A Brief History of the Evolution of Biometrics and Biometric Database Systems Crossing Borders in EU Law Enforcement

This chapter provides an outline of the historical evolution of biometric databases in the European Union and explores how these developments reconfigure notions of borders within this region of the world. This sets the scene for understanding how the melange of biometrical technologies and digitization has reconfigured how we think about the mobility of people, how modes of surveillance relate to human rights and ethical issues, and what modes of regulation are being enforced. This brief historical summary covers the evolution of a range of diverse biometric technologies and database systems and their use in the context of migration control and law enforcement. Furthermore, the chapter contextual-izes why the Prüm system, a decentralized database system designed to facilitate the mandatory exchange of forensic DNA data amongst EU Member States to control criminality and terrorism, is of relevance to the concept of bioborders.


IntroductIon
This chapter begins with an outline of the historical evolution of biometric databases in the European Union (EU) and explores how these developments reconfigure notions of borders within this region of the world and at its outer edges. This sets the scene for understanding how the melange of biometrical technologies and digitization has reconfigured how we think about the mobility of people, how modes of surveillance relate to human rights and ethical issues, what modes of regulation are being enforced, and how notions of borders have been changed.
This brief historical summary covers the evolution of a range of diverse biometric technologies and database systems and their use in the context of migration control and law enforcement. More particularly, it reflects upon the expanding use of DNA technologies, along with other biometric technologies such as fingerprinting and facial recognition, across border control. The overview of the uses of biometric technologies in migration control and law enforcement helps to contextualize why the Prüm system, a decentralized database system designed to facilitate the mandatory exchange of forensic DNA data amongst Member States to control criminality and terrorism, is of relevance to the concept of bioborders.

From the 'PolItIcs oF Fear oF crIme' to new technologIes In eu law enForcement
Increasing concerns around transnational organized crime and terrorism in the last two decades have given rise to a new type of politics: 'fear of crime' (Hope & Sparks, 2012, p. 5). This pervasive 'fear of crime' responds to the perception of omnipresent global risks of social conflict which make everyone a potential victim. Security policies, thus, respond to quests which derive from feelings of-what the sociologist Anthony Giddens describes as-'ontological insecurity' (Giddens, 1990) associated with globalization and global threats. In his words, contemporary society faces a lack of 'confidence that most human beings have in their self-identity and the constancy of the surrounding social and material environments of action' (Giddens, 1990, p. 92). Linked to ontological insecurity, crime control strategies are responding to global transformations around the fear of crime, which result in the expansion of state surveillance. In parallel, criminal justice systems are also gradually becoming more dependent on the cross-border collaboration of police and judicial actors.
Cross-border collaboration for controlling crime has long motivated the transnational exchange of information across Member States. Yet, motives for exchanging data have changed over time. Initially, expectations about the benefits of exchanging information about stolen goods or about criminals who attempted to escape prosecution by fleeing to another country guided the interest in establishing information exchange. Later, criminal activities were imagined to be more often coordinated transnationally. By then, information exchange was considered to help assemble knowledge about the identities, organization and methods of transnational criminals (Aden, 2016, p. 324). Organized cross-border crime evolved with an increase in transport infrastructures, and it transformed its character due to the fast evolution of information and communication technology (ICT). Such technology gave rise to virtual crimes and financial crimes, enabling the movement of money globally (Fiodorova, 2018). In parallel, from the 1970s, information exchange among police organizations across borders also grew due to the increasing use of ICT (Aden, 2016, p. 324).
Reflecting on recent developments shaping today's perceptions of global risks and threats to security, which have changed substantially since the 1970s (Fiodorova, 2018, p. 28), we come to new perceptions of societal vulnerabilities. While transnational or cross-border crime has long been the focus of security policies, forms of criminality have changed. The securitization of the mobility of migrants and travellers has become problematized since the increased mobility into and across the 'borderless' Schengen space was perceived as a threat. Lately, dramatic terrorist events, such as the attacks in the US on 11 September 2001, in Madrid (Spain) on 11 March 2004 and in London (UK) on 7 July 2005, have been understood as shocks by both society and security organizations and have, de facto, changed security policy agendas.
