For about a decade, Mexico, Guatemala, Honduras, and El Salvador have maintained non-binding agreements with the United States for cross-border exchanges and processing of biometric data and other personal data from migrants. The vague language in these agreements and their opaque implementation have led to outrageous surveillance.
Cross-border surveillance to obtain the personal data of migrants is possible due to interoperable systems that contain data from multiple sources and can be accessed by authorities from all five countries. On one hand, this enables the geolocation of people before they reach the U.S. southern border. On the other, it can potentially create profiles that could be used to make decisions about people’s migration status; for example, people can be denied entry into the country for arbitrary reasons.
While authorities argue that these agreements are part of their national security policy, this framework disproportionately affects migrants’ rights, for example, in equating migrants to criminals. In particular, the agreement between El Salvador and the United States establishes criteria so abstract that their interpretation is left completely to authorities; for instance, when authorizing the collection of information from people who “might be planning to travel without authorization,” which not only criminalizes migration but also the mere intent to migrate. Assumptions are made about actions that have not even happened and then are taken as legitimate grounds for surveillance. This ongoing suspicion about people in transit goes against the presumption of innocence and negatively affects migrants’ dignity, as it leads to an invasion of their privacy.
It is also unclear whether these agreements have been actually effective in accomplishing their purported security purposes, such as reducing criminal activity and security threats in Central America. In fact, when Access Now and local organizations contacted authorities from Guatemala, Honduras, and El Salvador for information about this and other issues, they refused to respond, citing national security, confidentiality, or classified information.
This situation seems to be escalating, as the U.S. National Security Agency is developing one of the largest biometric databases in the world that will also potentially include migrants’ personal data. The scale of such a tool would exacerbate privacy and security risks for this group of people, both before they arrive in the United States and while they are there. Additional cause for concern is the fact that the U.S., Honduras, and Guatemala have no data protection laws in place, leaving data processing abuses to be assessed at authorities’ discretion and without the support of a regulatory framework.
As these agreements are non-binding, they can be terminated by simply notifying the other party. Last March, about 30 organizations including Access Now, R3D, and SocialTIC urged all five governments to terminate their agreements unless they include the necessary safeguards to ensure the protection of migrants’ rights.
Since biometric data is sensitive, its processing cannot be taken lightly. In migration contexts, where there are vulnerable people involved, it is also necessary to ensure a series of basic conditions are met, including a process where data subjects can give informed consent and get information about the exact purpose for the collection of their data. We urge the states to expressly forbid activities and technologies that pose grave risks for migrants’ safety, such as massive profiling of data subjects, which tends to be tinged with discrimination and bias.
Technologies with “predictive” analytical capabilities and minimal human intervention in decision-making should also be prohibited, as they are based on mere assumptions generated on the basis of pre-configured variables. This prevents them from actually grasping the unique experiences of the people bound by their decisions. An example of this would be to wrongly classify a person as a member of an organized criminal group. These technologies are often presented as solutions to improve border efficiency. However, their impact on migrants’ free movement is incalculable, as they affect their economic and family spheres, like by separating family members or denying them entry to the country.
Lastly, migrants are seldom informed about the purposes for the collection of their data, which is an infringement on informed consent. Moreover, it is still unclear which government agencies have access to these databases. This lack of transparency hinders the exercise of rights to access, rectification, deletion, and objection regarding the personal data of the affected population, including children and adolescents who are not granted special safeguards.
In spite of these agreements’ large scope, other treaties not even in the public eye enable the processing of cross-border biometric data from migrants. This is the case of the Mexico-United States Bicentennial Framework, which to this day has not been made public by the countries’ authorities.
Migrants are not second-class citizens. Their personal data must be protected under the highest international standards. Massive cross-border exchanges of biometric data disproportionately affect their privacy and are a clear example of how massive biometric surveillance criminalizes and discriminates against many people for simply traveling to a place where life could be better.
Franco Giandana Gigena is a Policy Analyst at Access Now, with focus on Latin America.