State authorities have always kept lists of people they deem undesirable, from criminals and vagrants to radicals and subversives. The advent of the ‘war on terror’ in 2001 led to a huge expansion in lists of alleged, suspected or known terrorists. The keeping of these lists, and the process of ‘watchlisting’, is now being actively promoted around the world by international organisations and powerful states.

Inclusion on a watchlist can lead to stops and searches; travel bans; denial of employment; and many other negative consequences. The global spread of the practice of ‘watchlisting’, and the transnational sharing of data, will amplify the repressive powers of states and increase their reach overseas. As states around the world turn to authoritarianism and repression, challenging these powers and practices is increasingly urgent.

Key points

• The advent of the ‘war on terror’ led to a massive increase in states labelling political opponents, protesters and dissidents as terrorists, a process that continues today
• Being placed on watchlist can lead to travel bans; stops, searches and checks; intrusions on freedom of speech, freedom of association and freedom of assembly; and even arrest and imprisonment
• One affected person described being on a watchlist as a “virtual prison”
• International organisations and powerful states – the UN, Interpol, the US, the EU and others – are using secretive and opaque means to produce norms and projects that seek to institutionalise the practice of ‘watchlisting’ and create an interconnected transnational watchlisting infrastructure
• That infrastructure is used to collect, store and share vast quantities of personal data, which can range from names, addresses and biometric data, to information on people’s education, employment, and political views
• Watchlist data is being shared ‘horizontally’, between states, and ‘vertically’, with international organisations such as Interpol
• Access to watchlist data is being extended from state borders to within state territory, making more data available to a broader range of agencies and officials
• States and international organisations are also extending access to data to private companies, such as those providing transport, financial services and hotels
• Ongoing efforts to introduce “advanced analytics” into information systems – for example, through artificial intelligence or machine learning – only add to these problems, making further bias and errors inevitable
• By spreading these norms, policies and practices, international organisations and powerful states are increasing the repressive powers of states and furthering their ‘reach’ overseas
• The laws, policies, norms, states and institutions that underpin the spread of watchlists and watchlisting are now clear, but the changes being introduced to national and local security and policing practices remain under-investigated
• As states continue to invoke counter-terrorism powers to repress dissent and shut down civic space, understanding these national and local dynamics is crucial for formulating effective responses

francois schnell, CC BY 2.0

Key points

• There are multiple bilateral and international initiatives offering hardware, training and capacity-building on how to create and use watchlists, and on the practice of ‘watchlisting’
• A 2017 UN Security Council resolution was key to this, calling on states to “develop watch lists or databases of known and suspected terrorists” and to increase bilateral and multilateral data-sharing
• The standardisation and formalisation of the practice of watchlisting is also being encouraged by more informal institutions, such as the Global Counterterrrorism Forum, which seeks to directly influence both national policy and practice, and the UN’s work
• This interplay between formal and informal institutions and ‘spaces’ contributes to the creation of international law, policy, norms and standards, largely in secret
• Public and democratic scrutiny and oversight of these procedures is, at best, limited, and at worst, non-existent – a serious problem given the ongoing use of counter-terrorism powers and infrastructure for political repression
• Ensuring transparency, scrutiny and oversight of these institutions and procedures is vital – but so is increasing out understanding of how the norms they produce are shaping and changing national and local policing and security practices

State authorities have always kept lists of people they deem undesirable, from criminals and vagrants to radicals and subversives. The advent of the ‘war on terror’ in 2001 led to a huge expansion in lists of known or suspected terrorists. Perhaps the most well-known is the US No Fly List, one of several watchlists maintained by the US government.

Around the world, other states have watchlists of their own.

The Indian government has used its own No Fly List to prevent Kashmiri journalists from travelling within and out of the country. This is part of a much wider campaign of repression that includes “preventative detention, anti-terror, and criminal cases against journalists in retaliation for their work.” [1]

In 2024, the military junta that has ruled Niger since mid-2023 established a new database to “track those connected to terrorist activities or any other crimes that threaten the nation’s strategic interests and public safety.” The government cited international legal obligations on counter-terrorism, stemming from the UN, as one reason for establishing the database. Nine politicians deposed in the 2023 were then stripped of their nationality – a clear demonstration of the political (mis)use of counter-terrorism powers. [2]

The Kenyan authorities have long been accused of misusing terrorism lists and laws. In 2015, two human rights organisations were added to the country’s terrorism list, a move condemned by other groups. [3] More recently, 37 protesters were charged with acts of terrorism after being arrested at anti-government protests. [4] Abuses such as these have not stopped the UN Office of Counter-Terrorism opening a regional branch in the country. [5]

In Peru, a law proposed in early 2025 would establish a national list of terrorist organisations. It would also expand the definition of terrorism to cover organised crime, the same approach taken by the US under the second Trump administration. Compliance with legal obligations stemming from UN resolutions was cited as one reason for setting up the list. [6]

Ukraine, France, Tunisia… [7] the list could go on. Similar lists, databases and systems with greater and lesser degrees of complexity, secrecy and legitimacy no doubt exist in every state around the world.

