299. New Technologies of Border Control in an Enlarged Europe
Rey Koslowski is Associate Professor of Political Science at Rutgers University. He spoke at an EES noon discussion on June 2, 2004. The following is a summary of his presentation. Meeting Report 299.
The European Union (EU) has been taking international cooperation on migration and border controls into sensitive areas of state sovereignty, government surveillance and data collection and exchange. In response to the September 11, 2001 attacks, EU member states not only passed antiterrorism legislation and committed to joining the US in Afghanistan, but they also tightened borders and accelerated border control information technology programs with the goal of creating a common transatlantic security space. At the same time, the EU and its member states increased budgets, staffing and improved technology for border controls in anticipation of enlargement and the prospect of lifting internal borders with the new member states while moving the common external border eastward. In light of these simultaneous border shifts, the European Commission is endeavoring to bring the new member states into the evolving transatlantic security space.
Border Control in the EU
There is no exact counterpart to the US Department of Homeland Security within the EU. The organization of the new Department of Homeland Security more closely resembles European interior ministries than the previous dispersal of border control functions across the US federal agencies. The border control divisions of EU member state interior ministries, however, are collectively much larger than their US counterpart, the Bureau of Customs and Border Protection (CBP). For example, Germany's Bundesgrenzschutz (Federal Border Police) has 40,000 employees, the UK Home Office's Immigration and Nationality Directorate has over 11, 000 employees and Poland has 16,000 border guards. By contrast, the US CBP has approximately 41,000 employees, which is only slightly larger than Germany's Bundesgrenzschutz, although the US has a significantly larger border to control.
To further complicate the comparison, border control policies of EU member states are being integrated into EU institutional structures and the implementation of border controls by member state interior ministries is increasingly coordinated at a European level. Since lifting internal EU border required the erection of a common external border, a subset of EU member states signed the 1990 Schengen Convention, which eliminated border checks among members and called for a common visa policy, harmonization of polices to deter illegal migration and an automated Schengen Information System (SIS), to coordinate actions regarding individuals who have been denied entry. Title VI of the 1992 Maastricht Treaty formalized this longstanding cooperation among the member states regarding border controls, migration and asylum. Cooperation in the fields of Justice and Home Affairs (JHA) formed one of three "pillars" of the EU along with the First Pillar of the original European Community and the Second Pillar of Common Foreign and Security Policy (CFSP). The 1997 Amsterdam Treaty went a step further by incorporating the Schengen Convention into the EU treaties and set out a plan to put policies on visas, asylum, immigration and external border controls under Community procedures and into the Community legal framework by May 2004. Some aspects of this policy integration, particularly on asylum, were realized by the deadline, but a broader EU immigration policy has proved more elusive.
With respect to enlargement, on May 1, 2004 the situation for nationals of new member states was little different than the day before. Only Ireland, Sweden and the UK permitted free movement of labor from the new member states (though with restrictions), and internal borders between new and old member states were not lifted. In the immediate aftermath of September 11, the European Council established a European arrest warrant and initiated discussions toward a common border police force. After resistance from some member states, the Council settled for setting up an integrated border management agency. The terrorist attacks raised many concerns about increasing illegal migration—especially the prospect of terrorists being smuggled into the EU or entering by visa fraud. A group linked to the Madrid bombing, Ansar al-Islam, has been running a human smuggling and document fraud operation to fund terrorist actions as well as to smuggle its own members into countries like Spain and Iraq.
EU border control IT deployments
The EU is increasingly using information technology to strengthen border controls. The Schengen Information System (SIS) is designed to enforce the common external border and integration into the single system necessary for the Schengen Convention to become effective. The SIS contains data on illegal migrants, lost and false travel documents and wanted or missing persons. Approximately 10 million people were listed in the SIS as of June 2002. Despite these steps, SIS has serious shortcomings that hinder its effectiveness in a changing environment. First, SIS can only electronically transmit text and figures, not photos or fingerprints, which are increasingly being required to step-up security. Moreover, since the SIS is capable of working with no more than 18 member states, it cannot handle the increased data processing demands of a EU of 25 member states. Therefore, the European Commission proposed the Schengen Information System II (SIS II), which will store digital images and biometric data and answer police requests within five seconds. Internal border controls with new member states will not be lifted until they are included in Schengen Information System and this has a target date of 2007.
