UK police biometrics need governance improvement, legislation, Commissioner review finds
UK Biometrics Commissioner Paul Wiles has accepted an opportunity to remain in the role until the end of the year when a replacement is found. Wiles has been in the role for four years, and his term was scheduled to end mid-June.
The 2019 report of the Commissioner for the Retention and Use of Biometric Material (Biometrics Commissioner) was written before the COVID-19 crisis, presented to the Home Secretary on March 19 and published on July 2, the UK government announced.
As established by the Protection of Freedoms Act 2012 (PoFA), the Biometrics Commissioner is an independent role that supervises how DNA samples, DNA profiles and fingerprints are used and stored by law enforcement in England and Wales.
“The global experience of the pandemic has demonstrated several things. That biometrics and allied technologies will be central in our future lives. That these new technologies can improve the effectiveness and efficiency of many services. That new biometrics will be important to future policing and other mechanisms of social control,” writes Wiles.
“The technology changes can be used to enshrine liberty and protect our private life but alternatively can be used for mass surveillance and the subjugation of the individual to state power. Globally we have seen both these possibilities during the pandemic.”
Wiles believes a system of legal governance will be critical to set some ground rules for biometrics use and development in both public and private spaces, but also in policing to ensure consent is obtained and trust in the institution is not lost.
Report main highlights
According to the report, law enforcement agencies across the country are generally compliant with the Protection of Freedoms Act (PoFA) 2012, yet there is need for governance improvement and new legislation around the use of new biometrics. While Scotland has its own legislation in this sense, the Assembly in Northern Ireland passed legislation similar to PoFA which mentions introducing a Northern Ireland Biometrics Commissioner.
An important issue detected is that, due to financial pressure, there are a high number of voluntary attendees (VAs) – suspects questioned but not arrested – whose biometrics are not consistently collected.
Release without pre-charge bail is of concern as suspects released would not be monitored. Due to IT implementation challenges, not all investigations are updated when finalized, resulting in “unlawfully held biometrics.”
Wiles also points out a need to conduct trials and establish a methodology for new biometrics and data analytics. According to Baroness Williams of Trafford’s response, the Policing Minister will invest in a Police Chief Scientific Advisor and in science, technology and research. The National Police Chiefs Council is working with the government on establishing this role.
Wiles is supportive of the changes brought by the Counter-Terrorism and Border Security Act 2019 to the National Security Determination (NSD) regime related to biometrics retention and their use by police in counter-terrorism investigations. Only six cases required deletion in NSD applications in 2019.
He is further content with the Security Service’s system of holding codes for risk assessment in the NSD process. Baroness Williams of Trafford expects the process to be further improved when the Counter-Terrorism and Border Security Act 2019 is enforced.
The report expresses concern about the Ministry of Defense (MoD) staff access to law enforcement databases, implicitly to fingerprints collected from conflict zones during military operations. Although the Baroness agrees the searches are in the public’s interest, she emphasizes the importance of transparency into legal and governance issues.
The matter of biometric data obtained from foreign law enforcement units or other UK agencies awaiting to be deleted is another concern Wiles expresses, as there are 298,572 fingerprint records and 1,290 crime scene fingermarks “held unlawfully (albeit in an unsearchable format) due to administrative issues and new governance put in place to avoid the inadvertent deletion of legally held material.” The bulk deletion method is still to be decided.
The 2019 report found that most issues related to data losses have been solved and the necessary steps were implemented to reduce biometric data loss. Only four biometrics were lost during 2019 due to an administrative error by SO15/SOFS, compared to 144 during 2018 when the most common reasons biometric data loss included lack of review by Chief Officer within statutory time limit and case not progressing within statutory time limit. Williams claims the government is working on reacquiring lost records and introducing a case management system.
“Your review of NSDs and applications for retention of biometrics under Section 63G of PoFA has provided a safeguard that powers in this area are being used properly,” she concludes. “Your oversight of the wider system for police use of biometrics has also helped law enforcement agencies improve overall efficiency and reassured the public and Parliament that its use is proportionate.”