The Schengen Information System (SIS) for the sharing and pooling of data for law enforcement, border control, and judicial cooperation is widely regarded as a key knowledge infrastructure for European Union (EU) internal security. As such, it plays a pivotal role in how political order in the EU is imagined and enacted through the everyday work of national and EU-level authorities. Notably, the system has undergone significant transformations since the original SIS I went live in 1995. After two updates to accommodate larger numbers of participating countries (SIS I + in 2001; SISone4all in 2007) and the roll-out of a completely overhauled second-generation SIS (SIS II) in 2013, the latest upgrade to the SIS has been the SIS Recast package, which became operational in March 2023.Footnote 1 SIS Recast consists of three new regulations that introduce new biometric data elements and alert categories, as well as enhanced access rights to the system for EU agencies.Footnote 2 Overall, the SIS has over the years seen a considerable expansion of the amount and types of data stored and its functionalities, as well as its user base.
While from the authorities’ point of view, this expansion has been widely praised as a success story,Footnote 3 it has also sparked some concerns about growing technologically mediated surveillance and control capacities.Footnote 4 Overall, there has, however, been surprisingly little public debate and pushback against the gradual transformation of the SIS from a simple information sharing tool to a full-blown investigation database with more than 86 million entries, more than 12 million search queries per year,Footnote 5 and a broad user base of national and supranational authorities.
This article proposes to understand the largely uncontested evolution of the SIS through the concept of ‘creep’, i.e. the incremental, unforeseen, and/or stealthy development of a technological system beyond what it was originally introduced for.Footnote 6 More specifically, it retraces how creep has in the case of the SIS been enabled and facilitated through two interlinked strategies: (1) latent development principles, i.e. the rationale of building dormant features into a system that can be activated at a later point in time once technology has sufficiently matured and/or legal foundations have been adopted; and (2) technology monitoring and steering mechanisms, i.e. the continuous assessment of the readiness of key technologies for anticipated updates to the system as well as interventions in publicly funded research programmes.
Taken together, so the argument we put forward here, these features constitute a politics of creep that aims at the expansion of digital knowledge infrastructures in gradual and almost imperceptible ways that decrease the likelihood of contestation and pushback. The concept of creep in this context allows us to understand how the expansion of the SIS in terms of data, functionalities, and user base was realised in a way that works in a seemingly banal and unspectacular fashion, thus managing to largely stay below the level of scandal and public problematisation. Our analysis thereby contributes to current debates at the intersections of International Relations, Science and Technology Studies, and Critical Security Studies that have highlighted the role of information infrastructures in contexts of governance and international security.Footnote 7 It does so by pointing to the dynamic nature of infrastructures that are otherwise usually considered as more or less fixed and stable, and to the politics involved in setting up such dynamics in ways that are geared towards suppressing public awareness and debate.
The paper proceeds as follows. It first engages literature that has analysed the role of the SIS and other security-related databases in changing modes of governance and regulation. It then discusses the SIS and its evolution and introduces the notion of creep and its analytical benefits for understanding the gradual transformation of the SIS. Eventually, the empirical analysis shows how creep was in the case of the SIS enabled through latent development principles that set up the system for future flexibility and technology monitoring and steering mechanisms that have emerged as a concrete way to realise anticipated expansions in the future. The article concludes by spelling out the agenda-setting capacities of political actors in complex socio-technical systems and highlights the potential for public visibility and debate to contest a politics of creep.
Methodological note
The argument presented here builds on an extensive document analysis that covers political, legislative, and technological aspects relating to the SIS between 1995 and 2023. Documents are a valuable analytical resource, as their contents have been recorded and consolidated independent of the intervention of a researcher and can be understood as socio-political facts that are produced, shared, and used in organised ways. Overall, more than 90 public-domain documents – including directives, regulations, feasibility studies, progress reports, activity reports, minutes, evaluations, and opinions – pertaining to the policy process, development, and design aspects, as well as management and operation of the SIS, were retrieved and analysed. The aim was to compile an exhaustive collection of available documentation that allows for an in-depth reconstruction of the interlinked political and technical development of the SIS. The resulting corpus of documents was analysed using qualitative content analysis methods, i.e. software assisted in vivo coding that allowed us to break down content into thematic parts and re-aggregate it in a cross-cutting fashion. For the analysis presented here, the code structure was used to analytically reconstruct political prioritisations and their socio-technical realisation and implementation, yielding insights into how the SIS was set up in a way to facilitate creep during its development and design phase and beyond.
Databases and the governance of mobility and security
There is a broad and multidisciplinary body of literature that has empirically and conceptually investigated the role of centralised databases as knowledge infrastructures for the governance of mobility and security in Europe and elsewhere. While it is not possible to engage with this literature in its entirety here, in the following we discuss those analyses that are most pertinent in the context of the SIS.