With rising concerns about illegal migration into Europe and the possibility of terrorists being smuggled into the EU or entering by visa fraud, the European Commission proposed a common online database that would complement secure identity documents and the Spanish Presidency put forward a proposal to the Council for creating a "Visa Information System." Subsequently, Germany and the Benelux countries proposed a uniform format visa incorporating anti-counterfeit features and biometric data, such as fingerprints or iris scans, stored on a microchip embedded in the document and the European Commission proposed the incorporation of biometrics into visas and resident permits for third country nationals. In February 2004, the European Commission put forward a legislative proposal to create a visa info system and asked for 30 million euros to do it.
In response to the September 11 attacks, the German government passed anti-terrorism legislation that included provisions to ease data protection laws as well as to improve the security features in personal identification documents and passports. Interior Minister Otto Schily said that the central registry for foreigners and visa data should be made more accessible, while Cem Ozdemir, the Green Party's spokesperson for domestic affairs at the time, argued that the efficacy of any changes in data privacy rules must be first examined. Another point of controversy within the SDP/Alliance90/Green coalition government concerned Minister Schily's proposal on biometric data. The Interior Ministry originally demanded inclusion of fingerprint data in identification documents and passports while the Greens proposed using hand and facial geometric data. A compromise emerged to leave open the type of biometric data used while agreeing that the ban on fingerprints in the passport law be lifted. The Greens won further concessions in that biometric data on ID cards and passports would not be recorded in a central data bank, meaning that this data could only be used for verification of identity and not for data-mining in criminal investigations. Additional provisions have been made to establish a central database of passport photos to thwart identification substitution, reduce restrictions on exchanging data, particularly between carriers and authorities on passenger bookings, and selective fingerprinting of visitors upon arrival.
The United Kingdom enacted new immigration and asylum legislation in April 2002 that enables data sharing between government departments and government and the private sector to facilitate data-mining for profiling and detecting high-risk passengers. The legislation also set up "right to carry" schemes whereby carriers must confirm that passengers do not present a security risk nor are at risk of breaking immigration law before these passengers are permitted to board UK-bound airplanes. Such carrier sanctions complement efforts to automate immigration controls through a combination of data-sharing and the use of biometric identification systems to speed legitimate passengers through and allow border control officers to concentrate their efforts on more high risk travelers. The UK also developed a new "Borderguard" system, which uses electronic recording and facial recognition technology to detect forged documents and uncover abusive asylum claims. The overhaul of British immigration and asylum legislation also includes measures to issue smart cards to asylum applicants for identification and tracking as well as to use biometrics to help identify potential terrorists among asylum seekers. Although Germans and other continentals have long carried national ID cards, September 11, 2001 prompted UK Home Secretary Blunkett to break with British tradition and propose a national ID card which would include personal data, a digital photo and a biometric, such as a fingerprint. The draft bill and pilot scheme was recently introduced to a mixed response.
The use of fuel-laden commercial airliners as weapons against civilian targets prompted the US Congress to pass the Aviation and Transportation Security Act in the Fall of 2001. The act requires that airlines with US-bound international flights electronically submit Passenger Name Record (PNR) data. PNR data is created each time a passenger books a flight and is stored in airlines reservation systems. Advanced electronic submission of PNR data allows screening of passengers while US-bound planes are in flight and thereby enables faster processing of passengers through border controls.
