Terrorism: the EU picture

David Anderson QC examines the post-Brexit implications for national security and identifies potential fault lines for future security cooperation with the EU

As jihadi fighters from Europe return from the battlefields of Syria, sometimes by complex overland routes, the advantages of a coordinated European response to terrorism seem obvious.

Progress at the European level has been fitful, save in the wake of major atrocities such as 9/11 and the attacks on Madrid and London in 2004-05. ‘Frictionless borders’, in the jargon of the moment, seem more of a reality for criminals than for law enforcement. But in recent years, driven by the political motor of terrorist attacks in France, Denmark, Belgium and Germany, the pieces of an effective strategy have been starting to come together.

Some of those pieces are terrorism-specific, notably the EU’s Counter-Terrorism Strategy (overtly based on the UK’s CONTEST strategy) and the EU Directive on combating terrorism, on which political agreement was reached in December 2016.

Operationally more significant are measures useful also in the fight against serious and organised crime, such as the European Arrest Warrant (tabled and approved shortly after 9/11), the police and prosecutorial coordination bodies Europol and Eurojust, and the new European Investigation Order which from mid-2017 will govern the gathering and transfer of evidence across borders.

Crucial to our safety are arrangements for the sharing of data – a point graphically brought home to me on a recent visit to the Port of Dover, when a ports officer was able to show me on his hand-held device that a ferry passenger absent from UK databases had come up on a German watch list. There is much work still to do – the categorisation of different national watch lists has not yet been harmonised – but the benefits of such exchanges are obvious.

The most sensitive data sharing between intelligence agencies is conducted on a largely bilateral basis, outside the auspices of the EU. But vital for police are the Schengen Information System, relaunched as SIS II in 2013, and Prüm which concerns the sharing of DNA, fingerprints and vehicle registration data. Other instruments govern the exchange of financial and travel data within the EU and with trusted third countries.

British influence

Not all these measures were UK initiatives. SIS II and Prüm, for example, were pioneered by groups of member states in the borderless Schengen area. But across the board and particularly in recent years, it is the UK which – either directly or through its efforts in other international bodies such as the UN and the Council of Europe – has had the greatest influence on EU counter-terrorism law and policy.

The British imprint may be seen in all the terrorism-specific measures taken by the EU. A small but active example is the Europol Internet Referral Unit, founded in 2015 on the model of CTIRU, the unit in Scotland Yard which employs ‘spiders’ to crawl over the web and report jihadi material to hosts such as YouTube who can then take it down.

UK influence in the European Parliament and Council was decisive in securing the passage of the former Data Retention Directive of 2006, the 2016 directive on the sharing of passenger name records on EU flights and EU agreements with the US and Canada. The UK has promoted measures to restrict the sale of bomb-making ingredients Europe-wide, and to ensure that replica firearms are put as effectively beyond use in Slovakia as they are at home.

Much of the thinking on topics such as aviation security, the protection of critical national infrastructure, the building of resilience and the prevention of radicalisation is generated in the UK and transmitted, bilaterally or through the EU, to other member states. A British Director of Europol and two British Directors of Eurojust have done much to ensure that those organisations serve the interests of the UK, despite differences in policing and (in particular) prosecutorial practice with much of the Continent.

Prospects after Brexit

If the EU was nothing more than a counter-terrorism union, no sane person would have contemplated Brexit. Whatever form it takes, the UK will have to surrender its leadership role in the development and refinement of EU mechanisms, and in the institutions such as Europol and Eurojust that it has done so much to improve.

That tradition of leadership, coupled with the UK’s massive intelligence contribution both within and outside EU mechanisms, will no doubt count in our favour when it comes to negotiating new arrangements – whether on a piecemeal basis or under cover of a new security partnership. The government is likely to want cooperation approximating as closely as possible to what we have at present. Since that will also be in the interests of our current partners, one may feel optimistic that, in a rational world, not too much need be lost.

But the negotiations are unlikely to be straightforward, for a number of reasons. First, there is a lack of precedent for close agreements with states that are not EU members, even when (Iike Norway and Switzerland) they participate in Schengen. The best current cooperation agreements afford no direct access to databases, and no role in the strategic direction of EU bodies. ECRIS, the European criminal record exchange, has no members that are not member states: Norway has to resort to a 1959 Council of Europe Convention on mutual assistance.

Secondly, the UK ‘red line’ over acceptance of CJEU rulings is potentially problematic. Third-country agreements are unlikely to subject the UK directly to CJEU jurisdiction: there are precedents for arrangements whereby the third country must simply keep CJEU case law under review, and enter into discussions with the EU where divergences in the case law arise. But the reality of the matter is that the UK will be seeking to participate in mechanisms whose rules and activities are policed by the CJEU. This was a sore point with those who opposed the Protocol 36 ‘opt-in’ to some pre-Lisbon measures during the last Parliament. Depending on where the red line is drawn, it has the potential to be an issue in the negotiations.

Thirdly, the more bespoke the agreement that is sought, the less likely it is to be achievable – at least in quick time. It is apparent from recent evidence sessions before the House of Commons Brexit Committee that some MPs would be reluctant to accept the EAW (despite recent improvements) without further significant changes to it. This would certainly be problematic: the surrender procedure negotiated by Norway and Iceland, which is a less ambitious version of the EAW, is still not in force after more than 10 years.

Fourthly, there is the need to adapt to the developing EU picture. The UK has long enjoyed special arrangements whereby it can opt at will into or out of EU measures concerning justice and home affairs. No doubt it would wish for similar latitude in the future. It remains to be seen whether others would perceive this as ‘cherry picking’.

Fifthly, there is a risk of political contagion. However strong the rationale for a deal on these matters, adequate time and political bandwidth will be required. If other issues toxify the negotiations, or if time simply runs out, it is possible that sensible agreements will not be reached. This could be serious: the EAW has been said by the current DPP to be ‘three times faster and four times less expensive’ than the alternatives, and nobody should wish to see a return to the Costa del Crime, whether in Spain or on the South Coast of England.

Data sharing

Underlying a number of those potential obstacles is the neuralgic issue of data sharing, recently thrust to the fore by the Tele2/Watson judgment of the CJEU, which appears to rule out the generalised collection and retention of certain types of personal data. It is evident also in the difficulties experienced by the US and Canada in recent or current cases concerning ‘Safe Harbor’, ‘Privacy Shield’ and the transfer of air passenger name records.

Put bluntly, the UK will not be trusted with the personal data of EU citizens unless it can demonstrate that it will afford those data equivalent protection to that which is available in the EU. Recent EU case law in this field, which prioritises data privacy over operational efficacy, will thus remain problematic even after Brexit. In this, as in some other respects, the EU looks set to prove a ‘Hotel California’, from which we will check out but which we will never entirely leave.

Contributor David Anderson QC, Brick Court Chambers, was Independent Reviewer of Terrorism Legislation until March 2017

Tags: 
Issue: 
Author details: 
David Anderson QC

David practises from Brick Court Chambers in London, with an emphasis on EU and public law. Between 2011 and 2017 he served as the UK’s Independent Reviewer of Terrorism Legislation. @bricksilk