A national surveillance camera strategy for England and Wales has today been published in an attempt to curb public authorities from excessive meatspace snooping.
While the UK’s recent Investigatory Powers Act has established a regime for the various arms of the state to follow when snooping on citizens’ computer communications, there has been no parallel development towards a regime for public authorities engaging with video surveillance.
Back in 2012, the coalition government passed the Protection of Freedoms Act, which established the role of the surveillance camera commissioner — a role first filled by Tony Porter, whose commission has now been extended for another three years — and also established “relevant authorities” who would be required to abide by the Home Office’s surveillance camera code of practice [PDF].
Over the next three years, Porter said the key issue for him “is going to be on big data, integration of data and how video surveillance as a philosophy and as a thing will change.”
He added: “I think people will see video surveillance as part of an integrated thing linked to AFR [automated facial recognition], video analytics, linked to sensors, linked to fridges, and I am doing a lot of work now with manufacturers, with civil rights groups, trying to understand how I can best inform government of how regulation of that needs to look,” he added.
“I think AFR is a huge issue. It’s clearly part of my footprint because my code talks about algorithms which sit on the back of video surveillance,” said Porter.
“With modern technology now being more IP based… there’s a very real risk to the citizens’ privacy if it’s not guarded jealously, and if there isn’t proper and effective regulation. So I think regulators will be playing catch-up with all of these issues over the next two or three years.”
Late last month, a review into custody images revealed that the police currently hold 19 million photographs on British folk, 16.6 million of which are held within the Police National Database’s facial recognition gallery.
According to the UK’s previous Biometrics Commissioner, “hundreds of thousands” of these images belong to “individuals who have never been charged with, let alone convicted of, an offence.” And yet their faces are being stored in a system designed, in theory, to pick them out of crowds and potentially link them to wrongdoing.
The Register has reported at length on officers using AFR in the UK, including two public trials of real-time recognition systems, which snapped away at Download Festival in 2015 and the Notting Hill Carnival in 2016 – and both of which failed to detect any criminals.
Porter told The Register he thought “regulators will be playing catch-up with all of these issues over the next two or three years.”
Porter had previously complained about non-compliant NHS Trusts which have been rolling out body-worn video, and suggested they be made relevant authorities who had a statutory duty to follow the code. Unfortunately, the government turned down his request.
The protector organisation which twice voted down the opportunity to voluntarily adopt the code has “ironically now been disestablished” said Porter. “We’ve [now] had the first trust that’s certified and my ambition will be to see all trusts move towards certification, and the reason being as I’ve explained to ministers, is there are millions upon millions of people that engage with NHS services per year. And I want to make sure that despite data protection and the role of the Information Commissioner’s Office, that millions of people do not have their privacy breached.”
“Now I know that the health service is investing hundreds and hundreds of thousands of pounds in surveillance technology,” Porter told us. “Nobody knows if it’s any good, not least NHS management, so my challenge to them will be prove it’s good, and you prove it’s good by demonstrating compliance to my code and then being transparent about it.”
“I think the knock-on effect is NHS will be able to demonstrate significant cost-savings,” said Porter, rejecting the argument about the cost of compliance with the code. “There’s no consultancy requirement because it’s simple and straightforward. You need someone that understands security, and these guys have security specialists so they already have the infrastructure in place. What I said before is, I don’t expect a surgeon to leave the operation room to go and check the surveillance cameras – they’re busy – but I do expect their security operations to have it as one of their priorities.”
Recent research by Big Brother Watch revealed that more than half of the UK’s local authorities were using body-worn cameras for security purposes, with only a third of them having considered the privacy impact on the public when completing an impact assessment.
An ICO spokesperson said: “We worked closely with the Surveillance Camera Commissioner throughout the production of this strategy, offering advice around data protection and privacy issues within it. We will continue to work collaboratively with the Commissioner on the objectives set out in the strategy.”
“The ICO regulates the Data Protection Act and has a CCTV code of practice designed to help organisations using surveillance camera systems comply with their obligations under this law,” the spokesperson added.