At its headquarters in the Estonian capital of Tallinn, on the Baltic Coast, a little-known European Union body is building one of the world’s largest biometric identity databases.
The Central Identity Repository (CIR) is designed to hold the records of 300 million people and will be the centerpiece of a new, integrated system that allows police forces across the EU to search and cross-check the records of immigrants and visitors from outside Europe. Established by eu-LISA, the EU’s cross border IT agency, CIR will cost at least $190 million to establish and $33 million a year to maintain.
The CIR and its associated systems will not be completed until 2023 at the earliest, but the project, which was conceived as a counter-terrorism measure, has already faced criticism from human rights activists and observers.
The ultimate aim of the scheme, known as “interoperability” in EU jargon, is to create a single collection of identity records that can be searched by police forces across the bloc. All holders of non-EU nationality will have their details stored, whether they are people with visas, asylum-seekers, undocumented migrants — or, potentially, EU citizens who also hold nationality in a non-EU state.
A decade ago, the European Commission itself warned that a project of this nature would “constitute a gross and illegitimate restriction of individuals’ right to privacy and data protection.” Today, some civil liberties organizations argue that the EU is handing a potentially powerful surveillance tool to its member states at a time when several are governed by authoritarian populists and far-right parties are prominent elsewhere.
Human rights groups are also worried that the CIR will be used for a purpose never originally intended: to chase down migrants whom states wish to deport. A similar process is already under way in the US and the UK, whose governments have rifled through existing identity databases and encouraged the sharing of personal details collected by public services as a means to control immigration.
Although proposals for a system of this kind have circulated among EU policymakers for many years, a series of terrorist attacks in Europe during 2015 and 2016 prompted the creation of the CIR. It emerged that a number of perpetrators had crossed internal EU borders while preparing their attacks, and that they had come to the attention of some individual national police forces, but not others. A detail that advocates of the new system like to cite is that the man who carried out the 2016 Berlin truck attack — a Tunisian national whose asylum claim had been rejected by Italy — was listed 14 different times on various databases, but had no single file available to police across the EU.
Last year, the European Parliament approved the structure of the CIR and the system surrounding it. In essence, the project is intended to pool information already held on around half a dozen existing databases. Eurodac, for instance, stores the fingerprints of people who claim asylum anywhere in the EU, so that they can be tracked if they move countries.
The new system will collect the various types of information already stored elsewhere — fingerprints, facial images, biographical details, and so on — and a series of new search tools will help users navigate the information.
This is where a major objection to the project arises. The millions of people whose details are already being stored have not given consent to have their personal data scraped, combined and used in this new way.
Undermining data protection
A report published last autumn by Statewatch, a London-based civil liberties organization that monitors the European Union, argues projects like CIR undermine a key principle of data protection: purpose limitation.
Juraj Sajfert, a research fellow at Vrije Universiteit Brussel in Belgium and an expert in data protection law, told me in two telephone and email conversations that the criticism made by Statewatch is justified. Data, he said, “should be collected for specific purposes and not be further used for incompatible purposes after the event. You cannot suddenly pull a new legal basis out of a hat, after you have already collected personal data.”
The existing databases on which the new system will draw, Sajfert said, were originally designed for simple queries linked to the basis on which the information was collected: an asylum claim, for instance.
“Interoperability” fundamentally changes the nature of those databases to allow officials to use them for wide-ranging investigative purposes. Sajfert believes the project is being pulled together in a hurry, and that the potential for “false positives” — an apparent match in the databases that mistakenly suggests someone is an identity fraudster and consequently a suspect — is “immense.”
The Statewatch report highlights the risk that officials will be tempted to use the new database system for immigration enforcement. Politicians who have vowed to crack down on unwanted immigration are increasingly turning to big data as a way to track people down.
In the US, the Immigration and Customs Enforcement agency (ICE) has pioneered the use of software and data-sharing agreements originally intended for counter-terrorism purposes to collect information from a range of public and private sources, such as driving license records and social media networks. The process began during Barack Obama’s presidency, but ICE’s efforts have intensified under pressure from the Trump administration to increase deportations of undocumented migrants living long-term in the US.