Maybe most importantly, scholars have highlighted how the SIS and other databases (such as for example the Visa Information System or Eurodac) have reshaped how mobility and security are rendered knowable and governable in the EU.Footnote 8 Scheel et al. have, for example, shown how data are mobilised to produce knowledge on migration and enable novel biopolitical modes of governing.Footnote 9 Similarly, Pelizza has analysed how registration and enrolment practices in EU databases constitute identities and polities.Footnote 10 And Amelung et al. have highlighted how the exchange of forensic DNA data has come to establish a new type of hidden, differentiated borders within the Schengen area.Footnote 11
Other studies have shown how the unprecedented amount of data stored and circulated in the SIS and other digital infrastructures potentially gives way to new forms of data-driven profiling and social sorting.Footnote 12 This work starts from the assumption that digital and networked databases can be used as control apparatuses that monitor, evaluate, and sort mobile populations. In doing so, it particularly focuses on issues concerning surveillance and privacy along with other ethical and legal issues that the generation and use of data engender. Moreover, scholars have pointed out how the addition of biometric data and algorithmic biometric-matching capacities to the SIS and other databases has furthered surveillance and control capacities through novel modes of identifying individuals,Footnote 13 especially since in light of recent efforts to render databases interoperable, these tendencies are likely to be aggravated.Footnote 14 Finally, scholars have explored how new ways of governing the Schengen area have at the same time generated a push for the collection of more and new types of data.Footnote 15
At the policy level, analyses of the SIS and other databases reflect the larger trajectory towards anticipatory forms of regulation that seek to preempt the occurrence of unwanted events by means of risk analysis and preventive interventions,Footnote 16 especially under the moniker of Big Data analytics.Footnote 17 Specifically in regard to the SIS, scholars have analysed the actor constellations and power dynamics that have coined the policy processes that have established the legal bases for SIS I and II – and how such policy processes have additionally become tangled up in multiple reforms of the EU and its institutions.Footnote 18
Whereas this literature puts emphasis on the historical political conditions under which the construction of the SIS became possible (and massively delayed) in the first place, it has somewhat neglected the question of how political priorities became translated into technical development and design choices. In other words, while the SIS is often used as an example in governance- and policy-focused analyses, there is, however, surprisingly little research that engages the system directly. Specific attention to the SIS has predominantly come from legal scholars who have analysed the impact of information sharing on data protectionFootnote 19 and civil liberties.Footnote 20 The most pertinent work is thereby arguably Brouwer’s study on the effects of the SIS on the rights of third-country citizens, and more specifically the possible remedies for individuals registered in the system.Footnote 21 By placing the SIS within the intersecting legal frameworks of the EU itself, data protection, human rights, and migration, she concludes that the capacities of the SIS ‘entail a risk to the protection of human rights such as the right to privacy and the right to data protection, but also the freedom of movement of persons and the principle of non-discrimination’.Footnote 22
In summary, despite the academic attention that databases for the regulation of mobility and security have garnered, the SIS itself surprisingly remains somewhat understudied. This diagnosis does fall in line with the argument that we put forward here: that the SIS has over the years expanded in a creeping fashion that has largely remained below the level of exception and scandal – and has therefore garnered comparatively little attention. This stands in stark contrast to the capacities of the system and its key role in regulating the Schengen area. The next section introduces the SIS and its evolution in more depth to illustrate its significance.
The Schengen Information System and its evolution
The SIS has historically played a pivotal role in the establishment of the Schengen area as a political space that is characterised by a communalised approach to the regulation of mobility and security. When five European states (Belgium, France, Germany, Luxembourg, and the Netherlands) decided to abolish internal border controls by signing the Schengen agreement in 1985, this was only considered possible on the condition that there would be compensation for the elimination of security work carried out at state borders. Such compensation was created in the form of harmonised control practices at the new common external border, a common visa policy, and notably the SIS.Footnote 23 The latter was seen as the key element for practical cooperation between the authorities of the involved states through information exchange.
The rationale of the SIS is a simple yet compelling one: rather than having multiple national authorities carry out the same knowledge-production and control tasks for the regulation of mobility and security, information on border crossers, criminal activities, missing persons, stolen goods, etc. is pooled in a centralised database and made available for authorities from each member state.Footnote 24 From an architectural point of view, the SIS consists of a central database (C-SIS) and national databases in each of the Schengen countries (N-SIS). National systems are connected to the central database and are used to directly enter, update, delete, and query data stored in the central database through national interfaces. In that way, authorities from one country are able to access and act upon information produced by authorities from another country and vice versa.
