 Everything must be digitized. Everything must be quicker and more efficient. But is it then still just and good? And is it what we actually want? Or do we just have a machine which decides above our heads? This is what the following speakers, Anna Biselli, who is a computer scientist and journalist, and Lea Beckmann, who is a lawyer. And so they are really well qualified for this topic. Big round of applause for them. Hi, I'm happy that you're here, and so that's so many of you are here. Introductory round. It wasn't planned, but I want to introduce you. Anna Biselli, she's a computer scientist and a journalist. And she is looking a lot into digitalization and migration, management or control in Germany. And if we know anything about Germany in this or in other countries, this is really something that's really to Anna that we know stuff about that, because she really looked into that. So why am I on stage, actually? I work for the group for freedom rights, and we are an NGO, an organization. And we work for the protection of human rights, usually by going to court. And what we want to achieve is that in certain areas of topics, there are no one goes to courts. You have stuff that goes against the constitution, but no one does anything against that by law or on court. And so we want to stuff this whole and have a more clear look on this. And about migration control, we have two areas where this is the case that no one looks into that. Like for people that are asylum seekers who actually have problems accessing the rights they have because they don't speak the language, they have traumatized experiences. So they have very different problems in their day-to-day life than just going to court. So it's very hard for them. And other sites we have digitalization, which also is for many people technically not understandable what it's about. And like informational freedom is very hard to understand. And so it's important that we have more control by courts over that. And so Anna and I came together about this topic because she, so because Anna works on this topic for a long time, and we do it from a legal perspective and want to see how we can work in this area. I'll go into that deeper later, so just for introduction. Well, and before we start what we do, I want to see, let's see how is digitalization actually, well, what is it doing to refuge and to seeking refuge and to having to flee. Because digitalization is used for like translation, or helping translation, it's also used for giving people information about how it's on the, well, middle, see. On how your Facebook groups will people exchange information about like laws in countries they are, or they are going, moving to also so when you're still as home before they have to flee and also as soon as they enter the new country. And a lot, many refugees have smartphones with them. So someone asks some group, some group asks refugees in Berlin in 2017 and 87% of people who came from Syria to Berlin had a smartphone with them and used it. And 88 had a smartphone after their flight and used it, especially to do things which make their day to day life even possible in the new country. So this is one side of the coin. So it's technology which helps people to arrive, to find their way around. But of course that produces a lot of data. And maybe you know the saying. So if you have food, there will be pigs coming to it. And so also ministries and state bodies are interested in those data. So they can see what happened during the flight, where do people, which routes do people use, what kind of person is this, how do they work with others. So they can analyze single people and they can also, but they can also monitor flight and people who have to flee their homes in a bigger context. And we can, we're of the opinion that Germany is a good example of what happens if ministries which are responsive for those kinds of migration look into these technologies and do a lot of digitalization. So now there's the German Ministry of Migration. And so they made a video about that. And we'll just show that video to tell you what they think about migration. So it says the IT labor of the migration and refugee ministry. So you see there's everything in it. Hi, in our IT laboratory of the Ministry of Migration. This is the place where we implement our digitalization agenda 2020. So we made a lot of, we faced a lot of digital and organizational problems. We make agile software development. So please follow me. So this is the most important room where the developers are right. You have the, okay. You have a lot of like bullshit stuff and bullshit bingo. So you, here you see a database schematic. This is the multimedia presentation room where you have results of developments and the superb results of our work is presented. One of the most greatest factor of our management style powered by Scrum is that we have a place for creative problems solving. So you have three rooms for this. And it's a great influence on our digitalization agenda 2020. So that will be a success. Okay, that was really horrible. Sorry for that. But then the German was also pretty weird. Okay, so we see there's a lot of motivation by this ministry. The following topics won't be as funny because now we're going into, that we dive into the topics we looked at. So first thing, data on mobile phones. So we looked into this together. So how do they, well, use data from smartphones of refugees. So the context is that in 2015 you had more refugees coming to Germany and there have been a lot of changes to the law in the asylum area of the law and so making asylum seeking much more difficult and making people, forced people to leave the country again. So there was a name for that law and this was in 2015 and they also changed the law that the ministry for migration is allowed to read out mobile phones. Okay, so asylum seekers are, so have