Governing border security infrastructures: Maintaining large-scale information systems

Abstract

This article explores the maintenance of large-scale information systems that are used for, among other purposes, border security in the European Union. My argument is that information systems do not always operate according to their design scripts. They materialize as unruly, unstable and failing infrastructures that are governed through maintenance in order to correct any identified functional anomalies and address potential future failures by adapting them to emerging technologies and the service needs of end-users (e.g. border guards, police). To conceptualize the maintenance labour through which information systems are governed, I synthesize ideas developed in Michel Foucault’s work on biopolitics and governmentality with contributions that explore the agentic forces and proclivities of technoscientific matter. By unearthing the very mechanics of maintenance processes, I make two contributions to the literature that interrogates the digitization and smartening of border security. First, I demonstrate that attending to maintenance permits a more complete understanding of the agency of information systems. Second, I broaden the research agenda that explores border security as practice by directing attention towards the often invisible, but politically significant, labour of maintainers who, by rendering information systems functional, sustain the power to govern international mobility by digital means.

Keywords

Border security information systems maintenance Michel Foucault New Materialisms

Introduction

Transnational circulations of human bodies (travellers, migrants, refugees) are increasingly traced, monitored and managed by digitized control practices that target their mobilities. These practices are enacted by ‘security professionals’ (Bigo, 2014), such as border, police and migration authorities, whose labour is supported by technological artefacts and infrastructures – for example, biometric databases (Scheel, 2019), risk assessment algorithms (Amoore, 2011) and digital mapping interfaces (Tazzioli, 2018). This article concerns specifically large-scale information systems that facilitate the gathering, processing and sharing of data on third-country nationals travelling to the European Union (EU) (see Dijstelbloem and Broeders, 2015; Glouftsios, 2018; Jeandesboz, 2016; Pelizza, 2020; Sontowski, 2018). These systems are communications infrastructures, broadly understood as expanding socio-technical settings that produce data flows over distance, binding ‘cities, regions and nations into functioning geographical or political wholes’ (Graham and Marvin, 2001: 8). To paraphrase Brian Larkin, the material, built elements of communication infrastructures ‘comprise the architecture of [data] circulation’, while what distinguishes them from technological devices is ‘that they are objects that create the grounds on which other objects operate’; they are ‘things and also the relation between things’ (Larkin, 2013: 328–329).

Large-scale information systems used for border management function indeed as ‘connective tissues’ and ‘circulatory systems’ (Edwards, 2010: 8) that permit the sharing of vast amounts of data on people crossing borders and interconnect the spaces where controls targeting international mobility are enacted, including data analysis centres, airports, seaports and land borders. Such systems include the Schengen Information System (SIS II) and the Visa Information System (VIS). The SIS II allows for the creation of data alerts on, among others, third-country nationals to be refused entry and stay in the Schengen area owing to their (potential) involvement in serious crime or terrorism offences, as well as on individuals who are subject to deportation procedures (see Official Journal of the European Union [OJEU], 2018a, 2018b). The authorities that have access to SIS II alerts are national police agencies, border guards and consular authorities processing Schengen visa applications, as well as EU agencies such as Europol, Eurojust and Frontex. The VIS enables consular authorities to create computerized files containing alphanumeric (e.g. names, places and dates of birth, passport numbers) and biometric (i.e. fingerprints) data on Schengen visa applicants and holders (see OJEU, 2008a). These data files can be accessed by border guards, police officers and officials working in migration administrations who are responsible for determining whether third-country nationals have the right to enter and stay in the territories of the EU member-states.

The focus on how information systems function and mediate the work of their end-users (e.g. consular, border, police and migration authorities) is indispensable for understanding how international mobility is governed in the EU by digital means. However, when exploring the functional characteristics of such systems, we often tend to assume that they operate somehow automatically and without any functional disruptions. Considerations about the maintenance labour through which information systems are made functional – labour that supports the flows of data across the spaces where mobile bodies become targets of control practices – are absent, at least to my knowledge, from the literature that explores the ongoing ‘smartening’ (Jeandesboz, 2016) of border security. This lack of attention to maintenance processes leaves some pressing questions unanswered. Do information systems always perform as expected by those actors who have previously designed them or do they counter-perform and, potentially, fail after their deployment? If infrastructures, such as information systems, their components, interdependencies and liveliness, become visible when they malfunction and break down (Star, 1999: 382; see also Bennett, 2005), then what does it take to make them invisible – docile machines that operate according to the rules and procedures specified in the documents that lay down their design characteristics?

As Stephen Graham and Nigel Thrift (2007) explain, all infrastructures, from bridges to power plants and complex transport networks, are prone to error, failure and breakage, which means that they require continuous maintenance and repair (see also Jackson, 2014; Ureta, 2014). The same applies to the SIS II and the VIS. These systems must be attended to, maintained, corrected and adapted to ensure that they support effectively the pan-European cooperation of authorities involved in border management. Indeed, there is a process within which the SIS II and the VIS are made functional. This process is often described in the jargon of EU institutions as ‘operational management’ and consists of ‘all the tasks necessary to keep large-scale IT systems functioning in accordance with the specific provisions applicable to each of them’ – such ‘provisions’ being the design specifications according to which the systems were developed – as well as all the activities necessary for their ‘effective, secure and continuous operation’ (OJEU, 2011: 6).

The central argument that I develop in this article is that information systems materialize in the process of operational management as unruly, unstable and failing infrastructures that are governed through maintenance to correct any identified functional anomalies and address potential future failures by adapting them to emerging technologies and the service needs (i.e. data gathering, processing and sharing) of their end-users. To conceptualize the maintenance labour through which information systems are governed, I synthesize ideas developed in Michel Foucault’s work on biopolitics and governmentality with contributions that explore the agentic forces and proclivities of non-human (technoscientific) matter (see Barad, 2007; Braun and Whatmore, 2010; Coole and Frost, 2010). Such a synthesis is necessary because Foucault’s work interrogated, among other things, the rationalities and techniques of government that target the conduct of subjects and populations of biological beings without, however, considering efforts to govern non-human material forces, processes and ‘things’ (Barry, 2001; Lemke, 2015). My goal here is to explore how – through what kinds of maintenance tools, methods and procedures – the material agencies of information systems are governed, as well as to reveal the knowledges, concerns and considerations that lie at the heart of maintenance efforts. In doing so, I seek to make two contributions to the literature that interrogates digitized border security regimes.

The first contribution is related to how we come to understand the agency of information systems – and that of other security technologies (see Hoijtink and Leese, 2019). Information systems and data analysis tools can be conceptualized as agents not just because they actively intervene in the practising of security by supporting, for example, border guards and police officers in their efforts to identify suspicious travellers who presumably embody risks, such as terrorism and organized crime. In other words, information systems are not agents only in the sense that they ‘make a difference’ (Latour, 2005) in security practices and the performative effects generated by their interactions with those actors who appropriate and use them (Amicelle et al., 2015). I suggest that their agency should also be understood in terms of the uncertainties and potential disruptions generated during their technical operations – for example, when they malfunction owing to different reasons, such as hardware failures and software bugs. I will explain that it is the uncertain and, at least sometimes, disrupting agency of information systems that their maintainers seek to make sense of, control and govern. This means that information systems are not just infrastructures channelling the power to govern international mobility (Broeders and Hampshire, 2013; Dijstelboem and Broeders, 2015), but also referent objects of government – both ‘rulers’ that monitor and govern bodies on the move, and unruly infrastructures that are themselves governed to guarantee that they are continuously available to their end-users. Ultimately, this implies that governing international mobility through the gathering, processing and sharing of data goes hand in hand with the governing of infrastructures that make these ‘data practices’ (Scheel et al., 2019) possible in the first place.

