The Surveillance of Europe through Technological Borders
Function Creep in the Policy Process of SIS, VIS and Eurodac
Author: Inge van de Brug Supervisor: dr. Jeroen Doomernik Second Reader: dr. Julien Jeandesboz
MA Thesis Political Science (International Relations)
3
Abstract
This thesis aims at explaining function creep in the migration control databases of the European Union: SIS (II), VIS and Eurodac. Whereas these databases were originally established in support of EU migration policies, these systems gradually became more important as a tool in law enforcement. This study investigates the puzzle of how the purpose of these systems has changed over the past years, while the evidence for the effectiveness of such function creep remains ambiguous, and there is sound critique on the human and ethical consequences of such measures. Contrasting theories on efficient public policy-making against securitisation theories, this thesis explains which causal mechanisms lay at the basis of function creep in the policy process surrounding these databases. This has been done firstly by establishing how and when function creep occurred through an elaborate study of national (Dutch) and EU policy documents. Secondly, the results of this study are based on eleven interviews with fourteen people from the policy field (the European Commission and the Dutch Ministry of Security and Justice) and critical actors, such as politicians and representatives of the Dutch and European data protection authorities. The findings of this research suggest that function creep cannot be fully accounted for by a process of pursuing efficiency, as posed by some public policy-making theories. Rather, function creep is to be explained by a persistent belief among policy makers in the effectiveness and necessity of expanding the purposes of the databases, a belief that cannot be substantiated by scientific evidence. This belief is the outflow of prevailing notions of migration as entailing severe security risks. Most interestingly, policy makers unanimously state that function broadening in the cases of SIS, VIS and Eurodac does not violate the law, whereas critics such as the data protection authorities argue that it does in fact do so. Such conflicting interpretations of the law and the still unresolved debate over the effectiveness and ethical consequences of function creep indicate that policy makers are to show restraint in deploying measures towards function creep in migration control policies. It is therefore concluded that there appears to be a persistent irreconcilability between policy practices on the one hand and theorizing on the effectiveness and necessity of these policies on the other, which demonstrates the necessity for policy makers to consider other solutions than function creep and more surveillance.
4
Table of Contents
Page
Abstract 3
Table of Contents 4
Sources and Acknowledgements 5
List of Abbreviations 6
1. Introduction 7
2. Theoretical Framework 10
2.1 Function Creep and its Political and Legal Boundaries 10
2.2 The Inextricable Link Between Function Creep and Innovation 12
2.3 The Securitisation of Migration 13
2.4 Function Creep as the Outcome of Securitising Practices 14
2.5 The Politics of Indifference? 16
2.6 Solutions Looking for Problems 17
2.7 Summary 19
3. Data and Methods 20
3.1 Documents 20
3.2 Interviews 21
3.3 Process Tracing and Content Analysis 24
4. Function Creep in SIS (II), VIS and Eurodac 27
4.1 SIS and SIS II 28
4.2 Eurodac 30
4.3 VIS 31
5. Function Creep through the Eyes of Policy Makers, Politicians and DPA’s 33
5.1 The „Functionality‟ Argument 33
5.2 The Significance of Terrorism 35
5.3 The Stigmatisation of Migrants 36
5.4 National Politics 40
5.5 The Role of Technology 41
6. Policy Practices from a Theoretical Perspective 44
6.1 Solutions Looking for Problems 44
6.2 The Governmentality of Unease 44
6.3 Conflicting „Blood Types‟ 48
6.4 Summary 50
7. Discussion 52
8. Conclusion 54
References 57
Appendix A: Topic List Interviews 64
Appendix B: List of Interviewees 65
5
Sources and Acknowledgements
For this study, I gratefully made use of the website of Statewatch (http://statewatch.org) in order to track the policy process of function creep around SIS, VIS and Eurodac. Also, several interviewees have provided me with useful information and documents, as well as contact information of other people that I could interview. Furthermore, Julien Jeandesboz and Evelien Brouwer have been very helpful in finding interview contacts and other relevant information.
In addition, I would firstly like to thank my supervisor (Jeroen Doomernik), who has provided me with useful feedback throughout the process of writing my thesis. I would specifically like to thank Alex Oancea for reading and commenting on my theoretical framework, and Eva Vriens and Ruud van Zessen for commenting on the final chapters of my thesis. Lastly, I am very grateful to the numerous people (from Amsterdam and the Hague to Brussels) who have been most helpful in providing useful tips on who to contact for interviews, where to find information, and their enthusiasm on the topic of my thesis that has kept me highly motivated for the past months.
6
List of Abbreviations
AFIS Automated Fingerprint Identification System AFSJ Area of Freedom, Security and Justice
CBP College Bescherming Persoonsgegevens (Dutch DPA)
CEC Commission of the European Communities
Council Council of the European Union
DG Directorate-General
DG-Home Directorate-General for Migration and Home Affairs
DPA Data Protection Authority
EC European Commission
EDPS European Data Protection Supervisor
EES Entry/Exit System
EP European Parliament
EU European Union
Eurodac European Dactyloscopy
Europol European Police Office
GBA Gemeentelijke Basis Administratie (Dutch Municipal Administration)
IS Islamic State
IT Information Technology
JHA Justice and Home Affairs (Council of the EU)
LEA Law Enforcement Authority
MEP Member of the European Parliament
MS Member State (of the European Union)
MSJ Ministry of Security and Justice (of the Netherlands)
RTP Registered Travellers Programme
SIRENE Supplementary Information Request at the National Entry
SIS Schengen Information System
TCN Third Country National
UNHCR United Nations High Commissioner for Refugees
7
1. Introduction
Technological systems have become a significant aspect of the migration and border control policies of the European Union. Through the Schengen system, in which internal border controls have been abolished, the Member States (MS) of the EU have collectively become responsible for the European Union‟s external borders. This also means that there is a collective obligation to prevent irregular migration, while at the same time „facilitating access of those having a legitimate interest to enter the EU territory‟ (European Union 2015). One way in which the EU has been trying to achieve this goal is by increasingly relying on all kinds of technological systems that make up risk profiles of third country nationals (TCNs: citizens from a non-EU-state) and thereby attempt to distinguish the „desirable‟ from the „undesirable‟ migrants (eds Dijstelbloem & Meijer 2011, p. 45). In an attempt to secure this digital border, the EU relies on a network of databases: the Schengen Information System (SIS) (and its successor SIS II), the Eurodac (European dactylographic) system and the Visa Information System (VIS). The goal of these systems is to contribute in one way or another to the prevention of irregular border crossings and irregular residence in an EU Member State. Although these systems have been designed for this specific aim, for each of these systems the tendency has arisen to use the databases for aims other than border control. This phenomenon is called „function creep‟1, defined by Fox (2001, p. 261) as „previously authorised arrangements (…) now being applied to purposes and targets beyond those envisaged at the time of installation‟. In other words, the process through which data collected for one specific objective are also made available for other objectives. Function creep within these systems is part of a larger trend in EU policies towards the use of mass data processing for law enforcement purposes and profiling of risk groups, which is also visible in the EU „smart borders‟ initiative which consists of an EU entry/exit system (EES) and a Registered Travellers Programme (RTP) (Bigo, Carrera, Hayes, Hernanz & Jeandesboz 2012).
