The UK Home Office has been warned that its delays in addressing police use of facial recognition technology on innocent people's custody photographs risks inviting a legal challenge.
In his 122-page report (PDF) Blighty's Biometrics Commissioner stated he saw “no reason to believe that the situation [regarding the lack of regulation over police use of facial recognition technology] will quickly change”, and that he was “concerned at the absence of any substantial progress in relation to these matters.”
He warned the Home Office that “the considerable benefits that could be derived from the searching of custody images on the Police National Database (PND) may be counterbalanced by a lack of public confidence in the way in which the process is operated, by challenges to its lawfulness and by fears of ‘function creep’.”
The independent commissioner overseeing the police's retention of biometric data first raised the issue of facial recognition on innocent people's photographs in his annual report last year.
At the time, The Register noted that the commissioner's report revealed a whopping 12 million custody photographs had been uploaded to the Police National Database (PND), and were being scanned by automated facial recognition technology.
Although the Protections of Freedoms Act 2012 (PoFA) states the commissioner's role only extends to DNA and fingerprint profiles, its incumbent, Alastair MacGregor QC, has kept an eye on the field of facial biometrics, accepting the view of a Parliamentary committee that the currently unregulated area of police use of facial recognition technology required urgent action.
At the time of his last report MacGregor stated that “hundreds of thousands” of facial images held in the PND belonged to “individuals who have never been charged with, let alone convicted of, an offence.” This provoked legal concerns from the commissioner, who noted a High Court ruling in 2012, R (RMC and FJ) v MPS, in which Lord Justice Richards offered his view that:
[T]he just and appropriate order is to declare that the [Metropolitan Police's] existing policy concerning the retention of custody photographs … is unlawful. It should be clear in the circumstances that a 'reasonable further period' for revising the policy is to be measured in months, not years.
Despite this, the government's promised strategy on dealing with biometrics – which was first due in 2013 – remains unpublished. According to Lord Bates, an additional "Review of the use and Retention of Custody Images has concluded and will be published in due course."
Last year the Science and Technology Committee stated its alarm over the lack of regulatory oversight of police facial recognition technology, as used on the enormous national database of custody photographs police forces have amassed.
98. Over two and half years later, no revised policy has been published. However, when giving evidence, the Minister announced a new “policy review of the statutory basis for the retention of facial images” on the grounds that “the chief constable, the police and the Home Office” all accepted that “the current governance of the data being held is not sufficiently covered” by existing policy and legislation.
99. We are concerned that it has taken over two and half years for the Government to respond to the High Court ruling that the existing policy concerning the retention of custody photographs was “unlawful”. Furthermore, we were dismayed to learn that, in the known absence of an appropriate governance framework, the police have persisted in uploading custody photographs to the Police National Database, to which, subsequently, facial recognition software has been applied.
Legal experts The Register has spoken to have stated that they believe that the current retention regime is indeed unlawful, and we understand solicitors are seeking clients to claim against the Metropolitan Police on those grounds.
In his 2015 report, MacGregor also wrote that the facial recognition mechanism, which is separately known to have been provided by CGI/Cognitech, was of “questionable efficiency”.
He added that “although a searchable police database of facial images arguably represents a much greater threat to individual privacy than searchable databases of DNA profiles or fingerprints, this new database is subject to none of the governance controls or other protections which apply as regards the DNA and fingerprint databases by virtue of PoFA. ”
A Home Office spokesman told The Register: "Our Biometrics Strategy represents an important opportunity for the Home Office to set out how we will use biometrics to deliver our objectives over the next five years." ®
Debaleena Dasgupta, a legal officer for Liberty, has been in touch since the publication of this story to say: “The court was clear in 2012 that guidance on destruction of custody photographs was unsatisfactory to the point of breaching human rights.”
Liberty also shared with us a request made to the Metropolitan Police Service (MPS) under the Freedom of Information Act in December 2015 regarding the existing guidance they followed in relation to the retention of custody photographs.
The MPS responded:
The MPS is currently in talks with the Home Office, ACPO Criminal Records Office (ACRO) and The College of Policing to quantify the policy around the retention of custody images within the MPS, to ensure we meet the findings of the case.
By way of further context to our response, following the legal case you have quoted above, it was decided in 2012 to include facial images (custody images) in the deletion process following an application under what was then the Exceptional Case Procedure. This has been implemented as MPS policy.
Since the introduction of this procedure approximately 560 persons have had their custody image deleted.
The current I.T. system which holds MPS custody images was not designed or built to accommodate a complex retention policy, it will be replaced early in the new year by a new system and it is our intention to implement a new deletion policy using the new system.
Debaleena added: “Liberty has been keeping an eye on the situation and recently submitted a Freedom of Information request to find out what police had done to address the problem – it seems they did nothing. Almost four years later, innocent men and women are still suffering under an unlawful system. The police’s failure to act on this flagrant disregard of privacy is completely unacceptable.”