to, Foreigners shall be personally obliged to cooperate in clarifying the facts of the case. So if you don't have like a passport and stuff like that, they are, well, they are allowed to read your devices like smartphones or other stuff. So you do have a lot of asylum seekers or refugees arriving in Germany without papers. It's more than 50%. So there are a lot of reasons for that. But partially it has to do with some countries it's not very usual to actually have a passport. Some passports are just not accepted. So the Ministry of Interior together with the Ministry of Migration, they just judge some passes as not allowable. For example, like Somalia, they don't accept passports from Nigeria. So the Banff, which is the Ministry of Migration, so it has this legal basis and so if you don't have this passport, they can check it and if they say it's not a valid passport, they are allowed to use your devices. So this can also be transferred to another body of, well, to another body of the state if it's necessary for some reasons. Okay, so you have a lot of reasons again for there's no passport, it's not a digital passport, whatever, so whatever reasons they find. After the Gesetzes für Freirechte, the Society for Freedom Rights, we have talked about the compatibility of this law with the Constitution. We talked to lawyers and various organizations and this was known before it was passed, but it was still passed. We are of the opinion that it is against or it is not compatible with the Constitution. This means that you have to go through all of the court instances up until the Constitutional Court in Germany and then you have to wait several years for the Constitutional Court to say that this was illegal. And this is usually too late. So this is why we decided that we need a strategic lawsuit. We want to bring this to court. This is why we joined forces to make it clear that these infringements on personal rights and basic rights and also the incompatibility with the Constitution become clear. So now about the process. So if you go to BAMF, which is the Federal Office for Refugees and Migration, and you can present a passport, a set of a raw data set is read out from your phone. There is a special software which analyzes this data. There are some components that are supposed to give information about where you come from and what nationality you are. And then there is a result which is then saved in a digital data storage. And this data can then only be used once it has been cleared by a lawyer. And there are several indicators that are looked at. Area codes for calls, incoming calls, outgoing calls, messages. The country codes of URLs opened in browsers, localization data in apps and photographs. Languages used in messages and for Arabic even the dialect. Usernames and emails used for authentication in apps. For example, the name you use for dating apps or Facebook. The results are then saved and can only be used once they have been cleared. The person deciding on your asylum case sees the following. So maps and charts on languages used, probabilities. So from a legal point of view, we have to say that the goal or interest stemming from migration policies is not enough to warrant this kind of infringement on personal data rights. So the integrity and confidentiality of technical systems are... And this relates to all kinds of data on computer systems and mobile phones. And infringement on that has been declared as very important and protected by a high court. And may only be infringed upon if there is a concrete danger for life or... So if there are some dangerous, some huge dangers, it's allowed to infringe upon these rights, but not just for the purpose of policies and interests behind migration politics. And the logic behind this was that there are many people coming to Germany who can't present passports. So they will probably say that they are coming from another country than they are actually coming from in order to gain asylum. And also because you can deport people if people don't have a passport. And the data that we have is actually the opposite. We will talk about this later. So basically just infringing upon these informational rights for accessing data on mobile phones is already illegal in my opinion. So now we need to talk about commensurability of these measures. And every measure used by authorities needs to sort of balance all aspects that relate or regarding a certain action. The first argument is that this is a measure without cause and sweeping, broad scale. There is no individual decision based on the person, but everybody who does not present a passport is subjected to this measure. And this is dangerous, says the Constitutional Court. So basically it's impossible without cause or illegal. So indicators that are analyzed here don't make a lot of sense. It's the second problem. So this is about identity, nationality and where people come from. So if you want to find this out, you need to think about these indicators and wonder whether it's actually possible to prove where people come from. Everybody is fled from a war-torn country. Who are they in contact with during the lifespan of their phone? There will be a lot of area codes of the country of origin, country where they went, countries where relatives live. And the information of value of the area code of this indicator is not very good. Another example is the languages used or the language used. And how much this indicator says. So BAMF says that they can determine the language used and for Arabic this even includes the dialect used. So in general it's very hard to detect language. And here this might even be written language and if we think about Arabic, this is a language that doesn't use Latin characters. So sometimes Arabic sounds that do not exist in French or English. And there are different kinds of phonetic methods to represent these sounds