The following article was originally presented at the ICRC‘s 2° Symposium on Cybersecurity and Data Protection in Humanitarian Action, and is published here to encourage further discussion on the human rights implications of “smart border” technologies.
The migratory route crossing Central America and Mexico towards the United States is filled with dangers. People on the move have to face multiple barriers to pursue their right to migrate and seek a better life, starting with the push factors – including socio political instability, violence, crime, and lack of opportunities – and the risks along the journey, such as smugglers, corruption, jungles, and deserts, among others. But there’s one specific peril that actively chases migrants border after border: intensive surveillance.
The surveillance of migrants, and especially through their biometrics, generate some well documented risks, but there are potential additional practices that are probably harming migrants, that have not yet been confirmed by the authorities of the involved countries. This article will address some of the technologies and agreements feeding a surveillance technocratic state that is increasingly affecting migrants’ fundamental rights.
A new era on migration management: the “smart borders“
The concept of “smart borders” has gained popularity among migration specialists and civil society advocates, when referring to the technocratic infrastructure being deployed to manage migration. Officially, the use of technology is presented as a humane and more discrete alternative to the wall on the border. In practice, the excessive surveillance and border externalization practices are deterring people from seeking legal asylum routes, and pushing the migrant population to venture on less controlled, harder, and potentially deadly journeys. In 2021 alone, 546 migrants died trying to cross the Mexico-U.S. border, a number that increased to 853 during 2022. Despite the rhetoric, this complex surveillance landscape is designed to work in favor of the administration, instead of for the people on the move, and it often opposes humanitarian norms and principles.
The use of digital technologies at the borders is not new, but the overstock of migrants’ personal data for surveillance purposes, including its autonomous processing, has experienced a significant increase. This has full bipartisan support in U.S. politics. It has been documented that Immigration and Customs Enforcement (ICE) has issued hundreds of personal information requests to online platforms like Google, Facebook, and Twitter (now “X”), requests that in some cases were fulfilled even without a court order. Through Babel, an AI tool that collects publicly available information, Customs and Border Protection (CBP) is able to look up the travelers’ names and retrieve sensitive information, which may include social media posts and location data. Data brokers such as LexisNexis not only provide ICE with personal data to facilitate tracking, but also serves as an analysis tool that claims to flag the risk of crime before it materializes. And billions of data points provided by Motorola Vigilant’s Solution to ICE are allowing the intrusive tracking of migrants. In this opaque system, the iris, faces, fingerprints, and other biometrics of migrants become a permanent component of the surveillance machinery that operates against them, often without consent, due process, or recourse.
The U.S. “smart borders” also include the controversial CBP One app, “the only way that migrants arriving at the U.S.-Mexico border seeking asylum at a port of entry can preschedule appointments for processing and maintain guaranteed asylum eligibility.” The CBP One app requires facial recognition to sign up for the asylum process, and access to GPS which could be used to locate migrants at least at the time of the submission of exit or entry. This app is a sample of deliberately hostile designed tech tools that undermine people’s rights, and increase their vulnerability: The insufficient available appointments, the need of a tech medium to apply to asylum, and the fact that a user can schedule an appointment only within a certain distance from the border based on GPS location by the app, it all contributes to this growing humanitarian crisis.
The problem with cross-border data sharing agreements
Collecting biometrics is a standard procedure in many points of entrance to a country, but their transfer to and process by authorities of other countries is not. The cross-border exchange of migrants’ biometrics is allowed through binding and non-binding agreements. Currently the United States has signed non-binding agreements – also known as MOCs – with multiple countries, including Mexico , Guatemala, Honduras, and El Salvador, our geographic scope for this article.
Based on these agreements, an unspecified amount of personal data, including biometrics, is being transferred from enforcement agencies in Latin American countries to their counterparts in the U.S. The implementation of the MOCs includes support by the U.S., such as technical resources and training to deploy their data processing technology. Most of these agreements are introduced for national security, with the intention to “suppress criminal activities and threats to domestic security,” despite having no public evidence that supports this claim.
Agreements like the one between the U.S. and El Salvador, even allow the transferring of biometrics of people who are “planning” to travel to another signatory country, in direct opposition to the presumption of innocence. The legal basis for scrutinizing people for crimes that have not occurred remains unknown, as is the percentage of people affected by this measure.
The sharing of life-threatening information concerning people on the move occurs despite the evident corruption by the enforcement authorities processing those data. El Salvador has been under a state of exception that has been extended for more than a year, enabling mass arbitrary detentions and human rights violations. It has also allowed Salvadorean authorities to submit false gang affiliation, abusive INTERPOL Red Notices, and other inaccurate information that has later been used by U.S. authorities to deny asylum and for police harassment. The detention of individuals with no legal basis or without a formal accusation constitutes a disproportionate use of the force, and such an authoritarian state should not be trusted for data transferring.
Abuses coming from the U.S. authorities have also been documented. An ICE officer created false alerts for personal vendetta, while other ICE officers have not only stalked individuals for personal interest, but have passed information to criminals in exchange for money. These unlawful uses of the databases and systems, and the lack of channels for migrants to access, rectify, cancel, and oppose collection of their personal data, place migrants in an even more vulnerable position.
The next generation surveillance tech
The U.S. is developing a new cutting-edge database that will further expand the storage and sharing of biometric data. Currently, the U.S. uses the Automated Biometric Identification System (IDENT) as the main centralized database to conduct inquiries on migrants. IDENT holds information of more than 200 million people, and it can be accessed by both national and international enforcement agencies. IDENT is used to identify “known or suspected terrorists” (KST), an ambiguous concept in itself that also presents different risks to fundamental rights, such as presenting false positives (misidentifying a person as a KST), which has a direct impact on the migration destination of many.
The new system, named Homeland Advanced Recognition Technology System, or “HART,” is set up to collect, organize, and share sensitive data of more than 270 million people. This technology is planned to be hosted on Amazon Web Services (AWS), one of the many dubious decisions that Amazon has recently taken on surveillance.
It is unclear how HART is being developed, but what is clear is that there is no mitigation to many of the risks that the very U.S. Department of Homeland Security (DHS) has identified and acknowledged. This includes the ability of manually inserting “derogatory and disposition information” into the system; potential mismatching of juveniles’ biometrics due to aging; data subjects incapable of deleting records; and data being shared with foreign partners with probably no control from DHS.
The impact
The abusive tracking of migrants through their biometrics and other mediums degrades their dignity, endangers their lives, and jeopardizes their ability to seek a better life. The lack of adequate data protection laws or safeguarding mechanisms in most of the mentioned countries allows for harmful practices. The involvement of humanitarian actors collecting the biometrics may give the impression that the use of such data is lawful and benevolent; nevertheless, the nature of their consent is questionable from the beginning. In fact, episodes of non-consensual access to biometric information collected for humanitarian purposes have already been documented.
Overall, under the label of the definitive solution to a humanitarian crisis, the introduction of the “smart borders” seems to have only resulted in increased vulnerability for the migrant communities, a ballooning tech budget, a thriving data sharing ecosystem outside of clear legal frameworks, and a general neglect of responsibility by the authorities.
In the meantime, people keep gathering at the Mexico-U.S. border with little to no assistance, exposed to lack of water and food, violence, and corruption. While civil society is fighting to overturn this crushing machinery, the anti-migratory rhetoric behind policies, technologies, and societies continues criminalizing populations, and the techno-solutionist “smart borders” continue to be depicted as a humanitarian approach to migration management.