To do this, the SIS features a broad range of information categories that are considered relevant for law enforcement, border control, and judicial matters. These so-called alerts are: (1) information on the stay of third-country nationals; (2) information on refusal of entry for third-country nationals; (3) information on return decisions for third-country nationals illegally residing within the Schengen area; (4) arrest warrants; (5) alerts on missing persons; (6) alerts on unknown persons based on fingerprints that were found at crime scenes; (7) alerts on persons who are supposed to facilitate in judicial procedures (for instance to appear in court as witnesses); (8) alerts on persons and objects for checks (either discreet or specific); (9) alerts on persons and objects that are to be checked for further inquiry; (10) information on false documents; (11) alerts on objects for seizure or for use as evidence; and (12) alerts on children who might be at risk of abduction or potential victims of terrorism, trafficking in human beings, gender-based violence, or armed conflict/hostilities.Footnote 25
The data that are stored in the SIS to support these alerts are (1) data for the identification of persons and objects that are the subject of an alert, including photographs and fingerprints when available; (2) facial images, fingerprints, palm prints, fingermarks, and palm marks for biometric identification; (3) DNA profiles of missing persons; as well as (4) links between alerts and (5) information on what course of action should be taken once a person or an object under alert has been encountered.Footnote 26 Search queries can be run either based on alphanumeric data (e.g. names, passport numbers, licence plates) or on biometric data. When a query produces a match in the system, national authorities can access the information stored on that specific alert and receive instructions on the action to be undertaken (e.g. take a person into custody, notify a person that they are wanted for judicial assistance, or seize an object or travel document).
While the present iteration of the SIS is considered the most pertinent and powerful European database for the regulation of mobility and security,Footnote 27 the system has come a long and at times heavily contested way from its original version.Footnote 28 Its evolution can be characterised by expansion in regard to three main dimensions: (1) the amount and types of data stored; (2) upgraded system functionalities; and (3) access rights for new user groups. An important caesura has in this sense been constituted by the jump from the original SIS I, which went live in 1995, to its successor, the completely redesigned SIS II, which only went live in 2013 with considerable delay after it had been politically agreed upon already in 2001.Footnote 29
When it eventually became operational, the SIS II realised a series of novel features that set it apart from the SIS I and which have since been further developed and complemented. The most prominent novelties pertained to the inclusion of new alert categories and new types of data, most notably biometric data (fingerprints and photographs) and with that the possibility of running search queries based on biometrics; the possibility of creating links between different alerts in the system (e.g. to link an alert on a person to an alert on a stolen identity document or a vehicle); and a considerably expanded user base of both European and national-level authorities that have access to the system (e.g. Europol, Eurojust, national prosecutors, vehicle licensing authorities).
The latest update of the SIS in the form of the SIS Recast packageFootnote 30 has added further alert categories (alerts on non-EU nationals subject to a return decision; unknown wanted persons to identify suspects of serious crimes and terrorism; preventive alerts on children and vulnerable adults at risk of abduction; and people and objects for inquiry checks) and extended access and/or modification rights for existing and new users (full access rights for immigration authorities, boat and aircraft registration authorities, services responsible for registering firearms, and the European Border and Coast Guard Agency when conducting operations in support of member states, as well as Europol and Eurojust rights to issue alerts directly in the system).
Taken together, these changes raise the question how to understand and theorise the dynamic nature of a key knowledge infrastructure for the regulation of mobility and security in Europe. How, in other words, has such substantial expansion of size and scope of the SIS been possible without significant pushback against the increasing surveillance and control capacities for state authorities that come with it?
Databases as ‘creepy’ systems
To understand how the SIS has evolved from its beginnings as a simple tool for information exchange between national-level authorities to the full-fledged supranational identification and investigation tool that it is today, we propose to turn to the notion of ‘creep’. Literally meaning to move closely to the ground, to move quietly or stealthily, or to advance by imperceptible degrees,Footnote 31 in the literature the term has been used to describe the expansion of (mostly) technological systems beyond their original intent. Generally speaking, the idea of creep expresses concern or warnings against the expansion of the functionality of technical systems,Footnote 32 surveillance capacities,Footnote 33 control capabilities,Footnote 34 or policy goals.Footnote 35
Authors have paired the notion of creep with a multiplicity of different concepts, resulting in terminological variety that includes the likes of function creep, scope creep, feature creep, mission creep, competence creep, authority creep, regulation creep, interest creep, surveillance creep, or control creep.Footnote 36 Wisman has, for example, used the terms function creep and purpose creep in relation to the tendency to repurpose data in ways that differ from the initial intent underpinning their collection.Footnote 37 And Reidenberg has put forward the term data creep to describe how personal data are processed in varying contexts based on their portability.Footnote 38 A common denominator in most of the literature on creep is the assumption that creep should be considered a wilful political move by a system’s originator, i.e. a strategy to stagger expansion and thus render change more slow, gradual, and thereby less contestable.Footnote 39 For Koops, creep in this sense fundamentally undercuts public debate and potential resistance against change by concealing the ‘tipping point’ between the acceptability and non-acceptability of a technology and/or its use cases.Footnote 40 As he argues:
the new function is, in some sense, unacceptable (to the one speaking of function creep), but the acceptability of the change can (or could) not be discussed properly because the change is (or will be or was) not generally perceived to be controversial at the material time. Why a function expansion or shift is unacceptable (for opponents), can vary widely, from making the system ineffective or unmanageable (e.g. because of featuritis, over-complexity, or contradictory rules) to negative externalities, such as loss of human control (e.g. through self-augmentation or reverse adaptation), a legitimacy deficit (e.g. through mission creep, abuse of power, or incompatible secondary use), or lack of appropriate checks and balances (e.g. because a system expands to other domains with different norms).Footnote 41
In regard to databases, the concept of creep has been primarily mobilised by scholars studying the collection and use of DNA data.Footnote 42 Authors have in this context pointed out how DNA samples, once produced and assembled for a particular purpose (for example a criminal investigation), are unlikely to be limited to that purpose in the future.Footnote 43 Rather, DNA databases are likely to be expanded to larger population groups and aggregated to support large-scale identification and surveillance schemes. Dahl and Sætnan have in this regard pointed out that resistance against the expansion of technologically mediated capacities decreases if such change occurs in a ‘creepy’ fashion: ‘When additional functions are added to a technology slowly, people will often be less skeptical of the development than they might have been had those functions been proposed early on.’Footnote 44 In light of such considerations, they discuss what remedies and safeguards can be implemented to enable fair governance of DNA databases by presenting some of the expansions that have taken place in the Norwegian forensic DNA database.Footnote 45
Overall, the notion of creep has been widely used by scholars to describe forms of politically prioritised and/or coincidental expansions of technologically mediated capacities, often against the backdrop of the expansion of surveillance and control capacities that come with it. Importantly, scholars have discussed how, despite their implications for power and social ordering, creepy forms of capacity expansion tend to stay below the level of exception and scandal, thus being less likely to spark public debate and potential resistance. These analyses are timely and important, yet they tend to ignore the interlinked political and technical approaches that enable creep in the first place. We thus suggest focusing on what exactly constitutes a politics of creep and how it comes into being, thereby turning attention to the socio-technical means that have facilitated the gradual evolution of the SIS over time. The remainder of this paper empirically reconstructs how, in the case of the SIS, creep has been set up through latent development principles during the design of the SIS II and how it is continually maintained through the technology monitoring and steering activities of involved actors.
The politics of creep
The following analysis is divided into two time periods. The first period, marked by latent development principles, covers the time between the roll-out of the original SIS I in 1995 and the roll-out of its successor, the SIS II, in 2013. Due to the rapid expansion of the Schengen area, it had already in 1995 become apparent that the original SIS I would not be capable of supporting the expected number of member states and volumes of data. This is why, essentially at the time of the launch of the SIS I, a political process was set in motion to replace the system with a completely new SIS II, to be designed from scratch.Footnote 46 The period between 1995 and the roll-out of this new system in 2013 thus constitutes the space where key development and design decision for the SIS in its present form were made and implemented.
The second period is marked by the roll-out of the SIS II and goes on up to the present day. With the SIS II in place, further changes were from 2013 onwards no longer be possible in a way as radical as the break between SIS I and II. Rather, as the analysis will show, the further expansion of the SIS has since then been approached through forms of technology monitoring and steering that are geared towards catching up on earlier political visions from a technological point of view. Both periods should thereby be understood as closely interlinked, with technology monitoring and steering providing a functional extension of latent development principles into the future.
1995–2013: Latent development
The period between the decision to set up a second-generation SIS II from scratch and its eventual roll-out is characterised by an overall techno-scientific strategy that can be described as ‘latent development’.Footnote 47 Latency in this context refers to the inclusion of dormant functionalities in a system, either in the form of interfaces for later upgrades or in the form of deactivated features that can be activated at a later point in time. As a design approach, latent development pertains to a future-oriented, pre-emptive way of setting up a technological system in a flexible fashion, such that the end product, even after implementation, can still be modified in easy and cost-effective ways. In practice, latent development thus usually means to plan beyond what is actually mandated in terms of the definition of scope, use cases, and technological components – and to ensure already the possibility for future expansion.