with characters. And this depends on colonial history if these countries were French or British colonies. Just an example for the word liberation. There are different kinds of spelling this in Latin letters. The Arabic word is Tahrir. Also dialects don't really conform with borders of countries. There is a very similar dialect that is spoken in Israel, Palestine, Syria. And now some good examples on average rates. There are some statements that are... There are some bullshit ideas in the statements of people receiving messages in other languages than they were responding in. And the quote... I'm not sure if I can read the whole quote now. There's another problem. So why this problem might have been receiving messages in New Greek? There might have been roaming messages by the provider actually. So there are so many factors that make it very difficult to determine how reliable this information is. And the person taking the decision on the asylum case would have to sort of weigh the options. As I regularly asked Banff about these things, I asked him about the error rate of these language analysis results. And the spokesperson said that they couldn't really tell me because the information they would have to disclose would be so specific that it might be harder to use the technology afterwards. In the same request I asked, what methods do you use, what's your databases, which messengers can you look at? And they don't respond on any of those questions because it's so secret that it would be more difficult to use the system afterwards. And it's possible that this software might not be able to include all kinds of messengers. There might be messages from the provider that the system cannot analyze. So just from the communication usage of this person, the language analysis doesn't work anymore. And even if there are results, they might be wrong. And I'm quite sure that the people working at Banff won't really be knowing what to do with these results. So this year there was an inquiry commission of the German parliament on the data ethics. And this commission found that these points where these data are used need to be very transparent. And they need to publish or disclose the databases, the formulas that are used, the algorithms. And none of this is happening here, despite the fact that this has serious consequences for the lives of these people. This also applies to another system that I talked about last year a bit more. It was the direct analysis that was introduced in 2017 together with other systems. This is about... so somebody speaks into a telephone for two minutes. At the end there is a paper slip that says where this person is from. This is quite unique to Germany. Other countries that try to determine the country of origin usually do this manually with experts, external experts. But Banff wants to do this or does this more and more in automated ways. We also know that there are error rates and that these differ depending on the language. And for example for Levantine Arabic, which is the dialect that is spoken in Syria, the detection is better than other dialects. So this obviously shows that this is a problem. So they have way more samples for Levantine Arabic, obviously, but they don't say how many. They just say that this is a secret and nobody knows except the people maybe asking more detailed questions and trying to figure this out. So you might wonder if you use these systems that are unique. Somebody would have to look at them and maybe independently ideally if this makes sense and if it works. So in 2017 there was a request in the German parliament. Wouldn't you like to maybe have some scientific oversight for this? And the response was that they're planning this for 2018. We're in 2019 today, so I asked them again. And the response was that they aren't doing this yet, but are planning to. So this has been several years and this has affected a lot of people. And I don't know how you can possibly do this as an authority and just not give out any information and reject and refuse any kind of oversight. We have to estimate the consequences of the collection of this data or companies that do this. Companies with collected data have to have to predict what the consequences of that data collection is going to be. And I wanted to know what the results of that were. And they rejected my application for this because it might identify security issues. So we're in front of this wall of silence and we only get drip-fed information, if at all. And this is, of course, one legal problem or one problem of the rule of law after the other. And it's not simply bizarre, it is a problem of the rule of law. If the Federal Office of Migration says that it would be a problem to tell about the error margins, then I would reply that it's a problem if we don't have them. That's partly the lack of reliability in these indicators, but also how susceptible these systems are to error. In addition, there are technical issues. In a quarter of the cases, devices can't be read. Let's start at the beginning. Refugees in Germany, about half of all refugees in Germany don't have any data carriers or at least won't hand them out. So in half of all cases, the Federal Office doesn't get any further because people don't have any devices. In a quarter of cases, there is a technical failure in reading these devices. It's probably because these devices are either very old or very new, or because the cable doesn't work. I'm not even joking. In those cases where data is being read, it tends to be unusable. These are the numbers for 2018. 