In the case of SIS there have been many proposals to add new categories of information and biometric data to the database. Furthermore Europol (the European Police Office) and Eurojust (dealing with judicial co-operation in criminal matters), organisations that have law enforcement and crime prevention as their objective, have been given access to parts of the SIS database. Such attempts towards function creep have also occurred for the VIS database: just like for SIS, internal security authorities and Europol and Eurojust have
1 It must be noted that this function creep is more obvious for VIS and Eurodac than for SIS, as will be explained
more elaborately further on. Whereas VIS and Eurodac are mainly preoccupied with immigration, SIS has from the onset had a broader purpose of providing security.
8 been given access to the database. As for Eurodac, the system that was established in order to aid the implementation of the Dublin system, there have been two occasions of function creep. Firstly it is often used as a tool in the domestic fight against irregular immigration (Broeders 2011, p. 53). Secondly, a new regulation on Eurodac will come into effect in July 2015 through which internal security authorities will get access to fingerprints (of asylum seekers and irregular migrants) stored in the Eurodac database and moreover will be authorized to use these fingerprints in criminal proceedings (European Union 2013). Also in this case, a database that was created as a tool to aid the implementation of EU migration policy will be used for law enforcement purposes. The aim of this thesis is to uncover the policy process in the EU through which this function creep occurs and to explain why it occurs.
Much has been written on function creep, and attempts have been made to explain it (Dahl & Saetnan 2009; WODC 2011). However, no such explanations can be found for function creep within the specific context of migration. In the securitisation of migration debate the phenomenon of function creep is touched upon, but explanations on why it happens remain limited. Brouwer (2008; 2011) has written much on the legal basis of privacy protection and has done research on how function creep is in many ways contrary to several legal principles. It has been concluded that function creep within these databases is a problem; it contributes to the stigmatisation of migrants and it might also harm their safety if data are not protected well enough (Ajana 2013; Broeders 2007; Brouwer 2013; eds Dijstelbloem & Meijer 2011; Meijers Committee 2013; Statewatch 2012). The stigmatising effect of monitoring a specific group has been proven to be problematic in several ways. Surveillance of this kind may lead to „social sorting‟ by which populations are divided into groups that are treated in different ways (eds Ball, Haggerty & Lyon 2012). Also, the very fact that databases are used for both immigration law and criminal law enforcement has the implication that those people that are registered for immigration law purposes are at greater risk of being affected by surveillance measures2 (Brouwer 2008, p. 514; Graaf & Eijkman 2011; Meijers Committee 2009).
Understanding why it occurs might yield important insights in the discussion on whether function creep is legitimate and justified or not. Moreover, understanding function creep is relevant in light of the development of the EU „smart borders‟ initiative that also
2 Such „statistical profiling‟ has also been criticized by (among others) Bigo et al. (2012) for its reliance on
calculation and statistical knowledge, which creates a probabilistic knowledge of statistics that shows that a particular group has a higher chance of getting involved in criminal activities, by which this group is profiled as a potential threat (which may cause discriminatory ethnic profiling and stigmatisation of this specific group).
9 targets the migrant as a potential risk group (Bigo et al. 2012). As pointed out by Bigo et al. the reliance on data and information exchange for law enforcement purposes in the „smart borders‟ initiative generates social harm (in terms of data protection, privacy and non-discrimination). This also applies to the use of the EU border control databases as a law enforcement tool. In addition, within the EU border control policies there is a trend towards increasing interoperability between the databases (meaning that IT systems should be able to exchange data). This desire for interoperability means that it will be a challenge to resist giving various agencies access to the databases (Balzacq 2008, p. 90). As explained by Dijstelbloem et al. (2011) it is necessary to determine whether the system of EU migration policies („the migration machine‟ as they call it) functions properly. Getting an insight into the policy process of function creep is of great importance in this respect.
This thesis will start out with two sets of theories that each imply different explanations for the occurrence of function creep (chapter 2). Theories from public administration as well as the political sciences that attempt to explain function creep will be applied to function creep in the EU databases. This chapter continues with discussing the relevance of the securitisation of migration debate for this thesis. Chapter 3 will elaborate on the data and methods used in this research. It will discuss why (and how) policy analyses and interviews are used to answer the main question of this research. Chapter 4 will discuss when and how function creep occurred in the cases of SIS, Eurodac and VIS based on documentary analysis. In chapter 5 the findings of the interviews will be presented, which will be discussed on a more theoretical level in chapter 6. The last two chapters consist of a reflection on the quality and relevance of this study (chapter 7) and a final conclusion on why function creep occurs in the EU migration databases (chapter 8).
10
2. Theoretical Framework
2.1 Function Creep and its Political and Legal Boundaries
Function creep within the EU databases can be considered problematic in several ways. As explained, it is problematic in a political sense because it potentially causes social harm because large numbers of people are monitored and categorized as risk groups (eds Ball, Haggerty & Lyon 2012; Lyon 2003). However, function creep could also be problematic in a technical sense since it concerns data protection, and it can be problematic in the legal sense because there are legal boundaries for using instruments for other purposes than intended. Function creep may violate the right to privacy (Jacobs & Poll 2011), the principle of non-discrimination, and two standards in data protection law: the purpose limitation principle and the prohibition on automated decision-making (Brouwer 2011. p. 134).3
Most important with regard to function creep is the purpose limitation principle4. This principle prohibits the use (or making available of) personal data for purposes other than the specific end for which they were collected. Another legal principle that is fundamental for cases of function creep is the proportionality principle, which encompasses that the involvement of EU institutions must be limited to what is necessary in order to pursue the aim of a certain policy (Brouwer 2008, p. 205-206; 2011). That there are legal boundaries for function creep unfortunately does not mean that it can be clearly established in which cases function creep is legal and in which cases it is not. As will be shown later on, it is often subject to highly contradictory interpretations whether function creep for instance is effective, and, in that sense, proportionate.