There are multiple incentives to expand these lists. Technologies of surveillance are cheaper, faster and easier than ever to obtain and use. Authoritarian and intolerant governments are always keen to monitor, silence and punish ‘undesirable’ individuals, organisations and movements. Counter-terrorism powers offer a ready-made menu of options for those seeking to crack down on political opposition.

Then there are bilateral and international initiatives offering hardware, training and capacity-building: not just on how to create and use watchlists, but how to develop and institutionalise the practice of ‘watchlisting’. A key moment in the development of these initiatives came in 2017, at a meeting of the UN Security Council in New York.

Over the last decade, at the urging of powerful states, the United Nations Security Council has adopted global legal obligations on watchlisting. These require that law enforcement, border and customs agencies gather, combine and share data on known or suspected terrorists (a highly elastic term with no internationally-agreed definition) and organised crime groups. [1]

The ultimate goal is the creation of interconnected national watchlisting infrastructures: in effect, a single, transnational watchlisting infrastructure.

Given the growing use of counter-terrorism laws and policies to stifle dissent and muzzle civil society, [2] this is a deeply troubling prospect. It will give states new powers of surveillance and control and extend their reach overseas, all with the stamp of approval from international institutions. The huge difficulty for individuals to obtain redress for misuse and abuse compounds the issue.

Cracking down on civic space was not the stated aim of the UN Security Council’s December 2017 resolution. It obliges member states to:

…develop watch lists or databases of known and suspected terrorists… for use by law enforcement, border security, military, and intelligence agencies to screen travellers and conduct risk assessments and investigations.

It calls for an increase in data-sharing between national agencies, so that “law enforcement, judicial and border security officers” can use the data “for investigations, prosecutions and screening at points of entry.” It also demands that states step up their use of, and sharing of data with, Interpol’s systems. [3]

The 2017 resolution built on predecessors from 2014 and 2016. These all emphasise the need to step up bilateral and multilateral counter-terrorism data-sharing. The also provide the foundations of the international travel surveillance regime, which is being institutionalised through many of the same methods as watchlisting.

These global legal obligations underpin efforts to formalise and standardise the practice of ‘watchlisting’. This is being propelled through international agencies and organisations offering capacity-building, policy guidance, and “best practices.”

The Security Council adopted in 2015 a set of “guiding principles” to support the implementation of its resolutions. An update followed in 2018. These were based on the outcome of meetings amongst UN member state officials, though many of the principles “build upon existing good practices and the work of the Global Counterterrorism Forum,” says the document. [1]

The GCTF is multilateral initiative set up by the US in 2011 to support “the international architecture for addressing terrorism.” It provides a “platform for CT  [counter-terrorism] officials and practitioners… to develop widely applicable good practices and tools.” [2] Members of the GCTF can launch issue-specific initiatives “to foster dialogue among stakeholders and/or to develop an outcome document.” [3]

Those documents are often branded as “toolkits” or “good practice” and are disseminated to state officials. Between April 2018 and January 2020, the GCTF organised at least 11 workshops, meetings or other events designed to influence and encourage bilateral and multilatereal cooperation and collaboration on watchlising. As explored further below, there are also multiple other ways in which watchlisting practice and expertise is shared between states.

As well as directly influencing national policy and practice, the GCTF has influenced the UN’s work. A former US diplomat to Spain said that the GCTF’s “good practices” on foreign terrorist fighters “led to the development” of the Security Council’s 2014 resolution.” [4] The 2017 resolution explicitly cites the work of the GCTF, [5] and the GCTF’s 2021 ‘Counterterrorism Watchlisting Toolkit’ was coordinated with a working group of the UN’s Counter-Terrorism Compact. [6]

This constant interplay between formal and informal institutions and ‘spaces’ contributes to the creation of international law, policy, norms and standards. Ideas and initiatives pass from one space to another, in particular when they are favoured by powerful states. The US is notable in this regard. [7]

This kind of procedure avoids the lengthy bureaucratic wrangling of formal law-making. However, it also means norms are produced in secret. Public and decmoratic scrutiny and oversight is, at best, limited. At worst, it is non-existent. Transparency is nothing more than PR. But given that the aim is to change national policy and practice, transparency, scrutiny and oversight are more vital than ever.

