• Home /
• News /
• 2024 /
• September /
• German police recommend “intensive” social media investigations into visa applicants

German police recommend “intensive” social media investigations into visa applicants

Topic

Country/Region

18 September 2024

In a document obtained by Statewatch, the German police call for “intensive use” of open source research on visa applicants. The document, a handbook on Schengen visa fraud, also recommends developing “risk profiles”. This would use criteria such as “gender, age, groups of persons, origin, itinerary” to assess applicants’ risk of committing visa fraud.

Image: Gilles Lambert, Unsplash

---

Handbook on Schengen “visa fraud”

The recommendation is part of the bluntly-titled ‘Handbook Visa Fraud: Preventive measures and repressive control approaches’ (pdf). Statewatch obtained the document as part of the ongoing externalisation monitoring project.

Despite only being approved by the German federal police (Bundespolizei) in December last year and labelled RESTREINT/RESTRICTED, the document was declassified following Statewatch’s request.

The handbook aims to provide:

“…an aid for European law enforcement, border and asylum authorities as well as visa offices at diplomatic missions abroad. It is intended to contribute to the prevention of future crimes, to initiate investigations and to initiate recommendations for action for criminal law reforms in the Schengen states.”

Social media investigations for visa applications

Citizens of more than 100 countries need to apply for a visa to enter the Schengen area for stays of up to three months. Officials in an EU member state embassy assess these applications against subjective criteria, including the “plausibility” of their stated travel reasons and their likeliness to leave the Schengen area.

The document proposes adding an investigation of applicants’ social media to that assessment. It argues:

“Social media and networks are becoming increasingly important. In some cases, they are openly accessible and provide useful information. It may be possible to check whether the traveller is active in them and which content is displayed, which groups they belong to, or which places were last visited. Job profiles can allow conclusions about the actual profession and thus income.”

The handbook states that officials could also use the internet to confirm the information in the application, such as hotel reservations or companies mentioned. A Bundespolizei spokesperson told Statewatch that “social media research” is used “to verify information about companies, events or professions. This is exclusively freely available data, i.e. data that is accessible to everyone.”

The handbook suggests that interviewers use open sources to craft interview questions, stating “it is possible to find background information on a topic (e.g. the destination) in order to ask the applicant specific questions.”

Asked about the legal basis for open source investigations, the Bundespolizei spokesperson told Statewatch that they “generally fall within the legal framework for border controls (Schengen Borders Code) and the rules for issuing visas (Visa Code). Furthermore, appropriate measures are always dependent on the national legislation in the EU member states."

Risk profiling approaches

The handbook also recommends developing “risk profiles” for applicants.

These would summarise applicants’ information based on select criteria. The document lists these as: “gender, age, groups of persons, origin, itinerary and means of travel, importer, issuing authority of the visa, specified destination, purpose and, where applicable, other abnormalities.”

It recommends giving Frontex the job of collating these risk profiles. Europol would then be responsible for creating “an intelligence picture of the offences detected”. The EU Asylum Agency (EUAA) could then carry out “an analysis of the asylum data related to visa fraud”.

The creation of such profiles by Frontex is, in fact, already foreseen. The border agency will host the Central Unit of the forthcoming European Travel Information and Authorisation System (ETIAS). This unit will develop risk profiles and “screening rules” for both visa and travel authorisation applicants. Yet, this is not mentioned in the handbook.

The handbook also documents various national practices. It explains how the Netherlands, for example, uses information from several state agencies and departments for “the categorization of applications in rapid procedures, regular and intensive examination (profiling).”

This allows:

“…a characterization and the creation of risk and chance models with which future trends can also be predicted… Where an applicant belongs to a group of persons where the risk assessment has shown that there is a high likelihood of illegal migration, that application shall be submitted to the decision-maker for an intensive examination.”

The Bundespolizei told Statewatch that “the risk profiles and warnings in question can be created after evaluating cases of visa fraud that have already been identified; in this case, no personal data is required, only an examination of the modus operandi that has been used.”

Nevertheless, categorising people by groups may lead to unjustified visa refusals or more invasive questioning for individuals simply because they fall into that group, rather than for any more specific objective reason.

The handbook emphasizes that police should not be the only one investigating visa fraud. Instead, it suggests that all “authorities with migration tasks” should take part. For Germany, it notes that authorities tailor questions in asylum hearings to provide information on visa fraud to the Bundespolizei.

Open source intelligence and social media intelligence

Open source intelligence (OSINT) refers to gathering information from publicly available sources. Originally developed by military and intelligence agencies, it is now also used by journalists and civil society organisations.

Social media sites and networks are place in which open source intelligence can be found.  

David Omand minted the related term SOCMINT (social media intelligence). This refers to what he termed the necessary “response of the authorities” to “the explosion of social media.” Omand was head of the UK’s Government Communications Headquarters (GCHQ) for a brief period in the 1990s before going on to work in the Home Office.

In these cases, authorities consider internet-based information fair game for use in investigations, but legal experts have argued otherwise.

A recent report by a UN Special Rapporteur on terrorism and human rights addressed how “public online content” can also fall into the private sphere:  

"It is worth stressing that simply because content monitoring looks at publicly-available information, does not prevent it from being unlawfully intrusive… the protection of the right to privacy extends to public spaces and information that is publicly available. The Human Rights Committee has rejected the notion that data gathered in public areas is automatically in the public domain and may be freely accessed."

Use of social networks in the US visa application process

The use of social media in the Schengen visa application process has so far received little public attention. By contrast, US visa authorities have long faced criticism for the practice.

The US requires that visa applicants provide social media information; it is optional for ESTA. In these cases, non-disclosure can lead to rejection. In 2017, the Trump administration even considered expanding this to web browser history and phone contacts.

According to the Associated Press, social media monitoring practices have expanded in the US over the past decade. First, it only applied to those who had travelled through “areas controlled by terrorist organizations”.  Now, it applies to “virtually all applicants.”

Use of social media investigations in the EU

Currently, there are no fields for social media handles on the German Schengen visa form. Yet, in the report, the German police write that social media is “openly accessible.”

The topic of internet-based research against people on the move is currently a very pressing one in Germany: A few days ago, the country’s ruling coalition introduced a draft “security package” that foresees massively expanding German asylum authorities rights to use internet-based facial recognition against asylum applicants, triggering alarm from civil society organisations (the draft law also foresees granting the police similar powers).

EU agencies have also engaged in illegal social media monitoring in the past.

In 2019, the European Asylum Support Office (EASO) conducted a social media investigation to try to detect new migration routes and identify alleged smugglers.

The practice received significant criticism and the European Data Protection Supervisor reprimanded the EASO for its lack of a legal basis for such investigations, leading to a temporary ban on the project.

Frontex, too, appears to continue to rely on such social media monitoring. It says it does so “in order to be aware of groups of persons organising in order to move towards the EU external borders.”

Documentation

• Handbook on Visa Fraud - Preventive measures and repressive control approaches (Council doc. WK 8343/2024 INIT, LIMITE, 10 June 2024)
  
  • Version labelled RESTREINT/RESTRICTED but declassified (pdf)

---

Author: Kelly Bescherer

Further reading