When sorting out forms of large-scale data storage based on its primary purpose, three different purposes of databases can be distinguished: administrative, informational and statistical ones (Brouwer 2011, p. 147). Data stored in administrative databases often function as a means to implement policy. In informational (or intelligence) databases, the data that is stored is a goal in itself in the sense that the information is valuable for a government or another third party. Important for this form of databases is that it is not always clear in advance in what form and by whom the data will be used. The aim of information or
3 For a more complete discussion on the legal boundaries of function creep in the EU migration databases, see
Evelien Brouwer‟s chapter in „Migration and the new technological borders of Europe‟ (eds Dijstelbloem et al. 2011) and for SIS in particular, her book „Digital Borders and Real Rights‟ (2008).
4 Closely related to this principle is the purpose specification principle, which requires that governments must
make the purpose of data processing clear and transparent in advance. In addition, principles like non-discrimination and equality also play a role, since some have argued that collecting data of asylum seekers and not of „regular‟ citizens violates these principles (see Eechaudt (2011) and Brouwer (2011) for example).
11 intelligence databases is to store as much information as possible, since it might become of use for later purposes (Brouwer 2011, p. 147-148). The trend that is visible in policies regarding the EU databases is that the purpose shifts from a purely administrative one towards an intelligence purpose.
Bigo et al. (2012) have explained how in the EU Justice and Home Affairs (JHA) policies there is a tendency towards collecting more data and striving for more information exchange. The idea of the databases is to expand surveillance from the borders to outside and within the borders in order to detect undocumented migrants. Moreover they rely on information about „data doubles‟ of persons, which is the data profile of a person based on traces that someone leaves when travelling (Bigo 2014). In the same vein the EU „smart borders‟ initiative was established, to also put „legal‟ travellers under surveillance before and after they cross the EU border. Along with these ambitions of surveillance expansion goes a trend towards multi-purpose data (Bigo et al. 2012, p. 16), since using information for different purposes yields more information and more surveillance on more people. In light of these developments (and their legal and political implications) it is important to examine the policy process of function creep in the broader context of EU „dataveillance‟ ambitions (the systematic surveillance of a person‟s activities through all kinds of electronic data that are available for this person).
The term „function creep‟ in this sense has mainly a negative connotation and is in the contemporary era most often linked to privacy and increasing government control over individual behaviour. Data protection organisations use the term to denounce government control over personal data (Bits of Freedom 2012; CBP 2007; EDPS 2012). In this context it is sometimes also called „surveillance creep‟ (Lyon 2003; Nelkin & Andrews 1999), which for some might bring to mind a dark side of state control, or even an „Orwellian‟ – fictional – image of the power of surveillance (Broeders 2007 p. 42). While fiction and science have pointed out that expanding the purposes of surveillance systems is in several ways problematic, it must be noted that it is not so by definition. The first section of this chapter is devoted to theories that explain function creep as an inevitable outcome of the pursuit for efficiency. As Prins (2011, p. 10) explains, function creep has two sides. It has a problematic side of privacy and data protection, but it also has an optimistic side as an inherent characteristic of innovation. The following part of this thesis will elaborate on the implications of these theories for explaining the occurrence of function creep in the context of the network of EU databases.
12 2.2 The Inextricable Link between Function Creep and Innovation
What the literature from public administration and political science makes clear is that function creep is an inevitable outcome of innovation (WODC 2011, Pounder 2008, p. 45). Whenever data are collected for a specific purpose, there will always be the temptation to use these data for other purposes. From an efficiency point of view, using data that have already been collected and stored is only the logical thing to do. The inevitable character of function creep is also what flows from sociological theories on policy. De Vries (2011) lists several policy theories that indicate how function creep is the natural thing to happen. He first points out that policy is a reaction to a problem, and problem definitions are subject to change. For this reason policy purposes change over time as well. Furthermore, Hoogerwerf (2008, p. 66-67) points out how policy is evaluated on the basis of its rationality (reasonable argumentation) and legitimacy (acceptability). Policies that have been proven to be rational and legitimate in one field already have a basic amount of rationality and legitimacy in other fields as well. This increases the chance that the policy or policy tool will then also be adopted in these new fields.
De Vries notes how the diffusion theory by Walker (1969) also states that for policy actors there is a continuous tendency to copy policy that has been proven to be effective in other fields. Walker argues that such diffusion of policy and policy tools happens specifically in institutions such as the European Union, where there are high levels of interaction between policy makers. Such interaction fosters diffusion of policy tools. In sum, De Vries (p. 27) states: „Regardless which theory to explain policy development is considered relevant, it is elementary that policy makers are looking for new innovative policy tools to achieve the goal they have as a policy maker (…). Problems are looking for solutions and for policy makers who want to link these problems to these solutions; and policy makers are looking for solutions for the problems that they have to find an answer to‟. The conclusion of these theories is that function creep is not exceptional; it is the logical outflow of the policy process. Considering the inevitable character of function creep, De Vries (p. 30) concludes that it needs to be institutionalized and subject to practices of good governance: the government that performs function creep needs to be democratic, transparent, based on a rule of law and a system of checks and balances. What also comes forward from the policy literature is that there needs to be a justification for the use of privacy related information, and also that this justification needs to come before legislation (Pounder 2008, p. 11-12).
The next part of this chapter will discuss securitisation theories. These theories are in many respects opposed to the previously discussed ones that explain function creep as a
13 functional outcome. Securitisation theories indicate that function creep might not be a natural outflow of the policy process, but rather that it is the outflow of migration being increasingly perceived as a security threat. While securitisation theorists might acknowledge that policy makers seek to achieve their goals and that policy goals can change over time, they are critical on how and why problems and policy goals are defined and the process through which they change.
2.3 The Securitisation of Migration
Securitisation theories describe the process through which issues are transformed into a matter of security, and hence, the securitisation of migration means that migration issues are increasingly framed in terms of security (Boswell 2007; Buzan, Waever & De Wilde 1998; Huysmans 2000). Securitisation theory has its roots in constructivism, the theory that is premised on the idea that the world is socially constructed, meaning that also security threats are a social construct. It can therefore never be established whether a security threat is „real‟ or not: whether they are considered a threat or not is determined by their social environment. Hence, the role of security scholars is to examine the process through which certain things are constructed and accepted as a security threat and others are not. Recognizing that reality is socially constructed means questioning what is often taken for granted (Barnett 2011, p. 154). According to constructivist theories, scholars within the domain of security should therefore aim to uncover the process through which security issues are dramatized and securitised and what role knowledge and power relations play in this.
