Surveillance without limits – How Europe creates a dysfunctional border regime

E-gates at the airport in Oslo
Photo: Tom A. Kolstad/Aftenposten

The European Union is planning comprehensive controls of its external borders. “Investigate Europe,” a team of journalists from eight countries, has uncovered: It is costing billions – but the only beneficiaries are the weapon and electronics industries. 

The large wall screens glow in blue and white, and nobody speaks. Only the quiet clicking of keyboards reveals that the ten men in the rows of desks before them are concentrating on their work. Green, amber and red dots appear on the displayed maps of Europe. Every dot is an incident, explains the shift manager in a Spanish accent. But he will only say in certain cases what exactly they stand for. Most of it must remain a secret, just like his name. Because here, on the 11th floor of the Warsaw Spire, a seemingly futuristic building complex in the centre of the Polish capital, is where the European Border and Coast Guard (EBCG), known until recently as “Frontex”, runs its “situation room.” Alerts from 30 national border protection authorities come in around the clock through a secured military data network. They range from a smuggler between Russia and Finland to a refugee boat off the coasts of the Canary Islands. They also include satellite images, ship movements and even weather forecasts. The overview gained in this manner can be retrieved by all participating authorities. “We provide information on the border situation all over Europe, almost in real time”, assures the Spanish EU official.

1,200 km away, in the Strasbourg suburb of Neuhof, home to the operations centre of “eu-LISA”, the European Agency for the operational management of large-scale IT systems, Bernard Kirch and his team are also delivering in “real time.” Behind steel fences and barbed wire and hidden in an underground room, they guard the European border regime’s treasure trove of data: the Schengen

Server center “eu-LISA” in Strasbourg. Credit: eu-LISA

Information System (SIS) and two more databases. Around 30 server towers stand neatly arranged here, connected via secure lines to access points for national authorities. Records on around a million people wanted by the police, as well as 32 million visa applicants and over five million asylum seekers are available (see box S on page 5). Border guards across the EU access this database when they check travellers. And soon there will be three more databases on airline passengers and travellers from non-EU states. Space for them has already been reserved in the underground data centre. “We make sure that all member states get all of the data”, assures Kirch. “Every new entry is available everywhere within five minutes.”

In future, data acquisition for the control of the external borders will also be a task for EU officials in Lisbon, 1,800 km further southwest. The European Maritime Surveillance Agency (EMSA) is based here, on the docks of the old harbour with a wide view over the bay. Until now, it has only been responsible for maritime safety. But starting next year, EMSA officials will launch an entire fleet of remote-controlled surveillance aircraft in cooperation with the Portuguese Air Force. Equipped with high-resolution cameras, laser light, IR and radar sensors, they will transmit data on events in the Mediterranean Sea in all weather conditions. No longer will any ships, refugee boats or smuggling operations be able to evade surveillance.

Military-style situation centres, databases on millions of people, large-scale surveillance by means of remote-controlled drones, billions of Euros in funds for research and the subsequent acquisition of the necessary technology – almost entirely unknown to its citizens, the governments of the European Union are pursuing a major long-term plan for the use of state-of-the-art technology to monitor Europe’s external borders. At their recent summit in Bratislava, Slovakia, EU heads of state actually chose border security as their most important issue. They deemed it important to “stop illegal migration” and “protect our people’s security”, as Chancellor Angela Merkel put it, recognising a new “spirit of collaboration” in an otherwise rather fractious Europe.

But will the desired surveillance system serve its purpose? Will it make Europe safer? A team of nine journalists from eight different countries has been trying to find an answer to these questions. For two months the Investigate Europe team talked with over 200 border guards, investigators, law experts, engineers, EU officials and politicians. The results are alarming:

For Europe’s new border control project

  • over six billion Euros from the EU budget and a similar amount from national budgets are to be spent by 2020 on surveillance technology and operations of no discernible use;
  • the European Commission and national governments want to abolish fundamental privacy laws and store citizens’ personal data on a massive scale without judicial control;
  • the European Commission has aligned its policies almost exclusively with the interests of the security and arms industries, and is giving their representatives a say in decision and law-making processes, despite massive conflicts of interests due to their positions on advisory boards.