Counter-terrorism policy has always been a vehicle for abuse and violence, and its boundaries are being extended ever-further. Nowhere is this clearer than in the second Trump administration’s pursuit of “domestic terrorists” [8] and “narco-terrorists”, [9] or the UK’s use of counter-terrorism law against a direct action group. [10]

The policies, practices and powers that are promoted through transnational security networks, and the data and surveillance infrastructures being set up in their name, are ready-made for repression. While they are constructed through transnational policy networks in line with international norms, standards and “best practice”, there will no doubt be significant differences that emerge in their national and local deployment and use.

If effective political and social responses to the these developments are to be formulated in the years to come, further investigation into the dynamics between the international, transnational, national and local is essential. In doing so, it will be important to keep in mind the fuel that flows through these infrastructures: vast quantities of personal data.

Global Panorama, CC BY-SA 2.0

Names, phone numbers, physical descriptions, identity document details, address, employers, travel plans, education, family and friends… A watchlist may contain vast swathes of information on people, their associates, activities and behaviours, or little more than just a name.

Here we examine the infrastructure developed in the US and the EU – two polities keen on exporting their watchlisting practices to other countries – and that of Interpol, which has been given a key role in the transnational security architecture.

Key points

• A watchlist may contain vast swathes of information on people, their associates, activities and behaviours, or little more than just a name
• The US provides a sprawling and unique example of national watchlisting infrastructure:
  • In 2020, the Terrorist Identities Datamart Environment contained data on “about 2.5 million people,” almost all of them foreign nationals with few (if any) redress rights
  • The data that can be gathered includes, amongst other things, information from visa applications, biometrics, travel data, “foreign government information”, data from Interpol, and intercepted telecommunications
  • The US has dozens of bilateral information-sharing agreements with other states that allow the sharing of terrorist watchlist data
• The EU’s regional infrastructure is also vast, and has the Schengen Information System (SIS) as its backbone:
  • SIS is accessible by hundreds of authorities in 31 countries
  • In 2024 it contained more than 93 million alerts and was searched more than 15 billion times
  • More than 1.6 million of the alerts stored at the end of 2024 were on people, and more than a third of those on people subject to entry bans
  • Peaceful protesters have been placed in the system and subject to entry bans, with pro-Palestine protesters recently targeted by national authorities
• Interpol provides its 196 member states with access to an international watchlisting system:
  • In 2024, its 19 databases contained more than 225 million records and were searched nearly three billion times annually
  • Recent changes to the agency’s data processing rules may expand the growth of those databases, whilst reducing oversight and quality control

The US has one of the most extensive, sprawling, watchlisting infrastructures in the western world. It involves a daunting array of agencies, institutions and systems. Given the size of the US security state, it is a unique example, and is worth highlighting precisely for that reason.

The US National Counterterrorism Center, an arm of the Federal Bureau of Investigation, maintains a database called the Terrorist Identities Datamart Environment (TIDE). This stores data on individuals known or suspected to be connected with terrorism, as well as “transnational organised crime actors” and “individuals detained during military operations who do not meet the international definition of ‘prisoner of war’.” [1]

As of October 2020, TIDE contained entries for “about 2.5 million people,” almost all of them were foreign nationals not permanently residing in the US. [2] Subsets of this information are sent to the FBI for inclusion in its Terrorist Screening Dataset (TSDS). In 2008, the TSDS contained entries on approximately 400,000 people. [3] This had grown to some 1.1 million people by January 2025. [4]

Information from the TSDS is used to compile other lists, such as the No Fly List. [5] It is also used for “immigration and visa screening” – activities the US is currently working hard to expand, including through attempts to obtain direct access to foreign databases. [6]

A single biometric or a last name combined with either a first name, date of birth, or identity document number is considered sufficient for making an entry in the TSDS, if “reasonable suspicion” exists for inclusion. However, much more information can be included: contact details, place of birth, occupation, employer and educational background, amongst other things. [7]

The range of sources from which data can be gathered is vast. A 2013 document, produced by the NCTC and leaked to the press, refers to the following:

• data from visa applications;
• biometrics including facial images, fingerprints, iris scans, handwriting, signatures, scars/marks/tattoos and DNA;
• “travel data” collected “clandestinely” by the CIA;
• biometric and biographic data on detained KSTs (“known and suspected terrorists”);
• “clandestinely acquired foreign government information”;
• information from Interpol red notices;
• “additional data fusion points”; and
• Foreign Intelligence Surveillance Act “classified cables”. [8]

This may be gathered from a vast range of agencies and institutions both within and without the US. Bilateral agreements on the exchange of “terrorism screening information” provide one way in which information is received from and shared with “foreign partners.” Many of these are based on Homeland Security Presidential Directive 6 (HSPD-6), approved by George W. Bush in 2003. [9]

Public data indicates that the US has at least 45 such agreements in place, though a court said in 2019 that “more than sixty foreign governments” receive terrorist watchlisting data from the US. [10] The true number may be higher. Exchanges can take place informally, or on the basis of secret memoranda of understanding or other agreements. The result is a growing, global and secretive web of information-sharing.

