Facial Recognition and the Biometrics Strategy Debate

Full Debate: Read Full Debate
Department: Home Office

Facial Recognition and the Biometrics Strategy

Darren Jones Excerpts
Wednesday 1st May 2019

(5 years, 6 months ago)

Westminster Hall
Read Full debate Read Hansard Text Read Debate Ministerial Extracts

Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.

Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Darren Jones Portrait Darren Jones (Bristol North West) (Lab)
- Hansard - -

I beg to move,

That this House has considered facial recognition and the biometrics strategy.

It is a pleasure to serve under your chairmanship, Sir Roger. First, I must declare my interests, which are not directly in the subject but in the privacy and data protection space in which I practise as a lawyer, as set out in the Register of Members’ Financial Interests. I chair various technology all-party parliamentary groups and Labour Digital. I am also a member of the Science and Technology Committee, which has an ongoing inquiry into the subject. We have taken evidence from Professor Paul Wiles, the Biometrics Commissioner, and Baroness Williams of Trafford, the Minister in the other place. Some hon. Members have sent their apologies, which I entirely understand, because we are competing with the climate change debate in the main Chamber.

Why did the subject first come to my attention? As a consumer, I have become increasingly used to using facial recognition technology, whether I have proactively agreed to it or not. I often forget my passwords these days, because I use my face to pay for things and open my iPad and phone, although as I was saying to my hon. Friend the Member for Sheffield, Heeley (Louise Haigh), that can prove tricky when I am trying to pay for things at a distance. For many of us, facial recognition technology provides consumer services on Facebook and Google by auto-tagging friends and family members and allowing us to search our images. There is an entire debate to be had about consent, transparency and privacy in the use of such technologies in the private sector, but my focus today is on the role of the state, the police and the security services in the use of facial recognition technology.

Facial recognition technology is beginning to be used more widely. It is well known to those who take an interest in it that the South Wales police has used it at sporting events; that the Metropolitan police has trialled auto-facial recognition technology on many occasions, including at events such as the Notting Hill carnival and Remembrance Sunday, and at transport hubs such as Stratford; and that Leicestershire police has used it at the Download music festival. I am concerned that it is also being used at public protests, although perhaps I understand why; I will come on to that later in relation to our freedom of association.

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - - - Excerpts

I congratulate my hon. Friend on securing this debate on a key subject. He has spoken light-heartedly about the competition with the climate change debate. Does he agree that in some ways, as with climate change, although only a small number of issues are currently associated with this topic, the range of impacts that facial recognition technology will have on our society and economy, on the way we work and do business, and on our trust relationships will be huge and will grow over time?

--- Later in debate ---
Darren Jones Portrait Darren Jones
- Hansard - -

I agree wholeheartedly with my hon. Friend. She and I often end up in these types of debates in this place. One thing that they have in common is that the technology is changing and the services are becoming more mature at such a pace that the regulation and concerns are often slower. As legislators, we need to understand the technology as well as we can and make sure that the appropriate protections are in place.

In other spaces, we talk about the fact that I have a date of birth, I am male, I have two daughters and I am a vegan, which means that companies profile me and suggest that I might like to buy Quorn sausages that children like. There is a public debate about that, of course, but facial recognition technology is a particularly sensitive area of personal data. Such technology can be used without individuals really knowing it is happening, as I will come on to shortly, which is a big issue. It is not just police forces that are interested in the technology; some councils are using it to enforce certain rules, as is the private sector, as I say.

Facial recognition technology uses two methods: live auto-facial recognition, which is referred to as AFR Locate, and non-live auto-facial recognition, which is referred to as AFR Identify. What does Locate do? When such technologies are being trialled—although some police forces have been trialling such technologies for many years, so the definition of trial is important—cameras will build a biometric map of the face and facial features of members of the public who are walking down the high street, through a shopping centre or at a sporting or music event. That builds a numerical code that identifies them as individuals, which is matched against a database of images to identify them using the technology. That spurs an action by the police force or others, should they feel that that individual is high risk or has broken the law and some enforcement needs to be taken against them.

As I have alluded to, unlike fingerprints, which people have to proactively give, the technology is so pervasive that many people will walk past the cameras not really knowing that they are taking part in the process and, therefore, not consenting to it. As I will come on to shortly, the rules in place for the use of facial recognition technology are non-existent.

