Lack of governance on new police tech leaves 'worrying vacuum' – Brit biometrics commish
Anxieties linger for facial and voice recog
Brit cops' use of new technologies isn't always organised or systematic, and a lack of governance on biometrics from government leaves a "worrying vacuum", biometrics commissioner Paul Wiles has said.
In his annual report, Wiles said that although the police are generally compliant with laws on the use and retention of DNA and fingerprints for general crime, there are concerns about second-generation biometrics like facial recognition.
He also raised concerns about the development of new multi-user databases that will make it easier to share information with government departments, criticising the lack of rules regulating their access and use.
The report looked at the UK's biometrics databases, retention of data for policing and national security purposes and deletion of that data, as well as the future challenges of increased use of biometrics and policing.
The Protections of Freedom Act (PoFA) – the legislation that centres on police use of biometrics and provides for the role of the independent biometrics commissioner – covers fingerprints and DNA.
It does not, however, include digital facial images or other technologies, such as voice recognition, which effectively means there is a lack of clear oversight on the use of these second-generation biometrics.
What's taking so long? UK.gov pressed over continued delays to biometrics strategyREAD MORE
This issue has been discussed ad naseum by MPs, activists and both the biometrics and surveillance camera commissioners. Wiles highlighted it once again, saying that a legislative framework is "urgently needed".
He hoped the Home Office's biometrics strategy, which was originally promised about five years ago and is due this month, would directly address this.
As well as a lack of governance on new technologies posing problems for the police, Wiles said there were practical issues of introducing new tech, since it would most likely be unaffordable to routinely, operationally use and maintain a national database for each of the biometrics available.
As such, there needs to be a better understanding of the relative utility and cost effectiveness of each biometric. At the moment such a knowledge base is lacking for DNA and fingerprints used in police investigations.
More broadly, Wiles was critical of the way the police forces in England and Wales adopted new technology, saying it was "not always organised or systematic". This is possibly because chief constables have a high degree of autonomy, meaning they end up experimenting in different ways or with different products.
"The police service needs to agree a common framework for the development, testing, evaluation and mutual implementation of new technologies," he said.
"This is necessary if the service is going to keep ahead of new technology and be in a position to decide, on the basis of empirical evidence, how useful a particular technology will be for policing."
It would also show if national deployment was cost-effective and help with public trust – a challenge he noted was of great concern, especially around the use of facial recognition tech.
Wiles also rebuked the government for failing to update legislation in line with technologies, which was making it hard for police to conduct necessary trials, and could lead to higher costs if forces have to make their systems compliant after the fact.
"The fact is that neither governance nor legislation has kept up with the growth of these second-generation biometrics. Lack of governance is leaving a worrying vacuum which the police tell me is making their experiments with new biometrics more difficult and uncertain and so risks undermining public confidence in policing."
The report was also critical of a lack of plans for governance of the new Home Office Biometrics data platforms, which are due to become partially operational by 2020. These are being designed to hold the databases owned by various departments, but Wiles noted that at present there are no governance rules about their access and use.
"It is worrying that these data platforms may go into operational use without this issue being addressed," Wiles said. "The Home Office needs to acknowledge that their new, multi-user data platforms will need a clear governance structure and rules about who should have access to what and for what purposes."
The government should consider whether this will need pan-government regulation, rather than individual agency rules, he said, adding that the issue of whether this needs legislation or can be done with internal governance arrangements should be addressed in the Biometrics Strategy.
Zero arrests, 2 correct matches, no criminals: London cops' facial recog tech slammedREAD MORE
Elsewhere in the report, Wiles raised concerns about non-compliance with regulation on the use and retention of biometrics for national security purposes – this requires a National Security Determination (NSD) to hold biometrics on people for longer periods of time.
For instance, some 978,248 legacy records that should have been deleted when PoFA was introduced still haven't been wiped from the government's systems – although this is now being done. Meanwhile, the biometrics of 13 individuals that should have been retained have been deleted, either because it wasn't passed up the chain for the relevant sign-offs or due to administrative errors.
Wiles also said that he would be reviewing how material held under NSD is being put to use – although there was nothing to suggest it was being used for anything but permitted purposes, he said that he had limited time to look into this to date.
Indeed, throughout the report Wiles highlighted areas in which he had been unable to dedicate as much time as he would have liked – or assessments that had taken longer – due to a lack of staff.
In the foreword he noted that his office should have four members of staff to deal with casework, inspections and meetings but that this has never been the case – and for the last few months he has only had one staff member.
Some new staff will be joining soon, he said, and once they are trained, catching up with work on emerging problems will become a priority. ®
Sponsored: Becoming a Pragmatic Security Leader