There are other systems that overlap with those maintained by the FBI, such as the Department for Homeland Security’s IDENT system. Already vast, it is being transformed into a system that critics have described it as a “next-wave biometric database that will vastly expand its surveillance capabilities and supercharge the deportation system,” at a cost of at least $6 billion. [11]

IDENT can include biometrics, social media data, location data, car numberplates, and more. As of 2022, it contained information on at least 270 million people. [12] The US is currently offering access to this database to other governments, as part of a quid pro quo that will see US authorities obtain direct access to foreign databases, an issue explored further below. [13]

The EU has maintained a common watchlist on known or suspected criminals and terrorists, as well as “unwanted aliens”, [1] since the 1990s, when the Schengen Information System (SIS) came into operation.

The SIS stores millions of files (known as “alerts”) on people and objects of interest to the authorities. This includes people barred from entering the Schengen area [2] and those who should be subject to “discreet” checks or questioning when encountered by officials. [3] A wide array of data can be stored in the system, ranging from names, addresses and aliases, to photographs and fingerprints. [4]

The SIS is accessible by authorities in the 31 states that are members of the Schengen area. [5] In 2024 it was searched more than 15 billion times, by both automated and manual processes. By the end of 2024 it contained more than 93 million alerts. More than 1.6 million of those were on people, and more than a third of those were on people subject to Schengen area entry bans. There were more than 195,000 alerts on people wanted for checks, questioning or surveillance. [6]

Peaceful protesters have previously been placed in the system and banned from entering either specific countries, or the entire Schengen area. [7] The SIS has more recently been used to enforce entry bans against pro-Palestine activists. [8]

Hundreds of different agencies and authorities can search the system, though they cannot all access all categories of alert. [9] Details on the agencies that can enter data in the system are not habitually published. Police forces, border agencies, customs authorities and vehicle registration agencies may all be given the ability to do so – and, of course, intelligence agencies. [10]

Information from non-EU states can also be entered in the system. It is likely this took place informally for many years via national authorities. In 2022, EU police agency Europol was given a formal role as a ‘clearing house’ for information from non-EU states. [11] This may increase the likelihood of unreliable or inaccurate data being stored in the SIS, as well as offering a way for unscrupulous states to persecute political opponents.

For example, Muhamed Dihani, a campaigner for Western Saharan independence, was branded a terrorist by Moroccan authorities. They sent data on him to their Italian counterparts, who used it to refuse him a visa. It took him more than a decade to clear his name. [12] Statewatch has also spoken to individuals who have received entry bans on national security grounds as a result of convictions handed down in absentia, with no information provided to the individual affected.

Despite this already extensive infrastructure, more is coming. A new EU system that will be used to process applications for visas, travel authorisations and residence permits – the European Travel Information and Authorisation System, ETIAS – will also host a watchlist on people known or suspected to be involved in terrorism or serious criminal offences. [13]

Unlike the sprawling databanks of the US, a maximum of ten biographic data categories can be stored in this watchlist. [14] It will play a key role in the automated screening and profiling of millions of applications for visas and travel authorisations, which will be assessed on the basis of criteria drawn up by police and border agencies in secret. [15] Like the SIS, it will be accessible to authorities in each of the 31 member states of the Schengen area.

Its necessity has never been explained, particularly given the existence of the SIS, but it is due to come into use in 2026.