On non-live AFR, the so-called Identify scheme, I will focus on the databases that are being used. After we have built the facial image—the map or code of a person’s face—we match it against a database of images. What is that database and where do those images come from? The police have watch lists of people they are concerned about. Obviously, we want terror suspects to be on a watch list so that the police can do their job properly. There has been a question about scraping social media for images that police forces can match against. Can the Minister confirm that today? If we are doing that in an untargeted fashion for those about whom there are legitimate concerns, we ought not to be. There are also custody images on databases such as the police national database, about which there are long-running concerns, as we have heard on my Select Committee. When the police take someone’s picture and put it on to the PND, it stays there. It does not matter whether they are convicted and go on to a list of people with convictions—perhaps we would understand if that were the case—or they are found innocent or no action is taken against them; their images are kept on the database anyway.

We have known for many years that the way the police have been processing the facial images of innocent citizens is unlawful. In the High Court in 2012, in the case of RMC and FJ v. Commissioner of Police of the Metropolis, the High Court was clear that it was being managed unlawfully. The Home Office responded, albeit some years later—I am not entirely sure why it took so long to respond to such an important issue—setting out a six-year review period in which the police would have to review the images on the database to decide whether they should weed and take out the images of innocent citizens. It also said that any of us could proactively ask the police force to remove our images because we claim our innocence.

There are several problems with that. Unsurprisingly, the number of requests to remove facial images from the database has been low, because people do not know about it. The fact that people have to proactively prove their innocence to not be on a police database is also fundamentally an issue. It is well known, however: the minutes from the September meeting of the Law Enforcement Facial Images and New Biometrics Oversight and Advisory Board say that

“most forces were struggling to comply”

with the Government’s response to the High Court’s ruling of unlawfulness. In answer to my questions in the Select Committee hearing, the Minister in the other place and her officials confirmed that no additional resource had been given to police forces to respond to or promote the fact that people can request the removal of their images from the database, or to undertake the review in which they are supposed to weed out and delete the images that they are not keeping on the database.

Evidently, the system is not fit for purpose. In my view, we continue to act in a way that the High Court said was unlawful, and I know that the Information Commissioner has also expressed concern. It will be useful if the Minister sets out how the Government will act to improve the situation, not only in terms of resourcing and support for police forces across the country but in terms of honouring the Government’s commitment to build new databases, so that the process can be automatic. Technology is pretty advanced now in some of these areas of facial recognition. If Facebook is able to identify me, tag me and take an action, and if Google is able to identify me and allow me to search for myself online, surely the Government ought to be able to auto-scan images, identify people who are not criminals and automatically delete the images of them. That ought to be deliverable. Indeed, it was our understanding that such a system was being delivered, but only a few weeks ago, when I asked Baroness Williams, the Minister in the House of Lords with responsibility for this issue, when we could expect the new computer system to be delivered, there was stony silence from the Minister and her officials. They were not clear when it was going to be delivered, why it had been indefinitely delayed and whether the delay was due to financing, contractual issues or technology issues. There was no clarity about how the existing system would be fixed.

We found in 2012 that the system was unlawful in relation to civil liberties. That in 2019 going into 2020, we do not know what we are doing to fix it or how it will be fixed, it is wholly unsatisfactory. Will the Minister give us a clearer update today about when the automatic deletion service will be available to police forces?

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank my hon. Friend for giving way to me again. He has made some very important points about the way in which this technology is already being used by Facebook and others, but is it not the case that, however advanced the technology is, it has also been found that it can be biased because of the training data that has been used, which means that particularly those from minorities or specific groups are not recognised adequately? Does he agree that it is all the more important that there is investment as well as transparency in the police database, so that we can ensure that groups who are already marginalised in many ways, particularly with regard to police services, are not once again being discriminated against?

Darren Jones Portrait Darren Jones
- Hansard - -

Unsurprisingly, I agree entirely. This is part of a much broader conversation about designing technology with ethics at the very start, not only in facial recognition but in algorithmic decision making and a host of different areas where we have seen that human biases have been hardwired into automated decision processes that are delivered through technological solutions.

The Government have a really important role to play here, not just in setting the regulatory framework and building on, and really giving strength and resource to, the Centre for Data Ethics and Innovation to set the national and international tone, but through their procurement of services. They must say, “We have got to get this technology right. We are going to buy these systems, but we really must see this ethics by design right from the very beginning, dealing with biases in a way that allows us to avoid biased solutions.” That would stimulate the market to ensure that it delivered on that basis.

