• Database delays: new timetable for interoperable EU policing and migration systems by 2027

    EU interior ministers have agreed another revised timeline for the plan to make all justice and home affairs databases “interoperable”, with the aim now to have the systems up and running by 2027. Mandatory biometric border checks may now be introduced progressively, in the hope of limiting delays at border crossing points.

    The new timetable, agreed at the Justice and Home Affairs Council last week, follows on from previous delays. A revision to the timeline adopted in November 2021 included a plan for the Entry/Exit System (EES), a biometric border-crossing registration database, to be functional by September 2022. Further changes saw the deadline extended to May this year. A Belgian proposal to “decouple” the EES and the European Travel Information and Authorisation System (ETIAS) does not appear to have been taken on board.

    Under the new plan, the EES is supposed to come into use at some point in the second half of 2024 - though a note from the Spanish Presidency (pdf) suggests that even then, the “capturing and storing of biometrics... could be activated progressively.” This is because of the extra waiting times that the introduction of mandatory biometric capture, storage and verification at all EU border crossing points is likely to introduce.

    As previously reported by Statewatch, the Austrian government expects “process times to double compared to the current situation,” the Croatian government is clear that “the waiting time for border checks will certainly be significantly longer,” and the German government has said “control times for passengers will increase significantly by the introduction of EES.”

    To mitigate this, the Spanish Presidency’s note says that “derogation measures will be available for activation at individual border crossing points to prevent long waiting times. The date that will be retained for the entry into operation will be outside periods of major events and high travel times.”

    The introduction of the EES in the second half of 2024 is supposed to be followed by the ETIAS in the first half of 2025, the European Criminal Records Information System for Third Country Nationals (ECRIS-TCN) in mid-2026, finalisation of “the technical implementation of the IO [interoperability] architecture” in late 2026, followed by work to “upgrade and evolve the IO architecture” from 2027 onward.

    The timetable published by eu-Lisa also foresees the eventual integration of the expanded #Eurodac database, depending on the adoption of the law, which is currently under discussion in the Council and the Parliament.

    https://www.statewatch.org/news/2023/october/database-delays-new-timetable-for-interoperable-eu-policing-and-migratio
    #EU #UE #Union_européenne #biométrie #contrôles_frontaliers #asile #migrations #réfugiés #interopérabilité #frontières #Entry/Exit_System (#EES) #European_Travel_Information_and_Authorisation_System (#ETIAS) #European_Criminal_Records_Information_System_for_Third_Country_Nationals (#ECRIS-TCN) #agenda

  • EU: Tracking the Pact: Access to criminal records for “screening” of migrants

    Under the Pact on Migration and Asylum, the “screening” of migrants who have entered the EU irregularly or who have applied for asylum will become mandatory. The aim is to establish their identity and to investigate whether they should be considered a “security risk”. To facilitate the screening process, access to the EU’s system of “interoperable” databases is being broadened, with the Council recently approving its negotiating position on new rules granting access to a centralised register of individuals convicted of criminal offences in EU member states.

    Interoperability for screening

    The Commission’s proposal for a criminal records screening Regulation (pdf), one of countless amendments to the “interoperability” framework since it was approved in 2019, was published in March last year with a typically impenetrable, jargon-laden title.

    It was part of a series of new rules that aim to introduce new checks for asylum applicants and individuals making irregular border crossings, that are “at least of a similar level as the checks performed in respect of third country nationals that apply beforehand for an authorisation to enter the Union for a short stay, whether they are under a visa obligation or not.”

    Thus, the “screening” process requires checks against a multitude of databases: the Entry/Exit System (EES), the European Travel Information and Authorisation System (ETIAS), the Schengen Information System (SIS), the Visa Information System (VIS), Europol’s databases, two Interpol databases, and – the subject of the Council’s recently-approved negotiating position – the European Criminal Records Information System for Third-Country Nationals (ECRIS-TCN).

    The ECRIS-TCN contains information on non-EU nationals who have been convicted in one or more EU member states (fingerprints, facial images and certain biographic data), in order to make it easier for national authorities to find information on convictions handed down elsewhere in the EU.

    The Council’s position

    The Council’s position (pdf) was approved by the Committee of Permanent Representatives (COREPER) on 29 June, and makes extensive changes to the Commission’s proposal. However, many of these are deletions that appear to have been made because the text in question has already been added to the original ECRIS-TCN Regulation through one of the two other sets of amendments that have been made, in 2019 and 2021.

    The proposal used the term “threat to internal security or public policy”, which the Council has replaced with “security risk”. This somewhat vaguer term matches the wording approved by the Council in its position on the Screening Regulation, previously published by Statewatch, where the proposal initially referred to individuals that may “constitute a threat to public policy, internal security or international relations for any of the Member States.”