The framework that is chosen to explain function creep in this thesis is that pioneered by Didier Bigo (2002; 2014), who focuses on securitising practices rather than securitising discourses. These different approaches are sometimes also distinguished as the „Paris‟ and the „Copenhagen‟ school, respectively (Reid 2014). This theoretical framework of securitising practices is useful in the context of function creep for several reasons. At first, as Leonard (2010, p. 236) explains, in the EU context a discourse of securitisation is often not visible because security has become institutionalised, and therefore there is no necessity to address a security threat in speech acts. Secondly, Leonard points out that the EU is not a state and hence has no government or president to make dramatic securitising speech acts as often happens in national contexts. Balzacq (2008) in the same vein argues that securitising tools often substitute discourses of securitisation (and hence securitising practices should be studied).
14 The purpose of using this framework is not to determine whether EU databases are a „securitising practice‟ or to determine whether the databases have contributed to a so-called securitisation of migration and asylum. Rather, the aim is to find out whether there are securitising elements in the policy process through which function creep occurs, and whether this securitisation has had an effect on the occurrence of function creep. The securitisation framework is seen as one possible explanation for the occurrence of function creep, a factor that could have played a role in the policy process. As Broeders and Hampshire (2013, p. 1204) rightly point out, the „security framing has upstaged other issue-framings and organisational logics‟. These other framings are ideas about border efficiency, facilitating mobility, and the domestic politicisation of immigration in Europe. Several of these are therefore also addressed as possible explanations for the occurrence of function creep. I will now first turn to how securitisation theories would explain the phenomenon of function creep in the EU border control databases.
2.4 Function Creep as the Outcome of Securitising Practices
The process of securitisation takes place because certain (political) actors seek to legitimize their actions. When an issue is identified or constructed as a security issue or „threat‟, and acknowledged by the public as such, stricter measures will be accepted as a legitimate means to fight this issue or threat (Neal 2009). As Leonard (2010, p. 235) explains, this process allows an actor to use whatever means possible to block the situation that is defined as a security threat. In this sense, when migration is perceived in terms of security (as is often the case in the EU context5), function creep might be the outcome of a shift in what means are tolerated in order to control undesired migration.
Balzacq (2008, p. 80) focuses on the concept of securitising tools, which according to him are „instruments which, by their very nature or by their very functioning, transform the entity (i.e. subject or object) they process into a threat‟. According to Leonard (2010, p. 237) in the case of EU migration and asylum policy, this means that securitising practices are activities that deliver the idea that migrants and asylum seekers are a threat to security in the
5 For example, on the proposal to give law enforcement agencies access to the Eurodac database, the Council of
the European Union has stated that: „Frequently, asylum-seekers and foreigners who are staying in the EU unlawfully are involved in the preparation of terrorist crimes, as was shown not least in the investigations of suspects in the Madrid bombings and those of terrorist organisations in Germany and other Member States (for instance, two of the five accused in German proceedings against the terrorist group “Al Tawhid”, which prepared attacks against Jewish institutions in Berlin and Düsseldorf, were asylum-seekers)‟ (Council 2006b). In interviews with EC officials that were conducted for this research, anecdotal evidence of how migration is linked to security threats was also brought forward.
15 EU. Balzacq (2008; 2010) makes a distinction between securitising tools and instruments of securitisation. The difference between those is that the latter addresses an issue that has already been accepted as a security threat, whereas a securitising tool transforms the issue it is concerned with into a security threat (whereas it was not yet considered as such). Important to note is that policy makers are the ones who define what deserves the attention of policies and are, therefore, the ones that determine what is a problem or threat and what is not. Hence, policies represent a subjective picture of what is considered a threat. As Evelien Brouwer (2006) and Balzacq (2008, p. 77-80) explain, the EU migration control databases reproduce the image of migration as a threat, and hence they create a dominant view on what ought to be done about it. In the case of the border control databases, they command that people should be traced and localized. Balzacq (2008) argues that the nature and functions of policy tools affect the image of a threat, and the other way around. According to this logic, the EU border control databases transform the image of migration by portraying it as a threat. Function creep then is the outcome of a self-reinforcing process of EU databases that transform migration into a security threat, which leads to the need to expand the functioning of these databases, which again enhances the view that migration should be perceived in terms of security. Balzacq argues that the EU databases are always under pressure to extend their functions because of the dominant perception of the current environment as a precarious one. He notes how „it is this possibility of securitisation tools being vested with new functions (that would otherwise not be accepted), through invocation of “exceptional circumstances”, that turns them into securitising tools‟ (p. 82). According to Balzacq, then, the very fact that function creep occurs within the use of the EU databases is what makes them securitising tools. Being securitising tools, the EU databases shape the EU‟s understanding of terrorism; the functioning of the systems show how the EU perceives the nature of a threat (Balzacq 2008, p. 87). This understanding contributes to the idea that the databases are required to be deployed for security whenever possible, making function creep inevitable. Function creep in this sense is a cause of the EU databases being securitising tools, as well as a result.
One of the main issues that Balzacq addresses is that the databases are securitising tools because they depoliticise certain issues. They place issues „beyond normal politics‟ and „beyond public debate‟ (Williams 2003, p. 515), which can be illustrated by how the Commission (CEC 2005, p. 3) has noted how „interoperability is a technical rather than a legal or political concept. This is disconnected from the question of whether the data exchange is legally or politically possible or required‟. In other words, it is de-politicised. It is
16 important to question whether this de-politicisation contributes to making function creep possible in the policy process of the EU databases.
