Set and enforce clear lines for police biometrics, UK Commissioner tells policymakers

The UK’s planned legal framework for law enforcement use of biometrics and facial recognition should include clear lines and expanded oversight powers, says Biometrics and Surveillance Camera Commissioner (BSCC) William Webster in his response to the consultation held by Home Office.

The feedback comes against a backdrop of expanding deployments of live facial recognition by police and other law enforcement bodies across the UK.

Former BSCC Fraser Sampson welcomed the acknowledgement that live facial recognition is a “transformative technology” for police in the government’s new model for policing released in January.

Home Office undertook a public consultation as it seeks to develop a new legal framework for law enforcement to use facial recognition and similar technologies in December.

Webster’s 16-page response mainly consists of fourteen points for lawmakers and Home Office to consider as they set the policy. And it is crucial that they take due care, he says, calling the process a “once-in-a-generation opportunity to get a legal framework right and to design it in such a way that it enables the appropriate and responsible use of biometrics, facial recognition and other similar technologies in law enforcement and policing.”

The framework will have to include several core principles, Webster says, including clear definitions of “serious harm,” “intrusiveness” and “law enforcement purposes.” High risk uses of the technology should be authorized ahead of time by an independent regulator. Codes of practice and evaluation standards, monitoring and audits will help keep facial recognition use lawful.

Regulations introduced should apply to “other public and private organizations undertaking law enforcement activities,” which includes immigration enforcement.

The government should give the proposed new regulator appropriate powers and resources to exercise meaningful oversight through auditing, monitoring, inspection and reporting. It should be the single point of regulatory contact, and be informed by an independent advisory group from the beginning.

The regulator’s role should also involve “public reassurance,” which Webster says “is critical to ensuring confidence in policing and law enforcement and to the deployment of emerging biometric surveillance technologies.” It is a two-way street though, Webster notes, as the recognition that independent regulatory oversight implies that some uses of technologies like biometrics will go too far, and should be disallowed.

The 14 points Webster outlines in depth discuss the contextual assumptions behind the regulatory proposal, and offer a “light touch” blueprint for what the regulation should look like. They address the role of new legislation, the scope of the legislative framework in terms of technologies, affected organizations, the acquisition of biometric data and the technology’s deployment.

The proposal to merge the Forensic Science Regulator and the BSCC is addressed in a lengthy passage of the response, which suggests the existing powers of these bodies would have to be expanded to be fit-for-purpose.

Sampson described Home Office’s proposal in a Biometric Update column as “a new body that will oversee some uses of some biometrics for some law enforcement purposes,” warning that inconsistencies in the government’s approach raise further questions.

Webster also addresses reasonable expectations for codes of practice and standards,  monitoring and evaluation, compliance audits and inspections, reporting, public engagement and a “foresight function” to provide a safe space for innovation.

A response from the Information Commissioner’s Office called for specificity in the legislation underpinning the new rules to effectively mitigate risks introduced by facial recognition.

Article Topics

biometrics  |  Biometrics and Surveillance Camera Commissioner  |  facial recognition  |  law enforcement  |  live facial recognition  |  regulation