The sharing of personal data has also been a key part of the UK’s controversial “hostile environment” policy, which aims to make daily life so difficult for people without permission to stay in the country that they leave. One element of this policy, which required schools to disclose the nationality of pupils to immigration enforcement officials, has already been halted after a legal challenge from the British human rights organization Liberty.
Within the EU — the UK has, of course, just left — some national and regional governments are already keen to harness the power of state record-keeping in a similar fashion. France’s centrist president Emmanuel Macron has pursued a tough line on security and immigration since his election in 2017, which includes a concerted effort to identify and remove people whose asylum claims have been rejected.
Last July, emergency shelters for homeless asylum-seekers in France received a notice from the interior ministry to share the personal details, including the immigration status, of their clients. One employee of an NGO that works to protect the health of vulnerable migrants told me that this was one of several similar requests to frontline aid organizations — a “disgusting” practice, they said, because it is likely to encourage people at risk not to seek help when they most need it.
Alyna Smith, the advocacy officer at Platform for International Cooperation on Undocumented Migrants (PICUM), a leading Brussels-based NGO, told me by email that such policies highlight the need for a “firewall” between essential public services and immigration enforcement bodies.
According to Smith, these “help to ensure that the political priority increasingly placed on immigration enforcement doesn’t trump fundamental rights,” and doesn’t undermine important goals such as public health. If people are worried that they will be detained or deported if they visit a doctor, for instance, they may avoid seeking medical treatment.
Firewalls have also been recommended by the Council of Europe’s Commission on the Elimination of Racism and Intolerance, and the UN’s special rapporteur on the human rights of migrants.
Data-sharing can also pose risks to those immigrants who are living in a country with permission. In Hungary, where Viktor Orbán’s far-right government has pursued hardline immigration policies since the refugee crisis of 2015, the National Directorate-General for Aliens Policing (NDGAP) was set up last year to oversee immigration control. In addition to its own identity database, the NDGAP can request information on foreign nationals from a range of state bodies. Schools, universities and employers are also obliged to notify the NDGAP when there is a change in the circumstances of a student or employee from outside the EU.
According to Zsolt Szekeres, legal officer for the Hungarian Helsinki Committee, a human rights NGO, the data sharing — in combination with the state’s zeal to exclude unwanted migrants — has already led to several cases in which people who should be legally allowed to live in Hungary have been stripped of their rights.
Szekeres gave the example of a university student who has been living in Hungary legally for six years, but is now in immigration detention, threatened with deportation, because he was late paying his tuition fees, owing to a problem with the bank transfer. The NDGAP also stores a large amount of personal data on asylum-seekers, including ethnic background, religion and political beliefs. Szekeres describes this policy as “concerning.”
Logistical snags
In October 2019, according to eu-LISA’s own official reports, the agency organized a conference in Tallinn for EU officials and members of the tech industry on how to put the interoperability regulations into practice. Speakers from software companies that specialize in artificial intelligence and biometrics gave presentations, as did a representative of U.S. Customs and Border Protection, who explained that some of the key technology it now uses for border control was originally developed after 9/11 for counter-terrorism purposes.
The CIR is still under construction, and little public information is available about which companies have been contracted to work on the project. When asked, under the EU’s access to documents rules, eu-LISA declined to provide further details. A “feasibility study,” published on eu-LISA’s website, suggests that the agency is looking to buy off-the-shelf technology, rather than building its own software from scratch.
The agency hailed its conference as “a milestone in the journey towards the seamless functioning of systems,” but in recent months the project appears to have hit some logistical snags. Germany’s interior ministry raised doubts last autumn that the systems could be up and running by 2023, as planned, owing to the challenges in “coordinating and cooperating across all the different national authorities involved.” A European Commission report acknowledged that “procurement and resources present challenges.”
Alyna Smith at PICUM believes the EU could do far more to protect people’s rights. “States have a legitimate interest in pursuing security objectives which target irregular migration as well as terrorism,” she told me. “The problem with these [new] systems is not that they include this component, but rather that they do so in a way that is ultimately stigmatizing — and probably also ineffective because they were based on flawed and discriminatory premises.”