Borders Without Borders: How the EU is Exporting Surveillance in Bid to Outsource its Border Controls
Documents obtained by Privacy International (PI) detail how EU agencies ‘outsource’ border controls to neighbouring countries.
- EU bodies are equipping and training authorities, influencing laws, and developing mass-scale biometric databases in non-member countries;
- Security authorities are provided with digital tools of surveillance;
- This programme of outsourcing will be used to crush political and civil freedoms and undermine democracy without urgent reforms.
The European Union (EU) is the world’s largest donor of development aid, an instrumental supporter of democracies and peace around the world, and a powerful global force for reigning-in big tech and other exploitative industries.
But since the 2015 migration crisis and with populist anti-immigration parties in power across the Union, it has focused this immensely powerful influence abroad squarely on managing flows of migration: using its economic, diplomatic, and security might to outsource border controls and migration management to other countries.
By equipping and training third country authorities, influencing laws, and developing mass-scale biometric databases in neighbouring countries, the EU is providing authorities with digital tools of surveillance in the hope they will use them to stop people reaching the Union’s borders.
These same tools, however, are being used around the world to entrench political control through the tracking and surveillance of entire populations, activists, journalists, and opposition movements.
Without urgent changes to the EU’s policies and priorities, detailed by a coalition of activists today, this programme of outsourcing will be used to crush political and civil freedoms and undermine democracy.
Below, using documents obtained by PI after a year of filing requests to major EU agencies, available here, we summarize how this system of border outsourcing works.
Countries to the South and East of the EU’s borders are provided with surveillance and tracking equipment.
In Niger, €11.5 million was allocated from the EU Trust Fund for Africa, a funding programme which uses EU aid money to for migration control, for the provision of surveillance drones, surveillance cameras, surveillance software, a wiretapping centre, and an international mobile subscriber identity catcher (IMSI catcher). An IMSI catcher is a sophisticated surveillance device capable of carrying out indiscriminate monitoring of mobile phones in a given area. They are so sensitive that authorities in the UK refuse to even confirm or deny that they use them.
The transfer of this equipment comes in the context of a recent crackdown on activists in Niger and a surveillance legal framework which lacks essential and well-established safeguards and is in direct defiance of international legal standards.
In Bosnia and Herzegovina, a wiretapping system sold by Swedish tech giant Ericsson was provided to the State Investigation and Protection Agency (SIPA), which has a Memorandum of Understanding with other law enforcement agencies in the country allowing them to use the system, including the Border Police.
Biometric registration equipment and databases are provided to authorities for border and migration control: for example, fingerprinting devices were provided to authorities in Bosnia and Herzegovina sold by electronics company NEC; while mass-scale biometric databases are provided to numerous countries, including Senegal and Côte d’Ivoire – the subject of an analysis released today by Privacy International and available here.
To its east, on the Ukraine-Belarus border, an EU project for an “automated intelligent video-control system” financed cameras and license plate scanning software in order to alert authorities to information about an approaching vehicle and its passengers. Similarly, license plate scanning equipment for use by authorities along the Ukranian-Moldovan border connected to a centralised monitoring centre was provided as part of 2018 project.
Various projects financed and managed by a mix of aid and other agencies work to provide equipment for border forces and border control purposes across Northern Africa and the Middle East.
A 2018 aid project worth €11 million, for example, was provided to Lebanon to support “the establishment and operationalisation of central operations rooms and coordination entities”, including the armed forces’ border control unit.
In Libya, more than €42 million was allocated from the Trust Fund for Africa for a border control project in 2019, which included the provision of patrol boats, SUV vehicles workstations, radio-satellite communication devices, and other equipment to coast guard authorities in Libya as well as the Directorate for Combatting Illegal Migration.
Another 2018 aid project worth €11 million was provided to Jordan to equip border crossing points with “operational equipment, IT tools [and] software” and to provide equipment to officers for “specialised investigation techniques”. The agreement states that the equipment, which can presumably range from communication devices to highly intrusive surveillance equipment, is to be “defined at inception phase” – meaning funds were approved before the equipment was identified.
Multiple EU bodies facilitate or organise training for border control forces, including the European Union Agency for Law Enforcement Training (CEPOL) – the subject of another analysis published today.
Screenshots from a training session provided to Albanian authorities by German police under a course on ‘Financial investigation challenges in regard to irregular migration’, available here.
Another such programme, led by the Italian government but financed by the EU Trust Fund for Africa, involves the training and equipping of Libyan authorities. A 2018 document details the training, provided by the European border control agency FRONTEX to Libya’s General Administration for Coastal Security (GACS).
It shows FRONTEX taught participants how to secure “evidence for prosecution and intelligence purposes”, including from electronic devices, how to acquire fingerprints, including from “children and people with vulnerabilities”, as well as “basic self-defence techniques that can be used during the apprehension of suspects on board, including the use of force and its limitations”.
Screenshot from FRONTEX training plan for the Libyan GACS, provided by the European External Action Service, available here.