'Illegal migration', 'transnational organized crime' and 'terrorism' have become standard political 'categories of blame' (Aas, 2013). Such categories serve to legitimize rigorous and sometimes extreme measures to defend states and societies against their perceived enemies. More specifically, such categories of risk have contributed to the justification, implementation and normalization of complex architectures of transnational police and judicial collaboration in the EU. These architectures of transnational collaboration are anchored in sophisticated technologies that use biometric identifiers and complex apparatuses for information exchange across borders. Louise Amoore has proposed in a joint article (Johnson et al., 2011) that two forms of bordering emerged and gained importance in the world of technical landscapes of control and surveillance after the events of 9/11. On the one hand, a form of 'bordering in society' constituted and strengthened by the social, cultural and political distinction between social groups emerged. On the other hand, new 'state practices of bordering' emerged that simultaneously reinforced state sovereignty over border control with new technologies, to be found not solely in border areas but also far beyond. Understanding how the EU's commitment to biometrics in transnational police and judicial collaboration transforms 'state practices of bordering' and is entangled with 'bordering in society' (Johnson et al., 2011) is crucial to the ambition of this book.
In recent scholarship, political geographers, international relations scholars, political scientists and sociologists have extensively contributed to the study of borders and have reassessed how notions of borders have expanded over time. Instead of focusing on the border itself, scholarly interest has targeted bordering practices or bordering processes. With the term 'bordering', scholars aim to capture analytically the continuous processes of fixating and regulating mobility as 'an ongoing strategic effort to make a difference in space among the movements of people, money or products' (van Houtum & van Naerssen, 2002, p. 126).
Since the early 1990s, scholars have tended to consider the exercise of state sovereignty at great distances from the national borders themselves as 'bordering' (Johnson et al., 2011, p. 61). This point of view has come with the argument that favours the inclusion of different sites of bordering practices beyond physical state borders. This brings into the analysis spatial sites inside sovereign territory and also beyond state boundaries at which bordering practices are carried out in the name of extending internal security, as is the case for the EU (e.g. Bigo, 2014). But it also invites us to embrace the 'banal sites' of less visible, mundane, technocratic modes of governance (Walters, 2008) or sites where technologies such as biometric identification are used to connect and structure institutionalized forms of cross-border collaboration in the name of security (Bigo, 2008;Amoore, 2006). The inclusion of different sites of bordering practices beyond the physical state has been accomplished by, for instance, studying the involvement of security professionals (Bigo, 2014) or data analysts (Amoore, 2011) in bordering processes.
The increasing permeability of the internal borders of the EU for people, money and products on the one hand and yet new forms of concentration of state power in the context of transnational cooperation on the other hand have become prioritized research topics in recent border studies scholarship around the topic of transnational cooperation. Predominantly, these intertwined phenomena have been explored in the context of Euroregions as borderlands along specific territorial borders, for example, regions with a sense of joint belonging on different sites of state borders (Johnson et al., 2011;Popescu, 2008). In this regard, in this book we aim to advance the body of literature on bordering practices and bordering sites both internal and external to state territory. We wish to do so by exploring the supranational policy developments that have paved the way for the increasing permeability of borders for data exchange, supranational tendencies towards harmonization yet facing occasionally resisting Member States' autonomous state power.
From early on, experts and analysts proposed policy solutions and feasible technical options to new global threats that included the expansion of surveillance and growth of information exchange. Such strategies build on 'dataveillance' (Clarke, 1988)-the processes of monitoring digital data related to the characteristics of individuals-and include the use of biometric data to identify and track those who are considered risky persons. The development and availability of biometric technologies as identification and registration technologies have shaped what have been considered feasible technical options for various security problems.
Since the 1970s, digital techniques have helped to develop automated human identification based on biometric identifiers. Today, fingerprints, facial images and DNA have become the preferred biometric identifiers taken up by the EU to be stored or exchanged across large-scale information database systems for various purposes. While DNA technologies are used for criminal identification purposes, the other biometric technologies are used for identification purposes of applicants and beneficiaries of international protection, passengers, visa applicants, missing or wanted persons, third-country nationals and migrants in an irregular situation.