On the legal basis for biometrics, older forms of biometrics such as DNA and fingerprints have a legal framework around them; they have guidance and rules about how they can be used, stored and processed. There is no specific law relating to facial recognition and no specific policy from the Home Office on it. The police forces that are trialling these systems say that they are using existing legislation to give them the legal basis on which to perform those trials, but the fact of the matter is that we only need to look at the dates of that legislation to see that those laws were put in place way before the technology came into existence or before it reached the maturity that we are seeing today.

There was some debate during the passage of the Data Protection Act 2018, when I, my hon. Friend the Member for Sheffield, Heeley and others served on the Committee scrutinising that Bill, but there was no specific discussion during that process or any specific regulation arising from it about facial recognition technology. If police are relying on the Police and Criminal Evidence Act 1984—perhaps there is an irony in the date of that legislation—the basis and the understanding of the technology did not exist at that time, so it is not in that legislation. Even the Protection of Freedoms Act 2012 is too old. The definition of biometrics in that legislation cannot encapsulate a proper understanding of the use, sensitivity and application of automatic facial recognition.

I am not alone in saying this—indeed, it seems to be the view of everybody but the Government. The Information Commissioner has opened investigations; the independent biometrics and forensics ethics group for facial recognition, which advises the Home Office, agrees with me; the London Policing Ethics Panel agrees with me; the independent Biometrics Commissioner agrees with me; and, perhaps unsurprisingly, civil liberties groups such as Liberty and Big Brother Watch not only agree with me but are involved in legal action against various police forces to challenge the legal basis on which these biometrics trials are being conducted. When he responds, will the Minister say that the Government now agree with everybody else, or that they continue to disagree with everybody else and think that this situation is okay?

I will now address the second part of this debate, which is the biometrics strategy. I focused on facial recognition because it is a particularly timely and sensitive component of a broader biometrics strategy. All of us who use technology in our daily lives know that biometric markers and data can be used to identify our location, identity and communications. That means that the Government and, indeed, the private sector can access data and learn things about us, and that area of technology is growing. People are rightly concerned about ensuring that the right checks and balances are in place. It is one thing for an individual to agree to facial recognition technology in order to unlock their tablet or phone, having read, I hope, about what happens to their data. It is another thing, however, for them not to be given the opportunity to give their consent, or not to receive a service and therefore not know about it, when the state is using the same types of technology.

The biometrics strategy needs to get into the detail. It needs to set out not only what is happening now but what is envisaged will happen in the future and what the Government plan to do about it, in order to protect civil liberties and inform citizens about how the data is being used. Clearly, they would not be informed individually—there is no point in telling a terrorist planning an incident that there will be a camera—but the right balance can be achieved.

Again, I do not understand why the Government are so slow in responding to these fundamental issues. It is so long since the 2012 High Court ruling on the retention of custody images, and we had to wait five years for the biometrics strategy. Imagine how much the biometrics sector in this country changed during those five years. Perhaps the Government were trying to keep up with the pace of change in the technology space, but the strategy was long delayed and long awaited.

Given my tone, Sir Roger, you will not be surprised to hear that everyone was very disappointed with the biometrics strategy, because it merely gave a kind of literature review of current uses of biometric data. There was a little bit about the plans for a new platform, which the Home Office is building, regarding how different people access biometric data. It said nothing at all, however, about the future use, collection and storage of biometric data, or about data protection. It said nothing about the Government’s own use and collection of data; the need for enforceable guidelines to enable devolved decision making by, for instance, police forces across the country; how different Departments might be able to use different forms of biometric data across Government, which, evidently, is very easy to deliver with today’s technology; or how the data would be stored securely.

People are concerned about cyber-security and breaches of their personal data, so what steps will the Government take in this developing space? Where will the data be stored? In advance of this debate, I received representations arguing that we should not send it to companies overseas and that it should be stored in the UK. One would think that the biometrics strategy addressed those issues, but it does not. Is the beta version of the biometrics strategy due soon, or does the Minister think that the Government have provided a sufficient response on this important field?

