The Ecosystem of European Biometric Monitoring and Surveillance DataThe Digital Walls of Fortress Europe - Part 1
Artificial Intelligence and algorithmic systems of digital control are at the heart of the EU’s new mobility control regime. High-risk automated decisions are being taken on human lives. It is an emerging multi-billion Euro unregulated market with dystopian “smart” applications.
Kostas Zafeiropoulos, Ioanna Louloudi, Nikos Morfonios
“We are Black and border guards hate us. Their computers hate us too.” Adissu, living without immigration status in Brussels *
The digitisation and online transition of ever more aspects of our lives is a long-term trend accelerated by the COVID-19 pandemic. However, what goes largely unnoticed is the same trend involving the data collection and surveillance superpowers of EU states.
Member states’ national authorities, such as police, internal security services, border guards, immigration authorities and European bodies such as Europol and Frontex, operate large-scale data collection and storage infrastructures. Under the guise of ‘national security’, a space is being created for potential violations of fundamental human rights, at a time when ‘militarised’ border security has already led to violence against refugees, push-backs with the risk of people returning to unsafe countries and inhumane conditions, and an alarming increase in avoidable deaths. Countries are closing migration routes – with the discriminatory recent exception of Ukrainian refugees – thereby forcing migrants and refugees to seek other, often more dangerous, alternatives and pushing them into the arms of criminal smuggling networks.
But it is not only physical walls that are being erected; as the independent Transnational Institute TNI (Border War Series reports) reports, a key part of so-called ‘Fortress Europe’ consists of ‘virtual walls’ that seek to restrict migrants from entering the Schengen area or to monitor their movements within it. These ‘virtual walls’ come in many shapes and forms: from advanced surveillance systems that monitor migration flows and track people’s movements at (and sometimes before) the external borders to ‘smart’, interoperable AI databases that aim to identify, record and profile migrants at and within the borders.
The common denominator of physical and virtual walls is the very social construction of the ‘man on the move’ as a potential threat to the EU and its member states. People trying to reach and enter the EU, fleeing disasters, violence, war or political persecution, are considered risk factors that need to be assessed and categorised.
MIIR’s journalistic team within the Panelfit project (Participatory Approaches to a New Ethical and Legal Framework for ICT) undertook to penetrate the different EU data recording and surveillance systems, to study their legislation and the data collected in the different databases, to identify the human-rights risks also created by the interoperability of these systems, based on numerous interviews with experts in the field, researchers, activists, lawyers, NGOs and migrants. In the first part of the investigation we present a brief overview of the main surveillance systems.
Description of the recording systems and personal databases
1. SIS-II Shenghen Information System
The oldest database. Its purpose is to monitor the movements of third-country nationals in the Schengen areas. It was originally established in 1995 to be updated in its second version in 2013 and from the following months provisions incorporated in 2018 will enter into force. It is the largest IT system in Europe, operating in 26 EU member states (Cyprus is not included but is expected to join) and in Switzerland, Norway, Liechtenstein and Iceland. Under the SIS II regulations, data (names, surnames, dates of birth, and other alphanumeric information) of third-country nationals subject to return decisions, data on refusal of entry or stay of persons in the Schengen area, and objects (e.g. cars, weapons, lost documents, passports, etc.) are collected and processed for the purpose of police and judicial cooperation. The provisions of the SIS II Regulations allow for the application of biometric identification of persons based on facial recognition technology. It is used both by police authorities and by immigration and asylum authorities. If a person applies for asylum, the authorities can search the SIS to see if there is an alert for him or her. Alerts can be issued for persons wanted for arrest or control, persons under surveillance by law enforcement authorities, persons who do not have the right to enter or stay in the EU, persons wanted for judicial assistance and missing persons (adults and children).
The SIS II system in 2019 set a record with 18 million searches per day by all competent authorities entitled to access it. In fact, this number is three times higher than the number of searches in 2014 (6 million searches per day). Indicative of the widespread use is the introduction at the end of 2020 of the Automated Fingerprint Identification System (AFIS) application, enabling searches by States and through fingerprints and introducing automatic checking and comparison with existing searches.
However, indicative of the targeted expanded use of the system to identify undocumented migrants is that of the 964,720 alerts issued in SIS II in 2020, more than half were for third-country nationals who had been refused entry and stay within Schengen. This has been the case consistently over the years, as the table of alerts 2016-2020 shows.