The second contribution that I seek to make is linked to the workings of an understudied group of actors that form a constitutive part of the EU border security apparatus: those technology experts who are entrusted with the uninterrupted functioning of information systems. According to Didier Bigo (2014), EU border security is embedded in three social ‘universes’ of control: that of the military/navy, that of border guards/police and that of database analysts. To these universes, I suggest adding the maintainers of border security technologies. The work of maintainers is closely related to what Bigo describes as database analysts: it involves the everyday running of software used for border controls, as well as the repair and upgrade of related hardware. I show that maintainers actively sustain the power to govern international mobility in the EU by making information systems function as expected by their designers and users. Scholars often focus on security professionals using technological artefacts to ‘filter’ (Walters, 2006) transnational circulations and sort out their risky elements, as well as on those other actors who design, develop and implement related security technologies (e.g. Bourne et al., 2015; Glouftsios, 2019; Sontowski, 2018). However, the work of those who maintain information systems has been neglected, which is precisely the problem that I want to tackle here. I want to make the mundanity of this work visible and broaden the research agenda exploring border security as practice (Côté-Boucher et al., 2014) by directing attention towards a neglected group of ‘border workers’ (Rumford, 2006) who, by maintaining security infrastructures, such as information systems, seek to sustain the continuity of data-based controls that performatively produce the borders regulating international mobility.

The empirical material supporting my analysis have been gathered through in-depth interviews with technology experts working at the European Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA). eu-LISA is responsible for the maintenance (and protection) of information systems deployed for border security, law enforcement and migration management purposes in the EU, including the SIS II and the VIS. My interviews were conducted in Brussels, where the communications office of eu-LISA is based, and Strasbourg, where the operational centre of the Agency, as well as the central infrastructural components of the SIS II and the VIS (i.e. datacentre) were built. I have also analysed a number of technical-administrative documents that detail the work of eu-LISA. Among these documents are the annual and multi-annual work programmes of the Agency, as well as reports describing how the SIS II and the VIS function and are maintained in practice.

Governing, agency, materialization

In this section, I elaborate a conceptual vocabulary that is useful for an appreciation of the governing of information systems through maintenance. I do so by reflecting upon Foucault’s work on biopolitics and governmentality, and by putting this in conversation with some of the arguments developed by scholars whose research is associated with the New Materialisms movement.

For Foucault (2009: 93), governing is a multifarious process that has been historically enacted within different social contexts, such as mental asylums, factories and prisons, that are immanent in the state and society. This implies that governing does not strictly refer to the modus operandi of official state institutions, but to the plurality of rationalities, techniques and practices that organize, direct and manage the conducts of subjects and populations of biological beings (see Walters, 2012). For the purposes of this article, this rather humanist focus of Foucault’s work requires attention, because the referent objects of government that concern me here are infrastructures handled through techniques and practices of maintenance. Thomas Lemke’s (2015) work on what he describes as the ‘government of things’ is useful in this context. According to Lemke (2015: 13), there is an implicit, but considerably underdeveloped, post-humanist tendency in Foucault’s writings that helps in rethinking biopolitics as concerned not only with the biological existence of a population, but also with ‘the interrelatedness and entanglements of men and things, the natural and the artificial, the physical and the moral’.

Lemke explains that Foucault (2009: 96–98) came close to such a conceptualization of biopolitics when he – following the writings of the French Renaissance writer Guillaume de La Perrière – described government as the ‘right disposition of things arranged so as to lead to a suitable end’. To further explain this point, Foucault (2009: 97) provided the example of a ship, which is a popular metaphor often used to denote the workings of the state:

What is it to govern a ship? It involves, of course, being responsible for the sailors, but also taking care of the vessel and the cargo; governing a ship also involves taking winds, reefs, storms, and bad weather into account. What characterizes the government of a ship is the practice of establishing relations between the sailors, the vessel, which must be safeguarded, the cargo, which must be brought to port, and their relations with all those eventualities like winds, reefs, storms and so on.

In other words, to govern a ship means taking care of the interactions between, and directing the conducts of, all the human and non-human elements that constitute it, as well as dealing with external forces, such as weather conditions, that may affect its workings as a socio-technical setting (see Law, 2012). As with the example of the ship, studies have demonstrated that systems like the SIS II and the VIS function as socio-technical settings comprised of a multiplicity of interacting human agents, such as end-users and system operators, and technological artefacts, like servers, network cables, software and data (Bellanova and Duez, 2012; Glouftsios, 2019; Jeandesboz, 2016). Such socio-technical settings are characterized by ‘distributed’ human–non-human agencies (Bennett, 2005; Latour, 2005) that emerge through the practical interactions and precarious associations between their heterogeneous components. When it comes to information systems deployed for border security purposes, maintenance labour intervenes in their governing by monitoring, calculating and managing their emergent agency in order to enhance their performances and prevent any potential functional failures that could disrupt data-based security practices.

At this point, I want to make two brief clarifications about the scope and subject matter of this article. First, even though information systems are inherently socio-technical, maintenance is not directly concerned with the conduct of their human operating parts. Second, it is not my intention to argue that maintenance is the only process through which information systems are governed. Repairing network cables and installing software updates is not enough to ensure the proper functioning of a system. For example, other processes that are integral to the governing of these infrastructures, but fall beyond the scope of this article, are those related to the training provided to authorities inserting and consulting SIS II and VIS data (Bellanova and Glouftsios, 2020) – what sociologist of science Christopher Henke (1999: 56) would describe as ‘people repair’ – as well as those related to the drafting of legal frameworks regulating, among other things, the rights of access to digitized information by different categories of end-users (see Bellanova, 2017). The provision of training to end-users and the drafting of related legal frameworks play a crucial role in the implementation and functioning of information systems. However, what interests me here is the maintenance process through which the material agencies of such systems are attended to, corrected and adapted – in short, governed. Such material agencies do not exist independently of maintenance practices. Andrew Barry (2001: 9) cautions that ‘the idea that a non-human device can work autonomously of its multiple connections with other human and non-human elements is a fantasy’. In the context of maintenance, such connections reveal themselves in the practices of those human actors who seek to manage the operations of information systems. As we will see, maintenance practices generate knowledge about the conducts of the SIS II and the VIS by continuously monitoring how they function, before intervening in their actual operations by making changes in their software and hardware configuration.