The US watchlisting system is national and the EU system is regional, but international watchlists have also long been in use. The International Criminal Police Office, better known as Interpol, is headquartered in Lyon, France. With 196 member states, it has three more members than the UN. Founded in 1923, its roots can be found in international efforts to suppress and punish acts of anarchist terrorism. [1]

According to the agency, as of December 2024 its 19 databases contained more than 225 million records and were searched nearly three billion times annually. This equates to 258 searches per second. [2]

Data held by Interpol on people includes:

• “records on known international criminals, missing persons and dead bodies, with their criminal histories, photographs, fingerprints”;
• DNA profiles;
• fingerprints found at crime scenes or on objects allegedly associated with criminal activity;
• lost or stolen travel documents;
• stolen administrative documents, such as vehicle registration documents or import/export licences; and
• foreign terrorist fighters, holding “information from different hotspots including borders, prisons and conflict zones”. [3]

As noted above, an array of UN Security Council resolutions have encouraged states to make greater use of Interpol’s systems. The reasoning behind this was explained in 2018 by a US governmental official: “These tools bring together the information provided by dozens of governments in one place, allowing countries to screen travelers against information they otherwise wouldn’t have access to.” [4]

The growth of Interpol’s databases may be further accelerated by 2024 amendments to its data processing rules. Some of the changes “raise concerns regarding potential operational risks, legal ambiguities, and the effectiveness of enforcement mechanisms,” according to Ali Yildiz, a lawyer who has represented clients in cases against Interpol for unlawful data processing. [5]

One issue highlighted by Yildiz is a “lack of quality control” regarding the storage of data from public sources such as news articles, books and journals, commercial databases and subscription services. [6] Interpol’s general secretariat has long had the power to gather and store this kind of data, and the 2024 changes to the rules appear to give it broader latitude to do so than previously. [7]

A separate change forbids the Secretariat from accessing data exchanged directly between National Central Bureaus. These are the national offices primarily responsible for data exchanges with Interpol, but they can also use the agency’s infrastructure to communicate with one another.

Tens of millions of direct exchanges between national authorities take place through Interpol’s infrastructure every year. The change “effectively shields the Secretariat from responsibility for the content of these exchanges.” This means there is “a vast dimension of INTERPOL’s communication system operating with minimal oversight.” [8]

Yildiz highlights that oversight is also lacking elsewhere: there is no independent body that has oversight of the data submitted to the general secretariat by national authorities. [9] Taken together, these changes seem likely to facilitate the ongoing, and increasing, use and abuse of Interpol’s systems by authoritarian states.

Office of Public Affairs, CC BY 2.0

International law, policy documents and technical guidance on the topic all emphasise the importance of using national and international databases and information systems to “screen” people crossing borders.

Indeed, the reinforcement and extension of state borders is fundamental to the transnational security architecture. Borders geographically confine people in a space where they may have few enforceable rights, making them ideal sites for conducting screening, searches and checks. The growing use of systems for pre-departure screening and checks on travellers further extends these powers.

However, state borders and their digital extensions overseas are far from the only places where screening, searches and checks can take place. Digital infrastructure and devices facilitate access from within a state’s territory – by police officers and other officials, and even by private companies.

Key points

• The reinforcement and extension of state borders is fundamental to the transnational security architecture
• Borders as they provide ideal sites for conducting screening, searches and checks in a space where people may have few enforceable rights
• Watchlisting infrastructure is being introduced and further integrated into border control systems around the world, with support from bilateral and multilateral initiatives
• The US is a major provider of this support, with its work sometimes intertwining with UN programmes:
• Extending access to Interpol’s systems at state borders is also key to increasing the use of watchlist data, including through projects aimed at particular regions, such as Centra Asia or North Africa and the Middle East
• Watchlist data is also being made increasingly-accessible to agencies operating within state territory – including private companies
• This extends both the geographical ‘width’ and the informational ‘depth’ of the transnational security architecture, with more information available from more locations
• This, in turn, increases the reach of repressive state powers at a time when more and more governments are actively cracking down on dissent and limiting civic space, and raises questions over the extent to which private companies should be ‘deputised’ by police forces
• Ongoing efforts to introduce “advanced analytics” into back-end information systems – for example, through artificial intelligence or machine learning – only add to these problems, making further bias and errors inevitable

The physical reinforcement of borders is a priority for states around the world. Alongside this come demands to more intrusively examine and interrogate the people hoping to cross them. For its supporters, watchlisting is supposed to play a key role in this, and there are multiple bilateral and international programmes on hand to develop states’ capabilities. Here we examine programmes run by the US, the UN and Interpol.

Border control systems from the US and the IOM

As part of its Terrorist Interdiction Program, the US provides partner states with the Personal Identification Secure Comparison and Evaluation System (PISCES). This “deploys cutting edge technology” that allows participating states to “screen travelers against terrorism databases” in all other participating states. Where known or suspected terrorists are detected, information can be shared between the US and partner states. [1]

As of 2021, PISCES was in use at 227 border crossing points around the world, according to the US State Department. [2] A 2025 US government report said:

PISCES operates 24/7 in 22 high-priority counterterrorism partner countries processing 300,000 travelers daily, and providing state-of-the-art computerized border security screening systems, periodic hardware and software upgrades, and technical assistance and training to partner and candidate countries’ immigration and border control officials. [3]

Public information indicates that the figure of “22 high-priority counterterrorism partner countries” may in fact be as high as 40, in locations ranging from Albania and Azerbaijan, to Tajikistan and Thailand.

