If opinion polls are correct, the upcoming United Kingdom general election on December 12 could finally make Brexit a reality. But what happens to European cybersecurity cooperation? Let’s explore.
Will Brexit actually happen?
If yes, how and when? What will be the terms?
Those questions have been pondered by millions of people around the world for the past 4+ years, even after the historic vote was passed in 2016.
More specifically, questions surrounding technology and cybersecurity cooperation remain complex, and yet the importance of these topics are coming into clearer focus as the upcoming United Kingdom General election on Dec. 12 draws near.
Here’s a rundown of the issues and international coverage that this topic is getting lately:
“…The National Police Chiefs' Council has cautioned that fall-backs to current information-sharing agreements with European law enforcement agencies "will be slower, more bureaucratic and ultimately less effective. …
“‘It's a huge administrative nightmare,’ says Ann LaFrance, a partner at the law firm Squire Patton Boggs who specializes in data privacy and cybersecurity issues. LaFrance says that some of her firm's global clients have commissioned time-consuming and expensive 50-country data protection compliance reviews, to ensure they are abiding by current laws. But, she says, the reviews are complicated by legal definitions that vary by geography and an ever-shifting landscape of rules. Meanwhile, in the U.S., companies also face an increasingly chaotic web of state-level data privacy regulations, she says.”
More Background on Brexit and the Cyber Ramifications
Back in early 2016, I wrote a blog (before the Brexit vote) which outlined 7 reasons why Americans should care if the United Kingdom (U.K.) leaves the European Union (E.U.).
Even if you don't care much about U.K. politics, I think it is still important for Americans to watch how these major organizational changes are implemented in practice in Europe. New changes are happening all the time between federal, state and local governments in the U.S., and global governments are important partners in fighting cybercrime. No doubt, most of these U.S. changes are not at the level of Brexit, but we can learn from how this process evolves.
This thoughtful article by Martina Calleri from Deloitte in Italy outlines what’s at stake for European Cybersecurity after Brexit.
Ms. Calleri states that: “The U.K.’s 20-year membership in Europol proved that the EU’s law enforcement organization provides mutually reinforcing incentives for members to contribute and to and not withdraw from it. Even more, following the growth of cybercrime, it became clear that the gathering of cyber-intelligence data could not be sustained by any national agency on its own. According to the British government’s vision for its new partnership with the E.U., the pooling of expertise and resources with E.U. partners enabled the U.K. ‘to develop some of the world’s most sophisticated cross-border systems and arrangements in the fight against crime’. Downgrading the U.K.’s involvement in the institution to that of non-E.U. countries would result in a loss both for the British government and for its European allies.
Nevertheless, the E.U.'s chief negotiator, Michel Barnier, made it clear that the U.K. could not continue to be a formal member after Brexit, which means that the country might strike a deal to keep accessing intelligence, but London will no longer have a say in operations and decisions. As a result, Europeans will lose out not only on the U.K.’s pool of intelligence in Europol, but also on the country’s role as a member of the Five Eyes – the intelligence alliance between Australia, Canada, New Zealand, the United Kingdom and the United States, which has been cooperating with Europol via London’s membership.”
I also like this YouTube video discussion from ZDNet which describes how the uncertainty over Brexit affects data privacy and security throughout Europe.
I have been meaning to come back to this Brexit topic for many months, and with the crucial U.K. elections now just weeks away, it is essential that everyone take notice of the potential impacts to fighting cybercrime, gathering intelligence, attracting and retaining talent within the U.K. and E.U., and many other related cybersecurity issues.
Numerous global companies have operations throughout the U.K. and Europe, and I have spoken with several people that are concerned about their cybersecurity careers in the U.K. Is the fear overblown? Only time will tell. But expect this topic to heat up further, especially if Boris Johnson and the Conservative Party win a working majority in Parliament.
My view is that all of these delays and back and forth negotiations on Brexit have actually helped technology and security companies, along with impacted governments, better prepare for the likely changes to come. Also, rather than more finger-pointing and fears of doom and gloom (which we saw a lot of in 2017 and 2018), we are now seeing more European and United Kingdom organizations articulate their need to work together and ensure that operational cybersecurity is not impacted by Brexit (in the short run at least.)
Recent announcements on cooperation on cybersecurity are encouraging.