Besides the ‘humanist blind spots’ in Foucault’s work that prevented him from further developing the idea of a ‘government of things’ (Lemke, 2015), there is another point that requires attention if we are to employ his vocabulary to reflect upon the governing of information systems through maintenance. Foucault studied non-human technical matter as a passive means channelling the power to govern subjects and groups. Consider the example of the Panopticon design of prisons (Foucault, 1995). Foucault explored how knowledges and logics informing the management of inmates’ behaviours were inscribed into the architectural design of the Panopticon, and how this design contributed to their disciplinarization through the establishment of a ‘visibility regime’ (Brighenti, 2010). This means that Foucault was interested not just in the discursive field (knowledges, mentalities, rationalities) that conditions practices of government (surveillance), but also in the very material contexts (architecture of the prison) that mediate such practices. Yet, even though Foucault interrogated how the materiality that surrounds us affects our conduct, he did not pay enough attention to matter’s materialization. By materialization, I mean both the force, excess, productivity and, at least partial, unpredictability of matter (Coole and Frost, 2010), as well as the open-ended and temporally unfolding process through which matter emerges, acts and mutates within what Karen Barad (2007: 141–146) calls ‘apparatuses of observation’ (see also Aradau, 2010). Apparatuses of observation are nexuses of material-discursive practices – in this article, practices of maintenance – through which phenomena, subjects and objects under technoscientific treatment – in this article, information systems – come to matter, in the sense that their meaning and materiality are emergently (re)formed.

Thinking in terms of materialization complements traditional conceptions of biopolitics – understood as an art of governing concerned with the management of life process at the level of population – with what Bruce Braun and Sarah Whatmore (2010) describe as ‘material politics’. This signals ‘the constitutive nature of material processes and entities in social and political life’ (Braun and Whatmore, 2010: ix), and invites attention to the often disrupting agentic forces that technologies, infrastructures and ‘stuff’ may generate (Bennett, 2005). These forces call for the employment of techniques of government that seek to tame emerging socio-technical worlds. As I will explain in the next section, maintenance is one such technique of government that, for Sebastián Ureta (2014: 370), can be seen as a process of normalization because it ‘assumes the existence of a state of “order” [i.e. the normal], usually located in a certain previous [machinic] configuration, to which the failing device or system should be “restored” to function properly again’. Importantly, in restoring the normal operation of information systems, maintenance not only contributes to their proper functioning and long-term survival, but also sustains the power to govern international mobility by digital means.

Indeed, the SIS II and the VIS materialize both as systems contributing to the establishment and workings of the Schengen area as a controlled space of transnational circulations, and as unruly, unstable and failing infrastructures whose agency is monitored, regulated and governed through maintenance. They are unruly infrastructures in the sense that their software and hardware materiality ‘resists, obstructs, or frustrates action, and therefore calls attention [e.g. maintenance, repair, correction, readjustment] to itself’ (Jackson, 2014: 230). In Foucault’s account, the materiality of the prison was passive, excreting agentic force only in the sense that it contributed to the disciplinarization of inmates. Where I differ from Foucault’s work, and why I draw from more materialist arguments, is that I understand the SIS II and the VIS not as passive technologies that contribute to the governing of international mobility. Instead, I approach them as infrastructures that generate emergent agentic forces. These forces may produce uncertainties in the work of those actors responsible for their maintenance (e.g. regarding how to render the systems functional, what happens when they fail, how to optimize their performances). In the practical context of border controls, information systems may behave (when they function) as powerful security infrastructures that are complicit in producing the borders that privilege the mobilities of some bodies while violently excluding others. However, in the practical context of maintenance, they materialize as infrastructures that need to be disciplined, optimized and made to work, so that they effectively support the security labour of the authorities that use them. Thus, we should understand the SIS II and the VIS not only as means channelling the power to govern international mobility, but also as referent objects of government.

Introducing maintenance

Responsible for the maintenance of the SIS II and the VIS is eu-LISA, an EU agency that was established back in 2011 with the twofold aim of (a) providing project management and technoscientific expertise for the development of pan-European information systems, and (b) coordinating the operational management (i.e. maintenance and protection) of existing ones (see OJEU, 2011). Maintenance refers to processes through which information systems are preserved in what is often described in eu-LISA’s reports as a ‘state of guaranteed availability’. This means, first, ensuring that information systems operate at an optimal level and according to the specifications that are laid down in design documents and related legislations (see OJEU, 2007, 2008a, 2008b, 2018a); and, second, guaranteeing the uninterrupted availability of the services provided to the member-states’ end-users, as well as to EU agencies, such as Europol, Eurojust and Frontex, that have access to the data gathered and shared by the systems.

It will become clear in subsequent sections that what justifies the existence of eu-LISA, at least partly, are the persistent technical failures and malfunctions that entail the risk of disruptions in the operations of information systems. As Debbie Lisle (2018: 891) shows in her excellent study of the development of an explosives detection device used for border controls, ‘failure can never be solved, overcome or dispensed with’, while it emerges in technoscientific discourse as instructive, in the sense that it energizes innovation through a recursive process of learning from previous mistakes and failures. In Lisle’s encounters with technoscientists, failure ‘was simultaneously everywhere and nowhere: it drove practice and behaviour with a silent force, but it was seldom articulated in any tangible way (Lisle, 2018: 890). Failure also emerged as a peculiar absent presence in my interviews with experts working at eu-LISA. They provided some rather generic examples of technical failures that generate the need for maintenance, and they were careful enough to frame failure not as an inescapable reality and limitation of information systems, but rather as a productive force and opportunity to render the systems ‘stronger’, more ‘effective’ and ‘efficient’ through technical readjustments. In the context of maintenance, this kind of discursive association between failure and optimization precludes the political possibilities of critiquing information systems for their limitations, feeding further discourses that portray them as hi-tech, supposedly smart systems that work seamlessly.

Maintenance can be thought of as the continuous moulding of the systems’ material properties and agencies. By moulding, I mean an iterative repair, upgrade and update of hardware and software that seeks to address failures and adapt the systems to technological advancements and emerging functional circumstances. Moulding through maintenance is, to use Foucauldian terms, a key governmental technique deployed by eu-LISA to ensure that the SIS II and the VIS operate according to their design scripts (Ureta, 2014: 371). In addition to that, moulding implies that the SIS II and the VIS are not static – that is, their material composition is not fixed after their deployment. They may provide the same services described in design documents and legislations, but their operating parts undergo continuous reconfigurations enacted through hardware and software repairs, upgrades and updates. It is through this ongoing moulding of the SIS II and the VIS that eu-LISA seeks to govern the two systems and address failures in their operations. This means that making information systems perform as expected necessitates their mutation. To render the SIS II and the VIS operational, eu-LISA progressively and consistently changes their material composition. It is the very (software and hardware) materiality of the SIS II and the VIS and, more specifically, the emergent agentic forces generated by this materiality that become the referent objects of governing practices performed by those entrusted with the maintenance of the two systems in working order.

Now, the moulding of the SIS II and the VIS should not be understood as a politically insignificant process. Information systems – and the dataveillance security practices that they mediate – facilitate the management of international mobility on the basis of a discriminatory logic representing global flows as composed of legitimate, bona fide and normalized travellers, whose journeys are facilitated (Leese, 2016), on the one hand, and illegalized, suspicious and risky ones, whose circulation is targeted, captured and, when necessary, prevented and blocked, on the other (Amoore and De Goede, 2005: 167).

