Perils and opportunities of data integration for security

Event report

This panel discussed digitalisation of security policies. Three central challenges were mentioned: the inescapable trade-offs between human rights instruments and security efficiency, state sovereignty in providing public services versus dependence on security technology providers, and the role of international cooperation particularly in the Global South context.

The triple border area between Argentina, Paraguay, and Brazil struggles with drug and weapon trafficking, smuggling, and correlated violence. In order to address this, the countries have developed a series of security strategies such as centralising integrated data for border operations and deploying drones and high-definition AI facial recognition to improve control. However, several challenges arose, such as the lack of transparency about the work of the centre and the international involvement from the USA and the EU, as well as the lack of due process regarding impact assessment and openness to public security organisations was also observed. These examples reveal the narrative that technology is a synonym for efficiency without considering it as a potential disadvantage. Also, efficiency as a value is opposed to human rights, since the lack of transparency is always justified by the importance of security. The panel agreed that, albeit sometimes justified, the strong lack of transparency about policy documents, impact assessments, and privacy guidelines leads to a lack of accountability and weakens safeguards.

The concerns were echoed in the context of Venezuela and Colombia implementing biometrics recognition. For example, in the case of the Colombian Temporary Protection Statute granting Venezuelan migrants’ temporary legal residence, he overall goal of the mechanism is welcomed; However, the amount of data required from the migrants is privacy-invading and disproportionate as it includes an overwhelming personal questionnaire and full biometric data scan, from fingerprints to measuring the width of the person’s iris. Most worryingly, migrants are in no position to refuse or revoke consent. The question is whether a viable justification for this biometric data exists, but also what is the role of private companies and the overall feasibility of such a security strategy.

Another issue is the lack of capacities from states and the danger of a state losing sovereignty by being dependent on technology providers. Public-private partnerships for surveillance and security were mentioned, particularly the opaque public tenders and procurement practices. Argentina is currently seeing a court ruling on the legality of facial recognition technologies in certain public spaces showing that even if proper data protection legislation exists, the blurring of public and private interest is problematic. Surveillance technology in Argentina is acquired through local suppliers allowing the surveillance companies to remain in the dark and avoid public scrutiny. Since facial recognition cameras are common in Argentina, civil society organisations had to engage international actors, work with journalists, raise public awareness, and demand access to information in order to question the use of these systems. 

In Africa, security technologies are not produced but solely deployed, such as with smart city projects underway across the continent. Significant investment in technologies is at the expense of the citizens’ welfare, failing health care systems, and poverty.  Even when data protection laws exist, as is the case in Uganda, exceptions for the purpose of national security are a frequent leeway for governments to collect as much data as they can. Border security facial recognition is done without any human rights impact assessment, procurement and deployment are done in secrecy, without any public tender and there is no parliament oversight over the work of the security agency procuring the system.

The problem is that the countries with the largest defence and security sectors are transferring technology and practices to governments and agencies around the globe. The IGF was noted as a particularly relevant forum for addressing the role and responsibility of international technology transfers. The Global South states often struggle with the lack of capacities to implement complex digital systems. This enhances the risk of private sector companies, mainly from the Global North or China, to end up implementing policies and technologies not necessarily appropriate to the local contexts. 

The international cooperation agreements provide human rights impact assessment or data protection impact assessment, but cannot implement them in the national context. For example, the research by Privacy International showed that while the European Commission is funding projects for externalising borders via security technology, very little attention is paid to impact assessment. Potential solutions include demanding that the funders not only fund the surveillance but also training on human rights and priority protection mechanisms and introducing legislation for procurement procedures.

By Jana Misic