The background for this is ironically one of the greatest achievements of European integration: the removal of internal borders between 30 states in the EU and the European Free Trade Agreement (EFTA). Together they make up the so-called Schengen area, named after the village in Luxembourg where the initial treaty was signed in 1985. This granted citizens and companies alike unprecedented liberties. But at the same time, the union has to manage a joint external border, even though there is no joint government. To date, border control is, by law, subject exclusively to the respective national governments. This contradiction has resulted in an uncontrollable political wilderness with serious consequences.

A lack of expertise in the EU Commission

It began with the shocks caused by the 9/11 terrorist attacks. America subsequently prepared for the “War on Terror.” By contrast, the Schengen states did not have a common security policy. Yet the governments wanted to make clear statements of intent and ordered the European Commission to develop the necessary plans. But the central authority in Brussels lacked both the expertise and the personnel to do it. And so the EU officials under the leadership of then-president Romano Prodi did what they have always done: they interpreted the order as a “business development project” and commissioned industry to come up with a suitable research programme. For this purpose, they appointed a “group of personalities” which included top managers of relevant industries alongside a number of retired politicians. Everybody who is anybody in the EU arms and electronics industries, from EADS (Airbus) via Indra in Spain, Italy’s Finmeccanica and the French Thales Group to BAE, Siemens and Ericsson, were represented.

In its report published in early 2004, the group promptly demanded the EU follow the United States’ example and use millions of Euros in funding to “combine civil and military means” for security research purposes. Otherwise, the U.S. would “progressively impose normative and operational standards” and “enjoy a very strong competitive position.” Thus, the group claimed, there was “no reason why European security research should not be funded at a level similar to the U.S.”

And that is exactly what happened. Just half a year later EU commissioners, now led by José Manuel Barroso of Portugal, published an initial research programme, endowed with around €40 million, for those corporations whose “personalities” had demanded it. A further programme worth €1.4 billion followed in 2007 and a third is in place since 2014, this time with €1.7 billion in funds. The Schengen states simultaneously began to fund the purchase of the developed technologies by the national governments through shared funds. The initial €1.3-billion “Schengen Facility” later turned into the “External Borders Fund” worth €1.7 billion and eventually became the “Internal Security Fund” which will pay another €2.8 billion from 2014 to 2020 to upgrade border control.

“This was enormously important decision ” in the opinion of Peter Burgess, professor of security policy at the Ecole Normale Supérieure in Paris. Burgess, 55, has been following Europe’s handling of security issues for almost 20 years. He sees the bigger picture. Following the attacks in New York, it became Europe’s strategy “to develop an autonomous security industry which did not exist before,” he says. And since then it has primarily been the managers of this industry who have decided what constitutes “security.” As a consequence, according to Burgess, the focus is always on surveillance technology, even though “there is very little evidence that it works.”

Frontex budget exploded

One quick look at the core component, the joint border control agency in Warsaw, only serves as confirmation. When it was launched under the name “Frontex” in 2005, it had a staff of 45 and a yearly budget of €6.5 million. The idea was for this new authority to coordinate the many border protection authorities and to align their practices with common standards. Since then, the budget has increased to €254 million and the workforce to 359 officials. The budget is expected to reach €320 million by 2020, a 5,000 per cent increase. The newly renamed European Border and Coast Guard will coordinate the deployment of border guards in various countries, especially in the Mediterranean region. But above all, since 2013 Europe’s high-tech border guards have been operating the European Border Surveillance System, abbreviated to “Eurosur” – a complex border control network which covers the entire continent.

The declared objective is to improve “situational awareness and reaction capability” in order to combat “cross-border crime” and “irregular migration.” To this end, “National Coordination Centres” (NCCs) are required to report all incidents at their borders around the clock. At the same time, the EMSA with its drone videos, the European Space Agency and even the European Fisheries Control Agency are supposed to pass on their useful data and maps. All of this should yield a constant “situational picture” that can warn on-site authorities of imminent illegal border crossings and crises. The European Commission calculated that development of the system will cost €240 million. However, a study on behalf of the Heinrich Böll Foundation warned that this information was based on arbitrary estimates. In reality, costs are expected to exceed €800 million.

The (dysfunctional) technocratic utopia

Yet the system is nothing more than a technocratic utopia. It does not work in real life. In Italy, for example, the supposed coordination centre, located in a building belonging to the Ministry of the Interior, turned out to be a mere myth upon closer inspection. During an on-site visit in November, the responsible official, named Rosa Preteroti, was unable to point out even a single computer hooked up to the system. She explained that the centre was closed for refurbishment and they were waiting for new software. But that is what she had already said a month before. Just a few kilometres away by contrast, officials at the Italian Coast Guard’s operational centre actually are monitoring the maritime border around the clock, coordinating the rescue of thousands of migrants from unseaworthy boats with all available ships. However the on-duty officers flatly admit that they had “never heard” of “Eurosur.” It would seem the system is not yet equipped to provide information from Italy.