- VIS – Visa Information System
It was gradually put in place from 2011 and the development of the system was completed in 2016. The system is used by the 30 Schengen states together with Bulgaria, Croatia, Cyprus and Romania. The purpose is to allow these countries to exchange data on short-stay visas and to facilitate visa checks at border crossings. The competent asylum authorities can access the VIS. In 2018, the European Commission presented a proposal to revise the VIS in order to broaden its scope. The proposed rules suggest that the VIS should also include data on long-stay visas.
The system stores fingerprints and a photograph of visa applicants/holders, as well as personal data included in their applications, such as surname, home address, information on visa status and bank data (proof of deposit). “Without this the visa will not be granted. This is implicitly a class discrimination: if you are rich you can travel, if you don’t have money they will not reasonably give you a visa (‘low-tech discrimination’). The amount depends on each member state,” says researcher Georgios Glouftsios.
Automated biometric identification is already used in the VIS on the basis of the fingerprints collected. In 2019, 7 million biometric searches were carried out and 17 million biometric identity checks were carried out, the latter mainly at border stations. At airports, authorities check third-country nationals travelling to Europe to ensure that their fingerprints match those on their individual file in the VIS system, which is compulsorily set up prior to travel. Police authorities can search the VIS to see if a person who has previously applied for a visa is involved in criminal activity. It can also be used by asylum authorities.
Another element that exacerbates the privacy concerns of citizens and organisations towards these systems is the extended access by agencies and people from all services. It may be true that every year the authorities in each country that are entitled to access the database are published in the EU Journal. But this alone is not enough, as the number of end-users who may have access to individuals’ personal data is uncertain. For example, in the VIS system a total of 116 national services and authorities, including law enforcement authorities, have permission to create, modify and delete data – and the number of end-users reaches the astronomical figure of 458,000 employees, who all have access to this sensitive personal data.
The European system for the comparison of fingerprints of asylum seekers (EURODAC) became operational in 2003, as the first IT system allowing the storage of fingerprints in a database at EU level. The purpose of the system was to make it easier for EU countries to determine responsibility for examining an asylum application by comparing the fingerprints of asylum seekers and third-country/non-EEA nationals with a central database. In addition, the purpose was to enable law-enforcement authorities, under strict conditions, to search Eurodac for the investigation, detection and prevention of terrorist or serious criminal offences. So far it only stores biometric characteristics, and does not even record someone’s name. When an asylum seeker or a third-country/non-EEA national is found illegally in an EU country, then the EU country can consult Eurodac to see if the person has previously applied for asylum in an EU country or has already been arrested while trying to enter the EU illegally.
Eurodac is currently under review. The proposed revisions provide for the interaction of EURODAC with other EU IT systems in asylum, return and resettlement procedures. In this context, EURODAC will be used, inter alia, for the control of migration flows and the detection of secondary movements of third-country nationals in an irregular situation.
However, figures show that the collection and storage of fingerprints of third-country nationals or stateless persons is also common practice. In particular, member states transmitted a total of 644,926 fingerprint sets to EURODAC in 2020. Of these, 62% represent fingerprint datasets of applicants for international protection, 25% represent fingerprints of a third-country national or stateless person found to be illegally staying in a member state, while 13% are those of the same groups found illegally crossing the external border.
The new proposal, if adopted, would introduce a mandatory requirement to collect and store the fingerprints of third-country nationals or stateless persons found to be illegally staying in Europe. In addition, the volume of personal data collected will be radically increased. The proposed provisions will allow the collection of a wide variety of biographical and biometric information in addition to that already collected, such as images of persons, names, date and place of birth, and nationality.
The almost 6 million fingerprints accumulated in Eurodac at the end of 2020 do not belong exclusively to asylum seekers, but also to migrants that host states have classified as “irregular border crossers”, who are not entitled to access asylum procedures. On 31/12/2020, when the registration was made, they only accounted for almost 155,000 (3%), but the fingerprints of this category are automatically erased from the database after 18 months, unlike those of asylum seekers, which are stored for 10 years. For example, the corresponding proportion for them at the end of 2016 was 13%. It should be noted that since July 2015, the Eurodac database has also been accessible to the police services of the countries and Europol in the name of preventing and investigating offences related to terrorism and serious crime.
It is noteworthy how Germany, although not a country of first reception like Italy and Greece, nevertheless appears to accumulate the vast majority of biometric data among the 32 Segen countries. This is due to the fact that a large majority of the migrants who came to Europe especially with the 2015 refugee crisis applied for asylum for the first time in Germany, and not in the countries at the entry points of the European borders. In the biometric storage ranking, the countries following Germany are France, Italy, Greece, Serbia, the United Kingdom and Spain.