2.5 The Politics of Indifference?
Bigo, too, considers it relevant to study securitising practices in addition to securitising discourses. He emphasizes the importance of analysing the role of security agents in the public and private domain, as well as in institutions like the military and the police (Bigo 2001; 2002; 2014). In one article (Bigo 2014), he argues how there are three social universes (military/navy, border guards/police and database analysts) that each have their own logic in how to control the EU borders. The first universe is the military universe, which emphasizes the need to defend solid borders through patrolling. The second universe (of border guards and police) is focused on internal security and based on the logic of separating legal and illegal travellers. The third universe is the universe of the data analysts, whose logic is based on a virtualisation of borders and who emphasize the importance of technology and technological borders. Bigo concludes that within each of these universes a politics of indifference is found, by which he means that the attention is not focused on the individual human beings that are crossing the border, but on the practices that are used to control the EU borders. Bigo convincingly elaborates on the severe consequences these so-called „(in)securitisation practices‟ have on the individuals concerned. What is aimed for in this thesis then is to examine whether such politics of indifference and (in)securitisation practices may contribute to the extension of the functions of the EU databases.
In „Security and Immigration: Toward a Critique of the Governmentality of Unease‟ (2002) Didier Bigo points out how security professionals have become the „managers of unease‟, the ones who manage the fear of security issues related to migration. They have succeeded in making security their object by making the public (as well as politicians) believe that they are the only ones with the knowledge of how to manage it. They have created autonomy in their field of security and the management of fear (or de-politicise it, in Balzacq‟s terms). These managers of unease are, according to Bigo, especially salient in the European Union, where they have „created their own fora and networks, sometimes against their national politicians‟ (p. 75). An important line of reasoning in Bigo‟s work is that the securitisation of migration is the result of the fact that these managers of unease present migration as a security issue in the struggle to maintain their position (2002; 2006). Migration as a security issue becomes the dominant institutional knowledge in institutions like the
17 military, the police and intelligence services. Furthermore, Bigo (like Balzacq) argues that securitisation of immigration is not the cause of the development of technologies of control and surveillance; it is the result of these technologies (p. 73). Securitisation for Bigo means that a certain group, the immigrant, is categorized as a risk group. This risk profiling of the migrant as a category is exactly what databases such as SIS, VIS and Eurodac do. Hence, Bigo argues, they contribute to the securitisation of migration (or as Balzacq would say, they are securitising tools).
2.6 Solutions Looking for Problems
Looking more closely at theories of decision making, several other explanations for function creep can be identified that lie in between functional and securitisation explanations for function creep. The concept of „solutions looking for problems‟ is especially useful in this regard. This concept was first used by Cohen, March and Olsen (1972) in their elaboration on the „garbage can model‟. With this model they make an attempt at explaining the decision making process in what they call „organised anarchies‟. The characteristics of these „organised anarchies‟ are particularly present in educational and public organisations. In the garbage can model there are three elements or streams: problems, solutions and participants. These streams come together in the „garbage can‟ in which problems get attached to solutions and to participants. The core idea of the garbage can model is that solutions are looking for problems, as much as problems are looking for solutions. Participants (policy makers) are engaged in trying to link problems with solutions. It is however not always the case that problems are identified and subsequently the search for solutions to these problems starts. In fact, solutions are often already existent and participants (policy makers) seek to find a problem that fits their solution.
Kingdon and Thurber (1984) have successfully applied this model to policy making in the public domain. They have organised the three streams identified by Cohen et al. into the problems, policies and politics stream in the decision making process. Each stream encompasses several elements of the policy process, and all kinds of actors are involved in this process. The problems stream encompasses all these actors‟ ideas on what the problem is, whether it is getting better or worse and whether the public is aware of the problem. The policy stream contains the potential solutions for the problem, and the politics stream contains the state of politics and public opinion. Decision making or policy change occurs when these streams, which typically run parallel and are separated from each other within a policy area,
18 meet in a „window of opportunity‟. Such a window of opportunity can arise as the result of, for example, a change in the understanding of a problem, an event that draws attention to a problem or a change in public opinion.
These models of decision making imply that the occurrence of function creep could be the outcome of several processes. It could be the outcome of a change in how problems are understood or perceived, a change in which solutions are available, a change in the political domain, or an interaction of these. Securitisation perspectives would suggest that events of terrorism and the changing perception of migration as a threat have triggered the window of opportunity in which function creep could occur. Other scholars have found that the availability of new technologies and hence, new solutions have created such a window of opportunity. Several of these scholars have stressed how technology plays a leading role in migration policies.
Guild, Carrera and Eggenschwiler (2009) for example have argued how there is an untested belief in technology as the solution to any kind of security problem that the European Union faces. According to Guild et al. such an approach fails to take the human and ethical consequences of reliance on technology into account. Besters and Brom (2010) make a similar point by making notion of the „greedy‟ character of information technology. „Greedy‟ in this context means that information technology „elicits a dynamic of its own in which the political ends become to depend heavily on the technological means‟ (p. 457). They too criticize the instrumental view on technology that is at the basis of European migration policy, which fails to take this „greedy‟ character of IT into account. Broeders (2007, p. 82) notes how technology is „leading the way‟ while politics is „following‟. As mentioned, Bigo (2014, p. 221) too criticizes how an emphasis on the possibilities of technology and „technological borders‟ have pushed the interests of individual human beings to the background. Along these lines of thinking Balzacq, Bigo, Carrera and Guild (2006) have argued how counter-terrorism policies amplify the importance of data collection. They explain that the logic underlying EU border control policies is that security depends on the level of density in the exchange of data. Aus (2006) in turn argues how Eurodac is a „solution looking for a problem‟. He explains how established rules and existing national solutions are applied to new situations at the EU level, without making an adequate analysis of other possible solutions.
19 2.7 Summary
In short, three (somewhat simplified) hypotheses follow from these theories. The first is that function creep is nothing more than the natural outcome of a policy process that seeks for new, innovative and efficient purposes for already existing policy tools. The second is that function creep is the outcome of migration being securitised in the contemporary world of EU policies. The third is that function creep is the outcome of new technological solutions that become available and the corresponding process of „solutions looking for problems. The remainder of this thesis will engage with testing these hypotheses.
20
3. Data and Methods
This research is based on two main sources of data gathering: policy analysis and interviews. The first is particularly important with respect to establishing that function creep occurred in the use of SIS, Eurodac and VIS and how and when it occurred. Interviews are more important with regard to establishing why it occurred. Hence it is considered important to make use of triangulation of sources for this research. Policy documents will provide information on the official, institutional context of the occurrence of function creep and can provide reliable and adequate information on events of function creep that happened a while ago. However, it should be taken into account that these documents are produced by the EU and are open for a public audience, which probably means that they do not give all the information on why function creep occurs, if reasons are given at all. Hence, the method of interviews has been chosen in order to be able to get a better understanding of why function creep happens. Function creep is a sensitive political topic6, and it is therefore particularly interesting to find out whether the evidence from documents points in the same direction as evidence from interviews. An advantage of the fact that function creep is a contentious political issue is that opponents as well as advocates of function broadening make their voices heard. Interviewing both parties is therefore likely to yield nuanced results.
