The BigBrotherAward 2018 in the “Public Administration” Category goes to Cevisio Software und Systeme GmbH in Torgau, Germany for their software Cevisio Quartiermanagement (accomodation management, or QMM for short), which was developed in co-operation with the German Red Cross especially for refugee shelters. This software registers and stores movements to the shelter, movements within the shelter, the handing out of meals, medical checks such as X-rays, blood and stool tests, family relationships, religious affiliation and ethnicity and many other details. The collected data facilitate a total control of the refugees, and they show in how many ways privacy can be violated.
This software deserves this prize not just for the privacy violations it enables but for the underlying conception of the affected people. Refugees are human beings, not things. They are not put on a shelf for later retrieval and use. They are not prisoners and do not need to be closely monitored. They have come here for protection, and they have rights – human rights and basic rights that Cevisio does not even mention.
In 2015 when many refugees came to Germany, administrations were in chaos. Collecting data and organising accommodation and supply posed great challenges for all involved. The medium-sized company Cevisio worked out the perfect solution in collaboration with the Saxonian branch of the German Red Cross. The company boasts on its website that this software is used in more than 280 refugee accommodation centres, “managing more than 380,000 refugees.”
It follows that the Cevisio QMM software holds data on all these people. Registration is based on an ID card with an RFID chip or barcode. Inhabitants carry this card with them in the shelter and – if the software makers get their way – hold their card briefly in front of cards readers that are positioned near entry and exit, the meal serving counter, the laundry service, when receiving pocket money, when borrowing books or doing voluntary work.
The so-called “actions” that are recorded in the shelters are then merged with data from the Federal Office for Migration and Refugees (BAMF) and immigration authorities. Recorded data include pregnancies, family relationships, and medical data (examinations and test results). The software also makes sure that all official documents are captured. In addition to “managing” the refugees, the software also caters for the (quote) “billing of refugees”. It can capture “all data concerning the asylum procedure, including EASY optimisation and BAMF data”.
This is total control. Daily routines, habits, contacts, kinship, general health, asylum status – everything in one place. Linked and actionable.
Some of it may make sense, e. g. dietary requirements due to allergies or religious beliefs. However, the Cevisio software goes far beyond that: A technical brochure mentions “recording of all meals served to a person” and “notification on handing out one meal multiple times to the same person”. What is this needed for?
Is it necessary to record and store any movement into or out of the house minutely? The brochure mentioned before says yes (quote): “The integrated presence overview shows accurately to the second which refugees, helpers or staff members are on site. Besides the control functionality, this overview is indispensable in case of catastrophic events (fire, etc.).”
“Indispensable!” Is it not strange that thousands of schools, shopping centres, or youth hostels can still cope without such an overview that is accurate to the second? Are they all irresponsible?
No. This is life. Which comes with a certain life risk. Cevisio’s data collection on the other hand is the wet dream of surveillance fanatics. We can see no sign of empathy for people who presumably fled to Germany hoping to lead a life in freedom.
So perhaps it is pragmatism of the “who cares?” variety if the expression “data protection” does not occur a single time in the 15 pages long system description. Technical data security measures are hidden behind the expression “system administration”. I was unable to find any functionality regarding rights of the individuals affected – things like information disclosure or transparency to refugees.
Shortcomings have been noted in practice, too: The data protection officer for Bremen states “substantial concerns with respect to privacy rights” in her annual report1. Storage periods were far too long. She did not see the justification for checking each handing out of food. Storage of medical data had to be reduced massively on her demand. Regarding kinship details, those affected were not offered any choice. Many questions remain open until today.
The Bremen data protection investigation covered just a few of the facilities. There is no guarantee nor a way to check that illegal surveillance features will be removed in the remaining 270+ facilities as well. The legal situation is the same in all cases and could be built into the software as defaults, for example as retention periods,. Cevisio could support facility operators with advice on how to maintain privacy.
We ask: Is this software designed as it is because those affected are refugees? Granted, refugee shelters are logistically complex systems, and their operators (the German Red Cross and others) could benefit from digital support. But how are refugees supposed to integrate in our society if they are never given a chance to enjoy the values of what some like to call Leitkultur (or guiding culture), i. e., the values of our constitution? These values include the right to self-determination, in particular, the right to informational self-determination.
The Cevisio software QMM is just one example for the patronising, intransparent, and control-freaky way refugees are treated generally. Job centres release absolutely everyone from professional confidentiality obligations, including the social welfare offices and migration advisory centres. In 2016, the so-called “Datenaustauschverbesserungsgesetz” (data exchange improvement law) stipulated that practically any agency can inform any other agency about refugees if it seems necessary. For finding out the origin of refugees, the BAMF has gained permission to access refugees’ smartphones which store their entire communication history and many private details.
At the same time, independent counselling organisations for refugees report that some officials deny them information that would be helpful for advice and support, citing data protection reasons. This is data protection being abused as a smoke screen in order to impede social work.
We have to be extra careful about how we treat refugees. The Nazis as well as the East German regime have controlled and maltreated their population based on information and data collection. The governments of the countries that refugees reach us from often torment their population via control, lawlessness, and by using anything they know about them. There is a great risk that Cevisio-style data management will re-traumatise people. Likewise, there is a high probability that our data collections will get into the wrong hands – imagine a secret service in someone’s country of origin. Software companies, too, carry a responsibility to ward off such threats. We should realise that what is done to refugees today could be applied to ourselves tomorrow.
Congratulations on winning the BigBrotherAward 2018 in the Authorities category, Cevisio.