For example, as regards the VIS, studies have demonstrated that it disproportionally targets people coming from poor and politically unstable countries (Bigo and Guild, 2005), contributing to the unequal distribution of mobility capital across third-country nationals travelling to the EU (see Glouftsios, 2018). The VIS allows for the creation of data files on Schengen visa applicants and holders, as well as individuals whose applications get rejected (see OJEU, 2008a). These files include, first, alphanumeric data, such as names, nationalities, dates of birth, reasons for travelling to the EU, and information on those (e.g. individuals, companies) inviting the applicants in question. The validity of this information is verified on the basis of documentation submitted as part of visa applications (e.g. recent bank statements, invitations, travel tickets, etc.), documentation that is also used to assess the security and migration risks that visa applicants may embody. Second, consular authorities store fingerprint data and digitized facial images that allow for the future identification of (a) visa holders at border crossing points; (b) irregular migrants who arrived in the EU with a Schengen visa but destroyed their documents to avoid reidentification and capture; and (c) those whose visa applications have been rejected. Consular authorities, therefore, do not only filter out applicants who are considered as security threats or suspicious for irregular migration, but also create the conditions of possibility (i.e. data files) that allow for the identification of data subjects after they arrive in the EU, as well as the reconstruction of their bureaucratic trajectories by border, police and migration authorities that have access to the VIS (see Glouftsios and Scheel, 2020; Scheel, 2019).

The SIS II is also an infrastructure that, among other things, such as the pan-European judicial cooperation in criminal matters, supports the digitized control of international mobility. The SIS II allows state authorities to consult alerts on third-country nationals who are considered as embodying risks ‘to public policy, to public security or to national security’ of the member-states (OJEU, 2018a: 33). These alerts refer not only to individuals who have been previously convicted of engaging in serious crime or terrorist activities in the EU, but also to suspects for whom there are grounds for believing that have been involved (or will be involved) in such activities. It is important to clarify that alerts for serious crime and terrorism may also refer to EU nationals (see OJEU, 2018b), and that the SIS II is consulted on a non-systematic basis when EU nationals cross Schengen external borders. Also, the SIS II enables the creation of alerts and registration of re-entry bans on third-country nationals who have entered, or attempted to enter, the Schengen Area irregularly, and on those who are subject to deportation procedures. SIS II ‘alerts’ are sets of biographical (e.g. names, nationalities, etc.) and biometric (fingerprints and palm prints) data that are created by dedicated police units in each member-state. Police units may also create alerts that refer to objects, such as lost identity documents and stolen vehicles associated with criminal organizations. These alerts, and the links between them (e.g. links between alerts on persons wanted for arrest and stolen vehicles), can be then consulted by a multiplicity of state authorities that enact controls related to border security, migration management and law enforcement.

In this context, the maintenance of the SIS II and the VIS matters politically because it sustains the power to govern international mobility. By maintaining the two systems, eu-LISA seeks to guarantee the uninterrupted gathering, processing and sharing of data across an expanding community of end-users who enact controls on people crossing borders. As a report published by the agency emphasizes:

[eu-LISA] will contribute to the maintenance of secure external borders, effective police cooperation and to the implementation of European visa and asylum policy, by ensuring the operational management and continuity of operations of a number of large-scale information systems in the area of freedom, security and justice. (eu-LISA, 2012: 4)

This implies that eu-LISA is not a centre of operations separate from the broader EU border security apparatus (i.e. border guards, police, migration authorities, etc.) connected to the SIS II and the VIS, but one that actively intervenes in the workings of this apparatus by regulating the functioning of information systems. If we only focus on how information systems are used by security professionals, we miss the mundane, but politically significant, labour of maintainers who actively shape technologically mediated border performances by making systems like the SIS II and the VIS available to their end-users.

In what follows, I will discuss two types of maintenance processes coordinated by eu-LISA. I first focus on how maintainers correct technical failures that could disrupt the functioning of the SIS II and the VIS (i.e. corrective maintenance) and, second, I explain how they adapt the systems to emerging technologies and service needs (i.e. adaptive maintenance).

Correction

Corrective maintenance involves repairs, replacements and updates in response to various and rather mundane developments – developments that despite their mundanity may produce disruptions in the work of authorities that consult SIS II and VIS data. For example, hardware repairs and replacements are necessary in cases where certain components of the SIS II and the VIS are damaged by accident and overuse or stop working owing to technical failures. These components can be operating parts of servers, drives, processors, network cables and components of the air-conditioning system that regulates the temperature inside data processing facilities, as well as components of the Uninterrupted Power Supply (UPS) system that provides electricity to the data centre in Strasbourg. Corrective maintenance involves a continuous infrastructural repair, which is necessary to address the failing nature of the SIS II and the VIS. It seeks to deal with potentially disrupting incidents generated both by the emergent material agency of the systems’ infrastructural elements and by accidents and environmental conditions, like fires and floods (Interview 3), that may damage the latter:

Things break all the time and need replacement. Hard disks, servers, network switches, firewall components, and so on. When it comes to the network, it can be even failures of the physical cables – for example, an excavator destroying an underground cable connection. This is a rare case, but it happens and had happened in the past. Of course, the systems and the communications infrastructure are built in a way that all their components are redundant, which makes them resilient. However, we need to make sure that every single issue does not result in functional and operational failures. (Interview 4)

Thus, even though the SIS II and the VIS are characterized by redundant infrastructures that render them resilient-by-design, routine corrective maintenance is necessary because failures of hardware components translate into lower levels of resilience. This observation implies that, when it comes to their operations, the material agencies of the SIS II and the VIS are contingent, in the sense that their hardware may fail and stop working, which, in turn, may produce anomalies and disruptions to their functioning. Through the continuous monitoring of the systems’ operations and the replacement of dysfunctional hardware components, the identified anomalies are corrected, while future service disruptions are prevented. This also means that corrective maintenance is not just a reactive process but also a proactive one, in that it seeks to cancel out potential future service disruptions generated by the uncertain agentic proclivities of the SIS II and the VIS. The basic orientation of corrective maintenance is reactionary; however, by reacting to functional anomalies in the present, eu-LISA proactively addresses service disruptions in the future. Consider another example of corrective updates to the systems’ software applications:

Changes are needed because an update in the most recent version of YYY would have made it incompatible with other software versions that were previously installed in the systems. There are also other kinds of changes. For example, I saw today a change request which may seem very simple but nevertheless has to happen. In the list of countries for lost and stolen documents in the SIS II, we didn’t have XXX. It was missed. Probably it has been missed for several years until an end-user found a document, wanted to insert data and realized that XXX was not there. (Interview 1)

In these examples, the rationale underpinning maintenance work is slightly different from that informing the replacement of dysfunctional hardware components. In cases of hardware failures, corrective maintenance is necessary to ensure the continuity of SIS II and VIS operations, and thus the continuity of security practices targeting international mobility through the use of the systems. However, when it comes to software updates, the aim is both to avoid potential service disruptions due to incompatibilities between different types and versions of software and to implement changes that condition what end-users can do with the SIS II and the VIS – for example, what kinds of data they can (or cannot) insert. Whatever goes wrong or may go wrong in the operations of the SIS II and the VIS – from a damaged component to the unavailability of a particular service – has to be identified and corrected by moulding the hardware and software materiality of the systems.