2021 testimony by a US government official said the US was aiming to “expand and improve PISCES,” by providing it to more countries and by improving integration “with DHS and international organization watchlisting and biometrics technology and programs.”

Another aim is “to incorporate emerging technologies to defeat increasingly sophisticated efforts by terrorist networks to travel.” [4] There are also plans to deploy “portable and mobile systems for remote locations lacking infrastructure.” [5]

PISCES can be integrated with at least one of the US government’s two travel data systems, the Automated Targeting System – Global (ATS-G). [6] In some countries, such as Somalia and Guinea, PISCES has been integrated with a separate border control system developed and provided by the International Organization for Migration (IOM).

The IOM is a former intergovernmental body that became a UN “related organisation” in 2016. [7] It is heavily reliant on government contracts for its work, and a significant portion of its work focusing on the reinforcement of borders and border controls.

One way it does this is by providing states with a system called MIDAS (Migration Information and Data Analysis System). This is described by the IOM as “a high-quality, user-friendly and fully customizable Border Management Information System (BMIS) for States in need of a cost-effective and comprehensive solution.” [8]

MIDAS can be connected to other national and international systems, such as those hosted by Interpol. It allows the creation of “reports according to the types of traveller data needed, such as country of origin, age, gender, travel purpose or whether the person has been detected in an Alert List.” [9]

In 2018, 20 countries were using the system. Research for this project indicates that it is now in place at the borders of more than 50 states. States can acquire support for deploying both PISCES and MIDAS through the UN’s Countering Terrorist Travel Programme, [10] which will likely increase the spread of both systems.

Watchlisting Assistance and Support Programme (WASP)

The US has a host of bilateral counterterrorism projects and programs designed to mould other countries’ policies and practices. In recent years, it has begun providing assistance directly geared towards improving countries’ watchlisting abilities. This is done through the Watchlisting Assistance and Support Program, or WASP.

WASP appears to have begun with a pilot project in 2019, [11] with the formal launch followed in 2020. [12] It is run by the Department of State and the Department of Justice.

The pilot project was described as helping “partners develop systems to screen travelers against national-level terrorist watchlists.” [13] A later report says that WASP:

…helps foreign governments improve the identification, screening, tracking, and interdiction of known and suspected terrorists (KSTs) through creating or consolidating a national level watchlist enterprise. [14]

This is achieved through “direct mentoring and collaboration with Watchlist Advisers” deployed by the US. [15]

A 2022 US government report said “WASP advisors were active… in over ten countries.” [16] Public records refer to formal partnerships with at least five countries: Albania, Indonesia, North Macedonia, Sri Lanka and Senegal. [17] The US has also approached the Indian government about cooperation through the program. Of these states, the US has signed publicly-available agreements with Albania and India on the exchange of “terrorism screening information.”

WASP has been recommended to other states by the Global Counterterrorism Forum. A 2024 addendum to its “good practices in the area of border security and management” says that WASP “proves invaluable in establishing effective watchlists and procedures to share watchlists across foreign partner agencies.” [18]

The recommendation is not particularly surprising: the initiative to develop the addendum was led by Jordan, the UN Office of Counter-Terrorism and the United States.

International interoperability for enhanced immigration vetting

The International Biometric Information Sharing (IBIS) program, launched in 2022 by the DHS, introduces some further novel elements to US attempts to expand and shape transnational security networks.

The purpose of IBIS is to improve the ability of DHS and its “foreign partners” to more intensively screen individuals who are “encountered” at border controls or in immigration raids:

IBIS facilitates fingerprint-based bilateral biometric and biographic information sharing between the United States and a foreign partner. IBIS enables the automatic comparison of the fingerprints collected by DHS or a foreign partner on border crossers, suspected criminals, asylum seekers, irregular migrants, refugees, and other individuals encountered by government representatives against U.S. and partner country terrorism, national security, identity, immigration and criminal records. [19]

The aim is to identify those who “present a threat to the security or welfare of the United States, identify perpetrators of identity fraud in the immigration process, and enhance the vetting of individual travellers.” [20]

In return for access to DHS databanks, foreign governments are encouraged to share biometric and other data with DHS and other US agencies, through something the US calls an ‘Enhanced Border Security Partnership’. This will become an obligation for the more than 40 states that are part of the Visa Waiver Program. [21]

One facet of the IBIS program is the Biometric Data Sharing Partnership (BDSP) model. Through this, some states will simply use DHS databases as if they were their own. In short, the DHS is aiming to build a “cloud” of biometric and other data that will be expanded and tapped into by the DHS and other US agencies, as well “partners” across the globe. [22]

This will put that data under the control of the US authorities, giveing the individuals affected few – if any – privacy protections or means of redress. The US Privacy Act, already weak, does not apply to non-citizens and non-residents of the country.