Politically, latent development principles were prioritised by the Council and the Commission as a way to integrate technologically mediated capacities into the SIS II that had not yet been agreed upon or even discussed. As the Council documented in its meeting conclusions from June 2003, ‘it [had] been clear from the earliest conception of SIS II that this system should be a flexible tool, that will be able to adapt to changed circumstances and fulfil, within a reasonable time and without major additional costs and efforts, user requests made during its lifecycle’.Footnote 48 The Commission, officially tasked with the design, development, and implementation of the system along the preferences set by the Council, added that the SIS II should:
offer a simple and manageable solution and keep down maintenance costs and changes in comparison with the current system; once set up, the IT solution should be easily adaptable to incorporate new fields or categories of data. It should also be possible to continue developing the technical solution while progressively adding new functions.Footnote 49
In this vein, the Commission’s staff working paper later on clarified that ‘the system should have the flexibility to incorporate new functionalities as well as new information and rules without major technical changes’Footnote 50 and that ‘most of the Member States favour a solution taking into account the latest technological developments and are willing to plan modifications at national level for allowing the building up of a flexible information system which is easy to change’.Footnote 51
Based on these political priorities, the SIS II feasibility study, contracted to private consultancy Deloitte, defined ‘flexibility’, ‘scalability’, and ‘extensibility’ as key requirements to make the SIS II’s design effective and future-proof.Footnote 52 This is important, because although the timeframe for large IT projects such as the SIS II development usually comprises multiple years, the capacity for future change was in practice taken as a mandate to specify system functionalities that would go beyond the techno-scientific and political state of play. Pertinent examples for such an approach concern preparations for future inclusion of more data, more storage-intensive types of data (images, fingerprints), the exchange of larger quantities of data in an accelerated fashion, search functionalities based on biometric templates, and access for extended user groups.Footnote 53
The latent development strategy was arguably facilitated by a number of factors. First of all, the Council and the Commission were resolved not to repeat the perceived mistakes made with the SIS I, i.e. to design a system that would already be technologically outdated at the point of its roll-out. Rendering the SIS II future-proof was therefore made a political priority that could rather easily be justified in light of the experiences with the SIS I. Second, multiple delays in the establishment of the legal foundations for the SIS II provided an additional, unexpected opportunity to render the system much more powerful than originally anticipated. A complete reset of the design process was caused by the integration of the Schengen acquis into the EU legal framework in 1999, changing the legal basis and legislative procedures for law enforcement, border control, and judicial cooperation in Europe.Footnote 54 As a result, the legal foundations for the SIS II were only fully established in 2006/7, and this reset resulted in the availability of enhanced network capacities and technological features that had not been an option at an earlier point in time.
Finally, the latent development approach to the SIS II design was aided by the overall growth of the landscape of EU border and migration databases. The Schengen Joint Supervisory Authority (JSA) had already in 1999 foreseen that ‘information systems in Europe [would] undergo major changes’ in the following years and had argued that it would be central to ‘enable all these systems to function in harmony’.Footnote 55 In particular, the relationship between the SIS II and the newly mandated Visa Information System (VIS) was in this context considered crucial. Looking for possible synergy effects, the Commission actively explored the possible co-development of both systems in terms of infrastructure, software, and data.Footnote 56 The main argument for this approach was that functionalities in one European database should, in the best-case scenario, also be mirrored in other systems to facilitate data exchange and the effectiveness of the systems. Such interoperability was, most notably, mobilised as an argument for making the SIS II ready for the future inclusion of biometric data. Biometric data had already been agreed upon for the inclusion in the VIS, and their future integration into the SIS II was thus treated as a strong likelihood.Footnote 57
Unsurprisingly, the high-level treatment of the SIS II as a ‘test laboratory’Footnote 58 for new technologies sparked some critique. In this context, it was primarily the principle of technological flexibility and the possible future co-construction of new functionalities and new executive powers that caused concern. The Parliament called for ‘a public debate about the political objectives to be achieved with the SIS II and the nature of the SIS’ and requested a ‘clear definition of these objectives’.Footnote 59 Without such clarification, so the rationale, no reasonable democratic debate could be had about the appropriateness of the techno-scientific capacities of the system and their effects on the balance between executive powers and human rights/civil liberties. In the same vein, the JSA warned that without knowledge about the technical specifications of the SIS II, it would be almost impossible to evaluate the repercussions of a system ‘that would allow authorities to share information on millions of individuals for a variety of purposes – possibly using the latest technologies to process sensitive biometric data’.Footnote 60 Civil society organisation Statewatch even accused the Council and the Commission of outright conspiracy under the guise of technological progress, arguing that ‘by the time there is any public or “democratic” debate on the scope and function of the SIS II, the technical requirements will be in place, it will doubtless be a “waste” not to use them, and the new system will effectively be a fait accompli’.Footnote 61
While such general critique towards latent development did not result in any major design changes, a certain amount of leverage was, however, provided by data protection legislation. Specifically, the principle of purpose limitation turned out to be a somewhat effective legal instrument to put possible future features of the SIS under oversight. Statewatch had already noted that some of the latent features, such as widened access rights and the incorporation of new types of authorities into SIS operations, would, if realised, present ‘a flagrant breach of one of the fundamental principles of data protection – that data may only be used for the purpose for which it was collected’.Footnote 62 The European Data Protection Supervisor (EDPS) eventually came to similar conclusions, arguing that the problem with a latent development approach would be ‘to maintain a strict purpose limitation principle for the processing of SIS II data’ in case more data and different types of data would eventually be shared among a wider user base.Footnote 63 Data protection arguments had also been put forward with regard to the plans to integrate biometric data into the SIS II at a later point in time.Footnote 64 Ultimately, the mobilisation of the data protection framework forced the Commission to explicitly acknowledge ‘the competence of the European Data Protection Supervisor to monitor the SIS II data processing carried out by the Commission and the application of the Community acquis relevant to this field’.Footnote 65
Overall, the latent development strategy pursued by the Council and the Commission, did, however, turn out to be successful in setting up a ‘future-proof’ SIS II architecture, i.e. a system ready for upgrades, expansions, and the implementation of new functionalities at a later point in time. While latent development strategies potentially could have provided for future creep by themselves, they were arguably additionally facilitated by the extended delays during the development and design phase of the SIS II that were caused by political transitions in the late 1990s and early 2000s as well as the outlined political frictions over the scope of the system. As a result, development and design could already start from a much more advanced techno-scientific basis than originally anticipated, which opened a window of opportunity that has worked in favour of implementing the SIS II in ways that would allow for easier modifications along the lines of future innovation. Specifically with regard to key anticipated future functionalities such as biometric search functions, the system was at the point of its roll-out considered to be on stand-by for the integration of new technologies as soon as they became available.