It is also striking that Greece is the “leader” among the 32 countries in the collection of fingerprints of migrants who are not entitled to access to asylum. This amounts to 56,000 (i.e. one third of the total of this category in Eurodac) out of a total of 331,609 fingerprints registered by Greece at the end of 2020. The remarkable Greek first place is linked to the process of data recording and screening in Greek reception centres for migrants entering the country.
The first official stage of registration, in addition to checking the relevant documents that the person may be carrying (passport, identity card, other documents) is the examination/interview/interrogation by either Greek police or Frontex personnel, the so-called screening. “The purpose of this procedure is to ‘calibrate’ the identity of the person, i.e. data such as age, nationality, place of origin, family relations, and it is done in cooperation with Frontex translators”, says Vassilis Vlassis, a post-doctoral researcher on surveillance technologies at the University of Informatics in Copenhagen. He has conducted a field study on asylum and screening procedures in the reception centres in Chios and Lesvos. “In interviews I have done,” he continues, “with people who were screeners at VIAL, in Chios, it turned out that a lot of data is examined: speech, pronunciation, spelling, clothes, jewellery, of course mobile phone photos etc., all are examined and taken into account in the conclusion that the screener will draw: ‘I know that Syrians spell Mohamad like this and never like that, while Moroccans spell it like this, but never like that’ I was told. Instinct, intuition also play their part. Sometimes, as soon as they walk through the door, you immediately have an opinion, and then you seek to validate it, as one of the auditors also said,” recounts Vlasis. In conclusion, the way in which this data takes shape is multifactorial and has strong performative elements, yet it can nevertheless have a decisive impact on the future of the migrant who joins Eurodac. “The coordinator of the FRONTEX mission to the Greek islands in 2016 himself told me: ‘the result of the screening does not constitute a scientific fact. It is a working hypothesis, the best we can do and what we are working with'”, recounts Vlassis.
- EES (European Entry/Exit System)
Established in 2017 and expected to be fully operational in May 2022. It collects data on all third-country nationals regardless of whether they need to apply for a visa or not. It records and stores the date, time and place of entry and exit of short-stay visa holders and travellers who are exempt from the visa requirement while crossing the EU border. The system aims to replace the passport stamp procedure by allowing the processing of biometric data of individuals. It will also record the length of someone’s stay and create automated alerts for situations of “overstaying” in a country. National law enforcement authorities and Europol will be able to access this database.
- ETIAS -(Εuropean Travel Information and Authorisation System)
Created in 2018 and the goal is to be fully operational by December 2022. According to EU declarations, it is “a largely automated IT system that will be set up to identify security, irregular migration or high epidemic risks posed by visitors travelling to Schengen states who are not subject to visa requirements. […] Third-country nationals who do not need a visa to travel to the Schengen area should apply for a travel authorisation through the ETIAS system before travelling.” It is yet another example of the EU treating people planning to travel to Europe as risk factors. It will not store any kind of biometric information. However, different categories of data will be collected, such as the applicant’s surname, nationality, country and city of residence, home address, email address and phone number, educational status (primary, secondary, higher or no education). In practice, the ETIAS system will work in much the same way as the ESTA system in the US.
6. ΕCRIS-TCN (The European Criminal Records Information System that concerns Third Country Nationals)
Originally created in 2012, ECRIS allows for the efficient exchange of information between member states regarding criminal convictions in the EU. Most of the information exchanged concerns European citizens. The revised European Criminal Records Information System will now include a central database of information on convictions of third-country nationals and stateless persons (ECRIS-TCN) and is expected to be operational in 2022. Both biographical and biometric data of convicted third-country nationals, stateless persons and EU citizens who are third-country nationals and have been convicted in a member state are stored within ECRIS-TCN. These data include categories such as full names, place and date of birth, nationality, gender, identity numbers, as well as fingerprint data collected in accordance with the legislation of the member state during the criminal proceedings. The facial images of convicted persons will also be stored in the system if the legislation of the convicting member state allows the collection and storage of facial images of convicted persons. The database will be available on the internet and authorities will be able to easily search it with a positive/negative search mechanism: a positive search result will identify the member states from which complete criminal record information on a particular person can be obtained.ECRIS has been used around 3 million times a year to exchange information on previous criminal convictions. Around 30% of the cases in which criminal records information is requested are answered positively.
According to the Meijers Commission, a group of law professors, researchers, judges and lawyers working to ensure that European legislation respects the rule of law and guarantees fundamental rights for all, the ECRIS-TCN regulation is the first European legislation to treat as third-country nationals European citizens who are also nationals of a third-country.