Since the late 1990s, strategic documents from the European Council have demonstrated the constantly increasing relevance and reliance on the exchange of information among police organizations. In order to develop a common EU Justice and Home Affairs (JHA), the Treaty of Amsterdam (1997) introduced the Area of Freedom, Security and Justice. Since then, several other programmes-the Tampere Programme (1999), the Hague Programme (2005) and the Stockholm Programme (2010) (Aden, 2016)-have further informed the common strategy for policing and internal security and have emphasized the relevance of facilitating the transnational exchange of information. The Tampere Programme promoted the principle of 'mutual recognition', which was meant to establish trust, even in the absence of shared legal, judicial and administrative traditions in law enforcement. The Hague Programme introduced the principle of 'availability', making it mandatory that Member States make information available for other Member States. As a trust-building measure, the degree to which human rights should be protected was spelled out in the Stockholm Programme: 'The protection of the rights of suspected and accused persons in criminal proceedings is a fundamental value of the Union, which is essential in order to maintain mutual trust between the Member States and public confidence in the Union' (European Commission, 2010, p. 10).
With the introduction of the Area of Freedom, Security and Justice and the strategic programmes that followed, the common joint legal fundament was established, preparing the way for the introduction of transnational information technology database systems ready to collect, store, compare and exchange diverse kinds of data for different purposes. Border and migration control was one domain and law enforcement was the other. Despite emerging as distinct policy areas, migration and crime control have increasingly merged over time with regard to both their legal fundaments and their database infrastructures (Aas, 2011).

PromotIng euroPean IntegratIon by buIldIng
large-scale transnatIonal bIometrIc database systems Rommetveit (2016) has argued that biometric technologies and databasing are part of a transforming vision that easily lent itself to political visions of enhanced border control as a way of promoting European integration. This argument is made by referring, on the one hand, to EU policies driven towards tighter security measures to combat events such as 9/11. On the other hand, the EU's inclusion of ten new members in 2004 is identified as having caused the perceived need for further coordination and collaboration. With the integration of Central and Eastern European countries-the Czech Republic, Estonia, Hungary, Latvia, Lithuania, Poland, Slovakia, Slovenia-plus Malta and Cyprus, it became mandatory to integrate them in the cooperative police and judiciary networks to fight against criminality. The integration of the new countries was regarded with suspicion and caution regarding their values and interests by the Western European nations (Lauristin, 2007) and revealed asymmetries in East-West relations and perceptions. The aim of enhancing border control then became the establishment of biometric data exchange systems facilitating a unified biometric vision inscribed onto border control-related technologies. The unified biometric vision was instructive, for instance, in redesigning travel documents and other biometric technologies serving to verify a person's identity (see also Aas, 2011;Dijstelbloem & Broeders, 2015;Kloppenburg & van der Ploeg, 2018). Rommetveit (2016) has identified the Visa Information System (VIS), Schengen Information System II (SIS II) and EURODAC centralized database systems as the biggest and most important ones to reveal the politically set agenda behind biometric technologies aimed at political and technical integration. Complementarily, Misa and Schot (2005) have used the lens of technology to explore integration as the emergent outcome from a process of linking national technical infrastructures and establishing transnational technical infrastructures. They have also assessed the tensions that derive from linking the different visions of Europe associated with such infrastructures. We follow Misa and Schot (2005) in looking beyond the set agenda of the EU to be sensitive to the implications for de facto (dis)integration and focus on the specific role of biometric data and information infrastructures for political and technical (dis)integration. The European security studies scholar Pedersen (2015) has distinguished between two modes of ordering integration through data information systems that differ regarding the role of state autonomy and state power: vertical Europeanization and horizontal Europeanization. We make use of this distinction to illustrate the implications deriving from centralized or decentralized architectures for information systems. The 'vertical Europeanization' mode of ordering integration builds on European institutions for the creation or preparation of a range of centralized European databases with different purposes. It has been much more used in migration and border control; SIS, VIS and EURODAC, as well as steps taken to enhance the interoperability of these databases, are examples of 'vertical Europeanization' at work. 'Horizontal Europeanization' is the result of Member States beginning to use each other as sources of data without going 'through' the European institutions; decentralized and networked database systems such as Prüm serve as examples of this. Law enforcement actors have for long attempted to maintain state authority and have therefore opted more often for decentralized solutions that allow, at least partially, the retention of some pillars of state autonomy.