I do not want to keep saying that everybody agrees with me, because that would be a little uncomfortable, but there is no denying that the Biometrics Commissioner, the Surveillance Camera Commissioner and the Information Commissioner’s Office have all said exactly the same thing—this biometrics strategy is not fit for purpose and needs to be done again. The Government need to be clearer and more transparent about their endeavours and make that clear to the public, not least because these areas of technology move at pace. I understand entirely why police forces, civil servants or others want to be able to take the opportunities to deliver their services more efficiently, more effectively and with more impact—we support that—but the right checks and balances must be in place.

I will touch on our fundamental rights and freedoms, because that debate does not get enough air time in the technology space. Our freedoms are increasingly being challenged, whether the issue is cyber-defence or how we regulate the online world, and also in this space. Fundamental freedoms—freedoms that we hold, or purport to hold, dear—are encapsulated in the European convention on human rights and the Human Rights Act 1998. They go to the very nature of this technology, such as the right to a private life that can only be interfered with for a legitimate aim and only if that interference is done proportionately. Scanning a load of people going about their day-to-day life does not feel proportionate to me, and there is no accountability to make sure that it is being done legitimately. As my hon. Friend the Member for Newcastle upon Tyne Central (Chi Onwurah) said, if the selections that those technologies pick up are resulting in false matches or are discriminating, primarily against women and people from ethnic minority backgrounds, that also ought to be considered.

Those freedoms also include freedom of expression and of association. In public protests in recent weeks, people who dearly hold certain views have gone too far by moving away from their right to freedom of expression and to peaceful demonstration, towards criminal activity, intimidation or hostility. We should set the tone and say that that is not welcome or acceptable in our country, because having a right also means having a responsibility to use it wisely. Of course we want to protect those who want to demonstrate through peaceful public protests.

I am sure the public will say—this lies at the heart of my contribution—“Fine. Use some of this technology to keep us safe, but what is the right balance? Do we understand how it is being used? What are the accountability measures? What rules and guidance are being put down by the Government, on behalf of Parliament and the people, to make sure this is being done in a way that is not a slippery slope towards something we ought not to be doing?” We need a wider debate in public life about how we protect freedoms in this new digital age, and this issue is an example of that.

The House of Commons digital engagement programme is often a very good process for Westminster Hall debates, as it allows the public to be part of the conversation and to submit their comments. It would be remiss of me to not point out that some members of the public highlighted a certain irony in the fact that this debate was being promoted on Facebook, so I have shared their concerns, but that is still a medium through which the public like to engage in debate. Hundreds of thousands of people engaged across different platforms—way more than I was expecting—which shows the level of public interest in the use of these technologies.

As might be expected, there were two sides to the argument. The minority view on the platforms was, “I have nothing to hide. Please go out and keep us safe. Crack on, use it.” The other side said, “Actually, this is a slippery slope. I don’t know how this is used, and I’m worried about it. Why can’t I go about my day-to-day life without the police or the state surveilling me?”

I will share some of the comments. On the first side of the argument was Roy. I do not know where he is from. I wish his location had been given, because I could have said, “Roy from Sheffield”. He said:

“No objection. I’ve nothing to hide and don’t find it scary or objectionable for ‘the state’ to be able to track my movements. They already can if I’m in a car”—

I did not know that—

“and that doesn’t seem to be a problem. The added security of the police being able to track potential terrorists far outweighs any quibbles about reduced privacy.”

That is a perfectly legitimate view.

Karyn said:

“Having seen the numbers of crimes solved and even prevented by CCTV I have no objections. Today we have to be realistic, with phones listening in on conversations for marketing and plotting where we are, this is small price to pay for public safety and if you have done nothing there is nothing to fear.”

That is an interesting contribution on what is happening in the private and state sectors. We need to be much more advanced in both spheres.

That was a minority view, however. I do not have the percentage, but the bulk of comments came from people who are concerned. Chris Wylie, who many of us will have read about—he was the Cambridge Analytica whistle- blower, so he clearly knows something about these issues —was firm:

“No. Normalising this kind of indiscriminate surveillance undermines the presumption of innocence.”

We should pause on that, because it is really important. Why should we be tracked and surveilled by the police on the assumption that we might be guilty of something? That does not feel right, just as it does not feel right that people have to prove their innocence to get their images taken off a police database. Chris went on to say:

“It should never be up to us as citizens to prove we are not criminals. Police should only interfere with our lives where they have a reasonable suspicion and just cause to do so.”

I share Chris’s views.