Interoperability of systems
The servers of all these systems are located in Strasbourg. There the servers are managed by the EU-Lisa service. When we think of border controls and mobility checks we usually think of Frontex, but Frontex is not the main player in these databases. EU-Lisa, the European Agency for the Operational Management of Large-Scale Systems in the Area of Freedom, Security and Justice, has been operating since 2012, is based in Tallinn, Estonia, but its operational centre is in Strasbourg. It has coordinated the testing of the Smart Borders pilot project and subsequent actions, analysis of results and reporting on this project, in close cooperation with the participating EU countries and the European institutions. EU-Lisa is responsible for the operational management of EURODAC, SIS II, VIS and Entry-ExitSystem, while ensuring information security and data protection.
In 2019, the EU adopted two regulations putting in place a legal framework requiring the interoperability of 6 of the databases described above (VIS, SIS II, Eurodac, Entry-Exit System, ECRIS-TCN and ETIAS). The objective is to implement the general data interconnection system by the end of 2023. While the European Commission presents interoperability as a natural progression, in practice this is not the case, as many of the existing databases are not yet fully operational.
“Point of no return”
According to the European Data Protection Supervisor, the EU legislator’s decision to make these systems interoperable would mean a “point of no return”, with profound implications for the right to privacy of people entering the EU. A new central database containing information on millions of third-country nationals, including their biometric data, would have new and improved access to information systems.
Four more data collection platforms across the EU will become operational or are planned to expand their scope over the next two years. The European Search Portal (ESP) will enable national and EU competent authorities, when they are unable to identify an individual or have doubts about the identity provided, to be able to initiate a query by submitting biographical or biometric data to ESP, which will search the 6 databases simultaneously. The Biometric Matching Service will create and store templates from all biometric data recorded in the underlying systems. The Common ID Repository (CIR) will store an individual record for each person enrolled in the systems, which will contain biometric and biographical data. Finally, the Multiple Identity Detector will be able to cross-check identities across all systems.
As stated in the Technological Testing Grounds report by the EDRI Network and Refugee Law Lab authored by Petra Molnar, this single interoperability framework provides a favourable infrastructure for many automated decision-making processes that put human rights at risk. Statewatch director Chris Jones, author of the report “Automated suspicion: the EU’s new travel surveillance initiatives”, said: “The enthusiasm among EU and member state officials for using new techniques and tools on unsuspecting travellers is worrying, as they increase the risk of discrimination, may lead to further errors in decision-making and will hand over more personal data to governments. People should think more about how their governments treat foreigners – otherwise they too may be treated as suspects rather than citizens.”
It is also noteworthy that there is a complete absence of any impact assessment by the legislature on the human-rights impact of the new interoperable systems and on the resources and scope of the independent authorities that control these systems, so as to hold them to account.
One of the pitfalls of technological development is that we tend to believe that it will increase efficiency and help achieve the goals for which it was designed. Too often, this is not the case. A first major issue that arises has to do with the quality of the data being entered into some of the aforementioned databases we have presented. “For example, according to a report recently published by the European Court of Auditors, there is a major problem with the quality of the data entered into the Schengen Information System. And quality here can refer to both biometric data and alphanumeric data. For example, it may happen that a police officer in a member state misspells the name of a wanted person when entering an alert into the system or enters a person’s name in the data field dedicated to surnames,” says researcher Georgios Glouftsios. If a person is registered in a database with an incorrect name or other poor quality data, two problems can arise. The first concerns false negatives: wanted or suspected persons are not identified by the system simply because their names are not correctly stored in the database. The other problem is false positives, meaning the incorrect identification of a person. For example someone is being checked by the police for whatever reason and by mistake his/her name looks very similar or the same as a bad alert stored in a system. In this case, he/she may run into trouble precisely because the system incorrectly identifies him/her as a wanted person.
“I think there are three main problems in terms of the accuracy of the technologies applied for border security. First, poor data quality. Second, lack of data completeness. And third, and this is more about future developments, biased data and potentially biased security decisions,” says Georgios Glouftsios.
– The second part of the investigation presents the PNR and EuroSur systems, analyses the new European surveillance architecture and the risks for vulnerable populations and people on the move, whether they are migrants, refugees or even EU citizens.
– In the third part of the investigation MIIR reveals the Artificial intelligence and algorithmic features in the new mobility monitoring regime and who are the private contractor companies building and marketing them in the EU.
* Quote from the “Technological Testing Grounds, Migration Management Experiments and Reflections from the Ground Up” (EDRi, refugee law lab, November 2020, author Petra Molnar)
*This article has been produced within the Panelfit project, supported by the Horizon 2020 program of the European Commission (grant agreement n. 788039). The Commission did not take part in the production of the article and is not responsible for its content. The article is part of the independent journalistic production of EDJNet.