Smartphones have helped tens of thousands of migrants travel to Europe. A phone means you can stay in touch with your family – or with people smugglers. On the road, you can check Facebook groups that warn of border closures, policy changes or scams to watch out for. Advice on how to avoid border police spreads via WhatsApp.
Now, governments are using migrants' smartphones to deport them.
Across the continent, migrants are being confronted by a booming mobile forensics industry that specialises in extracting a smartphone’s messages, location history, and even WhatsApp data. That information can potentially be turned against the phone owners themselves.
In 2017 both Germany and Denmark expanded laws that enabled immigration officials to extract data from asylum seekers’ phones. Similar legislation has been proposed in Belgium and Austria, while the UK and Norway have been searching asylum seekers’ devices for years.
Following right-wing gains across the EU, beleaguered governments are scrambling to bring immigration numbers down. Tackling fraudulent asylum applications seems like an easy way to do that. As European leaders met in Brussels last week to thrash out a new, tougher framework to manage migration —which nevertheless seems insufficient to placate Angela Merkel's critics in Germany— immigration agencies across Europe are showing new enthusiasm for laws and software that enable phone data to be used in deportation cases.
Admittedly, some refugees do lie on their asylum applications. Omar – not his real name – certainly did. He travelled to Germany via Greece. Even for Syrians like him there were few legal alternatives into the EU. But his route meant he could face deportation under the EU's Dublin regulation, which dictates that asylum seekers must claim refugee status in the first EU country they arrive in. For Omar, that would mean settling in Greece – hardly an attractive destination considering its high unemployment and stretched social services.
Last year, more than 7,000 people were deported from Germany according to the Dublin regulation. If Omar’s phone were searched, he could have become one of them, as his location history would have revealed his route through Europe, including his arrival in Greece.
But before his asylum interview, he met Lena – also not her real name. A refugee advocate and businesswoman, Lena had read about Germany’s new surveillance laws. She encouraged Omar to throw his phone away and tell immigration officials it had been stolen in the refugee camp where he was staying. “This camp was well-known for crime,” says Lena, “so the story seemed believable.” His application is still pending.
Omar is not the only asylum seeker to hide phone data from state officials. When sociology professor Marie Gillespie researched phone use among migrants travelling to Europe in 2016, she encountered widespread fear of mobile phone surveillance. “Mobile phones were facilitators and enablers of their journeys, but they also posed a threat,” she says. In response, she saw migrants who kept up to 13 different SIM cards, hiding them in different parts of their bodies as they travelled.
This could become a problem for immigration officials, who are increasingly using mobile phones to verify migrants’ identities, and ascertain whether they qualify for asylum. (That is: whether they are fleeing countries where they risk facing violence or persecution.) In Germany, only 40 per cent of asylum applicants in 2016 could provide official identification documents. In their absence, the nationalities of the other 60 per cent were verified through a mixture of language analysis — using human translators and computers to confirm whether their accent is authentic — and mobile phone data.
Over the six months after Germany’s phone search law came into force, immigration officials searched 8,000 phones. If they doubted an asylum seeker’s story, they would extract their phone’s metadata – digital information that can reveal the user’s language settings and the locations where they made calls or took pictures.
To do this, German authorities are using a computer programme, called Atos, that combines technology made by two mobile forensic companies – T3K and MSAB. It takes just a few minutes to download metadata. “The analysis of mobile phone data is never the sole basis on which a decision about the application for asylum is made,” says a spokesperson for BAMF, Germany’s immigration agency. But they do use the data to look for inconsistencies in an applicant’s story. If a person says they were in Turkey in September, for example, but phone data shows they were actually in Syria, they can see more investigation is needed.
Denmark is taking this a step further, by asking migrants for their Facebook passwords. Refugee groups note how the platform is being used more and more to verify an asylum seeker’s identity.
It recently happened to Assem, a 36-year-old refugee from Syria. Five minutes on his public Facebook profile will tell you two things about him: first, he supports a revolution against Syria’s Assad regime and, second, he is a devoted fan of Barcelona football club. When Danish immigration officials asked him for his password, he gave it to them willingly. “At that time, I didn’t care what they were doing. I just wanted to leave the asylum center,” he says. While Assem was not happy about the request, he now has refugee status.
The Danish immigration agency confirmed they do ask asylum applicants to see their Facebook profiles. While it is not standard procedure, it can be used if a caseworker feels they need more information. If the applicant refused their consent, they would tell them they are obliged under Danish law. Right now, they only use Facebook – not Instagram or other social platforms.
Across the EU, rights groups and opposition parties have questioned whether these searches are constitutional, raising concerns over their infringement of privacy and the effect of searching migrants like criminals.
“In my view, it’s a violation of ethics on privacy to ask for a password to Facebook or open somebody’s mobile phone,” says Michala Clante Bendixen of Denmark’s Refugees Welcome movement. “For an asylum seeker, this is often the only piece of personal and private space he or she has left.”
Information sourced from phones and social media offers an alternative reality that can compete with an asylum seeker’s own testimony. “They’re holding the phone to be a stronger testament to their history than what the person is ready to disclose,” says Gus Hosein, executive director of Privacy International. “That’s unprecedented.”
Privacy campaigners note how digital information might not reflect a person’s character accurately. “Because there is so much data on a person’s phone, you can make quite sweeping judgements that might not necessarily be true,” says Christopher Weatherhead, technologist at Privacy International.
Bendixen cites the case of one man whose asylum application was rejected after Danish authorities examined his phone and saw his Facebook account had left comments during a time he said he was in prison. He explained that his brother also had access to his account, but the authorities did not believe him; he is currently waiting for appeal.
A spokesperson for the UK’s Home Office told me they don’t check the social media of asylum seekers unless they are suspected of a crime. Nonetheless, British lawyers and social workers have reported that social media searches do take place, although it is unclear whether they reflect official policy. The Home Office did not respond to requests for clarification on that matter.
Privacy International has investigated the UK police’s ability to search phones, indicating that immigration officials could possess similar powers. “What surprised us was the level of detail of these phone searches. Police could access information even you don’t have access to, such as deleted messages,” Weatherhead says.
His team found that British police are aided by Israeli mobile forensic company Cellebrite. Using their software, officials can access search history, including deleted browsing history. It can also extract WhatsApp messages from some Android phones.
There is a crippling irony that the smartphone, for so long a tool of liberation, has become a digital Judas. If you had stood in Athens’ Victoria Square in 2015, at the height of the refugee crisis, you would have noticed the "smartphone stoop": hundreds of Syrians, Iraqis, and Afghans standing or sitting about this sun-baked patch of grass and concrete, were bending their heads, looking into their phones.
The smartphone has become the essential accessory for modern migration. Travelling to Europe as an asylum seeker is expensive. People who can’t afford phones typically can’t afford the journey either. Phones became a constant feature along the route to Northern Europe: young men would line the pavements outside reception centres in Berlin, hunched over their screens. In Calais, groups would crowd around charging points. In 2016, the UN refugee agency reported that phones were so important to migrants moving across Europe, that they were spending up to one third of their income on phone credit.
Now, migrants are being forced to confront a more dangerous reality, as governments worldwide expand their abilities to search asylum seekers' phones. While European countries were relaxing their laws on metadata search, last year US immigration spent $2.2 million on phone hacking software. But asylum seekers too are changing their behaviour as they become more aware that the smartphone, the very device that has bought them so much freedom, could be the very thing used to unravel their hope of a new life.