Major Joao Eufrasio, Photo: Nuno Ferreira Santos

Portugal has at least a connection to Warsaw. Reports about incidents on Portugal’s shores are entered by an official at the National Republican Guard’s situation centre in Lisbon. They mostly comprise second-hand information from the police or the navy on smugglers or suspicious ships. But even Major João Eufrázio, on duty here in Portugal, is unable to explain what use it is to his colleagues or those in other countries. He claims Portugal’s joint surveillance system with Spain is of great importance. But that also works without the situational picture from Warsaw.

It is much the same at the Greek “coordination centre”: in a room with the obligatory wall screen, five officials control the actions of the border police and coast guard. One of them enters information about incidents on Greece’s seemingly endless maritime border on an online form for Eurosur. Much of the information is old, with not even a hint of “real time.” When asked about Eurosur’s practical use, Police Major General Emmanouil Grigorakis can only read from the corresponding EU directive. And even in Poland, very close to Europe’s border guard headquarters, the individuals responsible for Eurosur, Border Guard Captain Grzegorz Niemiec and colleague Grzegorz Kazimierczak, have no idea about the practical use of the system. “It would be good for us to know at an early stage what is happening at the border crossings with Slovakia. Then we would be able to analyse what will shortly arrive in Poland” they report. But currently the system does not record what is going on in regular border traffic.

In other words, the costly Eurosur network is hitherto largely useless for the everyday routine of officials at Europe’s external borders. The French parliament came to the same conclusion in an investigation last year. The parliamentarians established that Eurosur “only visualises occurrences that have already been recorded,” but “it cannot contribute to the improvement of surveillance.”

However, these sobering findings are not resonating with those responsible in Brussels. An example of this is Dimitris Avramopoulos. Formerly, he served in Greece’s conservative New Democracy party as Minister for Tourism, Health, National Defence and Foreign Affairs. Now, as Commissioner for Home Affairs and Migration, he is the leading EU official for security policy – and he dismisses any hint of criticism out of hand. In an interview with “Investigate Europe” he affirmed that Eurosur was “doing a great job” and that it was going to get “even better” with the development of the European Border and Coast Guard.

And so the European Commission and the home secretaries of the Schengen states stubbornly adhere to the same old principle: more surveillance technology and data collection equals more security. For this reason they have developed an almost symbiotic relationship with the security industry. This is documented by the astonishing role of the “European Organisation for Security” (EOS). Its founder and head, Luigi Rebuffi, used to be the top lobbyist of the French defence and electronics group Thales. He not only secured the relevant industrial companies, but also state research organisations like the German Fraunhofer Society, as members of his association, founded in 2007. This meant the EOS practically assuming the role of gatekeeper when the EU granted its billions of Euros in research funds.

The independent Transnational Institute in Amsterdam has found that the EU invested over €316 million of tax money in new technologies for border surveillance between 2004 and 2014. The spectrum ranges from high-tech drones for remote monitoring to document scanners with database connection, from networking software for security authorities to the integration of data streams in situational pictures. Eleven of the 15 companies and organisations who received the most funding are members of the EOS. And that is no coincidence. The industry was and still is strongly represented on the European Commission’s corresponding advisory boards. One third of the “advisors” has been or is involved in conflicts of interest because of their affiliation with the industry. This puts the European Commission in quite a predicament (See seperate story on Conflict of Interest by Crina Boros).

Initially, the subsidies only alleviate the financial risk connected with the corporations’ research. The real business comes when the member states buy the resulting technologies after it has been made a legal requirement to do so. And even then the EOS calls the shots. For example, it was Rebuffi’s organisation that had been agitating since 2010 for Frontex to be expanded into a border protection agency at EU level with the capacity for large-scale surveillance, until the European Commission started to do exactly that in 2015. And Rebuffi does not shy away from using the tragedy of drowned refugees for his own purposes. In 2013, his office wrote to then-EU-Commission President Barroso that “the events in Lampedusa” served only “as a further example of the urgent need to make better tools available for the early identification of such critical situations.”