Since 2013: Technology monitoring and steering
After the roll-out of the SIS II in 2013, the political approach to creep changed. With the implementation of the system architecture at both national and European level, it was clear that fundamental design changes would no longer be possible in the foreseeable future. Therefore, attention was now primarily given to the question how to best make use of the available latency going forward. To do so, involved actors turned to technology monitoring and steering mechanisms. Rather than a break from latent development principles, monitoring and steering capacities should be understood as an extension that enables the continuous integration of newly available technological upgrades even after the conclusion of the development and design phase. Technology monitoring in this context means to keep track of techno-scientific advancements, to evaluate whether and how they could contribute to the actualisation of policy goals through the continuous modification of the SIS, and to assess whether certain technologies would be ‘mature’ enough to be integrated into the existing system architecture. Technological steering, on the other hand, pertains to interventions into public research funding programmes, prioritising research on certain basic and applied technologies considered important for the further development of the SIS.
This strategic shift coincided with the emergence of the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) as a novel actor directly involved in shaping the further evolution of the SIS. After its establishment in 2011, eu-LISA had taken over the responsibilities for the operational management of the SIS and other EU internal security databases and started to build an agenda around innovation as a key enabler of efficient security cooperation in the EU. To do so, eu-LISA ‘embraces an experimental approach’Footnote 66 that includes the mapping and assessment of technologies that could become beneficial to the effectiveness and efficiency of large-scale information systems. As eu-LISA itself frames its mission statement in the area of innovation:
It is only by remaining fully aware of new developments and analysing their potential relevance in the context of large-scale IT systems and their usage that the Agency and its expert staff can ensure adherence to the principle that the best available technologies are always utilised.Footnote 67
In the context of the SIS, technology monitoring became particularly pertinent with regard to biometrics, as the technology had come to be considered the key to unlocking an entirely new level of capacities in large-scale databases based on biometric matching and the identification of unknown persons in cross-border movements and criminal investigations.Footnote 68 The legal foundations of the SIS II regulation from 2006/7 had included the possibility of using the system not only for hit/no hit queries (i.e. using alphanumeric or biometric data to find out whether there is information available in the system with regard to an already known identity) but also for identification queries (i.e. using biometric data, most notably fingerprints, of an unknown person to find out whether there is a match in the database, thus both establishing the identity of a person and knowledge about that person).Footnote 69 Such a functionality would, however, require the integration of an Automated Fingerprint Identification System (AFIS) into the SIS. While this possibility had already been anticipated in 2006 (and debated much earlier), it was only after the eventual roll-out of the SIS II in 2013 that the implementation of AFIS technology was considered a concrete option from a technological point of view. Moreover, the SIS II regulation required a scientific statement on the availability and readiness of AFIS technology to be presented to the Parliament before any action could be undertaken.Footnote 70
The possibility of implementing AFIS functionalities in the SIS was, however, considered to be heavily reliant on the improvement of the biometric technology itself, notably in the form of enhanced data quality and improved success/failure rates in biometric matching processes. In 2015, eu-LISA published a report that evaluated the current state of play in biometric identification and possible use cases and implementation across different EU security and migration databases. The report made it clear that eu-LISA considered biometrics as a keystone in the further development of the SIS and intended to push the technology:
Biometric systems are powerful tools that should be leveraged to the fullest of their capabilities in large-scale IT systems where the accurate and efficient identification of persons is important going forward. eu-LISA must continue to monitor the biometrics literature and undertake research of its own on the topic. In this regard, it is particularly important that the Agency engages the biometric industry and increases interactions with operational actors worldwide so that it remains aware of the state-of-the-art and can advance current systems and implement new systems that utilise all applicable technologies to deliver quality service to all end users.Footnote 71
The theme of biometrics thus effectively turned into a waiting game for the right level of technological readiness to actualise a fundamental shift in SIS capacities, i.e. the transformation from an information-sharing instrument into a full-blown investigation tool that could, for instance, be queried on the basis of fingerprints lifted from crime scenes or facial images from surveillance footage.