Building up Interpol’s databases

Extending access to Interpol’s systems is key to spreading the practice of ‘watchlisting’ around the world. The UN Security Council has repeatedly encouraged states to upload more information into Interpol’s databases, to search those databases more frequently, and to increase data-sharing between national agencies. [23] It has also called on states to ensure that Interpol’s systems can be accessed from “strategic locations such as remote border crossings, airports, customs and immigration posts or police stations.” [24]

A number of projects have been launched by Interpol to contribute to the goal of increased counter-terrorism data-sharing. One, Kalkan, was launched in 2004. Funded by the Japanese government, it focuses primarily, but not exclusively, on Central Asian countries. [25] Another, Sharaka, was funded by the EU and implemented in southern Mediterranean states. [26] It was launched in 2017 and ended in January 2023. [27]

By 2011, Kalkan had reportedly led to more than 100 member countries “sharing terrorism-related information” connected to the project. [28] Between March 2017 and March 2018, it ontributed to a 200% increase in the number of “foreign terrorist fighter profiles” held by Interpol, according to the UN. [29] In 2019, Interpol said the project had led to the sharing of “more than 10,300 terrorist profiles and information on 60 terrorist organizations.” [30]

Sharaka reportedly led to the connection of 46 border crossing points, and 40 law enforcement agencies, to Interpol’s systems. More than 800 officials were trained, including by EU border agency Frontex on risk analysis and “second-line checks at the borders.” [31] This led to a 500% increase in searches of Interpol’s databases by participating countries, and a 65% increase in contributions to those databases. [32]

Access to watchlists, and other data, is being extended beyond borders and into state territory. This is being done in two ways. Firstly, by giving access to more agencies, through the provision of mobile devices that can be used to search national and international databases; and, secondly, through granting certain private companies access to policing infrastructure.

Terrorist watchlists in the US

There are seven Department of Homeland Security “component systems” that receive US government watchlist data in one form or another. [1] One of these is Secure Flight, initially designed for policing domestic air travel, but which can also be accessed by the Department of Defense, the FBI, and “federal, state, local, tribal, and territorial law enforcement.”

A 2019 court judgment noted that, in total, US terrorist watchlist data was made available to “18,000 state, local, county, city, university and college, tribal and federal law enforcement agencies and approximately 533 private entities for law enforcement purposes.”

Amongst those “private entities” are private railway police forces; educational institutions; hospitals; prisons and probation services; information technology, fingerprint database and forensic science service providers; and animal welfare organizations.

Mobile devices: Increasing access to Interpol’s databases

In 2022, only 5% of searches of Interpol’s databases took place within state territory, and 95% at state borders. [2] The agency and member states are working to rebalance these figures. Increasing the use of mobile devices by police forces is key to this goal. From Ghana to Greece, [3] Australia to India, [4] Panama to Rwanda, [5] digital technology is massively increasing officials’ ability to access a huge array of remotely-stored information.

Mobile devices facilitate greater access to centralised information sources, [6] such as national or international databases and watchlists, increasing the geographical ‘reach’ of these systems. It may also be that the availability of mobile devices for carrying out identity checks and searches makes those checks and searches more likely. This issue, however, remains under-explored by researchers. [7]

Mobile access to Interpol’s systems has been possible since 2007. Croatia was the first member state to provide access to its databases via “portable devices such as laptop computers and mobile phones.” Interpol claimed in 2007 that “most countries in southeastern Europe will be able to use the same means to access INTERPOL services for both control and investigative purposes from the beginning of 2008.” [8]

When the UK left the EU at the end of 2020, police forces lost access to the EU’s Schengen Information System. In lieu of an alternative arrangement for access to EU data, [9] increased use of Interpol’s systems became a priority, including through mobile devices. [10] The EU itself has a separate plan for increasing the use of the technology. [11]

The US Interpol bureau, based in Washington DC, boasted in 2021 that it had “strategically leveraged existing national information sharing environments to make INTERPOL data available to the more than 18,000 U.S. law enforcement agencies for use in their respective missions, regardless of size, jurisdiction, or location.” Access had been extended to “the individual officer or investigator working at street level,” the bureau reported.