3.1 Documents
The documentary analysis is based on documents that were publicly available and some additional documents that were provided by the interviewees. I started out with reading documents published by the organisations that have a critical view on function creep (mainly Statewatch, the Meijers Committee7 and the DPAs). It was easy to find documents in which they summarize their standpoint on the different occurrences of function creep within the EU databases. These documents refer to the EU documents from which the policy process becomes clear. They refer to drafts of policies as well as final decisions and regulations. It is therefore easy to find documents on the policy process and it is often also not difficult to find out what information is missing on the internet. Since so many organisations are involved in monitoring the policy process of function creep, I am confident that quite a complete picture
6 This was also pointed out by several of the interviewees.
7 An independent group of experts in the field of European migration-, criminal-, asylum-, privacy-,
21 of the policy process has been reached in this research8. What is more difficult is interpreting why function creep occurs. In many documents, there is an officially stated reason for why function creep happened. This reason is, obviously, that function creep is a necessity and that it will effectively contribute to safeguarding security. The question is whether this is the factual reason why function creep has occurred, a question that will be answered by information from interviews.
3.2 Interviews
In order to maximize the likelihood that policymakers and other EU officials will truthfully give their insights into why function creep occurs, the decision has been made not to use the names of the interviewees in this thesis, and also to notify the interviewees prior to the interview that their names will not be mentioned in this research. This decision is made when one interviewee stressed that the topic of this thesis is a politically contentious one, and that by no means the interview could be taped, nor would he allow to be quoted in such a manner that he could be identified. It was then decided to notify the following interviewees that their names would not be used, to make sure that they would not in any way feel restricted in the information they gave. As was pointed out however, the sensitivity of the topic of function creep must nevertheless be taken into account. In some interviews it was evident that the interviewee represented the view of the institution he or she worked for. It could be the case that some information remains hidden as the interviewees might not have been willing to make a statement that contradicts the view of the institution (which is perfectly conceivable in the case of those working for the European Commission (EC) or the Ministry of Security and Justice). For other interviewees I was more confident that they gave their truthful opinion, for example since statements such as „I will say this off the record‟ were made, or it was emphasized how I was not allowed to name people in my thesis in an identifiable manner.
In addition, the choice was made not to use the concept of „function creep‟ in the interviews, unless the interviewees themselves came up with this term. From the documents (and from the interviews as well) it was clear that governmental actors generally do not see the new purposes of SIS, VIS and Eurodac as „function creep‟. As mentioned, since this term has a negative connotation, the term „function broadening‟ was preferred in interviews in order to emphasize my objective position. However, the choice is made to use the term
8 For example, one interviewee from the Dutch Ministry of Security and Justice said she could not send me a
certain document since it was not public. She later e-mailed me that it was available through Statewatch, so that I could use it anyway.
22 „function creep‟ in this thesis anyhow, since what has happened in the cases of SIS, VIS and Eurodac is defined in the literature as such. In the remainder of this thesis, the terms of „function creep‟ and „function broadening‟ are used interchangeably. When the concept of „function broadening‟ is used, then this either reflects the wording of the particular interviewee, or it is used because it concerns advocates of the expanding functions of the EU databases, since (to my knowledge) they never use the term „function creep‟. Moreover, it is important to note that prior to the interviews, I explained to the interviewees which specific cases of function broadening regarding SIS, VIS and Eurodac I was addressing, in order to assure that no misconceptions could arise as to what the interview was about (whether the term „function creep‟ or „function broadening‟ was used).
In order to gain an oversight of which actors are represented in this study, it may be enlightening to have an overview of who is involved in policy making on SIS, VIS and Eurodac. Policies on these databases are made in the Directorate-General for Migration and Home Affairs (DG-Home), which is part of the European Commission (the executive branch of the EU). Policies made in DG-Home contribute to its central aim of creating an „area of freedom, security and justice‟. Hence, DG-Home encompasses the policy staff of the databases; the technical staff responsible for the databases can be found in eu-LISA, which is the decentralized agency for the „operational management of large-scale IT systems in the area of freedom, security and justice‟ (eu-LISA 2015). Unfortunately, only the policy staff (and not the eu-LISA staff) is represented in this study, mainly due to practical limitations9. Again, for practical reasons, the choice has been made to interview policy makers and legal officers from the Dutch Ministry of Security and Justice (MSJ) that have been involved in policies concerning either (or more) of the databases, in order to find out what the role is of national politics in the occurrence of function creep. In addition, an interview was held with three policy makers and advisors concerned with technology and law enforcement of the MSJ. These people did not have specific expertise on the databases, so this interview was focused on the interaction between policy and technology in general (this choice was made when it became evident that the „solutions looking for problems‟ idea appeared to be important in explaining function creep). Hence, at the national level only the Dutch government is represented in this study. Then there is the European Parliament (EP), the directly elected institution of the EU. Two Member of the European Parliament (MEP) have been contacted
9 Interviews with EC officials could be held in Brussels, Belgium (where the EC is based), whereas eu-LISA is
based in Talinn, Estonia. Attempts at arranging telephone interviews with representatives of eu-LISA have been unsuccessful.
23 since they were recommended by other interviewees to have important insights or interesting views on function creep. Unfortunately, an interview could be scheduled with only one of them. In addition, the DPAs were contacted since they function as authorities to ensure privacy and data protection, and are hence one of the main actors in expressing criticism on function creep. One interview has been conducted with a representative of the Dutch DPA, the „College Bescherming Persoonsgegevens‟ (CBP), and another one with someone from the Belgian Privacy Commission, who was seconded to the EDPS for several years. Important to note is that most of the interviews focussed slightly more on Eurodac than on SIS and VIS. This is because the regulation on law enforcement access to Eurodac is very recent and hence this decision-making process was still fresh in mind. Logically, when interviewees were asked for examples, they mainly addressed Eurodac.