Andrea said that this was a slippery slope:

“The idea that some people have about privacy as an exclusive issue for the bad guys is completely wrong. Not only privacy prevents my acts from limiting my rights but also avoids an unjustified use of power by the Gov’t.”

Again, we should pause there. It is our job in Parliament to hold the Government to account, yet we have no strategy, legislation or rules to enable us to do so. That is a fundamental problem. She goes on to say:

“Such a huge involvement of disturbing tech could lead to a 1984-like slippery slope, one which none of us wants to fall in, regardless of their legal background.”

Jenny said:

“I believe that this would suppress people’s ability to engage in public demonstrations and activities that challenge the government, which is hugely dangerous to democracy.”

A lot of people said that if they thought the state was scanning their data and putting it on a database, they might not associate with or take part in public demonstrations. If that were to happen, it would represent a significant diminution of our democratic processes.

Lastly, Bob said:

“It makes it easier for a future, less liberal government to monitor the activity of dissident citizens. During the miners strike in the 1980s miners were stopped from travelling just on the suspicion they would attend rallies based on their home locations and where they were heading. How would this technology be applied in the future for, say, an extinction rebellion march?”

Regardless of our political disagreements across the House, none of us thinks that the state is overreaching in a way that many other countries would. However, given the lack of legislation, guidance and regulation to enable us to hold the Government to account, and with independent commissioners and regulators saying that this is not good enough, I agree with Bob. There is a huge risk in not putting in place a framework with the appropriate checks, balances and protections, not just because that is the right and important thing to do today, but because we need that framework for future Governments.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

My hon. Friend is being very generous with his time, and I congratulate him again on having raised this important topic. Does he agree, as I think he is suggesting, that the level of interest in this debate—demonstrated by the quotes he has read out—shows that technology such as facial recognition, as well as algorithms and data, needs to be publicly debated? We can make a choice as to how it is used, so that citizens are empowered. Technology should not be something that is done to people; they should have rights and controls as to how it is enacted.

Darren Jones Portrait Darren Jones
- Hansard - -

My hon. Friend is absolutely right. The debate is a broader one about technology. How do we engage the public with these issues? I am an evangelist for technological reform, although I will not go on about that topic for too long, because it is not linked to the title of the debate. In my view, the idea that we can increase our economy’s productivity, increase wages, transform people’s working lives and reform and make more efficient our public services without using technology does not make sense. As my hon. Friend says, however, we have to do that in the right way and bring the public with us.

On a cross-party basis, we share the belief that we need to take crime seriously, and to address the increasingly sophisticated methods that criminals and terrorists may employ when trying to commit crimes or terror in our country. However, we must get the balance right, and there is a lacuna of regulation in this space. There are no legal bases, there is no oversight, and as a consequence there are no protections. That is why the Government should act now.

--- Later in debate ---
Louise Haigh Portrait Louise Haigh
- Hansard - - - Excerpts

That is completely right, and that is why this debate and the framework are so important. We cannot allow the police, with all the best intentions, to attempt to use this technology and then in some cases to mess it up—as they will—and have to roll it back. We want to ensure that the framework is in place so that the police can go ahead with confidence and the public have confidence. We must ensure that biases are designed out and that people accept the intrusion into their privacy and understand that such technology is being used proportionately and out of necessity. At the moment we cannot have confidence in that, which is why this debate is so important.

Darren Jones Portrait Darren Jones
- Hansard - -

I thank my hon. Friend for giving way, not least because I spoke at great length today. I did not mention earlier that we took evidence in the Select Committee from the Biometrics Commissioner that trials should be conducted on the basis of rigorous scientific guidelines and processes. The problem is that if we let different police forces do different things in different ways, we do not get clear answers on how and in what circumstances the technology can best be used. We need guidelines not just for the regulatory purposes, but so that the trials can be done in the right way.

Louise Haigh Portrait Louise Haigh
- Hansard - - - Excerpts

That is absolutely right. I do not get a strong impression that individual police forces are learning from each other either. In the case of the Met, the word “trial” has been used for the technology’s use at Notting Hill carnival. It has been trialled for three years in a row. When does a trial become a permanent fixture? I do not think that that can now be called a trial. My hon. Friend is absolutely right that if it is a trial, we should be gathering data, and they should be informing Parliament and the public and should be addressing the concerns around false positives and ethnic biases and whether it is being used proportionately. My hon. Friend the Member for Stretford and Urmston gave the astonishing figure that demonstrated the mismatch between the numbers of people who were covered by the facial recognition technology when just one individual was identified. That surely cannot be proportionate.