M'charek, Schramm, and Skinner (2014) have looked into the impact of integration through biometric information infrastructures and explored the racializing effects of European regimes of border management and the related governance of populations. They demonstrated how such infrastructures-by taking the cases of SIS, Frontex, VIS, Eurodac and Prüm as examples-simultaneously constitute and discriminate against racialized groups of people in practice, even if the explicit language of race and ethnicity is largely absent from its official remit. Regarding Prüm, the authors (M'charek et al., pp. 481-482) precisely encouraged further research to look at the dynamics of convergence between countries' database developments but considering the differences between legal frameworks, systems of governance and, indeed, between policing and laboratory practice around DNA across the various national databases in Europe. Such differentiated exploration is crucial in order to understand the 'unequal consequences of surveillance through Europe's technobureaucratic systems' (M'charek et al., p. 482) ( Table 2.1).
Since the introduction of the first EU-wide biometric information database system (EURODAC) in 2000, the historical evolution of diverse biometric database systems in Europe has been dedicated to the expansion of 'datafication' (Broeders & Dijstelbloem, 2016;Cukier & Mayer-Schoenberger, 2013), that is, the transformation of social action into digital quantified data, trackable and accessible for further analysis. Datafication serves as the foundation for 'dataveillance' (Clarke, 1988) as a form of surveillance that has likewise drastically enlarged in the last two decades. Since its introduction the scope of ascribed purposes of the database system and targeted persons has been substantially extended. EURODAC's purpose was to assign Member State's responsibility for individual asylum requests and to prevent so-called asylum shopping (multiple attempts to request for asylum in different Member States). It used fingerprints as a biometric identifier. Later on, EURODAC became accessible to law enforcement agencies as well. Backed by the European Councils in Laeken (2001) and Seville (2002), the next system, the common VIS, established fingerprints as a biometric identifier and targeted non-EU citizens (Liberatore, 2007).
From 1995, the SIS had already established a common database that enabled the relevant authorities in each Member State to have access to alerts on persons and property. Initially, it worked without biometric data and was used for the purposes of border checks and other police and customs checks, such as issuing visas, residence permits and the administration of legislation on non-Schengen citizens in the context of the Schengen Convention. In April 2013, the second-generation Schengen Information System (SIS II) was launched with enhanced functionality, including the use of biometrics. In June 2018, decision-makers agreed on a new package for the Schengen Information System, the implementation of which will be completed in 2021 and which contains the collection of palm prints, fingerprints, facial images and, in limited circumstances, DNA related to missing persons (European Commission, 2020). Thereby, it has become clear how, over time, migration and border control have merged with law enforcement and stimulated the use of biometrics across purposes. The dominant policy narrative argues that this merging facilitates police cooperation on missing and unwanted persons as well as border control cooperation regarding the mobility of migrants in irregular situations (European Commission, 2020). Proposals adopted and signed by the European Council in 2017 aimed at enhancing the management of Europe's external borders through the use of biometrics included the introduction of an Entry/Exit System (EES) which is planned to be operational in 2020 (Kloppenburg & van der Ploeg, 2018). In 2019, another centralized system, the European Criminal Records Information System for Third Country Nationals (ECRIS-TCN), received its legal foundation with the regulation EU 2019/816 of the European Parliament and of the Council. Centralized data from Member States holding conviction information on thirdcountry nationals and stateless persons supplements the European Criminal Records Information System. The latest iteration of expansion is the current 'interoperability' initiative, which is attempting to connect diverse centralized database systems and make data available for multiple purposes and to streamline systems' users for law enforcement, judicial, migration and asylum matters. The planned Common Identity Repository (CIR) belongs to the backbone of the interoperability project as it aims at centralizing biographic and biometric information of third-country nationals. CIR will store biometric data of SIS II, VIS, Eurodac, ECRIS-TCN and EES which then is available for search and comparison (see Table 2.2).