The interview candidates have largely been selected through the snowball method. Key actors have been identified in a number of ways. I have contacted scholars with an expertise on the topic of this study and asked them for recommendations on who would have relevant information for my thesis. This has led to an interview with a legal officer from the European Commission who has been involved in border control policies since the early nineties, as well as to an interview with a Member of the European Parliament. Furthermore, I have contacted the Head of Unit of „Information Systems for Borders and Security‟ of the European Commission, and asked for an interview with those responsible for SIS, VIS and Eurodac. I arranged an interview with the person responsible for SIS and the person responsible for VIS within DG-Home. In addition, I contacted the Dutch and the European Data Protection Supervisor (EDPS). Furthermore, the Dutch Ministry of Security and Justice was contacted and one interview with someone from the Ministry led to conversations with four other people at the ministry who, according to my interviewee, had relevant information for my thesis. One of these interviews (which were all held with people of the directorate on law enforcement and crime prevention) led to another interview with someone of the directorate on migration policies. Some other interviewees also dropped names of people who were said to have an interesting view on function creep, which were then also contacted. In total, I have conducted eleven interviews and spoken to fourteen people (as some interviews were with two or more persons). These consisted of one MEP, four people of DG-Home of the EC, seven people of the Dutch MSJ, one person from the CBP and one person from the EDPS10.
10 A list of the interviewees and non-respondents, as well as information on the duration and documentation of
24 I am confident that all the important actors that are involved in the policy process around function creep are covered, both those in favour and those against function creep. Again, because I have spoken to both parties (and also because interviewees often referred to people from the „opposing‟ side whom I then contacted as well) the snowball method is not considered to result in a bias among the respondents. There is of course an absence of random sampling, but this is not considered a problem since the „snowball‟ is started at several points (two scholars from different fields, the European Commission, the data protection supervisors). In addition, as has been mentioned before, the available documents point out who are the important actors within this field. I am therefore confident that the interviewees represent the important views on function creep. One downside is that on the national level, only the Dutch MSJ is represented. This may cause a bias in the results, since the Dutch government may not be representative of all Member States. For example, the Netherlands is generally considered as a country where immigration is a highly politicised issue in domestic politics (Broeders 2011). Hence, the role of the Netherlands in explaining function creep may not be representative of the significance of national politics of Member States in function creep in general.
3.3 Process Tracing and Content Analysis
To analyse the information provided by documents and, mainly, the interviews, use has been made of the methods of process tracing and content analysis. Process tracing is particularly used to analyse how initial conditions result in a particular outcome, and what the causal mechanisms are that turn the initial conditions into an outcome. It is typically used as analysis of decision-making processes and to understand how and why outcomes occurred (Checkel 2006). With regard to the subject of this thesis, there is an initial condition in which a specific purpose of a database is determined, and there is the outcome of the database being used for a different purpose. Process tracing is useful to analyse what happens in between, in other words, what the causal mechanism is that makes function creep occur. In the theoretical framework broadly two potential mechanisms have been identified that may have caused the occurrence of function creep. Function creep may be the outcome of the process of striving for efficiency and effectiveness, or it might be the outcome of securitisation practices (or it may be the outcome of solutions looking for problems, which has characteristics of both). The method of process tracing requires that it is established what the observable outcome would be if a specific causal mechanism is present.
25 The logic underlying function creep as an outcome of the pursuit for efficiency and innovation is that extending the use of the databases will lead to more effective policies. The observable outcome that we are looking for is then any kind of evidence that this logic was or is present. If function creep is the outcome of pursuing efficiency, then what should be observable is evidence that the extension of the functions of the databases will lead to more effective border control or more effective law enforcement. Of course, it is also possible that no factual evidence is present, but that there is a general belief among policy makers (or other actors) that expanding the functioning of the systems will contribute to the effectiveness of a policy. This belief, however, may also be the result of securitisation processes. In this sense, the two mechanisms may not be unrelated or mutually exclusive. In addition, if the mechanisms specified under the securitisation theories are what makes function creep occur, then it should be visible that policy makers perceive migration in terms of security.
It was decided to use semi-structured interviews because it was considered important to give interviewees the possibility to express their view on why function creep occurs before making them aware of the causal mechanisms that could possibly trigger function creep. Later on in the interviews a more structured part was incorporated to make sure that all issues from the topic list were addressed, so as to be able to make the results comparable. In order to carry out the method of process tracing, i.e. to find the causal mechanism that triggers function creep, use has been made of content analysis. The information from both documents and the interviews have been systematically assessed and put into schemes. All the factors that were identified as possible causes of function creep were put into an Excel scheme. These could be either factors that emerged from the theoretical framework and hence were included in the topic list for the interviews, or new factors that were brought up by interviewees. In one scheme the information from documents was organised, in another scheme the results from the interviews. This provided an overview of the general patterns in the information, but also gave insight in contradictions between what interviewees said, and contradictions (and similarities) between documents on the one hand and interviews on the other.
As regards the interviews with policy makers, saturation has been reached. Especially the last few interviews with representatives of the Dutch MSJ did not yield relevant new information and were in line with what was expected. For the interviews with the Commission, it cannot be determined with certainty whether more interviews would have provided new findings. Three of the interviewees provided very consistent information, but one EC officer had a very different perspective. In that sense, it might be the case that new interviews would have provided more information. The same goes for the EDPS and the CBP.
26 Only one representative of either of these institutions has been interviewed, so more interviews would likely have resulted in more information. However, since the perspective of these organisations is also quite clear from the documents they provide, it is still assumed that a representative view of their perspective has been reached. Overall, if the sample of „critical actors‟ represented in this study is taken together, then it must be concluded that this study gives quite a complete picture of the field, but more interviews would perhaps have resulted in complementary results. The findings of this study are therefore considered to be especially relevant and complete regarding the explanations for function creep from a policy making perspective.
The results of this research will be presented in three sections. The first section is based mainly on the analysis of documents. Firstly, it focuses on how it can be established from documents that function creep has occurred in the cases of SIS (II), VIS and Eurodac and how and when precisely this happened. Secondly, it elaborates on the reasons that appear in EU documents for the occurrence of function creep. As explained, it is unlikely that documentary analysis can provide a complete explanation for function creep. To this end, a second chapter is devoted to the findings of the interviews that have been conducted for this research. In the third section these results are analysed on a more theoretical level. This section thus elaborates on the extent to which the findings support or contradict the theories presented earlier in this thesis.