64% of devices were unusable, which means that, as Anna said, Finnish, Japanese, Chinese, that's classified as unusable. These are the cases where employees spotted that these were unusable. This year it was a bit less, 55%, but in the remaining percent, 34%, support what the refugees said, and only in the remaining 2%, there was reason to believe that there was a conflict between the two. And this increased to 44% versus 1%. And the employees of the Federal Office for Migration don't really seem to think they need this. 11,400 devices were read in 2018, and only in 5,400 cases. This data was then requested, which means that in about half of all cases, devices were simply being read without the data ever being looked at. This is opposed to cost. When this was introduced in 2017, it cost 6.9 million for purchasing hardened software, and ever since, it costs 2.1 million in support fees for an official digitization project. These aren't huge sums, perhaps, but I think they are quite large amounts. If you think about what this is about, it's because there are some people who try to enter or claim asylum in Germany, even though they don't have any right to asylum, and who may perhaps come here simply for the money, but then you're using that money on a digitization project that doesn't really lead to any usable conclusions. And, of course, legal protection is nearly impossible, because as a refugee arriving in Germany, you can't seek legal protection in advance. You're sitting in front of this employee of the Federal Office for Migration, and, of course, you can deny the request to hand over your device, but this can have huge consequences because you're refusing to cooperate, which may cause your asylum application to be rejected or withdrawn, or at least, though, it will lead to mistrust. So, of course, nobody is going to refuse to hand over their device, and if you do fight in court, it's going to be long and expensive, so there is no legal protection. What could alternatives be? I don't even think that alternatives is the right word, because you're only ever going to get an indication you have to keep using the old methods. This is mainly specific interrogation during these hearings, so if people claim to be from a specific part of town, you have to ask them what's the name of the church that your uncle visits, so if you go from the airport to the city, what buildings are on the way, this is a much more reliable method than what the Federal Office for Migration is doing, and it's still the method we really should be using. So, to draw a conclusion, it's a massive... It has massive legal implications. There is no legal protection. It's combined with huge costs and high error rates. Another question is, is Germany the only country that is so stupid? We are asking, but no, of course asylum seekers are also handled this way in other countries. So, many countries in the red marked countries, you see the police is actually responsible for taking devices from people and sending it to migrationary bodies, but in other countries the legal way is there, but there's not a lot known about what is actually done, and we have seen that it's pretty difficult to get information about what happened. I talked to refugee organizations and they said, yeah, it's done, and yeah, it happens often, but we don't know anything specific about it. So, we know, for example, that in Belgium and Austria there is legal possibility of recent, and we know that they're not implemented yet. In Austria we have data protection problems, which play info with that, so they're still thinking about whether that's okay. In the UK there's a special case, but they're very far in front when it's about using data. Maybe some of you have heard that even like smartphones of victims of sexual assaults or other crimes have to hand in their devices and their data is taken to check for evidence. But again, you don't know specifics about what they do with devices of refugees. But if you look at all those laws that are existent in some countries, what is striking is that, well, finding where you're from is very important, and it sometimes even goes on further. So, for example, in Denmark in 2015 or 2016 they started, and they made more laws in 2017, but it's not just about where you're from, but the law says that we can do it about everything that is relevant for the asylum case. And this is a very broad definition. So, well, in fact, some people from the States say, well, if we have any possibility we will use it in Belgium. It's also a bit more legal stuff, so it's not implemented yet because there's, well, it has been taken to the High Court, but so all devices can be searched and they can even be asked like, what is the password for your mail account? So it's not just on the device but also like other data. So it's not just the physical, well, data you have with you, like the physical device you have with you, but they have to, they can force you to give your account data as well. And especially the social media analysis which is planned in Belgium and Denmark already is very, very dangerous. Because actually the one thing is that you have OZIN, so Open Source Intelligent, you're looking at Facebook profiles of people and then also you have their account data, like their passwords, so you can get a real, really a lot of information at a point where actually I don't have any real reason for thinking that this person has done something wrong but I still treat that person as a criminal. And the only thing that person has done is fleeing from their home and that's it. Maybe we can think about that. In Germany a few years ago we had a big problem when it turned out that job centers are looking at Facebook profiles of job seekers and that was like a huge problem and the media wrote about it, so that's bad. But if people do it with refugees, there's no outcry in the media. We had one such case in Germany where we found that through the smartphone data and the identity information they found on the Facebook profile they looked into this person more clearly. And the employees at the bump looked into this and they said, yeah, they like the soccer club from this city and like this local store