The Scottish Government recently introduced a Bill in the Scottish Parliament to establish the post of a Scottish Biometrics Commissioner. The policy objective of the Bill is to address a range of ethical and human rights considerations in the approach to the collection, use, retention and disposal of biometric data in the context of policing and criminal justice in Scotland. The Bill aims to ensure that this is done in a lawful, effective and ethical manner.
The Bill seeks to achieve this by establishing the post of a Scottish Biometrics Commissioner. Amongst other things, the primary role of the Commissioner will be to draw up and promote the use of a Code of Practice which will provide the framework for Police Scotland and the Scottish Police Authority to collect and use biometric data.
But what are biometrics, and have any concerns been raised about their use in preventing and tackling criminal activity whilst also respecting privacy and human rights?
According to the Policy Memorandum which accompanies the Bill, “biometric data is a relatively broad and evolving concept.” It encompasses what is often referred to as “first generation biometrics” such as fingerprints, DNA and custody photographs which have been commonly used for identifying individuals in policing for many years. It also includes new and emerging technologies – “second generation biometrics” – such as facial recognition software, remote iris recognition and other behavioural biometrics such as voice pattern analysis. Biometric data can be produced from many different sources whether personal, eg fingerprints and blood, or technological, eg CCTV footage or images from body-worn cameras.
In its 10-year strategy, Policing 2026 – Serving a Changing Scotland, Police Scotland states that as the nature of criminality changes, this will present challenges to get the best out of science and technology in order to support the effectiveness of policing and the delivery of justice in Scotland. The Strategy also envisages the use of facial recognition technology by officers in the future.
In very basic terms, live facial recognition technology works by using algorithms to compare live images taken in public spaces with a “watch list” of faces in existing police photos. These images are then mapped to identify any possible matches on a list which is then flagged to police officers. Several police forces in the UK have used live facial recognition in public spaces since 2015.
A number of concerns have already been raised about the collection, use and storage of images obtained by live facial recognition technology. Many of these concerns relate to privacy and ethical and human rights issues.
For example in May 2018 the UK Information Commissioner, Elizabeth Denham, raised concerns in a blog about facial recognition technology and law enforcement stating that how the technology is used in public spaces can be particularly intrusive. She stated that its use was a real “step-change” in the way that law-abiding citizens are monitored as they go about their daily lives and that there was a real risk that public safety benefits derived from its use may not be gained if public trust in its use was not addressed. She also said that a robust response to many unanswered questions about the technology would be crucial in gaining the trust of the public, such as:
How does its use comply with the law?
How effective and accurate is the technology?
How do forces guard against bias?
What protections are there for people that are of no interest to the police?
In May 2019 a legal challenge to the use of live facial recognition technology was brought before the courts in Wales by Ed Bridges, a member of the public. Ed Bridges believes that he was scanned without his consent by South Wales Police, once while out Christmas shopping and again at an anti-arms trade protest. Mr Bridges is arguing that the police began using facial recognition “without warning or consultation”. Lawyers acting for Mr Bridges have accused South Wales Police of violating his privacy (under Article 8 of the European Convention on Human Rights) and his data protection rights by processing an image of him taken in public.
Also in May 2019 San Francisco became the first US city to ban the use of facial recognition technology by local agencies such as law enforcement and transport authorities. In addition, anyone wanting to purchase such technology must now seek approval from city administrators. The concerns that motivated the ban in San Francisco were rooted not just in the potential inaccuracy of the technology but in a long national history of politicised and racially-biased state surveillance.
However, the use of biometric data also has several significant benefits in the field of policing and criminal justice.
For example, such data are a common resource in the criminal investigation process and often provide vital evidence for identifying or confirming a key individual, eg a suspect or victim in a police inquiry. Biometric data can be used to exclude or eliminate an individual from suspicion in a police inquiry. Non-criminal police inquiries use biometric data, such as those that involve tracing a missing person or identifying accident or fire victims, and such data are also used as a means of maintaining border security. The hereditary nature of DNA also means that it can be used not only for individual identification but also to identify family members, eg identifying a body through the DNA of a close relative.
Given this, it’s fair to say that the continuing evolution and use of biometric data in criminal justice will present real challenges for policing in Scotland
It will be crucial to strike the right balance between legal and ethical law enforcement and to protect the rights and privacy of individuals who are innocently going about their business.
Once in post, helping Police Scotland and the Scottish Police Authority to achieve that balance will be one of the tasks to be faced up to quickly by the new Commissioner.
Kirsty Millar, Enquiries Officer