E-gates at Oslo airport Photo: Tom A. Kolstad

Ultimately, the EU’s administrators are equating people’s security needs with private economic interests. Whether the propagated technologies really do make the lives of Europeans safer is no longer examined. The development of the EU’s databank systems demonstrates just how brashly this business is being run. It began with an EU-wide register for airline passengers called “Passenger Name Record” (PNR). Since 2011 the European Commission has been calling for the travel data of all passengers across external borders to be stored, based on the example set by the USA. This is supposedly necessary to combat “terrorism” and other “serious crime.” This means that personal data like travel destinations, payment methods, travel companions and even the preferred food on millions of citizens would, for the first time, be stored without due cause for five years. The European Parliament Committee on Civil Liberties and Justice refused to approve the breaking of this taboo in 2013. Delegates decided that neither the “necessity” nor the “appropriateness” had been proven. This meant that the main criteria for an encroachment on fundamental rights had not been met.

The governments and commissions no longer cared after the terrorist attacks in Paris in January 2015. Bernard Cazeneuve, Minister of the Interior at the time and now Prime Minister of France, accused parliament of “irresponsibly delaying” the fight against terrorism. Manuel Valls, Prime Minister at the time and now a presidential candidate, travelled to the plenary in Strasbourg specifically to put them under pressure. The majority gave in, enabling the law to be passed in April. However, one important point was not addressed during the debate. One of the leading suppliers of the associated technology is the French company Safran, which employs a workforce of over 3,300 in the Parisian suburb of Evry. And Prime Minister Valls was mayor of Evry until 2012 – it is his political base. It cannot be proven that this was behind Valls’ intervention. What is clear is that EU states will now have to invest more than €500 million by 2018 to set up the register and give the police forces access. Now, all airline passengers even within Europe are recorded. Safran has already been commissioned for France and Estonia.

And yet the project might not be permanent. Green MEP Jan Albrecht warns that it “blatantly contradicts” the jurisdiction of the European Court of Justice and is the start of a “dragnet” system, which is forbidden in Germany. Albrecht is considered the architect of the EU’s data protection legislation. He says the court will especially not accept five-year “data retention.” Assistant European Data Protection Supervisor Wojciech Wiewiorowski shares this opinion. After all, he says, nobody has “demonstrated how passenger data can be put to good use.” Indeed, the European Commission has been unable to present any empirical evidence of its benefit to the police.

This applies in particular to another of the EU technocrats’ large-scale data schemes: the establishment of an “Entry-Exit System” (EES) for all incoming and outgoing non-EU citizens, also based on the U.S. model. According to this proposal, all of the Schengen area’s 1,800 external border checkpoints are to be equipped so as to digitally record passports, visas, fingerprints and facial images and check against the data on the chips in documents. These data can then be compared with the police’s wanted persons lists and stored in a central database. It shall then no longer be stamps in a passport documenting a visitor’s inbound and outbound travels. They would soon be replaced by database entries on the servers in the data bunker in Strasbourg.

Although this makes border controls much more complex, the European Commission promises that the programme will accelerate processing in order to cope with the rapidly increasing number of travellers. “Self-service systems and e-gates” are meant to “facilitate” border crossing and consequently save border officials time. This planned technical marvel has been dubbed “smart borders” by officials, and their industry partners at the EOS specifically allocated a task force to it in 2011.

But yet again, parliament initially obstructed the process. In 2013, liberal delegate Sofia in’t Veld, with a majority behind her, deemed this “megalomaniacal project” too expensive and useless. The European Commission had to back down. But contracts to the tune of more than €30 million had already been awarded to three international consortia to develop the required technology. So Commissioner Avramopoulos and his officials bypassed parliament and ordered the eu-LISA data authority and the consultancy group PWC to conduct a pilot study. The assignment enabled the company to get a foot in the door as project manager for future procurement in member states. Throughout 2015, finger scanners, cameras and document readers at airports, harbours, land borders and on trains in 12 countries were subject to practical testing, thus proving their “viability” in the opinion of the European Commission. Since then, the Commission and the home secretaries are not even waiting for Parliament to vote. Ten member states have already decided to claim subsidies from the EU’s “Internal Security Fund” used to “implement the Smart Borders Package.”

