Civil rights group Liberty walks out on British cops' database consultation
Slams Home Office's lack of engagement with privacy fears
The UK Home Office's alleged indifference towards civil rights groups' concerns over the creation of a mammoth policing database has caused Liberty to ditch the government-run consultation group on the project.
The Home Office is planning to replace the creaky Police National Computer (PNC) and Police National Database (PND) with a Law Enforcement Data Service (LEDS) as part of its National Law Enforcement Data Programme.
Once this is complete, the PNC and PND will be switched off. Eventually other datasets, including biometrics, ANPR records and images held on passports will be introduced.
The first stage of the project – which The Register understands is due to be rolled out in spring 2019 – is hugely complex.
It will create a huge single resource for police that the government hopes will allow forces to make better use of data-driven technologies, and brings with it a wealth of privacy and security concerns.
In recognition of that, the government set up a group where civil liberties groups could raise their concerns – but is now under fire for seemingly creating nothing more than a talking shop.
Liberty is so disappointed with progress, it no longer wants to be associated with the work and yesterday announced it had written to the Home Office to withdraw.
Broadly, Liberty's problems can be split in two: concerns about the project itself – including data retention, sharing and access, and how it will be used with other nascent policing technologies – and on the way the Home Office has, or hasn't, addressed those concerns during the consultation process.
It's no surprise the government wants to replace the two existing systems. Departments are under pressure to cut costs, break down silos and replace legacy systems, and the PNC is an obvious target.
It was first used in 1974 and, by the Home Office's own admission, still runs on broadly the same technology. On top of that is a cross-government drive to make better use of data and the appeal of glossy PR opportunities as departments embrace new technology.
But Liberty's concern is that the public's right to privacy and security are at risk of being trampled in the Home Office's desire for progress. The organisation was one of a handful of civil rights bodies the department was consulting with – ostensibly so the government could listen to and address issues they raised as the project went along.
However, after months of little progress, the group has stepped away from the project in frustration – and to ensure their participation was not mischaracterised as tacit approval in the long run.
Advocacy and policy officer Hannah Couchman said the rights groups raised the same issues repeatedly, but they were never meaningfully addressed.
Top Euro court: UK's former snooping regime breached human rightsREAD MORE
If the Home Office didn't engage and act on their concerns, she told The Reg that the consultation amounted to little more than a "fig leaf" for the project, and called into question how seriously these concerns were taken.
Moreover, the group reported being prevented from discussing certain key issues, such as how the LEDS would interact with the wider police tech infrastructure.
The cops' eagerness to embrace new tech without legal or policy frameworks has already raised eyebrows with the biometrics commissioner, and a particular concern is automated facial recognition
In particular, LEDS will have facial searching capabilities, and Liberty wanted to discuss how it would work with controversial automated facial recognition technology – but was told the topic was off the table.
"LEDS cannot be considered in a vacuum," Couchman said. To do so ignores the fact that combining technologies has a cumulative effect on society's human rights; and that collating seemingly innocuous pieces of information can build up a detailed and intrusive profile of a person.
Similarly, Couchman is yet to be convinced by the Home Office's promises to wipe the new database of information that shouldn't be there. At the moment, the government retains photos of people held in police custody who haven't been convicted – despite this practice being ruled unlawful – on the basis that its computer systems don’t support automatic removal.
In its biometrics strategy, published this summer after more than a five-year delay, the department said LEDS would "enable more efficient review and where appropriate, automatic deletion of custody images".
But rather than using the database merger as an opportunity to strip its systems of information it has no right to hang on to, or to review retention policies, the Home Office is intending to bring it all across. Again, Couchman feels that any momentum to fix data retention has been trumped by the urge to create a potentially headline-winning super-database.
One of the problems is that the government hasn't provided the civil rights groups with sufficient information on how it will go about reviewing retention.
There is a similar lack of clarity on how other non-policing organisations can get access to the data held in LEDS. The government has said they can submit a "business case" to a panel of police representatives – but hasn't specified the conditions on which this will be assessed.
Another concern is the government's admission that the creation of LEDS will give users access to more data – in both volume and type – and that some would be able to access a "a greater-than-appropriate level of data for their individual role or organisation", according to its Privacy Impact Assessment (PIA).
Activists raise alarm over insidious creep of surveillance in the UKREAD MORE
Couchman said that this might include external data analysts involved in ensuring that LEDS is working, and that although the government had talked about setting up clearances, it had not given "the level of detail we'd expect" on plans to safeguard data. "Discussion in the PIA about how access should be granted is very poor," she noted.
And it's not as if the Home Office isn't aware of the issues: Couchman said that officials have acknowledged the privacy issues – indeed, many are mentioned in the PIA – but isn't putting sufficient measures in place to address them.
"It's frustrating to see them recognise the issues as legitimate, but not prioritise them," she said.
This is a common problem for most organisations eager to make the most of new technologies and technical capabilities that are being developed at speed. People's understanding of the risks they pose and the potential unintended consequences of their use struggles to keep up, as do the traditionally slow policy-making process.
But for Couchman, this isn't a justification for going ahead regardless – it means projects should be held off until the civil service is capable of providing a workable solution. Until that can happen for LEDS, she said, the whole system remains "dangerous" and rollout should be pushed back.
For its part, the Home Office said the PNC and PND are "vital tools" but need replacing as they "are nearing the end of their lives". It added that it was "continuing to engage constructively" with civil rights groups "to ensure the use of personal data is proportionate and respects the privacy of individuals". ®
Sponsored: Becoming a Pragmatic Security Leader