To do so, the Commission had already instructed the Joint Research Centre (JRC; the Commission’s science and knowledge service) to engage in the monitoring of advancements in research on biometrics. A technical study on behalf of the Commission’s Directorate-General for Migration and Home Affairs (DG HOME) in 2015 provided an assessment of the readiness of AFIS technology for the SIS II and detailed the use cases and technical preconditions that would need to be met to implement an AFIS in the central SIS database. Notably, the study came to the conclusion that ‘AFIS technology [had] reached sufficient levels of readiness and availability for its integration into SIS-II’.Footnote 72 Based on these results, the Commission produced the required report to inform the Council and the Parliament on the ‘availability and readiness of technology to identify a person on the basis of fingerprints held in the second generation Schengen Information System (SIS II)’.Footnote 73 In the report, the Commission made a strong case for the quick development and implementation of an AFIS into the SIS, arguing that ‘it is becoming increasingly difficult to establish the identity of a person due to changing names and the use of aliases or fraudulent documents. The use of document fraud is an increasing modus operandi to illegally enter and move around within the Schengen area’.Footnote 74 The SIS AFIS was eventually rolled out for implementation at the member-state level in 2018.Footnote 75
The technology monitoring activities carried out by both eu-LISA and the Commission/JRC study are illustrative of the strategic turn towards tracking innovation in order to be able to make use of novel techno-scientific tools in the context of the SIS as early as possible. As the JRC report made clear, the question was in fact never whether or not to integrate biometric matching capacities into the system in the first place, but merely to determine the point in time when ‘fingerprint identification technology [would be] mature enough for inclusion in SIS-II’.Footnote 76 The decisive issue from a practical point of view had thus become how to best keep track of current techno-scientific developments and to find suitable methodologies to evaluate the level of fit between availability and system requirements.Footnote 77 All the same, the larger strategic goal in regard to the evolution of the SIS remained unchanged, as it was considered ‘vital that decision makers within the European Institutions remain cognisant of developments so that such systems are based on the most up-to-date technologies and are made sufficiently flexible to adapt to the new developments and technologies that will inevitably transpire in the near future’.Footnote 78 The turn to technology monitoring can in this sense be seen as a logical expansion to the latent development approach pursued during the design phase. As the SIS II had been set up in a flexibilised and scalable fashion, technological capacities for the further enhancement of SIS capacities were now considered to emerge almost by default at some point in time – and as long as one kept a keen enough eye on technological progress, the system could be upgraded as needed.
This strategy has been continued and reinforced in recent years. In 2019, the JRC published a series of technical studies that have explored the availability and readiness of DNA profiling,Footnote 79 facial recognition,Footnote 80 and fingermark and palm-mark identificationFootnote 81 into the SIS. The recently adopted SIS Recast package has by now paved the way for these features to become part of the SIS, arguably constituting another leap in terms of the system’s identification and investigation capacities. Notably, the JRC studies did not even concern themselves with the question of whether such capacities would be desirable or appropriate in the first place but took the eventual implementation of cutting-edge technology into the SIS as a given.
More recently, technology monitoring has additionally been accompanied by a turn to technology steering. Rather than limiting itself to a passive mode of observing research and industry activities that largely remain out of direct governmental control, eu-LISA has made an effort to play an active role within EU research funding. In 2021, DG HOME and eu-LISA agreed to Terms of Reference that established eu-LISA’s capacity to shape EU research programmes along the lines of identified requirements for European internal security databases.Footnote 82 Notably, the agreement includes the competence for ‘the timely identification, development and deployment of new technologies and non-technological solutions’Footnote 83 in basic and applied research funded by the EU under its Horizon 2020 research-funding framework. eu-LISA will thus in the future be able to define alleged techno-scientific ‘gaps’ in the SIS and other databases, set requirements for solutions to be researched with EU funding, and prioritise research activities that are considered capable of addressing these gaps.Footnote 84
Such interventions in state-sponsored research activities have – for instance, when it comes to border controlFootnote 85 or defenceFootnote 86 – been identified as a prime means of fostering particular visions of social order. While it remains to be seen whether and how active interventions into European research funding will prove to be an effective complementary element within the larger strategy of gradually expanding technologically mediated surveillance and control capacities, the setting up of eu-LISA as a steering actor within EU research fundingFootnote 87 arguably marks another step towards leveraging the flexible and scalable architecture of the SIS.
Overall, the analysis shows how the idea of a continually growing system in terms of data, user base, and functionalities has always been an integral part of the SIS II – both during its creation and after its roll-out and implementation. From a conceptual point of view, the notion of creep enables us to understand how such growth can happen in slow, gradual, and cumulative ways that result in a relatively stealthy expansion of capacities that obscures tipping points for acceptability and stifles public debate and pushback. At the same time, it directs attention to the deliberate set-up of creep from a political or economic perspective. What the literature on creep has, however, often ignored are the ways in which creep is enabled through specific development and design practices and other measures. The analysis presented here explicitly engages this question and shows how in the case of the SIS, both latent development principles and technology monitoring and steering mechanisms have been used/set up in a way that facilitates the gradual expansion of system capacities and functionalities over time.