aPProachIng transnatIonal crImInal mobIlIty: the Prüm system
Although practically all of the technologies and database systems mentioned above evolved over time to control mobility across borders, some of them-such as the Prüm system-were intended primarily to support transnational criminal investigations (Machado & Granja, 2018, 2019aMachado, Granja, & Amelung, 2020;Prainsack & Toom, 2010, 2013Toom, 2018). It is therefore important to remind ourselves of the differences of the groups targeted by migration and border control, on the one hand, and law enforcement, on the other. The major groups targeted by migration and border control database systems are third-country nationals seeking entry into the territory of Member States and EU nationals travelling across countries (Broeders & Dijstelbloem, 2016). The groups targeted by law enforcement database systems, such as Prüm, are individuals with some previous involvement with the criminal justice system. The Prüm system thereby fits what Williams and Johnson would consider as 'a type of surveillance which is essentially concerned with "management" of those already deemed criminal (…) delimiting them from the wider population and managing them through assured detection' (Williams & Johnson, 2004, p. 11). It was in May 2005 that officials from seven countries met in the small German town of Prüm. Member States had become increasingly concerned about the transnational movement of people deemed risky and, consequently, about the growth of transnational crime. Supported by the Schengen Agreement and the Hague Programme, Belgium, Germany, the Netherlands, Spain, France, Luxembourg and Austria signed the Prüm  Convention. The Convention intended to strengthen the cooperation between those seven countries through the exchange of information to combat terrorism, cross-border crime and illegal migration. Preventing and investigating cross-border crime (i.e. terrorism, human trafficking, drug smuggling and illicit arms traffic) has been, at the discursive level of policy formation, the main driving force and justification for most of the crime investigating regimes in the EU that build on biometrics (Aas, 2011). In 2008, some of the Prüm Convention provisions were subsumed into the police and judicial cooperation provisions in EU law by a Council Decision commonly referred to as the Prüm Decision (Council of the European Union 2008a, 2008b). This Decision made it mandatory for all Member States to join this pan-European data network (Toom, Granja, & Ludwig, 2019).
The latest report on the progress of the implementation of Prüm, dating from February 2020, indicates that there are 26 Member States exchanging DNA data. Greece and Italy are not operational in the Prüm system. This does not imply, however, that all countries have established the same level of connections. For instance, while the Netherlands and Austria are connected to 24 countries, the UK and Denmark are exchanging DNA data with just 7 countries (Council of the European Union, 2020).

decentralIzed databases
The Prüm system established transnational exchange on the basis of a decentralized database system, thereby deciding that, instead of aggregating information into one database, data should remain the property of the Member State where it was collected. As such, it challenges notions of borders in a different way to centralized database systems such as those that evolved from the JHA policies. In contrast to centralized database systems, decentralized law enforcement networks, such as Prüm, often derive from pre-existing networks of security professionals or through common professional activities among biometric experts and thus included people who knew each other previously (Aden, 2016). Prainsack and Toom (2010) have emphasized that the Prüm system derived from technocratic drivers of integration.
Efforts by forensic scientists to standardize forensic DNA profiling technologies across national borders date back to the late 1980s, when the European DNA Profiling Group (EDNAP) was established with the aim of preventing and being prepared for an 'escalation of cross-border crimes' in an increasingly integrated Europe. The European Network of Forensic Science Institutes (ENFSI) has been similarly important in the standardization of scientific procedures. Forensic scientists from such networks set up the basic conditions of possibility for the Prüm system: the so-called European Standard Set (ESS) was proposed by a group of forensic scientists of the ENFSI. The EU promoted such developments by providing funding to the ENFSI that increased collaboration 'between European laboratories, ultimately leading to the formation of a pan-European database' (Gill, Sparkes, Fereday, & Werrett, 2000, p. 1). What Prainsack and Toom have coined as 'forensic technocracy' (Prainsack & Toom, 2010, p. 1125 was what substantially enabled the political process of the Prüm implementation. Although the EU's interoperability initiative has been considered in relation to centralized database systems, Prüm-as a decentralized system-has nevertheless also been listed as a candidate for interoperability in the future (EU Commission, 2017).
Decentralized systems also play out in a specific form with the level of autonomy that each Member State has in establishing the norms and actors that will be actively involved in data exchange. Considering that each country remains in control of its database, the EU regulation of the Prüm system stipulates that, for the purposes of supplying data, each Member State shall designate a National Contact Point (NCP), and the powers of the NCPs shall be governed by the applicable national law (Decision 20008/615/JHA). Different countries have given custody of their national DNA databases to different entities, ranging from judicial authorities to police forces.