In practice, corrective maintenance starts with the monitoring of the SIS II and VIS technical operations. To monitor their operations, eu-LISA has introduced a set of tools and established a system that allows for the measurement, analysis, reporting and review of (a) the ‘health status’ of the central SIS II and VIS components; (b) the operations of the communications network upon which they are connected; and (c) the availability of services provided to end-users (Interviews 2 and 4). Monitoring is done by enrolling technical instruments in the maintenance process, such as software applications that automatically generate notifications about the status of infrastructures and the availability of SIS II and VIS services. For example, these applications check whether devices, like disks, function within acceptable limits, such as memory utilization thresholds, and generate alerts to specialized teams responsible for intervening in their operations, if needed.

Monitoring how the different components of the SIS II and the VIS operate is necessary not only because it allows for the real-time identification of functional anomalies, but also because it enables the production of statistical data that reveal information related to, for example, levels of device utilization, response times to end-users’ queries and network traffic rates. In turn, these data permit the production of knowledge about the ‘normal’ technical operations of the systems and their use (see eu-LISA, 2014a, 2015a). It is important to understand that eu-LISA monitors the SIS II and the VIS as machinic organisms characterized by certain vital life signs, which are then measured to determine whether the two systems function as expected. This means that, when it comes to maintenance, the ‘life’ that eu-LISA seeks to render intelligible and governable is that of information systems, while continuous monitoring produces knowledge about their everyday operations and ‘behaviour’. Indeed, the SIS II and the VIS are enacted as epistemic objects whose conduct is rendered intelligible through monitoring procedures. This knowledge is then mobilized to detect, make sense of, correct and eventually govern any anomalies to their operations – anomalies that may disrupt the border security, migration management and law enforcement practices mediated by the two systems.

The formation within eu-LISA’s organizational structure that plays perhaps the most crucial role in corrective maintenance processes is the so-called Service Desk. Experts working at eu-LISA’s Service Desk coordinate the handling of any identified problems associated with the performance of hardware components and the availability of services provided to SIS II and VIS end-users:

There are always people in the operations room monitoring the systems. They are looking at, you know, charts detailing the bandwidth usage on the network and demands on the various services to ensure that there are no anomalies. If there is an anomaly, they need to respond immediately before this escalates to a service disruption. (Interview 1)

Once a functional anomaly is identified, eu-LISA’s Service Desk initiates the ‘incident management’ process (see eu-LISA, 2013a: 16–18). This is a progressively unfolding process that entails both the understanding and documentation of the occurrences that generated technical failures, and the actual intervention in the systems’ operations, through making changes to their hardware and software. In other words, incident management involves a chain of actions (e.g. monitoring, documentation, repairs, replacements, updates) that seek both to produce knowledge about the agency of information systems and to mould their material properties. The goal is to understand how the SIS II and the VIS perform and to direct their performances in ways that guarantee the uninterrupted provision of services to end-users. What is happening in the incident management process is a disavowal of a potential service disruption, and every single action is geared towards resolution and closure of the identified incidents. The reactive nature of corrective maintenance is all about the resolution of incidents, while its proactive element is about ensuring that incidents are resolved promptly before they produce disruptions to the gathering, processing and sharing of data by end-users.

I want to highlight here that corrective maintenance processes entail frictions that can produce delays in the stabilization of the systems after the identification of functional anomalies. Such frictions often result from the lack of coordination between eu-LISA, which is responsible for maintaining the central SIS II and VIS in Strasbourg, and national organizations, which are entrusted with the maintenance of national systems connected to the central ones. The network infrastructures of the SIS II and the VIS expand across the Schengen area, interconnecting the various sites where controls targeting international mobility are enacted, which means that both central systems and their national components should be kept functional. This is nevertheless challenging because problems do emerge in the coordination between eu-LISA and the respective national organizations:

One of the big problems that we face sometimes is that the operational organizations at the member-states are not built at the same level of requirements like our organization here in Strasbourg. It can happen that during the night you encounter an issue maybe with the network connection with the member-state X, and because they do not have in place the appropriate support organization there is nobody that you can reach to find the cause of the incident and a solution to the problems caused by that. This is not something that happens on a daily basis, but from time to time it can happen. (Interview 4)

It is interesting here how national organizations emerge as entities creating problems in the governing of the SIS II and the VIS from within. Even though these organizations form, together with eu-LISA, the apparatus monitoring and intervening in the operations of the two systems, they may render the coordinated resolution of incidents difficult to achieve. Coordination requires (a) the creation of ‘Single Points of Contact’ (SpoCs) at central and national level, which are teams that can be reached 24/7 to report any incidents identified either by eu-LISA or national authorities; (b) the drafting and circulation of ‘Operator Manuals’, which are documents detailing the exact procedures that should be followed for the cooperation between SpoCs; and (c) the regular organization of training courses by eu-LISA to familiarize national organizations with maintenance procedures and the technical operations of the systems. The establishment of these coordination mechanisms should be understood as a way to avoid frictions in the implementation of maintenance projects that necessitate the cooperation between eu-LISA and national organizations.

As regards training specifically, it should be clarified that eu-LISA organizes specialized courses for those experts managing the systems at the national level (i.e. operators), while training for those using the systems for border security, migration management and law enforcement (i.e. end-users) is co-organized with the EU Agency for Law Enforcement Training (CEPOL) and Frontex. Even though end-users can negatively affect the overall effectiveness of the SIS II and the VIS by inserting low-quality data – such as incomplete or inaccurate alphanumeric information that could result in the misidentification of an individual (European Court of Auditors, 2019; Bellanova and Glouftsios, 2020) – their actions cannot have a direct impact on the systems’ technical operations. Conversely, the work of national operators is indispensable for the functioning of the SIS II and the VIS because they are the ones maintaining the member-states’ systems connected to the central ones. Without the work of national operators and eu-LISA, the systems would eventually stop functioning. By training national experts operating the member-states’ systems that are connected to the central SIS II and VIS, eu-LISA seeks to harmonize and coordinate maintenance processes at central and national levels (see eu-LISA, 2013b).

All in all, corrective maintenance refers to activities that seek to keep the SIS II and the VIS functional by continuously monitoring their operations and progressively moulding their material properties and agencies. It is exactly through this continuous monitoring and moulding that information systems are rendered governable within nexuses of maintenance practices enacted both at eu-LISA’s premises in Strasbourg – where the central SIS II and VIS were built – and across the Schengen area – where the systems’ national components are located. Information systems do not just govern flows of human bodies crossing borders. They are also governed through practices that seek to reactively correct any identified anomalies in their operations and proactively address potential disruptions of the services that they provide to end-users – disruptions that could destabilize the continuity of data-based controls targeting cross-border mobilities.

