EU project iBorderCtrl: Is the lie detector coming or not?

A document made legible again reveals how the beneficiaries of EU security research have been pushing for legislative changes for the introduction of prohibited technologies. The EU Commission is now funding a follow-up project with 8 million euros.

For three years, a consortium of European companies, institutes, universities and police forces had been working in an EU project on technologies to make the work of border and customs authorities easier. Several applications were combined in a „Intelligent Portable Border Control System“ (iBorderCtrl), which officers can access via a mobile device. The principle is that travellers feed as much personal data as possible into the system themselves before entering the country.

The platform then carries out a risk assessment and includes other data sources. An algorithm decides whether the person is classified as harmless. Then the border crossing at automatic control gates can take place quickly and smoothly. Those who are classified as risky by iBorderCtrl have to go through a „manual“ border control.

Shortening extended controls

With research like iBorderCtrl, the EU Commission wants to counter the problem that controls at the EU’s external borders will be significantly longer from 2023. The reason is the introduction of an „Entry/Exit System“ (EES), which also requires travellers from visa-free countries to provide a facial image and four fingerprints. Until now, this has only been required for a visa or an asylum application.

For the EES, all border crossings on land, at sea and at airports will be equipped with devices for taking biometric data. Further investments will be made in self-service kiosks where travellers can have their facial image and fingerprints read from the RFID chip of their passport. If the passport is not biometric, the machine can take the necessary images.

Analyses of microgestures

A central component of iBorderCtrl is a virtual border guard who asks travellers about a dozen questions and checks whether they make a „positive“ impression. This, too, feeds into the risk assessment. Such „deception detection“ by a police avatar can take place at the border crossing, but also in advance.

This might be helpful for a „Travel Information and Authorisation System“ (ETIAS), which the European Union will start operating in 2023. Travels must be announced then before crossing the border. Frontex will be responsible for the subsequent risk analysis of the foreseen travellers  with the help of a „watch list“. In doing so, the border agency could also use „deception detection“.

Frontex has been funding research at the University of Arizona since 2009, evaluating the accuracy of an Automatic Deception Detection System (ADDS). This was referred to in iBorderCtrl. The interrogation simulated there was carried out in the context of a pre-registration, as provided for in ETIAS. Travellers would have to use the webcam of their computer or mobile device for that.

The ADDS quantifies the probability of deception by analysing so-called microgestures of the respondents. The system then establishes a statistical probability of „deceptive behaviour“ by the travellers. The EU Law Enforcement Directive prohibits automated decision-making, so such an assessment must be verified by a border guard.

Presentation to Frontex

Because the procedures tested in the ADDS function like a „lie detector“, the EU project has attracted heavy criticism. In response, those involved and the EU Commission have assured that it is only research and that there are no plans to introduce „deception detection“ into EU border control systems. However, this reassurance has been called into question after MEP Patrick Breyer was able to make a redacted document from iBorderCtrl legible again.

The iBorderCtrl project was led by the European IT company European Dynamics. The now unredacted paper shows that the company presented the project results at Frontex in Warsaw. Further presentations were to take place in „conferences, exhibitions, events and workshops“. Other project partners announced that they would present individual modules to their national border authorities, but also in further Frontex workshops.

The Manchester Metropolitan University, which is also involved and on whose 20-year-old „Silent Talker“ engine the researched „deception detection“ is based, planned to present it at the World Congress on Computational Intelligence. Similar promises were made by Leibniz Universität Hannover, which undertook the accompanying ethical research in iBorderCtrl. The university’s blog and social media channels were to be used for this purpose.

Fear of public debate

It is probably not uncommon for researchers to praise their results at the end of an EU project and promise further promotion. After all, the EU Commission paid the entire costs of 4.5 million euros. The redacted parts of the document, however, show that legislative changes were aimed to introduce currently prohibited technologies.

According to the document, in order for the results of iBorderCtrl to be „effectively“ integrated into existing border control systems, „some politicy and legal reforms may be necessary“. This concerns „deception detection“, but also the automated analysis of travellers‘ Twitter accounts. Therefore, the paper says, it is „it is important that the results of the project be disseminated to EU and national policy makers“.

To this end, it is proposed that „key stakeholders need to be addressed properly“. Members of national parliaments and EU parliamentarians are mentioned as decision-makers, as well as the European Commission, police and border authorities and relevant ministries. Finally, as a third group, „the citizens“ must be won over for the new surveillance techniques. The makers of IBorderCtrl do not expect a „clear consensus“. They even argue that a controversial public debate could „hamper the implementation of policies required for iBorderCtrl“.

„Lobby for legislative changes“

Adding to the scepticism about iBorderCtrl is the fact that essential details about the technical functioning of the individual applications are kept secret. Patrick Breyer, who sits in the Brussels parliament for the Pirate Party, has taken legal action against this before the European Court of Justice (ECJ) in Luxembourg. After a hearing in February, the MEP is now waiting for a ruling that would allow public scrutiny of European research funding.

Breyer is therefore shocked by the revelations of the unredacted document and criticises „that EU research funds are in fact used to lobby for legislative changes curtailing our fundamental rights“.

This is presumably also true for another project in which the research that ended with iBorderCtrl in 2019 will be continued. A „Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security“ (TRESPASS) aims to provide border control and customs authorities with „risk-based profiling“ to detect and prosecute „smuggling, irregular immigration, cross border crime, and terrorism“. In contrast to iBorderCtrl, the Commission has even almost doubled its funding for TRESSPASS to around 8 million euros.

„Assess the sincerity of the traveller“

In TRESSPASS, too, the information provided in advance by travellers is correlated, followed by a query of social media and the „dark web“. If people then arrive at the airport, they are observed by a „real-time behavioural analysis“. Travellers and their luggage can be screened with scanners for this purpose. TRESSPASS also goes beyond iBorderCtrl in terms of the databases used for risk analysis.

On the project website, TRESSPASS answers the question whether „lie detectors“ are also examined with „Yes, in the general sense“. If a suspicious traveller is interrogated, the technology „may be useful to help specifically trained border guards to more quickly and accurately assess the sincerity of the traveler and his statements“.

Image: iBorderCtrl.

Autor: Matthias Monroy

Knowledge worker, activist, editor of the German civil rights journal Bürgerrechte & Polizei/CILIP.