In the great majority of countries involved in the Prüm system, the Ministry of the Interior (or Ministry of Internal Affairs or Ministry of Home Affairs)-a government ministry typically responsible for policing, emergency management, national security and immigration-has custody of the national criminal DNA database. The exceptions to this scenario are Belgium, the Netherlands, Portugal and Sweden, in which the Ministry of Justice has custody over the national DNA database. The Ministry of Justice typically has specific duties associated with the organization of the justice system, and it oversees public prosecutors and maintains the legal system and public order. In this diverse context, the roles and responsibilities of Prüm NCPs may vary among countries, according to their different organizational structures and national legislation.

PrevIous studIes on Prüm
Over the last years, the Prüm system has received academic attention that can be divided into two main approaches. The first includes studies that focus on the societal, political and ethical challenges posed by the system. In this domain, scholars have been outlining the challenges deriving from the mandatory implementation and rapid expansion of the Prüm system. They have highlighted concerns over the enormous disparities in national legislation and data protection; ongoing issues of transparency, accountability and trust; and the lack of ethical oversight of the transnational flow of law enforcement information (Amankwaa, 2019;Hufnagel & McCartney, 2015;Matos, 2019;McCartney, 2014aMcCartney, , 2014bMcCartney, Wilson, & Williams, 2011;Prainsack & Toom, 2010, 2013Toom et al., 2019). In this domain, a recent number of empirically grounded studies exploring what 'ethics' means to forensic practitioners actively involved in transnational DNA data exchanges under the Prüm system have also emerged (Machado & Granja, 2018). Furthermore, scholars have addressed how forensic DNA evidence is given meaning within the different ways of constructing a police epistemic culture in the context of Prüm (Machado & Granja, 2019a). Additionally, the fluid and flexible forms of constructing suspicion which take shape in transnational governance of crime through forensic DNA databases (Machado et al., 2020) and how NCPs perceive the risks and benefits of transnational exchange of forensic DNA data (Machado & Granja, 2019b) have been recently explored. The second main approach in the literature focusing on the Prüm system has assessed the geographical patterns of cross-border crimes solved by transnational exchange of DNA data (Bernasco, Lammers, & van der Beek, 2016;Taverne & Broeders, 2015. In this regard, one study, based on an analysis of the official statistical dataset of the Prüm system, suggested a territorial divide between Western and Central European countries and Eastern European countries. The research revealed a trend showing that the majority of DNA profiles they collect come from individuals originating from Eastern European countries (Santos & Machado, 2017). The implicit assumption behind this association between the populations of Eastern European countries and the suspicion of crime reveals the subjectivizing effects of surveillance processes. The transnational exchange of DNA data via the Prüm system represents a technological infrastructure that targets the movements of particular suspect communities across Europe (Machado et al., 2020). The continuous (re)creation of assertions concerning criminality and specific populations from certain East European countries is sustained by generalizations of what Didier Bigo has described as the fears of 'transnational movements of people from poor countries to richer ones' (Bigo, 2008, p. 94). horIzontal euroPean (dIs)IntegratIon: bIoborderIng In the case oF Prüm The focus of this book lies in the phenomena of biometric data information crossing Member States' borders by looking at the particular case of Prüm. By approaching it as hidden (dis)integration in Europe, we study the partial suspension and partial reclaiming of nation-state-rooted power along the site of borders for biometric data exchange. More particularly, we propose to combine border studies scholarship, with its focus on transforming nation-state autonomy, and studies that have explored the processes of European (dis)integration (Misa & Schot, 2005) with a sensitivity to the role of technology. Centralized database systems mostly used for the purpose of migration control have been widely addressed in the literature with regard to their transformative effects on understanding borders and remaking Europe via vertical Europeanization (Pedersen, 2015). However, horizontal Europeanization, traditionally more common in police collaboration and law enforcement, and its transformative effect on bioborders, remains understudied. Aiming to fill this gap, this book therefore focuses on how the Prüm system, as an example of horizontal Europeanization, reflects and shapes the implications of the hidden (dis)integration of Europe and reconfiguration of its bioborders.
In the following chapter, we begin by reviewing recent impulses from border studies more systematically to clarify why we are proposing to use the concept of 'biobordering', and we will outline biobordering's components and dynamics. Furthermore, in the chapter we will focus on the Prüm system and begin to outline how it reveals instances of debordering and rebordering that make borders more or less permeable.