    Currently only visa authorities and those responsible for examining travel authorisation applications are granted access to the ECRIS-TCN for border control and immigration purposes (listed in Article 5(7) of the ECRIS-TCN Regulation and as explained in the Statewatch report Automated Suspicion).

    The criminal records screening Regulation grants new authorities access to the ECRIS-TCN, but does not list those authorities explicitly. Instead, it refers to the Screening Regulation itself, which is set to give member states discretion to determine “the screening authorities” as they see fit, although the Council’s preferred version of that text includes the provision that:

    “Member States shall also ensure that only the screening authorities responsible for the identification or verification of identity and the security check have access to the databases foreseen in Article 10 and Article 11 of this Regulation.”

    The Council’s position on the Screening Regulation, like the original proposal, does not include a requirement that the authorities responsible for the screening process be publicly listed anywhere.

    Whoever those authorities may be, they will be granted access to use the European Search Portal (part of the interoperability framework) to conduct searches in the ECRIS-TCN (and other databases), although will only be granted access to ECRIS-TCN records that have a “flag” attached.

    Those “flags” will be added to records to show whether an individual has been convicted of a terrorist offence in the last 25 years, or (in the last 15 years) one or more of the criminal offences listed in a separate piece of legislation.

    In the case of a “hit” against information stored in the ECRIS-TCN, the new rules will require screening authorities to contact the member state that handed down the conviction and to seek an opinion on the implications of that conviction for an individuals’ potential status as a security risk.

    The Commission wanted that opinion to be provided within two days, but the Council has increased this to three; if no opinion is provided within that time, then “this shall mean there are no security grounds to be taken into account.” The Council’s position also makes it explicit that the convicting authorities are obliged to consult the criminal record before providing their opinion.

    The European Parliament is yet to reach a position on the proposal. The EP rapporteur, Socialists & Democrats MEP Birgit Sippel, told Statewatch:

    “The European Parliament continues to work on all proposals related to the New Pact on Migration and Asylum, including both the Screening and Screening ECRIS-TCN proposals. As rapporteur, I have presented my draft report on both files at the end of 2021. Negotiations continue at political and technical level. Due to the deep links to the other proposals, we aim for a harmonised EP position and there is currently no concrete date foreseen for a debate or vote in the LIBE Committee.”

    However, the Parliament has committed itself to completing work on all the migration and asylum laws currently on the table by February 2024.

    Interoperability marches on

    Many are likely to see the screening process as part of the ongoing “criminalisation” of migration – indeed, the intention with the criminal records screening proposal is to explicitly link aspects of the criminal justice system with the EU’s immigration and asylum systems, in order to increase the possibilities of excluding individuals deemed to pose a security risk – however that may be determined by the authorities.

    The application of these checks to irregular border-crossers and asylum applicants is also a logical consequence of the way the EU’s interoperable databases are being deployed against other categories of individuals: as noted above, it is deemed imperative that everyone entering the EU faces “a similar level” of checks. With the interoperability architecture largely seen as a starting point for future developments, and with EU agencies Europol and Frontex pushing for AI-based profiling of all travellers, future proposals to further expand the types of checks and the individuals to whom they should be applied are almost guaranteed.

    https://www.statewatch.org/news/2022/july/eu-tracking-the-pact-access-to-criminal-records-for-screening-of-migrant

    #screening #identification #migrations #asile #réfugiés #pacte #interopérabilité #Entry_Exit_System (#EES) #European_Travel_Information_and_Authorisation_System (#ETIAS) #Schengen_Information_System (#SIS) #technologie #Visa_Information_System (#VIS) #données #base_de_données #European_Criminal_Records_Information_System_for_Third-Country_Nationals (#ECRIS-TCN)

  • Automated suspicion: The EU’s new travel surveillance initiatives

    This report examines how the EU is using new technologies to screen, profile and risk-assess travellers to the Schengen area, and the risks this poses to civil liberties and fundamental rights.

    By developing ‘interoperable’ biometric databases, introducing untested profiling tools, and using new ‘pre-crime’ watchlists, people visiting the EU from all over the world are being placed under a veil of suspicion in the name of enhancing security.

    Watch the animation below for an overview of the report. A laid-out version will be available shortly. You can read the press release here: https://www.statewatch.org/news/2020/july/eu-to-deploy-controversial-technologies-on-holidaymakers-and-business-tr

    –----

    Executive summary

    The ongoing coronavirus pandemic has raised the possibility of widespread surveillance and location tracking for the purpose of disease control, setting alarm bells ringing amongst privacy advocates and civil rights campaigners. However, EU institutions and governments have long been set on the path of more intensive personal data processing for the purpose of migration control, and these developments have in some cases passed almost entirely under the radar of the press and civil society organisations.

