UK police lack framework for adopting new tech like AI and face recognition, Lords told

Governance structure is 'a bush, not a tree' – whatever that means

UK police forces have no overarching rules for introducing controversial technologies like AI and facial recognition, the House of Lords has heard.

Baroness Shackleton of the Lords' Justice and Home Affairs Committee said the group had found 30 organisations with some role in determining how the police use new technologies, without any single body to guide and enforce the adoption of new technologies.

Under questioning from the Lords, Kit Malthouse, minister for crime and policing, said: "It is complicated at the moment albeit I think most [police] forces are quite clear about their own situation."

Malthouse admitted the governance structure for introducing new technologies in UK policing was "a bush, not a tree."

Seemingly pleased with the metaphor, he said: "Some people may say within that bush there is protection or within a tree, things become more assertive. Others may agree that the clarity of the tree is preferable."

Malthouse also pointed out there is a National Policing Digital Strategy, which claims to be a "new digital ambition for the UK police service to leverage digital technologies to build capability."

The minister said it would help police "make sure that they have the right infrastructure, the right governance to sort all this stuff out."

The government was also trying to rationalise governance of some technologies by bringing biometrics and surveillance cameras together, he said.

In terms of use of data, the Information Commissioner's Office also had powers over the policy. "The ICO grows as a body and you can see, over time, things migrating in that direction," said Malthouse.

Last year outgoing Information Commissioner Elizabeth Denham took the unusual step of warning about the future independence of the ICO in light of the government's proposals for changing data legislation.

Ultimately chief constables were responsible for use of technologies and data by their own forces.

"The chief constable has to be accountable before the law, and that normally focuses minds," Malthouse told the committee.

Bias in AI tools is already a concern to police, according to the Royal United Services Institute, a defence and security thinktank.

In a report last year, it said officers were concerned such software may "amplify" prejudices, meaning some groups could become more likely to be stopped in the street and searched.

AI has already found its way into policing in the UK. According to a blog from the Parliamentary Office of Science and Technology, Durham Constabulary's Harm Assessment Risk Tool uses machine learning to predict how likely an offender is to reoffend in the next two years. Meanwhile, police have also trialled facial-recognition technology to identify people automatically from live video footage (such as CCTV).

The Lords' committee was also concerned that police forces did not always have the capacity to evaluate new technologies.

"Some of our witnesses have worried that across that spread of forces, not all will have the capacity to assess and evaluate this new technology being sold to them by some pretty persuasive entrepreneurs in many cases," Lord Peter Ricketts said.

"I wonder what you think about the issue of some sort of central body that could undertake assessing and type marking of technologies so that individual police forces could then go ahead and procure it with more confidence."

Malthouse said that while there was some central evaluation of more mature technologies, central government needed to "be slightly careful not to stifle innovation, or indeed people willing to try things." ®

Other stories you might like

  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Slack-for-engineers Mattermost on open source and data sovereignty
    Control and access are becoming a hot button for orgs

    Interview "It's our data, it's our intellectual property. Being able to migrate it out those systems is near impossible... It was a real frustration for us."

    These were the words of communication and collaboration platform Mattermost's founder and CTO, Corey Hulen, speaking to The Register about open source, sovereignty and audio bridges.

    "Some of the history of Mattermost is exactly that problem," says Hulen of the issue of closed source software. "We were using proprietary tools – we were not a collaboration platform before, we were a games company before – [and] we were extremely frustrated because we couldn't get our intellectual property out of those systems..."

    Continue reading
  • UK government having hard time complying with its own IR35 tax rules
    This shouldn't come as much of a surprise if you've been reading the headlines at all

    Government departments are guilty of high levels of non-compliance with the UK's off-payroll tax regime, according to a report by MPs.

    Difficulties meeting the IR35 rules, which apply to many IT contractors, in central government reflect poor implementation by Her Majesty's Revenue & Customs (HMRC) and other government bodies, the Public Accounts Committee (PAC) said.

    "Central government is spending hundreds of millions of pounds to cover tax owed for individuals wrongly assessed as self-employed. Government departments and agencies owed, or expected to owe, HMRC £263 million in 2020–21 due to incorrect administration of the rules," the report said.

    Continue reading
  • Internet went offline in Pakistan as protestors marched for ousted prime minister
    Two hour outage 'consistent with an intentional disruption to service' said NetBlocks

    Internet interruption-watcher NetBlocks has reported internet outages across Pakistan on Wednesday, perhaps timed to coincide with large public protests over the ousting of Prime Minister Imran Khan.

    The watchdog organisation asserted that outages started after 5:00PM and lasted for about two hours. NetBlocks referred to them as “consistent with an intentional disruption to service.”

    Continue reading
  • Suspected phishing email crime boss cuffed in Nigeria
    Interpol, cops swoop with intel from cybersecurity bods

    Interpol and cops in Africa have arrested a Nigerian man suspected of running a multi-continent cybercrime ring that specialized in phishing emails targeting businesses.

    His alleged operation was responsible for so-called business email compromise (BEC), a mix of fraud and social engineering in which staff at targeted companies are hoodwinked into, for example, wiring funds to scammers or sending out sensitive information. This can be done by sending messages that impersonate executives or suppliers, with instructions on where to send payments or data, sometimes by breaking into an employee's work email account to do so.

    The 37-year-old's detention is part of a year-long, counter-BEC initiative code-named Operation Delilah that involved international law enforcement, and started with intelligence from cybersecurity companies Group-IB, Palo Alto Networks Unit 42, and Trend Micro.

    Continue reading

Biting the hand that feeds IT © 1998–2022