Adaptation

Governing information systems through maintenance is not only about their correction in response to identified functional anomalies. It is also about their adaptation to emerging technologies and service needs, such as the building of additional data processing capacity or the introduction of new functionalities and data formats. As one of my interviewees explained, servers, drives, network cables and software are proactively upgraded after their initial installation either because they have a ‘limited lifespan’ or because ‘more advanced technologies are available in the market’:

Take as an example the SIS II. The system started operations in 2013, but its hardware was built in 2008–2009. This means it is 9–10 years old now. Technology evolves. You have new service systems that are faster, consume less energy, need less space, and have more computing power. We maintain the SIS II, and indeed other systems like the VIS, by installing new technologies. (Interview 2)

Echoing wider neoliberal discourses of efficiency and market logics that drive technological innovation, adaptive maintenance is framed as a process through which information systems are optimized. Optimization should not be understood as a natural, evolutionary process that renders seamlessly working systems somewhat more efficient. As demonstrated in the previous section, information systems do fail. While corrective maintenance seeks to address already identified failures, adaptive maintenance can be thought of as preventing potential future ones by replacing hardware components and updating software applications before these become obsolete. The discourse on system optimization, therefore, should not obscure the reality of failing border security infrastructures that require continuous maintenance, correction and adaptation.

In practice, the first two steps before making any adaptive changes to the systems are (a) the monitoring of research and technological advancements relevant to their operations; and (b) the monitoring of how they function and are being used. The first kind of monitoring activities is often described in the annual reports of eu-LISA as ‘technology watch’. This involves the coordinated monitoring of new and forthcoming technological developments, including innovations in methods and technical standards relevant to IT operations. The knowledge generated by technology watch feeds into decisionmaking processes linked to the implementation of technical changes and upgrades to the systems (eu-LISA, 2013a: 27). Here is how an expert from eu-LISA described technology watch to me:

We are not executing or delivering research. We are monitoring research executed by industry, academics and research organizations not just in Europe, but globally. This involves literature review, open-source monitoring and interaction with researchers, like yourself. Then we bring our results to project teams internally and try to inform them on new developments. (Interview 1)

Among the research activities monitored by eu-LISA are those related to developments in the data processing capacity and availability of IT systems, those linked to hardware and software used to capture and process biometrics (see eu-LISA, 2015b), and those related to the broader field of IT security (see eu-LISA, 2016). In addition, there is a conference organized by eu-LISA every year in Tallinn, which focuses on new technologies and policy developments in the area of EU Justice and Home Affairs. This conference brings together researchers and representatives from academia and industry, officials from EU institutions, representatives of end-user communities and eu-LISA’s experts. The Agency’s annual conference is a meeting place where policymakers, EU bureaucrats and security professionals discuss needs related to border security, law enforcement and migration management in the EU, while technoscientists – be they experts working at eu-LISA or in relevant industries – present technological solutions.

The second type of monitoring activities targets the technical functioning of the systems and their use. This results in the gathering of statistics and the drafting of reports (e.g. eu-LISA, 2014a, 2015a) that detail, among other things, functional anomalies that have been identified and addressed in the past and percentages indicating the usage of the systems’ services, such as numbers of alerts issued by end-users and measurements revealing exactly which categories of end-users tend to consult more frequently SIS II and VIS data. The knowledge produced by these reports makes it possible to make sense of the emergent agency of information systems: it facilitates the identification of any long-term deficiencies in their day-to-day operations and the extent to which the end-users’ interactions with the systems necessitate the adaptation of the services provided. As in the case of knowledge generated by technology watch, the knowledge produced by the monitoring of the systems’ functioning feeds into decisions on future adaptive maintenance projects. Operational deficiencies and/or service needs are first identified and then addressed through the adaptation of the systems to new or anticipated technological and functional circumstances.

For example, one adaptive maintenance project was initiated back in 2012 for the VIS. As mentioned before, the information stored in the VIS can be accessed by officials working at consulates of the member-states where third-country nationals lodge their applications for Schengen visas before travelling to the EU. After the development of the VIS, its worldwide deployment was not automatic, but progressive. The VIS started operations in the first region (North Africa) back in 2011, while its global roll-out was finalized in 2015. The problem identified during the first two years of the VIS operations was that its storage and data processing capacity was being consumed much more quickly than had been initially expected when the system was developed because some member-states deployed it in areas ahead of the planned progressive global roll-out (European Commission, 2012: 10). This resulted in unanticipated amounts of data being stored in, and processed by, the VIS. It was owing to this development that eu-LISA started adapting the system to accommodate the new service needs in 2012 (eu-LISA, 2014b: 10). The VIS was designed with a maximum capacity of 60,000 data transactions per hour; however, owing to the progressive global deployment of the system, the amount of these transactions has been increasing on an annual basis, which means that its adaptive maintenance is an ongoing project (eu-LISA, 2014a: 7–8). The more end-users store and consult VIS data, the more capacity is built into the system by eu-LISA. Without this kind of adaptive maintenance work, failures will eventually emerge in relation to the processing of visa applications, border controls and migration management procedures mediated by the system. The same applies to the case of the SIS II (Interview 2). By monitoring how the SIS II and the VIS function and are being used, eu-LISA seeks to anticipate emerging service needs and proactively intervene in their operations by making adaptive changes.

Of course, such changes are not implemented automatically, but through what is described in eu-LISA’s reports as the ‘change management’ process (see eu-LISA, 2015a: 13–14). Change management involves the assessment of any potential operational risks inherent in adaptive changes:

Prior to any change we execute a risk assessment and make sure that changes do not introduce vulnerabilities to our systems. We also test the changes on non-production environments, check them, make the upgrades, see how they work, and initiate the testing phase with the member-states to ensure that there is no impact on their sites. (Interview 4)

The change management process is initiated, supervised and coordinated by the so-called Change Management Board, which brings together representatives of the relevant member-states’ organizations and eu-LISA. The principal aim of the Change Management Board is to ‘guarantee the stability of the system[s]’ and ensure that ‘changes in the central system and the national systems are implemented in a coordinated manner’ (eu-LISA, 2015a: 13). As in the case of corrective maintenance discussed in the previous section, coordination is necessary to govern information systems and deal with frictions in the process of their adaptation. Small-scale changes, such as replacements of server components in Strasbourg, do not require coordination between national system operators and eu-LISA because they do not affect the connectivity between central and national systems (Interview 4). However, large-scale changes linked to the introduction of new functionalities, such as automated biometric matching (see Joint Research Centre, 2016), require coordination because they produce modifications in the so-called Interface Control Document (ICD), which defines the technical specifications of the interaction between central and national systems:

The ICD is like a dictionary that defines the communication between central and national systems. If I (a national system) want to input a person (data file), I know that the ‘person’ has to be a name, surname, ID number, sex, nationality and so on. This applies also to functionalities. How do I (the central system) create alerts? How do I interpret messages sent by you (national system)? The ICD is the detailed framework of system-to-system communication. (Interview 3)

Changes in the ICD can generate frictions and delays in the adaptation of the SIS II and the VIS. These are not necessarily related to the very technical work that goes into the maintenance of the systems. Major adaptive changes linked to the introduction of new functionalities require the design and installation of new system components, as well as the launch of lengthy legislative procedures at the EU level that are fraught with various controversies related to, for example, the feasibility and necessity of the proposed changes, as well as the financial resources invested for the implementation of the latter (see Glouftsios, 2019; Parkin, 2011).

In a nutshell, adaptive maintenance is enacted through the monitoring of research relevant to the SIS II and VIS operations, the monitoring of the systems’ functioning and use, and the implementation of changes that seek to adapt the systems to new or anticipated technological advancements and service needs. The two types of monitoring activities generate knowledge about the conduct of the systems and the technological developments that are deemed necessary to ensure that their components do not become obsolete. This knowledge is then translated into adaptive maintenance projects. Adaptation and correction are the two principal logics that inform the governing of information systems through maintenance – maintenance that seeks to address present and future failures that could create problems and disruptions in the gathering, processing and sharing of data by authorities that enact controls on individuals travelling to, and circulating in, the EU Schengen area.