27
4. Function Creep in SIS (II), VIS and Eurodac
The first step that needs to be taken in order to answer the main question of this research is to establish that function creep occurred, and how it occurred. As noted previously, function creep is defined as the process through which measures adopted for one purpose are applied to new purposes. To a certain extent, the Commission admits that function creep has occurred. It has stated with regard to the „purpose limitation‟ principle in July of 2010 that:
SIS, SIS II and VIS appear to be the main exceptions to this pattern [of instruments with a unitary purpose]: the original purpose of VIS was to facilitate the cross-border exchange of visa data, but this was later extended to preventing and combating terrorism and serious crime. SIS and SIS II aim to ensure a high level of security in the area of freedom, security and justice and facilitate the movement of persons using information communicated via this system. With the exception of these centralised information systems, purpose limitation appears to be a core factor in the design of EU-level information management measures. (CEC 2010, p. 22)
As for Eurodac, in this same document it is stated that it serves the unitary purpose of enhancing the functioning of the Dublin system. Today it is known that Eurodac, too, will from July 2015 on be used for law enforcement purposes and hence the purpose limitation principle has moved to the background. The question arises why the purpose limitation principle is abandoned (or not applied in the first place) in all three of the EU migration control databases, and not in the case of the other information management instruments that the above mentioned report is about.11 In a different document, the Commission calls for „improving technical interoperability and synergy of information technology systems in the area of Justice and Home Affairs‟ and stresses how SIS, VIS and Eurodac „beyond their present purposes‟ can more effectively support the policies linked to the free movement of persons and serve the aim of combating terrorism and serious crime (CEC 2005, p.2). Both reports merely state that the original purposes of VIS, SIS and SIS II are extended, but do not give an explanation for this extension. Before attempting to explain function creep in the next chapters, below an elaboration is given for each database as to how and when exactly purposes were changed or extended.
11 API (Advance Passenger Information, which serves the purpose of border control), the Swedish initiative (to
enhance criminal investigations), the Naples II Convention (for fraud prevention and detection), CIS (Customs Information System, for preventing and investigating serious violations of national laws), ECRIS (European Criminal Records Information System), FIUs (Financial Intelligence Units) and AROs (Asset Recovery Offices, to streamline cross-border data sharing) and the Prüm Decision, Data Retention Directive, TFTP (Terrorist Finance Tracking Program) and PNR (Passenger Name Record, to combat terrorism and crime) (CEC 2010).
28 4.1 SIS and SIS II
The Schengen Information System is a registration and surveillance system that contains data on objects as well as on persons. These can be people that are wanted as witnesses or suspects, or people that should be refused entry into the Schengen area. SIS has a supplementary system, SIRENE (Supplementary Information Request at the National Entry), which provides additional information to national governments. The information stored in SIS is a person‟s name and surname, date and place of birth, gender, distinguishing physical features, nationality, whether the person might be armed and/or dangerous, the reason for the report in the SIS database and the „action‟ that needs to be taken regarding this person. SIS functions as a so-called „hit/no hit‟ system: if entering a person in the database results in a „hit‟, meaning that this person is recognized by the system, then the system gives an instruction to, for example, apprehend that person (De Hert 2004, p. 40). The purpose of SIS is to maintain public order and security and to apply the provisions of the Schengen Convention on the movement of persons within the EU, by using information that is transmitted by SIS (Schengen Convention 1990, article 93). In 2003 the functions of SIS have been extended for the purpose of counter-terrorism. A new regulation has given internal security agencies (limited) access to the SIS data, and some additional personal data have since then been collected in the database (such as whether a person is armed) (Brouwer 2004, p. 5). Since 2004 there have also been moves to add new categories of information to the system, such as biometric data. Furthermore, law enforcement agencies such as Europol and Eurojust have been granted access to the data stored in SIS and SIS II (Council of the European Union 2002).
The successor of the Schengen Information System, SIS II, was developed because the original system was designed for a maximum of 18 Member States, meaning that through EU enlargements the system had reached its maximum capacity. In addition, the events of 9/11 created a demand to include biometric data in the system, which was not possible in the original set-up of the SIS database. SIS II was established to overcome both these problems (Council 2006a). The fact that the second generation SIS is to an increasing extent used for investigative purposes and that law enforcement agencies such as Europol and Eurojust have been given access to the database, according to the Council directly evolves from the Council Conclusions after 9/11 (Council 2002).
As mentioned, the official aim of SIS is to enforce public order and security, but Guild (2001) points out that it is mainly preoccupied with immigration. What is interesting in this regard is that two European Commission legal officers (2015, 29 April) emphasized how it is
29 a misunderstanding that SIS is a migration and border control system. It was established as a compensatory tool in the creation of the Schengen area of free movement, but it was never meant as a migration and border control system. They explained how SIS from the beginning has been a security system with police cooperation as its purpose. They argue, therefore, that the fundamental purpose of SIS has never changed and hence one cannot speak of function creep. According to them, the case of SIS is rather different than the case of VIS and Eurodac for which the occurrence of function creep can be more clearly identified. The fact that SIS is used for purposes of counter-terrorism is not in any sense a case of function creep. According to them, counter-terrorism perfectly fits SIS‟ original purpose. This is remarkable in light of the aforementioned quote from an EC document in which it is stated that SIS does not have a unitary purpose and as such the purpose limitation principle is of minor importance regarding policies on SIS. In another document the Commission states that the fight against terrorism has transformed the SIS from a reporting tool into an investigation system, and how the new functions of SIS „fundamentally change its purpose‟ (CEC 2001, p. 7). In this document the Commission also states that SIS II needs to be a flexible tool that is able to adapt to evolving threats. Just as for VIS (as will be shown below), in this sense function creep is avoided by not giving the system a clear purpose to start with.
Brouwer (2008, p. 104-106) explains how expanding the purpose of SIS has been legitimised by referring to its broadly defined purpose of maintaining public order and safety. Brouwer however also explains that in SIS I there was a close relationship between the general purpose and the specific purpose of each category of information, and how this relationship has been abandoned in SIS II. According to Brouwer the broad purpose of SIS should be read in combination with these specific purposes, and can therefore not serve as a legitimisation for broadening its functions. Hence she concludes that the use of biometric data and the access granted to internal security agencies and Europol have in fact changed the purpose of SIS from a hit/no hit-database into an investigative or intelligence tool. Contrary to the opinion of the EC legal officers working on SIS policy development then, Brouwer says that function creep has taken place within SIS. What must be noted is that a representative of the CBP has stated that the purpose of SIS has in fact changed, but that he considers this less of a problem because this change of purpose has been much better substantiated (2015, June 2). He argued that function creep in the case of SIS „could be justified‟ whereas this is not the case for VIS and Eurodac.
