The British government says laws on biometric surveillance are adequate. An independent review disagrees.
After years of enthusiastic use by police forces and other organizations, the use of facial recognition is coming under more serious scrutiny in the UK.
Late last month, an independent legal review carried out for the Ada Lovelace Institute concluded that the UK's laws on biometrics are unfit for purpose and that the use of live facial recognition in public spaces should be banned until those laws are changed.
The review was commissioned by the Institute in 2020 after the Commons Science and Technology Select Committee called for an independent review of options for the use and retention of biometric data.
Increasing use of facial recognition
In recent years, police forces, including the Metropolitan Police and the South Wales Police, have been using live facial recognition to identify suspects, missing people, and persons of interest, with the South Wales Police averaging around 100 potential facial recognition matches every month.
However, there's been increasing use of such technologies by other private and public organizations, including employers, schools and shops, in some cases blurring the line between public and commercial use.
In one well-publicized case, for example, the King’s Cross development in London was found to have signed a data sharing agreement with the Metropolitan Police and British Transport Police to 'prevent and detect crime in the neighborhood.
Says Matthew Ryder QC, who led the legal, there's an urgent need for new, comprehensive legislation governing the use of biometric technologies, overseen and enforced by a national, independent, and properly resourced regulatory body or function. In the meantime, there should be an immediate moratorium on ‘one-to-many’ identification and categorisation in public services.
The government, however, claims everything's fine, with a Department for Digital, Culture, Media and Sport spokesperson telling the BBC: "Our laws already have very strict requirements on the use and retention of biometric data."
The fact is, though, that there is still no over-arching legal framework for live facial recognition and biometrics, with legislation and governance remaining patchy.
Right now, the technology falls under a number of British laws. When, for example, the Information Commissioner’s Office (ICO) banned facial recognition company Clearview AI last year and ordered it to delete all the data it held on UK citizens, it was GDPR that lay behind the decision.
But several other pieces of legislation also touch on the use of the technology, from the Human Rights Act and Data Protection Act to the Investigatory Powers Act, the Police and Criminal Evidence Act, and the Terrorism Act, many of which are decades old.
"My independent legal review clearly shows that the current legal regime is fragmented, confused and failing to keep pace with technological advances. We urgently need an ambitious new legislative framework specific to biometrics," says Ryder.
Instead, however, the government continues to add to the patchwork. Earlier this year, it released a revised version of its Surveillance Camera Code of Practice, saying it should be used “to a standard that maintains public trust and confidence.”
And in the last few days, it's launched a new review of the use of overt surveillance cameras, covering all facial recognition systems, camera systems on drones, helicopters, or aeroplanes, body-worn video, automated number plate recognition systems, and any other surveillance camera systems in public places.
This review, however, is simply a survey of which systems are being used and by whom, along with whether or not organizations are complying with the existing code of practice. And while reviews and consultations are all very well and may help the government to give the impression that it's on the case, they do nothing to fix the problem - merely kick the can further down the road.
It remains to be seen whether Ryder’s calls will be heeded – history certainly says not. However, by calling for a total ban on LFR until the mess is sorted out, he may at least help to concentrate a few minds.
More from Cybernews
Subscribe to our newsletter