The integration of international data sources into domestic US systems facilitated “hundreds of millions of queries of INTERPOL data for purposes that include terrorist watchlisting and screening against illicit international travel,” the report says. This shifted the US response to “transnational threats” from “one that is ‘whole of government’ to one that is ‘whole of governments’ in nature” [12] – a quote that neatly encapsulates the overall effect of the transnational security architecture.

Since at least 2022 the agency has been providing “INTERPOL Mobile Devices” to police forces and border agencies in its member states, to increase searches of and uploads to its systems. This includes specific projects geared at increasing the capture of “biometric information of suspects and travellers.” [13] Recipients so far include states in South America, [14] East and West Africa [15] and the Pacific islands, [16] as well as South Africa. [17]

These efforts are part of a broader programme called I-CORE, which also includes work to upgrade Interpol’s back-end information and communication infrastructure. [18] The Netherlands, for example, has given Interpol €1.2 million to develop “artificial intelligence to help make police information exchange more effective,” [19] including through “big data analytics.”

One part of the I-CORE programme is the INSIGHT project, which has been financially supported by the US, UK and Germany. [20] Through this, Interpol is developing a system that will incorporate incorporate “advanced and predictive analytics” in its information systems. INSIGHT was planned with three phases:

• a “minimal viable platform” available to analysts in the Interpol general secretariat, making use of “all priority INTERPOL data sources” for “entity identification and extraction, translation, network and geographical analysis”;
• a second, “enhanced” phase aims at providing “advanced analytics” through “exploitation of larger and more complex datasets”; and
• a third phase to integrate “all internal sources, external sources such as commercial databases, etc.,” including open sources, social media and “visual, video, audio recognition, facial and bio-data matchin” [21]

Police databases for the private sector

Access to Interpol’s systems is being granted to a growing number of private sector entities, through a programme called i-Checkit. So far, cooperation has been formalised ebtween Interpol and companies providing maritime and air transport. The agency has also carried out tests with “companies in the hotel and banking sectors.” [22]

Through i-Checkit, a company’s computer systems are connected to Interpol’s databases – for example, at airline check-in desks, or via online check-in services. When a traveller enters their passport details, they are also checked against Interpol databases. Initially, only the Stolen and Lost Travel Documents (SLTD) database was part of the programme. “Red Notices” [23] stored in the Travel Documents Associated With Notices (TDAWN) databases were included later on. [24]

The I-Checkit programme was launched in 2014 through a pilot project with the airline AirAsia. After 16 months, the agency found the tests “demonstrated the value of I-Checkit in mitigating the criminal risks that are behind identity fraud and in gathering police intelligence, especially in countries without fully integrated border solutions.” A French cruise company came on board in 2019. [25]

State delegates at the 2015 and 2016 Interpol general assemblies endorsed the programme, calling for its continuation and expansion to other industries. [26] Interpol subsequently began promoting the project more widely. A brochure published by the agency in November 2017 said:

Passengers with criminal intentions pose the greatest threat to operations. However, travelers ‘innocently’ attempting to use documents previously reported stolen or lost also represent a risk to the travel industry, as they are equally responsible for causing delayed departures and incurring repatriation costs.

These “innocent” travellers would, of course, include those being persecuted by governments by the misuse and abuse of Interpol’s systems. The brochure uses the example of someone travelling on “a Chinese passport reported as stolen” who is arrested and “sent back to China by the Laotian immigration police.” [27] The Chinese authorities were found some years later to have been abusing Interpol’s systems to pursue political enemies abroad. [28]

As of September 2024, Interpol was encouraging financial institutions to sign up to i-Checkit to support “Customer Due Diligence (CDD) operations.” [29] For the cash-strapped policing agency, there is a further benefit: companies pay a fee to participate in the programme.

Through i-Checkit, everyday activities – opening a bank account, travelling, booking a hotel – become part of a global policing infrastructure. This raises serious questions over where the boundaries of police power should lie: to what extent should private companies be ‘deputised’ by police agencies? Why should ordinary people, the overwhelming majority of them entirely innocent of any criminal offence, be subject to police checks simply for booking a hotel or travelling?

This kind of public-private cooperation is already widespread at national level, where it can also have serious effects. In Belgium, for example, employers are often required to carry out background checks on prospective employees. A report by published by Ligue des Droits Humans recounts the experience of a man who was denied employment after being “falsely registered in a police database linking him to terrorism because of his skin colour and because he was Muslim or perceived to be Muslim.” [30]

The difficulties faced by individuals seeking redress for issues such as these are multiplied enormously when policing systems operate on a transnational scale.  [link to redress piece]