For enterprises ranging from airport operators to those in the security sector, increasingly sophisticated biometrics technology is ripe with promise.
In the public sector, however, the deployment of facial recognition technology and other new biometrics technologies remains contested, amid pronounced privacy concerns, legal challenges, and the “deep concern” of the Information Commissioner.
With Biometrics Commissioner Professor Paul Wiles – appointed in 2016 – this week releasing his office’s fifth annual review, Computer Business Review pulled 5 key takeaways from the Commissioner’s hard-hitting 141-page report.
1: Parliament Urgently Needs to Get Involved
Legislation has not kept up with technological progress.
There is no specific statutory framework to govern police use of new biometrics.
For use of DNA and fingerprints, “proportionality” of use was decided by Parliament. This has yet to happen for new capabilities like facial recognition.
As a result, the police are making their own decisions. This could damage public confidence and result in loss of privacy.
He writes: “The strategic question is whether the public will retain their confidence in the police use of biometrics if the important issue of proportionality has not been decided independently, by our elected representatives, rather than the police themselves.”
Parliament must get involved, the Biometrics Commissioner concludes: “It is difficult to see anybody other than Parliament being the appropriate arbitrator of proportionality in respect of how the loss of privacy by citizens should be balanced against the exercise of a policing power.”
2: Infrastructure Being Created without Oversight. “Clear Risk of Abuse”. MoD Already Caught Dipping Fingers in Database.
A new technical infrastructure for holding government national biometric databases is being created, “again without clear governance rules or an overall government strategy nor a clear, specific legislative framework” the Commissioner warns.
Legacy police IT systems are replaced by a centralised Home Office Biometrics Programme (HOB) that will enable much wider use of facial recognition, as IT silos are removed.
See also: Home Office: We May Give Police Automatic Facial Recognition on their Phones
This could include driving licences, granting police access to the images of some 90 percent of the United Kingdom’s population.
“There is currently a need for both clarity and governance of the developing Home Office Biometric (HOB) programmes and the searching into police databases by other public bodies,” the Commissioner notes, pointing out that the MoD has been caught searching the police national fingerprint databases “without a clearly evidenced lawful basis for doing so.”
He adds: “There is nothing inherently wrong with hosting a number of databases on a common data platform with logical separation to control and audit access but unless the governance rules underlying these separations are developed soon then there are clear risks of abuse.”
3: Home Office’s Machine Learning “NDAS” Programme Impressive: Predictive Analytics Issues a Concern
The Biometrics Commissioner was impressed by a new National Data Analytics Solutions (NDAS) proof of concept project being funded by the Home Office.
The project involves a number of police forces, with the purpose of exploring how far new data analytics (and especially machine learning) can make existing police data more useful in addressing current problems.
“I have been impressed with how carefully the present NDAS programme has thought through how such analytics should be used, especially the danger of bias and what limitations there should be on the use of any predictions which relate to the risk presented by an individual” he said.
“However, separately to the NDAS programme, a number of vendors are offering predictive algorithms which they claim can make these type of predictions and [civil liberties NGO] Liberty has raised concerns about the use of such predictive software and the danger of it re-enforcing existing bias.”
4: Potential Sexual Offenders Not Being Arrested, “VA” Used Instead: Police Missing Biometric Opportunity
The consequences of legislation must be better thought through.
In 2012, Code G of the Police and Criminal Evidence Act 1984 (PACE) changed for the first time since 2005.
This imposed tougher requirements on police to make sure arrest was justified.
Police forces are using high levels of “voluntary attendance” (requiring suspects to present themselves anywhere the police have appropriate recording equipment: this may simply be the suspect’s home). As police stations close and forces shrink, voluntary attendance is being used more and more, even when arrest could be warranted.
The result: lost opportunities to capture biometric samples even when there is good cause.
As the Commissioner notes: “Voluntary attendance is currently being used for a wide variety of offences, including sexual offences (including rape) and violent offences, some of which may be inappropriate both in terms of failure to capture biometrics and managing the risks to the suspect, victim and wider community.”
“I am particularly concerned that there appears to be a widespread view that suspects facing allegations of historic sexual offences should be VAs. Without using arrest a speculative search of the subject’s biometrics can not be made and one route for determining if there is any possible further risk is missed.”
5: Legislation’s a Long Way Off, the Home Office Approach is “Chaotic”, Legal Challenges Will Mount; Can We Blame Brexit?
Even though police forces are currently using biometric technology in public trials the implementation of a statutory framework may be some time off and Brexit may be to blame.
As Professor Wiles notes: “Home Office Ministers currently show no sign of proposing a new legislative framework with specific rules to govern the police use of new biometrics in England and Wales. I do not know whether this is because they disagree with the need for such legislation or whether this is just another casualty of the need to focus on Brexit matters.”
Meanwhile civil liberty groups Liberty and Big Brother Watch, concerned that mass scanning breaches privacy laws and is “not necessary in a democratic society” and arguing that it breaches European Convention on Human Rights (ECHR)’s right to privacy, are taking the issue to the courts.
See also: Met Police Hit by ICO for “Systematic” GDPR Failures
The Biometrics Commissioner report notes: “Actual deployment of new biometric technologies may lead to more legal challenges unless Parliament provides a clear, specific legal framework for the police use of new biometrics as they did in the case of DNA and fingerprints.”
Ultimately, he notes, the technologies afford great potential (“we all have a collective interest in living in a legally ordered society and being protected from those who might seek to harm us. The police are right to want to explore new technologies that they believe can deliver such public benefits”) but that oversight and a clear regulatory framework are crucial as the technology becomes increasingly powerful.