Conclusions
This article has empirically analysed how the SIS has over the past decades evolved from a simple information-sharing network to a full-blown, large-scale investigatory database for the regulation of mobility and security that sits at the core of the Schengen area. Rather than asking what novel modes of governance and/or implications the expanded capacities mediated by the SIS bring about, we have started from the surprising lack of public debate and pushback against the expansion of the system over time. To understand this lack of critical engagement, we have suggested turning to the notion of creep, which has been used to conceptualise how the use of technological tools beyond their originally intended purpose can come about in gradual, slow, and sometimes even imperceptible forms, thus enabling transformations to remain below the threshold of exception and scandal. Notably, the literature on creep suggests that this might in many cases be on purpose, hinting at political rationales to deliberately introduce technologies in an originally narrow and limited use-case context, only to later on broaden the scope to additional use cases once the tool has been implemented and sufficiently normalised.
Taking this literature as a starting point, our analysis shows how the SIS – and more specifically the SIS II, which had been politically discussed and eventually designed from scratch right after the roll-out of the original SIS I – was set up in ways that enable and facilitate the evolving capacities (in the form of the amount and types of data stored, upgraded system functionalities, and access rights for new user groups) of the system. The design and development phase of the SIS II between 1995 and 2013 was marked by a latent development approach that foresaw the implementation of dormant functions in the system that could at a later point be activated once the necessary legal basis and/or technological readiness became available, and which was after 2013 accompanied by complementary mechanisms of technology monitoring and steering that extend notions of flexibility and scalability even beyond the development and design phase and are set to ensure that newly available technology can be integrated into the SIS in the form of updates and upgrades as soon as possible.
There are, so we put forward here, two main implications of our analysis. First of all, the findings highlight the intricate entanglement of political visions and their realisations via technological tools.Footnote 88 In this context, the analysis foregrounds how policy and development and design choices have become interlinked to shape a complex multilevel database for information sharing in a particular way. In concrete terms, it highlights how latent development principles have resulted in a deliberately flexible and scalable technological system that would be easily upgradable and expandable in the future. Moreover, the mechanisms for technology monitoring and steering that were introduced after the end of the development and design phase have enabled involved actors to actively keep track of and intervene in the availability and readiness of technological components necessary for such upgrades. This falls in line with more recent arguments about the role of political and bureaucratic actors as technological agenda-setters in national and international security contexts.Footnote 89
Second, these insights do, however, also open up the possibility of a discursive space about the evolution of the SIS and its implications for political power and state actor capacities. If the expansion of data, analytical functionalities, and user base of the SIS has managed to stay below the threshold of contestation by way of its incremental, slow, and imperceptible nature, rendering the politics of creep visible and public can serve as a means of fostering democratic debate and reclaiming a stronger level of control over the seeming inevitability of techno-bureaucratic projects such as the SIS. It seems safe to assume that the SIS will never be considered a finished product, this much becomes clear in the positions expressed by the Council, the Commission, and eu-LISA over the years. More public awareness of the implications of initiatives such as SIS Recast could, however, so we claim, lead to a broader and better-informed debate about the acceptability of technological expansions and potential tipping points.
The possibility of a discursive space with regard to databases for EU internal security appears all the more important given the current transformations of digital knowledge infrastructures. Existing databases are set to be complemented with new ones, notably the Entry-Exit-System (EES), the European Travel Information Authorisation System (ETIAS), and the European Criminal Records Information System for Third-Country Nationals (ECRIS-TCN). Moreover, all these systems are supposed to be made interoperable through several technical layers of biometric matching and a global portal for search queries.Footnote 90 The question then becomes to what extent a politics of creep would also be possible in regard to future developments and in what forms. On the one hand, one might argue that today, there is more transparency about legislative processes at the EU level and subsequently more monitoring and discussions about the implications of enhanced technologically mediated capacities for state authorities. On the other hand, though, the construction and expansion of databases remain a highly complex niche topic that is difficult to edit for meaningful public debate. Critical scholarly engagements will thus remain an important contribution to understanding the origins, forms, and implications of creep – and in the best-case scenario to contribute to more democratic forms of deliberation and control of the techno-politics of EU internal security.
Acknowledgements
This article has benefittd immensely from critical yet generous engagement on multiple occasions. We are particularly grateful to Stefania Leuca and Apolline Roland for research assistance, as well as to the editors at EJIS for their support and two anonymous referees for productive critique. Matthias Leese’s contribution was funded by the Swiss State Secretariat for Education, Research and Innovation SERI under grant agreement no. MB22.00035 (CURATE). Vanessa Ugolini’s contribution was funded by the European Research Council (ERC-2021-STG) under grant agreement no. 101043213 (DATAUNION). Authors are listed in alphabetical order and all authors have contributed equally to the manuscript.
Matthias Leese is Assistant Professor of Technology and Governance at the Department of Humanities, Social and Political Sciences, ETH Zurich. His research is interested in the effects of digital technologies on social order. In doing so, it pays specific attention to security organisations and their digitally mediated rationales and practices.
Vanessa Ugolini is a post-doctoral researcher in the ERC Starting Grant project DATAUNION and a member of the Law, Science, Technology and Society research group at Vrije Universiteit Brussel. Her research investigates European security governance through technology-mediated data practices and looks specifically at the set-up and functioning of information-sharing networks in the domain of internal security.