    This report examines, explains and critiques a number of large-scale EU information systems currently being planned or built that will significantly extend the collection and use of biometric and biographic data taken from visitors to the Schengen area, made up of 26 EU member states as well as Iceland, Liechtenstein, Norway and Switzerland. In particular, it examines new systems being introduced to track, analyse and assess the potential security, immigration or public health risks posed by non-EU citizens who have to apply for either a short-stay visa or a travel authorisation – primarily the #Visa_Information_System (#VIS), which is being upgraded, and the #European_Travel_Information_and_Authorisation_System (#ETIAS), which is currently under construction.

    The visa obligation has existed for years. The forthcoming travel authorisation obligation, which will cover citizens of non-EU states who do not require a visa, is new and will massively expand the amount of data the EU holds on non-citizens. It is the EU’s equivalent of the USA’s ESTA, Canada’s eTA and Australia’s ETA.[1] These schemes represent a form of “government permission to travel,” to borrow the words of Edward Hasbrouck,[2] and they rely on the extensive processing of personal data.

    Data will be gathered on travellers themselves as well as their families, education, occupation and criminal convictions. Fingerprints and photographs will be taken from all travellers, including from millions of children from the age of six onwards. This data will not just be used to assess an individual’s application, but to feed data mining and profiling algorithms. It will be stored in large-scale databases accessible to hundreds of thousands of individuals working for hundreds of different public authorities.

    Much of this data will also be used to feed an enormous new database holding the ‘identity data’ – fingerprints, photographs, names, nationalities and travel document data – of non-EU citizens. This system, the #Common_Identity_Repository (#CIR), is being introduced as part of the EU’s complex ‘interoperability’ initiative and aims to facilitate an increase in police identity checks within the EU. It will only hold the data of non-EU citizens and, with only weak anti-discrimination safeguards in the legislation, raises the risk of further entrenching racial profiling in police work.

    The remote monitoring and control of travellers is also being extended through the VIS upgrade and the introduction of ETIAS. Travel companies are already obliged to check, prior to an individual boarding a plane, coach or train, whether they have the visa required to enter the Schengen area. This obligation will be extended to include travel authorisations, with travel companies able to use the central databases of the VIS and ETIAS to verify whether a person’s paperwork is in order or not. When people arrive at the Schengen border, when they are within the Schengen area and long after they leave, their personal data will remain stored in these systems and be available for a multitude of further uses.

    These new systems and tools have been presented by EU institutions as necessary to keep EU citizens safe. However, the idea that more personal data gathering will automatically lead to greater security is a highly questionable claim, given that the authorities already have problems dealing with the data they hold now.

    Furthermore, a key part of the ‘interoperability’ agenda is the cross-matching and combination of data on tens of millions of people from a host of different databases. Given that the EU’s databases are already-known to be strewn with errors, this massively increases the risks of mistakes in decision making in a policy field – immigration – that already involves a high degree of discretion and which has profound implications for peoples’ lives.

    These new systems have been presented by their proponents as almost-inevitable technological developments. This is a misleading idea which masks the political and ethical judgments that lie behind the introduction of any new technology. It would be fairer to say that EU lawmakers have chosen to introduce unproven, experimental technologies – in particular, automated profiling – for use on non-EU citizens, who have no choice in the matter and are likely to face difficulties in exercising their rights.

    Finally, the introduction of new databases designed to hold data on tens of millions of non-citizens rests on the idea that our public authorities can be trusted to comply with the rules and will not abuse the new troves of data to which they are being given access. Granting access to more data to more people inevitably increases the risk of individual abuses. Furthermore, the last decade has seen numerous states across the EU turn their back on fundamental rights and democratic standards, with migrants frequently used as scapegoats for society’s ills. In a climate of increased xenophobia and social hostility to foreigners, it is extremely dangerous to assert that intrusive data-gathering will counterbalance a supposed threat posed by non-citizens.

    Almost all the legislation governing these systems has now been put in place. What remains is for them to be upgraded or constructed and put into use. Close attention should be paid by lawmakers, journalists, civil society organisations and others to see exactly how this is done. If all non-citizens are to be treated as potential risks and assessed, analysed, monitored and tracked accordingly, it may not be long before citizens come under the same veil of suspicion.

    https://www.statewatch.org/automated-suspicion-the-eu-s-new-travel-surveillance-initiatives

    #vidéo:
    https://vimeo.com/437830786

    #suspects #suspicion #frontières #rapport #StateWatch #migrations #asile #réfugiés #EU #UE #Union_européenne
    #surveillance #profiling #database #base_de_données #données_personnelles #empreintes_digitales #enfants #agences_de_voyage #privatisation #interopérabilité

    ping @mobileborders @isskein @etraces @reka