US Customs also required PNR data from European-based airlines but several airlines resisted, contending that this was a violation EU data protect rules. European airlines were presented with choice: break US laws, face fines and potentially loose landing rights or violate EU data protection laws and face fines. After months of negotiations, DHS came to an agreement with the European Commission on transfer of PNR data. The European Parliament called upon the Commission to withdraw the agreement, arguing that it "Presents the risk that millions of European passengers will be subject to comprehensive surveillance and monitoring by a third country." European Parliament' resolution does not invalidate the Commission's agreement with the U.S. but it has now referred the issue to the European Court of Justice that could do so.
Responding to the attempt by a UK national, Richard Reid, to detonate a bomb hidden in his shoes while on a transatlantic flight, some U.S. legislators raised the possibility of eliminating the U.S. Visa Waiver Program, which allows nationals of 27 states to enter the United States without a visa for a stay of up to 90 days. The program includes all EU 15 member states except Greece and includes only Slovenia from the 10 new EU member states. Instead of abolishing the Visa Waiver Program, Congress passed provisions designed to increase its security. The Enhanced Border Security and Visa Entry Reform Act requires that Visa Waiver Program countries have a program in place by Oct 26, 2004 to issue machine-readable, tamper-resistant passports containing biometric data, and that all passports issued after that date contain biometrics. Many countries informed the State Department and the DHS that they could not meet this deadline. The Bush Administration asked Congress for a postponement to December, 2006 but Congress only allowed a one year extension to Oct. 26, 2005. Shortly after the deadline extension request, the DHS announced that nationals of the 27 Visa Waiver countries would be required to enroll in US-VISIT and submit to a digital photograph and finger scanning upon entry beginning September 30, 2004.
Even though the congressional deadline for including biometrics in all new passports has been extended one year to October 2005, it is not clear that all EU member states will make it. If US drops current EU member state from Visa Waiver program, could trigger a chain of events - end visa-free travel between the US and the EU. If, for example, the US would begin to require visas of Spanish nationals, Spain could follow the traditional approach to visa policy, which is to reciprocate and require visas from US nationals. Spain could then invoke the solidarity clause of the EU common visa policy, which would require visas of all US nationals traveling to the EU.
Nine of the ten states joining the EU on May 1, 2004 are not in the US Visa Waiver Program. Now any one of them, e.g. Poland, could invoke the solidarity clause of common visa policy, should the US persist in not granting their nationals visa-free travel. During his January 2004 visit to the US, Polish President Kwasniewski asked President Bush to drop US visa requirement, but was politely rebuffed.
In the EU – US negotiations, EU representatives made the argument that if current EU member states can lift border controls with new member states, the US should trust security of new member states - that is, grant visa waivers to nationals of all EU member states. Since US visa policy is not simply governed by security concerns but also on the potential for visitors to overstay their visas and work illegally in the US, it is unlikely that all new member states will be permitted in the visa waiver program in the near future.
The EU is increasingly using information technology to strengthen border controls and post 9-11 US security requirements are helping to drive this trend forward. The border control authorities of the EU and its member states collectively have more staff, resources and, in some ways, more "proactive" border control policies than US border control authorities within the Department of Homeland Security. Nevertheless, European border guards are still primarily organized on a national basis, reflecting the legacy of controlling borders between EU member states – border controls that have largely been lifted with the implementation of the 1990 Schengen Convention. Should further bilateral and European-wide agreements be reached, tens of thousands of current EU member state border guards (e.g. a large portion of the German Bundesgrenschutz) may be redeployed to the EU's common external borders to the east as internal border controls with the EU's new member states are lifted in the coming years. Transatlantic cooperation on PNR data exchange as well as biometric passports has been extensive, however, may be interrupted by differing legal regimes governing privacy and personal data protection. Given that such transatlantic deals on data transfer may be politically unsustainable in the long term, broad multilateral agreements may be the only long-term option to get the necessary data for border control information technology upon which states increasingly depend to secure their national borders in the era of globalization.