However, the baffling thing is that nobody knows what good it does. Vice President of the Greens in the European Parliament Ska Keller derides the package: “We will learn the names of people who overstay their visas, the ‘overstayers.’ But then nobody will know where they are anyway. So what’s the point?” Carlos Coelho, Portuguese delegate and distinguished legal expert for the conservatives, shares this opinion. “We only get a statistic”, he says. “Why should we set up such a costly system just for that?” Not even Commissioner Avramopoulos has the answer. He claims that the system “meets the people’s demands for protection and security.” He is yet to explain how.

But certainly a lot of money will be involved. The European Commission’s estimated costs of €480 million are considered to be overoptimistic. The authors of a study for parliament came up with “cumulative costs for the member states” of more than a billion euros by 2027. And they warned that even this figure underlies a “15-20% margin of error.”

The technology itself is also faulty. The final report may say that the practical tests confirmed the “effective use” of equipment for “biometric identification” at borders. But hidden in the technical annex, the results measured state the contrary. According to these results, the comparison of passport image data with the actual camera image at Stockholm Airport only worked in 39% of all cases. At Lisbon Airport, every other traveller failed at the “automatic border gate” that was tested. In Frankfurt, where fingerprints were not even checked, one in four people was not able to pass. On the trains at the Romanian border, the equipment just broke down on summer days and at other land borders the procedure caused huge delays.

What is even more serious is that the envisaged automation, even if the technology works, decreases security rather than increasing it. This is confirmed by the border officials of several Schengen states. For instance, a German federal police officer with over 20 years of experience at Frankfurt Airport warns “if passports are no longer checked for older stamps, then a person’s travel history will not be verified. We no longer learn whether someone may have also been to Iraq or Jordan when they arrive here from Thailand.” His Portuguese colleague, Marco do Carmo, explains that “machines are not capable of profiling.” But one thing is crucial: “Seeing how people react, seeing how they talk.” In his opinion, that is the only way to identify suspects. Comparing face data in a passport with camera images is just a compromise according to Vidar Rasmussen, border official at Oslo Airport. “The more accurately it is set, the more false alarms there are” he reports from experience with “e-gates” that already exist for Schengen citizens. But calibration is incumbent on the manufacturers.

Likewise Alexander Nouak, biometric expert at the Fraunhofer Society for Graphic Data Processing, sounds a note of caution. “A fast passage of many passengers through an automatic gate thus can only be achieved if the threshold value for the positive comparison between the two pictures is not too rigid.” Moreover the machines could never find out if a genuine passport had been issued illegitimately. “This can only be detected by border officers putting precise questions”. Nouak believes the technology can facilitate their work, but certainly not replace it. But states and airport operators do not want to pay for more staff. As a result, criminals and terrorists will have an easier time of it when the rapidly increasing number of external border crossings is automatically processed without additional officials.

But despite this, biometric data of millions of citizens are to be stored for years, just as travel and payment data already are. This means that in future police criminal databanks will be systematically linked and jointly searched with general data banks – wholly unacceptable in the opinion of many lawyers. “The logic of suspicion overrides the logic of law” was the warning issued by eight legal experts from four EU countries in a recently compiled report for the EU Parliament. The EU‘s Data Protection Commissioner Giovanni Buttarelli also expressed “serious reservations” about the unlimited access of police authorities. “This system makes everyone a suspect,” warned MEP Keller, adding that data protection law would no longer apply to non-EU citizens, “because they cannot defend themselves, and sooner or later everyone will be affected.” Indeed, the French government is applying for the “Smart Borders” law to be extended to all EU citizens.

But even that is not enough for the European Commission’s surveillance planners. There are calls from Dimitris Avramopoulos and Frans Timmermanns, the powerful deputy head of the commission, for all visitors to the Schengen region from non-member countries to register in advance with the EU authorities via the Internet. A law has already been drafted to this effect.

This would even include asking for health data, and blacklists would be compiled. According to prevailing data protection law, none of this is legal. And the very latest plan of security strategists in Brussels is to integrate what would be six data banks into one big system. The objective is to have “EU integrated biometric identity management” in the words of Security Commissioner Avramopoulos. If it comes to that, then anyone anywhere can be identified by camera at any time. “Europe‘s databank system is being set up according to European law and in compliance with fundamental European rights,” the commissioner emphasised.

But what kind of Europe will that give rise to?

This is an english translation of an article published by the german daily “Der Tagesspiegel “at the 11th of december. It contains all central findings of the group’s research – nevertheless it is just one out of several important publications. Please check our list of publications in your national language