Conclusion

In this article, I provided an in-depth analysis of the maintenance labour that goes into the functioning of large-scale information systems deployed for border security, migration management and law enforcement purposes in the EU, such as the SIS II and the VIS. The observation that information systems require maintenance to function should not come as a surprise to scholars investigating security infrastructures and related technological devices. Perhaps it is the mundanity of maintenance that makes it invisible and unquestioned. Yet overlooking this process hinders a more a complete appreciation of the ongoing ‘technological work’ (Walters, 2011) through which digitized borders are implemented and made functional. This technological work matters politically because it conditions data-based performances of control and surveillance that target subjects and populations on the move, and thus sustains the power to govern international mobility by digital means.

Beyond information systems, an analytical curiosity towards maintenance may open up research avenues into practices that sustain contemporary security worlds. We might want to start thinking about maintenance in broad terms, as a process through which (in)securitized objects, infrastructures and built environments are moulded, corrected and adapted. This requires, first and foremost, modes of analysis that embrace what Steven Jackson (2014) describes as ‘broken world thinking’. This means attention to erosion, breakdown and decay, as well as to the whole register of repair and maintenance practices that seek to deal with these disrupting phenomena. Broken world thinking may also help us deal with the ‘productivist biases’ (Jackson, 2014: 234) that often characterize studies that explore how socio-technical settings of security are constructed, configured and assembled. We are very good at diagnosing the emergence of such settings genealogically and by tracing the associations between the heterogeneous elements that compose them. But we do not always attend to their failures and the different types of maintenance actors, practices and processes that render them sustainable, durable and persistent.

Footnotes

Acknowledgements

I am truly grateful to Debbie Lisle, Rocco Bellanova and Peter Forman for their valuable feedback on previous versions of this article. I would also like to thank William Walters and Michael Bourne for engaging constructively with my doctoral dissertation, which is directly related to the topic of this article. Last but not least, I would like to thank the two anonymous reviewers, as well as Emily Gilbert, for their kind, thoughtful and constructive comments.

Funding

The author disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This research has been funded by the Leverhulme Trust (grant number 2014-097) and the School of International Studies at the University of Trento (project STERI: Science, Technology and International Relations).

ORCID iD

Georgios Glouftsios

Georgios Glouftsios works as a Postdoctoral and Teaching Fellow at the School of International Studies, University of Trento, Italy. His research is situated at the intersections of critical security studies, border studies, and science and technology studies. His current research project focuses on the design, use and maintenance of large-scale IT systems deployed for border security, law enforcement and migration management purposes in the European Union. Email: georgios.glouftsios@unitn.it.

Interviews cited

References

Amicelle

Aradau

Jeandesboz

(2015) Questioning security devices: Performativity, resistance, politics. Security Dialogue 46(4): 293–306.

Amoore

(2011) Data derivatives: On the emergence of a security risk calculus for our times. Theory, Culture & Society 28(6): 24–43.

Amoore

De Goede

(2005) Governance, risk and dataveillance in the war on terror. Crime, Law and Social Change 43: 149–173.

Aradau

(2010) Security that matters: Critical infrastructure and objects of protection. Security Dialogue 41(5): 491–514.

Barad

(2007) Meeting the Universe Halfway: Quantum Physics and the Entanglement of Matter and Meaning. Durham, NC & London: Duke University Press.

Barry

(2001) Political Machines: Governing a Technological Society. London & New York: The Athlone Press.

Bellanova

(2017) Digital, politics, and algorithms: Governing digital data through the lens of data protection. European Journal of Social Theory 20(3): 329–347.

Bellanova

Duez

(2012) A different view of the ‘making’ of European security: The EU Passenger Name Record system as a socio-technical assemblage. European Foreign Affairs Review 17(2): 109–124.

Bellanova

Glouftsios

(2020) Controlling infrastructures: An inquiry into the socio-technical design of security databases. Paper presented at the ‘Data Matters: Digital Technologies and the Politics of Bordering’ workshop, ETH Zurich, Center for Security Studies, 23–24 May 2019.

10.

Bennett

(2005) The agency of assemblages and the North American blackout. Public Culture 17(3): 445–465.

11.

Bigo

(2014) The (in)securitization practices of the three universes of EU border control: Military/navy – border guards/police – database analysts. Security Dialogue 45(3): 209–225.

12.

Bigo

Guild

(2005) Policing at a distance: Schengen Visa policies. In: Bigo

Guild

(eds) Controlling Frontiers: Free Movement Into and Within Europe. Aldershot: Ashgate, 233–263.

13.

Braun

Whatmore

(2010) Political Matter: Technoscience, Democracy and Public Life. Minneapolis, MN & London: University of Minnesota Press.

14.

Brighenti

(2010) Visibility in Social Theory and Social Research. Basingstoke: Palgrave Macmillan.

15.

Broeders

Hampshire

(2013) Dreaming of seamless borders: ICTs and the pre-emptive governance of mobility in Europe. Journal of Ethnic and Migration Studies 39(8): 1201–1218.

16.

Bourne

Johnson

Lisle

(2015) Laboratizing the border: The production, translation and anticipation of security technologies. Security Dialogue 46(4): 307–325.

17.

Coole

Frost

(2010) New Materialisms: Ontology, Agency and Politics. Durham, NC & London: Duke University Press.

18.

Côté-Boucher

Infantino

Salter

(2014) Border security as practice: An agenda for research. Security Dialogue 45(3): 195–208.

19.

Dijstelbloem

Broeders

(2015) Border surveillance, mobility management and the shaping of non-publics in Europe. European Journal of Social Theory 18(1): 21–38.

20.

Edwards

(2010) A Vast Machine: Computer Models, Climate Data, and the Politics of Global Warming. Cambridge, MA: The MIT Press.

21.

eu-LISA (2012) Work programme 2012. Available at: https://www.eulisa.europa.eu/Publications/Corporate/2012_annual_work_programme_en.pdf (accessed 10 August 2020).

22.

eu-LISA (2013a) Work programme 2013. Available at: https://www.eulisa.europa.eu/Publications/Corporate/2013_annual_work_programme_en.pdf (accessed 10 August 2020).

23.

eu-LISA (2013b) eu-LISA training strategy 2013–2016. Available at: https://www.eulisa.europa.eu/AboutUs/MandateAndActivities/CoreActivities/Documents/eu-LISA%20Training%20Strategy%20and%20Training%20Plan.pdf (accessed 10 August 2020).

24.

eu-LISA (2014a) Report on the technical functioning of VIS, including the security thereof, pursuant to Article 50(3) of the VIS Regulation. Available at: https://www.eulisa.europa.eu/Publications/Reports/eulisa_Report%20VIS%20en.pdf (accessed 10 August 2020).

25.

eu-LISA (2014b) Annual activity report 2013. Available at: https://www.eulisa.europa.eu/Publications/Corporate/ELAA13001ENC.pdf (accessed 10 August 2020).

