_KUBE_ - stock.adobe.com
The policing minister’s “egregious proposal” to link the UK’s passport database with facial recognition systems is “unethical and potentially unlawful”, according to the Scottish biometrics commissioner.
At the start of October 2023, policing minister Chris Philp, speaking at a fringe event of the Conservative Party Conference, outlined his plans to integrate data from the police national database (PND), the Passport Office and other national databases with facial recognition technology to help catch shoplifters and other criminals.
He said the proposed changes would enable police to find a match with the “click of one button”, adding that until a new data platform linking these currently disparate databases was up and running, police forces should search each database separately for the relevant information.
According to the 2021 census, just over 86% of the British public hold at least one passport.
Responding to Philp’s statements, Scottish biometrics commissioner Brian Plastow said he viewed “this egregious proposal as unethical and potentially unlawful”, and further condemned it “as a gross violation of British privacy principles”.
“The suggestion that images given voluntarily to UK government agencies for a specific purpose by law-abiding citizens to obtain a UK passport or UK driving licence should then be capable of being routinely accessed by the police and ‘bulk washed’ against images from low-level crime scenes is neither proportionate nor strictly necessary and would significantly damage public trust,” he said.
“In Scotland, it would also conflict with the Scottish biometrics commissioner’s statutory Code of Practice as approved by the Scottish Parliament,” Plastow added.
The code, which took effect in Scotland on 16 November 2022 following approval by the Scottish government, contains 12 principles – including accountability, privacy, necessity and proportionality – to ensure Scottish police use biometric data in a lawful and ethical manner.
Plastow also highlighted that the views expressed by the policing minister failed to take into account the consequences of devolution between Westminster and Holyrood, and the reality that policing in Scotland was “(mostly) devolved” as a result.
“In any debates about the future of ‘UK’ policing databases, it is important that Westminster ministers do not make unilateral policy declarations without consulting the devolved nations of the UK who both contribute data to, and co-fund, those UK policing databases, and who operate under entirely distinct legal frameworks for policing and criminal justice,” he said.
Computer Weekly contacted the Home Office for comment on Plastow’s response, and for confirmation on whether plans to link the passport database to police facial recognition systems were still on the table.
“The government is committed to making sure the police have the tools and technology they need to solve and prevent crimes, bring offenders to justice, and keep people safe,” said a Home Office spokesperson.
“Technology such as facial recognition can help the police quickly and accurately identify those wanted for serious crimes, as well as missing or vulnerable people. It also frees up police time and resources, meaning more officers can be out on the beat, engaging with communities and carrying out complex investigations.
“We are working with policing to enable seamless searching of relevant images where it is necessary and proportionate for them to do so to investigate crime and protect the public.”
Philp’s proposal was slammed at the time by a range of actors – including the biometric and surveillance camera commissioner for England and Wales, Fraser Sampson, as well as various non-governmental organisations and academics – who said the “authoritarian” measure threatened people’s basic liberties and freedoms. They also questioned the proportionality and necessity of the measure.
There are also pre-existing issues with the legality of how certain biometric information is being already stored by UK police. In 2012, a High Court ruling specifically found the retention of custody images in the PND to be unlawful on the basis that information about unconvicted people was being treated in the same way as information about people who were ultimately convicted, and that the six-year retention period was disproportionate.
Speaking to Parliament’s Joint Committee on Human Rights (JCHR) in February 2023, Sampson, as the current biometrics commissioner for England and Wales, said: “I’m here today saying there are probably several million of those records still,” adding that the response from policing bodies and the Home Office (which owns most of the biometric database used by UK police) was to point out the information is held on a database with no bulk deletion capability.
Both Parliament and civil society have also repeatedly called for new legal frameworks to govern law enforcement’s use of biometrics – including a House of Lords inquiry into police use of advanced algorithmic technologies; the UK’s Equalities and Human Rights Commission; an independent inquiry by Matthew Ryder KC; the outgoing biometrics commissioner Fraser Sampson; the former biometrics commissioner Paul Wiles; and the House of Commons Science and Technology Committee, which called for a moratorium on live facial recognition as far back as July 2019.
However, the government maintains that there is “already a comprehensive framework” in place.
Read more about police technology
- Scottish biometrics watchdog outlines police cloud concerns: Police Scotland’s response to the biometrics commissioner’s formal information notice ‘did not ameliorate’ his concerns about the sovereignty and security of the sensitive biometric information being uploaded to cloud infrastructure that is subject to intrusive US surveillance laws.
- Overhaul of UK police tech needed to prevent abuse: Lords inquiry finds UK police are deploying artificial intelligence and algorithmic technologies without a thorough examination of their efficacy or outcomes, and are essentially ‘making it up as they go along’.
- Met police data platform deployed with data protection issues: Met Police deploys integrated record management system despite data protection ‘compliance issues’ that would inhibit its ability to retrieve data, meet its statutory logging requirements, and respond to subject access requests.