and this is why I will include this Facebook information on the asylum case. We don't know, as far as we know this is not a standard procedure that they do but you see that it's just going on. They're not just using Facebook information, not just smartphone device information but also social media monitoring. We can look at it in a collective perspective as well because that's how you can find migration routes. So we have three bodies in the US, so they are also using since January 2017 they make social media interpretation and looking at data from there and other channels about refugee routes and where people exchange about the flight and they send a weekly report to federal bodies over this information. This was done for a decision from 2017. You see here like they want to find people who fake documents and stuff like that and then they also started using this for asylum seekers as well. This is what you see what happens with this. They are preparing reports and how the current snapshots of the current situation is they see it and one of their big successes they said is the convoy of hope they found pretty quickly. The border between Greece and Macedonia was open and found in social media as a well rumour and the police quickly found it on social media and so police could stop people. So that was their success and so we asked them how did they do it and what is your legal basis and so what are your predictions you see how this will work out in the future. They don't have anything and they said well we don't have and the German data protection officer inquired why they have so much personal information about data and why they collect so much information. So this is nothing they can do in secret and in transparently because they actually have to do it well openly if they do and so the EU data protection officer made them stop this practice because they said there's no legal basis that can actually that you can cite that empowers you to do that. So it's important that people and ministries and whatever looking into such things because if no one is realizing that those bodies are doing this no one can actually stop them and you see as soon as the data protection officer looked into it they found that's what they're doing is illegal. So another body that's interested in social media information is Europool maybe you know their takedown actions which they do where they well use posts and so-called terrorist information and they also do it with so-called smuggle relevant information that they taked them down from social media. In 2018 they had 18 information that they have been told and then referred that on and the provider and the providers then took those information this information down in 99% of the cases. Now I ask myself well what do they see as smuggle relevant information so is this just posts which say like pay me 15,000 euros and I'll give you a passport and a nice life or is it also for example organizations that are legalized which save people's lives on well on a Mediterranean. So I at least suspect that that's also this and the third body and this is Frontex. Frontex wanted in September to pay half almost half a million for anyone to build them a social media monitoring platform but it went pretty wrong because it was at the same time as the data protection office of the EU checked this and also Privacy International looked into this and other people and they asked that and so Frontex pulled back the well this this idea but they do other things. They use drones and so-called AI to monitor borders and that for pretty long time actually. So there see what is what is there at the at the border is this a car is it a person or is a ship with a person or whatever and how do those people behave. So maybe you go somewhere and suddenly you have a small swarm of drones looking at you for some time and then send it to somewhere else and if you're lucky then the drones will leave afterwards but if you're unlucky they won't. So there is a lot of digitalization about that. I don't have time so there's another talk in this tomorrow so no road borders, no nation or smile for European surveillance program which is tomorrow. So also jump over some other slides because I have no time. So who is profiting of this? Our thesis is that it's a pretty much of an insult against refugees. It's not really working so who is interested in this to go on except for politicians who say oh it's about security and safety and blah blah blah but there's a lot of companies, IT companies and well consulting companies which profit from this and they were also used by BAMF or tried by BAMF and those names always appear on the European playground if you look into such things. So finally you want to look at two digitalization projects of the Federal Office of Migration and Refugees. Do we have time for this? Do you want to watch a video? Today is a big day for a lot of planning and building. We have opened the CIC Creative Information Technology Center. We want to present all our great ideas, future projects, IT projects currently the cloud project which is why the design has a lot of wavy lines. The lamps are a bit cloudy. So this is one of our biggest future projects that we're running at the moment. That's enough, okay? So this was a department lead of information technology who might have been a little bit surprised by this interview. We don't want to talk about the cloud, we want to talk about KE shortly so everybody's talking about this, it's kind of cool so we're going to do it here. So the Federal Office for Migration and Refugees uses AI and there's this nice quote who said so every day we receive 6,000 documents. There might be a lawyer, a lawyer's letter that might be ironic so we need AI to detect if this is serious or ironic or sarcastic. Less funny is that AI is actually used to find anomalies in interrogation or interview minutes. So