26.

eu-LISA (2015a) Report on the technical functioning of Central SIS II and the Communication Infrastructure, including the security thereof and the bilateral and multilateral exchange of supplementary information between Member States. Available at: https://www.eulisa.europa.eu/Publications/Reports/SIS%20II%20Technical%20Report%202015.pdf (accessed 10 August 2020).

27.

eu-LISA (2015b) Biometrics in Large-Scale IT: Recent trends, current performance capabilities, recommendations for the near future. Available at: https://www.eulisa.europa.eu/Publications/Reports/Biometrics%20in%20Large-Scale%20IT.pdf (accessed 10 August 2020).

28.

eu-LISA (2016) Protecting Large-Scale IT systems developed and/or managed by eu-LISA from modern threats: A review of recent developments in IT Security and associated technologies. Available at: https://www.eulisa.europa.eu/Publications/Reports/Protecting%20Large-scale%20IT%20systems%20developed%20and%20or%20managed%20by%20eu-LISA%20from%20modern%20threats.pdf (accessed 10 August 2020).

29.

European Commission (2012) Report from the Commission to the European Parliament and the Council on the Development of the VISA Information System in 2011. COM(2012) 376 final.

30.

European Court of Auditors (2019) EU Information Systems Supporting Border Control – A Strong Tool, but More Focus Needed on Timely and Complete Data. Special Report no. 20. Available at: https://www.eca.europa.eu/Lists/ECADocuments/SR19_20/SR_Border_control_EN.pdf (accessed 10 August 2020).

31.

Foucault

(1995) Discipline and Punish: The Birth of the Prison. New York: Vintage Books.

32.

Foucault

(2009) Security, Territory, Population: Lectures at the Collège de France 1977–1978. Basingstoke: Palgrave Macmillan.

33.

Glouftsios

(2018) Governing circulation through technology within EU border security practice-networks. Mobilities 13(2): 185–199.

34.

Glouftsios

(2019) Designing digital borders: The Visa Information System (VIS). In: Hoijtink

Leese

(eds) Technology and Agency in International Relations. London & New York: Routledge, 164–187.

35.

Glouftsios

Scheel

(2020) An inquiry into the digitisation of border and migration management: performativity, contestation and heterogeneous engineering. Third World Quarterly. Epub ahead of print 1 September 2020. DOI: 10.1080/01436597.2020.1807929.

36.

Graham

Marvin

(2001) Splintering Urbanism: Networked Infrastructures, Technological Mobilities, and the Urban Condition. London & New York: Routledge.

37.

Graham

Thrift

(2007) Out of order: Understanding maintenance and repair. Theory, Culture & Society 24(3): 1–25.

38.

Henke

(1999) The mechanics of workplace order: Toward a sociology of repair. Berkeley Journal of Sociology 44(3): 55–81.

39.

Hoijtink

Leese

(2019) Technology and Agency in International Relations. London & New York: Routledge.

40.

Jackson

(2014) Rethinking repair. In: Tarleton

Boczkowski

Foot

(eds) Media Technologies: Essays on Communication, Materiality, and Society. Cambridge, MA: The MIT Press, 221–239.

41.

Jeandesboz

(2016) Smartening border security in the European Union: An associational inquiry. Security Dialogue 47(4): 292–309.

42.

Joint Research Centre (2015) Fingerprint Identification Technology for Its Implementation in the Schengen Information System II (SIS-II). EUR 27473 EN. Available at: https://publications.jrc.ec.europa.eu/repository/bitstream/JRC97779/lbna27473enn.pdf (accessed 10 August 2020).

43.

Larkin

(2013) The politics and poetics of infrastructure. Annual Review of Anthropology 42: 327–343.

44.

Latour

(2005) Reassembling the Social: An Introduction to Actor-Network-Theory. Oxford: Oxford University Press.

45.

Law

(2012) Technology and heterogeneous engineering: The case of Portuguese expansion. In: Bijker

Hughes

Pinch

(eds) The Social Construction of Technological Systems: New Directions in the Sociology and History of Technology, Anniversary Edition. Cambridge, MA: The MIT Press, 105–128.

46.

Leese

(2016) Exploring the security/facilitation nexus: Foucault at the ‘smart’ border. Global Society 30(3): 412–429.

47.

Lemke

(2015) New materialisms: Foucault and the ‘government of things’. Theory, Culture & Society 32(4): 3–25.

48.

Lisle

(2018) Failing worse? Science, security and the birth of a border technology. European Journal of International Relations 24(4): 887–910.

49.

Official Journal of the European Union (OJEU) (2007) Commission decision of 16 March 2007 laying down the network requirements for the Schengen Information System II (1st pillar) (notified under document number C[2007] 845). OJEU L79/20.

50.

Official Journal of the European Union (OJEU) (2008a) Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation). OJEU L218/60.

51.

Official Journal of the European Union (OJEU) (2008b) Commission decision of 17 June 2008 laying down the physical architecture and requirements of the national interfaces and of the communication infrastructure between the central VIS and the national interfaces for the development phase (notified under document number C[2008] 2693). OJEU L194/3.

52.

Official Journal of the European Union (OJEU) (2011) Regulation (EU) No 1077/2011 of the European Parliament and of the Council of 25 October 2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice. OJEU L286/1.

53.

Official Journal of the European Union (OJEU) (2018a) Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006. OJEU L312/14.

54.

Official Journal of the European Union (OJEU) (2018b) Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU. OJEU L312/56.

55.

Parkin

(2011) The difficult road to the Schengen Information System II: The legacy of ‘laboratories’ and the cost for fundamental rights and the rule of law. Brussels: Centre for European Policy Studies.

56.

Pelizza

(2020) Processing alterity, enacting Europe: Migrant registration and identification as co-construction of individuals and polities. Science, Technology, & Human Values 45(2): 262–288.

57.

Rumford

(2006) Theorizing borders. European Journal of Social Theory 9(2): 155–169.

58.

Scheel

(2019) Autonomy of Migration? Appropriating Mobility Within Biometric Border Regimes. London & New York: Routledge.

59.

Scheel

Ruppert

Ustek-Spilda

(2019) Enacting migration through data practices. Environment and Planning D: Society and Space 37(4): 579–588.

60.

Sontowski

(2018) Speed, timing and duration: Contested temporalities, techno-political controversies and the emergence of the EU’s smart border. Journal of Ethnic and Migration Studies 44(16): 2730–2746.

61.

Star

(1999) The ethnography of infrastructure. American Behavioural Scientist 43(3): 377–391.

62.

Tazzioli

(2018) Spy, track and archive: The temporality of visibility in Eurosur and Jora. Security Dialogue 49(4): 272–288.

63.

Ureta

(2014) Normalizing Transantiago: On the challenges (and limits) of repairing infrastructures. Social Studies of Science 44(3): 368–392.

64.

Walters

(2006) Rethinking borders beyond the state. Comparative European Politics 4(2–3): 141–159.

65.

Walters

(2011) Rezoning the global: Technological zones, technological work and the (un-)making of biometric borders. In: Squire

(ed.) The Contested Politics of Mobility: Borderzones and Irregularity. London: Routledge, 51–73.

66.

Walters

(2012) Governmentality: Critical Encounters. London & New York: Routledge.