour" have had on innovation, cloud-based technology, big data, and indeed all related aspects, we can begin to appreciate the potential downside. There are over 400 cyber-related laws, regulations, and frameworks from over 175 jurisdictions comprising over 10,000 overlapping and often conflicting controls. Post NIS and GDPR, business can operate in a less complex system, but if the UK do not, they will be in the quagmire of cyber controls.

Confused cyber citizens will also be a direct result of Brexit. "Have you a right to be forgotten? Can you issue a data access request? Should you sign up with a UK company or an EU-based one? Will your data be transferable? What are the rules? The reality is that cyber citizens will now be confused and will have increased challenges in understanding their rights as cyber citizens in relation to security and privacy," said Dwyer.

Incident response where protocols are different across Europe, as far as what you can and cannot do when investigating a cyber incident, provides another area of concern. 

"The differences are often cultural and based on the history of nations. Germany, for example, is at one end of the privacy spectrum based on their state history. Cyber-criminal gangs and indeed cyber terrorist activity is multi-jurisdictional and requires an easily understood and agreed rule set/protocols in responding, investigating, and preventing cyber attacks."

Dwyer concluded, "We are playing 'catch up' with cyber-related legislation. In one way, we could argue that we have sold our souls to the devil in relation to data access, sharing, and innovation, and only now are reaping the consequence. 

"EU legislation is about to take a leap frog forward and put EU states on a level global playing field with the US and other major players that have the benefit of a 'harmonised and holistic' approach to dealing with cyber threats. We are currently somewhat cyber dazed in relation to what is appropriate going forward. All the positive activity and efforts of the CPNI, Cabinet Office, and GCHQ could potentially be compromised as a period of cyber instability creeps in - a period in which people are trying to figure out what is OK in the new world.

"A black swan in risk terms is simply a massive unknown that can become normal. A post-Brexit UK may have many cyber black swans. The reality is that nobody knows what the real cyber consequences are."

There is plenty to concern risk experts across Europe post-Brexit as the UK plays a pivotal role in fighting cross-border crime in whatever shape it takes. Continuity and greater cooperation on a security front must be as much a priority as negotiating trade deals as we move into the brave new world.

There is genuine concern in both Northern Ireland and the Republic of Ireland about the border between the two provinces. The 500-kilometer Irish border is not only the gateway between the UK and Ireland, but also the only land link between Britain and Europe.

The unwanted consequences of allowing free movement of goods and people under EU law are the free movement of criminals and crime. EU criminal law was created to deal with this problem. So the effect on the UK in this area depends on the extent of free movement after a vote to leave.

Leave a Reply



(Your email will not be publicly displayed.)

Captcha Code

Click the image to see another captcha.



iFacility CCTV and Alarm Installation