the Enquiry Commission of the German Parliament has asked what they're using AI for and they responded that by using AI it's easier for them to actually respond on informational requests by other authorities. Maybe some person had contacts or interesting information that might interest other authorities. That information is passed on to other authorities is known. There were cases where information was forwarded to secret services. The Federal Office has also realized that there is a problem if AI systems make the final decisions which is why they want to ensure that at the end there is always a human employee who makes a decision. So another thing that I wanted to talk about if we had more time there is this blockchain project, short summary. The bump wanted to do something with blockchain. They had this design phase in Dresden at the Anker Zentrum and the beginning of 2020 the design phase should be finished and then they want to go to a pilot phase. There was a presentation in 2018. We know from the media somewhere there is a fax left and suddenly somebody is on a plane. So they want to try to optimize information flows between several authorities so that the foreign authorities will know what status somebody has. So blockchain is not suitable for this at all. The purpose of blockchain is to make it hard to delete and manipulate data. But this data has to be deleted because after 10 years following the asylum case the data must be deleted. So the summary is everything was cut. The recommendation was that there should be no personally identifying information in the blockchain. There should just be an identifying number. And every other kind of data should be in other databases. You might wonder why but they won a prize for it. We should not forget that refugees, even without these new technologies refugees are subject to a lot of data storage. Way more than people who have, for example, a chair in Passport. And if you would imagine that this would apply to yourself that would be very crass. There is a centered register for foreigners which has hundreds of thousands of records and they can put all kinds of data in there. Biometric data, fingerprints for younger people. Secret services and job centers can automatically read or request data from this. At one point we realized that using numbers for people wasn't the great idea in Germany but somehow this was forgot. So the idea is that everything is faster and better. So there is a lot of motivation and digitalization sort of becomes the purpose of its own. But there is a problem of spending money uselessly but there is another problem that people's rights are infringed upon and nobody really thinks about what this means. Just taking everybody's phones to just see if maybe I can find something out. If we imagine that agencies judging your credit reliability would do this, if this applied for you or if this applied to people applying for asylum status, this would be very different. And the third problem is that implicitly refugees are treated as criminals and there is no cause for suspicion. And lastly, once the technology is there, it will be used in other ways and it will be extended upon. We've seen this in other countries that this happens. Maybe use these systems not just for a country of origin but also to determine if a person might be security risk, if what route somebody took, if maybe it might be possible to deport them to another country. So there is this case where, it's the case that refugees are becoming lab rats for surveillance technologies. So now we're really done. We have five minutes and you may ask questions now. Thank you. Okay, so they're very short questions. We have time for those. And from the signal angel from the internet. So first question. Yeah, the first question is for hotspots, are there hotspots in apps or hostels which are used by state bodies, which people shouldn't use to... It's a question from the internet, right? This seems familiar from the United States. They seem to come up in New York. No, it doesn't bring a bell. I know that information on key cards may be submitted to authorities to check if they're in the place they're supposed to be but I wouldn't know anything about hotspots. Question number four. And how far is this whole... Well, how is it for the GDPR compliant? Because there are a lot of things also state bodies have to do in their documentation, which data they are allowed to store. And so they actually have to tell you what they do. How is this process okay and acceptable? And how do you do this if you have other companies involved which store data in cloud? So how do they put this out? As I mentioned earlier, we tried to request this estimation of data protection consequences or privacy consequences where they had to check if this data collection was legal and appropriate. But since I wouldn't reply, we simply don't know. And in addition, many of these constitutional issues appear again on the level of GDPR and people collecting organizations, collecting data, should check whether or not it's appropriate. And GDPR does apply, it does not apply in cases where danger has to be prevented, but this doesn't apply in this case. So GDPR does apply in this case. One very short last question from Signal Angel on the internet. So the question is, can you describe how the rights of people that they have to conform to these processes? So how is this real? Okay, please repeat the last part of the question. The question is, can you describe how far the people have to conform to this process? They have to provide relevant documents when they're asked to confirm their identity or where they're from. So for example, papers like birth certificates. So you have to cooperate in your asylum claim, asylum application and provide the relevant documents. And that's time. Thank you very much, Lea and Anna. And thank you also for listening.