The UK government has admitted it can only delete custody images from its massive database through a complex manual process, and that it would cost too much to weed out all the images of innocent people by hand.
The custody image database now holds around 21 million shots of faces and identifying features like scars or tattoos, some of which are of people who have not been charged with a crime.
Unlike the government’s DNA and fingerprint databases, where data on unconvicted people is automatically deleted, custody images are only deleted if a person requests it.
This mass data slurp has come under fire from privacy groups, MPs and peers, who believe it runs counter to a 2012 High Court ruling that said keeping images of presumed innocent people on file was unlawful.
The Home Office’s line has been that it is not “technically possible” to automate the process – and a letter to the House of Commons' Science and Technology Committee by minister Susan Williams, published today, reveals just how clunky the storage and deletion processes are.
Custody images are first stored on the policing system of the arresting force (of which there are 43 in England and Wales) and copied from these to the Police National Database (PND).
These records are structured around a person’s contacts with the police, rather than conviction status and so there may be multiple images across several systems relating to a particular individual. If a record is deleted from a local custody system it will also be deleted from the PND.
However deletion from the PND will not lead to an automatic deletion from the local police system as there is no link back from PND to local systems.
This means that images can only be deleted manually and custody images can also only be linked to outcomes – people’s conviction status – manually.
Overall, Williams said, this makes seeking and removing custody images a "much more complex exercise" than deleting DNA and fingerprint data, which are linked to information on conviction status on the Police National Computer and given a unique identifier that allows them to be filtered.
She argued that trying to clean up the central database to remove images relating to people without charges might not be worth the time and money, especially as the cops would have to cough up themselves.
UK peers: Is this what you call governance of facial recog tech? A 'few scattered papers'!READ MORE
"Any weeding exercise will have significant costs and be difficult to justify given the off-setting reductions forces would be required to find to fund it," she said.
In order to fix the situation long-term – and create an automated system – all 43 forces’ local systems and the PND would need to be updated, Williams said.
She added, however, that a new platform being developed under the National Law Enforcement Data Programme would "resolve this in the medium term".
This will offer a "considerably more flexible approach to automatic deletion", she said, although she didn't offer any more detail on what this would entail in practice. However, given the current situation is entirely manual, that wouldn't seem to set a particularly high bar, even for government tech standards.
Williams also failed to provide the committee with details on how many people had requested their information be removed from the database, and how many were successful, as they had requested during an intense hearing back in February.
Committee chairman Norman Lamb was unimpressed, responding: "The government is unable to inform us of the number of cases in which images have been deleted, and they tell us that the systems that would be used to do so are not up to the task."
He said that it appeared that the police were "making-do with current systems and practices" despite the fact images of people who have not been convicted of a crime were sucked into the database.
"This leaves an unsatisfactory approach to the retention of facial images compared to the approach used for DNA and fingerprint records," he said. "The government should urgently review its approach and put suitable processes and digital infrastructure in place."
Lamb added that it was also possible individuals didn't even know that their image was on police databases – meaning they wouldn't know to ask for them to be deleted.
The committee had also raised concerns about the police's use of facial recognition technology, and Williams used the letter to try to allay fears about a lack of coordinated oversight and the retention of images collected.
She said that any images collected during deployment of the tech that aren't matched, as well as the "watch list" – individuals the police are on the lookout for, which are generated on an event by event basis – are both deleted at the end of the deployment.
Williams also noted that the government plans to create a board comprised of the information, biometrics and surveillance camera commissioners.
Although she didn't say when this was due, the long-awaited biometrics strategy is slated to arrive in June. ®