The UK Home Office has put out to tender a £4.6m ($5.9m) contract for facial recognition software – despite the fact its biometrics strategy and retention systems remain embroiled in controversy.
According to the tender announcement, a company is sought to provide "a combination of biometric algorithm software and associated components that provide the specialized capability to match a biometric facial image to a known identity held as an encoded facial image."
It runs for an initial term of 60 months and its main job will be to integrate the Home Office's Biometric Matcher Platform Service (BMPS) into a centralized biometric Matching Engine Software (MES).
Of the 48 regional and special police forces in the UK, seven use the Athena system for storage of custody images, and the remaining forces use a variety of different approaches and legacy IT systems, which makes introducing universal and consistent policies very difficult. The contract's main goal will be to start creating a standard approach.
The decision to fork out for such a solution comes amid significant controversy over the Home Office's retention of millions of individuals' faces. That approach was declared illegal by the High Court back in 2012 and Lord Justice Richards told the police to revise its policies, giving them a period of "months not years" to do so.
Despite that admonition, it took the Home Office until February this year – five years later – to produce a new set of policies. And that new policy requires an individual that believes they may be in the database of 19 million mugshots to specifically ask to be removed from it. That request can be turned down if it meets the highly ambiguous and vague standard that retention would serve "a policing purpose." The police themselves get to decide if that is the case.
The new policy has met significant criticism. Both the former and current Biometrics Commissioners have published reports on the Home Office's approach to facial recognition and biometrics more generally and have pointed to significant problems and flaws.
In March 2016, in his annual report, Alastair MacGregor QC, warned that "hundreds of thousands" of facial images held by the police belong to "individuals who have never been charged with, let alone convicted of, an offence."
He also noted that "the considerable benefits that could be derived from the searching of custody images on the Police National Database (PND) may be counterbalanced by a lack of public confidence in the way in which the process is operated, by challenges to its lawfulness and by fears of 'function creep'."
MacGregor also wrote a follow-up report [PDF] in April 2016, shortly before being replaced as Biometrics Commissioner, in which he continued warning about the "wholly unsatisfactory situation" where "very significant quantities" of biometric information on individuals that should have been deleted had been retained.
"It seems clear that insufficient priority was given to the need to comply with that regime and to ensure that expired material was quickly deleted," he concluded. "It also seems clear that IT and resource difficulties, a lack of adequate management information and oversight, the absence of any proper system to check the lawfulness of retention and/or to generate appropriate deletions, and a breakdown in communications/understanding between JFIT and SOFS all played important parts in this 'deletion deficit'."
In other words, the complete lack of rules, operational procedures and consistent systems meant that hundreds of thousands of people's photos were being illegally held on police computers.
Five years later...
And that comment points to another, broader failure on the part of the Home Office: the lack of an official biometrics strategy, despite having promised to produce one back in 2013.
In 2015, Parliament's science and technology select committee complained that the UK government's joint forensics and biometrics strategy had missed deadlines three times in 2013, 2014 and 2015. As a result, the panel warned, "there remains a worrying lack of clarity regarding if, and how, the government intends to employ biometrics for the purposes of verification and identification and whether it has considered any associated ethical and legal implications."
The committee called on the government to publish a comprehensive strategy "no later than December 2015" – a deadline that the Home Office agreed to. And then failed to meet yet again. More than 20 months later, there is still no official biometrics strategy.
Despite the lack of strategy, the police have continued to roll out face-spotting systems using their biometrics database, using it at last year's Notting Hill Festival – and failing to spot a single person.
The Home Office meanwhile has continued to spend millions on bodycams for the police, whose images are uploaded to servers, despite there not being any official legal or operational rules in place – a situation that the Scottish police flagged as a significant problem earlier this year.
Sponsored: Ransomware has gone nuclear