Concerns raised over privacy and security of UK Home Office's £842m biometrics programme

Plans to aggregate it with other databases should be discussed, says ethics group

Updated An independent ethical advice group has raised concerns about the UK Home Office's £842m Biometrics programme, which will store millions of people's highly sensitive biometric data, due to go live next year.

In 2017 the Home Office tasked the National DNA Database Ethics Group to expand its remit to cover the use of forensic identification techniques, including facial recognition technology and fingerprinting in government.

On Monday the Biometrics and Forensics Ethics Group (BFEG) released its first annual report dated 2017. The Register has asked the body why it appears to be two years late.

In it, the body expressed concerns over the Home Office Biometrics (HOB) programme, designed to deliver "a unified biometric service for the government that is effective, adaptable, efficient, proportionate and lawful". The programme consists of three main modalities: DNA; fingerprint identification; and facial recognition.

During the year the working group said it identified a number of potential issues resulting from the programme.

These included:

  • the complexity and risk associated with the transfer of data from one system to another
  • the protection of the public when data was transferred
  • whether the combination of datasets would result in individuals gaining greater access to data than was originally intended
  • the sensitivity of both data and metadata
  • ensuring that checks were not skipped, despite tight deadlines.

In its recommendations it said it would be "necessary to explore the aggregated implication" of interactions between the Home Office National Law Enforcement Data Programme (NLEDP), the Home Office Biometrics (HOB) programme, and projects to upgrade the Emergency Services Network and Automatic Number Plate Recognition system as "these may interact with each other in the future".

In October the Home Office awarded US company Leidos a £300m, 10-year deal to connect the Home Office's legacy IDENT1 for UK police forces and law enforcement with the Immigration and Asylum Biometrics System (IABS).

The report also recommended that the "public should be informed of the boundaries of [Metropolitan Police Service's] facial recognition trials project and its future uses. The MPS should be explicit, open and proactive in stating that it was not be used to gather intelligence covertly or to generate a soft watch list using social media."

It also said a public consultation should be conducted, prior to the next scheduled custody images review [in 2020], to ascertain the views of the public in relation to the retention and use of custody images.

Earlier this year researchers found MPS's use of facial recognition to be highly inaccurate and of dubious legality.

There are now around 21 million shots of faces and identifying features like scars or tattoos in the custody image database. This includes images of people who haven't been charged with a crime because – unlike the UK's DNA or fingerprint databases – these images are only removed if someone requests it.

"Future IT systems should allow for the centralised storage and automatic deletion of custody images. The retention regime governing these IT systems should be agreed prior to the development of new technology."

The Register has asked the Home Office for comment. ®

Updated to add

Mark Watson-Gandy, newly appointed chair of the BFEG, told The Register: "The report covers a period of transition for the group during which it expanded from the National DNA Database Ethics Group to the Biometrics and Forensic Ethics Group.

"The change was associated with an increased remit from the consideration of ethical issues in the use of DNA to the ethical impact of the capture, retention and use of all biometric identifiers including, but not limited to; DNA; facial recognition; fingerprints; and footwear.

"Transition of the group and turnover of staff has delayed the publication of this report. The second annual report from the Biometrics and Forensic Ethics Group will be published once parliament returns and will provide an update on the recommendations given in the 2017 report."

A Home Office spokeswoman said: "The Home Office Biometric Programme takes the matter of the security of biometric data very seriously and is committed to ensuring that Home Office staff or police only have access to the biometric data they are authorised to see.

"The HOB Ethics Working Group meets members of the Programme regularly to discuss its progress and review documentation, produced in line with Data Protection legislation."

Sponsored: Beyond the Data Frontier

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2019