A risk assessment undertaken for the training does not identify any possibility that the training could facilitate human rights abuses or undermine the local reputation of the EU, despite evidence of Libyan authorities beating migrants on board vessels and reports detailing how people are then locked in crammed detention camps rampant with diseases and subjected to serious human rights abuses, including rape and torture.
In countries in Northern Africa and the Middle East, a 2017 project called ‘EU4Border Security’ implemented by FRONTEX was assigned €4 million of aid money to “improve the collection, sharing and analysis of data” of border guards through trainings, study visits, and staff exchanges.
FRONTEX also organises training for border authorities from EU and non-EU member states in the Balkans. One exercise in Croatia in 2019 aimed at controlling “irregular migration flows towards the territory” of EU member states, for example, puts participants through a practical simulation exercise in which guards are deployed to the “green border” of a fictional EU member state country bordering a non-member country where people are crossing.
The participants, from across EU member states including 15 from Croatia as well as one participant from Albania, a non-EU member, are instructed on things like understanding technical equipment for land border surveillance, radio communication, and techniques for searching people and vehicles.
Images from FRONTEX training exercise, available here. © Frontex, 2019 Reuse is authorised provided the source is acknowledged. When reusing this publication, it is forbidden to distort its original meaning or its message
While a basic introduction to international human rights law is provided, based on the documents provided to and reviewed by PI, it is limited in scope and has patently failed to stem regular reports by activists and monitors showing evidence of severe abuses and unlawful practices at the hands of authorities in EU member states and across other Balkan countries. Croatian authorities in particular have been accused of violently and unlawfully detaining people crossing the “green area” of the country’s border with Bosnia and Herzegovina and expelling them back across the border, in contravention of their duty to provide due process and the opportunity to apply for international protection.
Recent evidence provided by the Danish Refugee Council (DRC) also implicates Croatian authorities of “beating, robbing and sexually abusing” people who had crossed the border from Bosnia and Herzegovina.
Various EU projects and bodies also promote or provide assistance in some for to other countries to promote specific laws or amendments aimed at migration and border control. Such assistance can be highly influential in regulating security powers or promoting the rule of law, particularly in post-conflict or other fragile states.
For example, a document aimed at EU civilian missions in non-EU countries providing guidance for drafting legislation describes how some countries lack a basic library of laws, some of which are never published in public or even disseminated.
An annex listing examples of legislative drafting supported by EU missions describes several laws relevant to surveillance and intelligence gathering, including a draft law on police in Palestine, the law on Police in Afghanistan, the Law on Interception of Telecommunications as well as the Law Protection of Personal Data in Kosovo, and a law against human trafficking in Niger.
Similarly, a 2016 aid project partially aimed at fighting human trafficking networks in countries in the EU’s southern border (Algeria, Egypt, Israel, Jordan, Lebanon, Libya, Morocco, Palestine, Syria, Tunisia) aims to “contribute to the drafting of policies, harmonised and effective legislation” tackling cybercrime.
As well as providing equipment for establishing biometric identity systems, training officials in their use, and influencing laws in beneficiary countries, these systems may also be used to assist in deportations from Europe and to share data with EU authorities.
The project justification for the establishment of a biometric identification system in Cote d’Ivoire, for example, makes it clear that one of the reasons of developing it is to facilitate the identification of people in Europe who are of Ivorian nationality and to organize their return more easily.
In Niger, although EU authorities do not have direct access to databases, article 36 of the 2015-036 law in Niger, which criminalises human trafficking and was developed with EU assistance, stipulates that if a foreign state authority (such as one in the EU) requests the verification of the authenticity or validity of travel or identity documents believed to have been issued in Niger, the Nigerien authorities are obliged to provide relevant information to them.
A 2019 project financed by the Instrument for Pre-Accession II aims to provide countries in the western Balkans with a “registration system interoperable at the [western Balkans] regional level”, in the aim of achieving “future interoperability with EU information systems on border and migration management” such as the Eurodac database, a pan-European fingerprint database for asylum seekers.
These activities are financed by a confusing set of different EU bodies and instruments with different objectives in mind. These involve the Instrument contributing to Stability and Peace, a multi-billion euro fund used to provide security assistance to countries around the world, the Instrument of Pre-accession Assistance, used to provide support to potential future EU member countries, and the European Neighbourhood Instrument, used to provide assistance to other neighbouring countries.
As the EU finalises its next budget which will set its priorities for 2021 to 2027, many of these different instruments will be centralised into one main one, called the Neighbourhood, Development and International Cooperation Instrument.
Privacy International and partner NGOs are calling on the European Commission to work with the Parliament and member states to take the opportunity presented by centralising these disparate instruments and address the inherent dangers posed by these regimes.
In particular, we are calling on the Commission to improving due diligence and risk assessments, increase transparency and parliamentary scrutiny and public oversight,
and to instead focus resources on supporting the capacity of judicial, security, and regulatory institutions to protect rights before proceeding with allocating resources and technologies which, in absent of proper oversight, will likely result in fundamental rights abuses.
More details can be found here.