The question of technology within law enforcement gets to the heart of public consent for policing in this day and age, and the issues we have discussed today represent only the tip of the iceberg of potential privacy issues. So much of what defines an investigation today is data-driven. Data-driven policing and data-led investigations are transforming policing. It is already completely unrecognisable from when I was a special constable only 10 years ago. The police have the scope to access more of the intimate details of our personal lives than ever before.

The trialling of technology—including facial recognition and, as my hon. Friend the Member for Bristol North West mentioned, risk assessment algorithms—has not been adequately considered by Parliament and does not sit easily within the current legal framework, but it is having some phenomenal results that we should not ignore. The identification of images of child sexual abuse rely on hashing technology, which enables law enforcement and the Internet Watch Foundation to scrape hundreds of thousands of images off the internet each year.

This week, we have had the news on what is in essence compulsion for rape victims to hand over their mobile phones for what potentially amounts to an open-ended trawl of data and messages, without which there is little prospect of conviction. That high-profile debate has lifted the lid on the ethical questions that ubiquity of data and technological advances are having on law enforcement. Nascent technologies such as facial recognition are at the sharp end of this debate. They do not just represent challenges around collecting and storing of data; they also provide recommendations to law enforcement agencies to act, to stop and search and, potentially, to detain and arrest people.

As my hon. Friend the Member for Bristol North West said, we served on the Data Protection Bill Committee, where we discussed these matters briefly. We outlined our concerns about facial recognition, in particular the lack of oversight and regulatory architecture and the lack of operational transparency. I reiterate the call I made to the Home Secretary in May last year that Her Majesty’s inspectorate of constabulary launch a thematic review of the operational use of the technology and report back to the Home Office and to Parliament.

We believe such a report should cover six key areas: first, the process police forces should and do follow to put facial recognition tools in place; secondly, the operational use of the technology at force level, taking into account specific considerations around how data is retained and stored, regulated, monitored and overseen in practice, how it is deleted, and its effectiveness in achieving operational objectives; thirdly, the proportionality of the technology’s use to the problems it is seeking to solve; fourthly, the level and rank required for sign-off; fifthly, the engagement with the public and an explanation of the technology’s use; and sixthly, the use of technology by authorities and operators other than the police.

It is critical as operational technology such as this is rolled out that the public are kept informed, that they understand how and why it is being used and that they have confidence that it is effective. The Minister has the power to commission reports of this type from HMIC and it would be best placed to conduct such a report into the use of police technology of some public concern.

We have discussed concerns about the accuracy of facial recognition tools, particularly in relation to recognising women and people from BME backgrounds—that is quite a swathe of the population! We do not know whether this is because of bias coded into the software by programmers, or because of under-representation of people from BME backgrounds and women in the training datasets. Either way, the technology that the police are currently using in this country has not been tested against such biases. In the debate around consent, it is extremely worrying that potentially inaccurate tools could be used in certain communities and damage the relationship with and the trust in the police still further.

As I said, we had some debates on this issue in the Data Protection Bill Committee, where we attempted to strengthen the legislation on privacy impact assessments. It should be clear, and I do not believe that it is, that police forces should be required to consult the Information Commissioner and conduct a full PIA before using any facial recognition tools.

I am further worried that the responsibility for oversight is far from clear. As we have heard, software has been trialled by the Met, the South Wales police force and other police forces across the country, particularly in policing large events. In September last year, the Minister made it clear in response to a written question that there is no legislation regulating the use of CCTV cameras with facial recognition. The Protection of Freedoms Act 2012 introduced the regulation of overt public space surveillance cameras, and as a result the surveillance camera code of practice was issued by the Secretary of State in 2013. However, there is no reference to facial recognition in the Act, even though it provides the statutory basis for public space surveillance cameras. The Surveillance Camera Commissioner has noted that “clarity regarding regulatory responsibility” for such facial recognition software is “an emerging issue”. We need clarity on whether it is the Biometric Commissioner, the Information Commissioner or the Surveillance Camera Commissioner who has ultimate responsibility for this use of technology. It would also be helpful if the Minister made absolutely clear what databases law enforcement agencies are matching faces against, what purposes the technology can and cannot be used for, what images are captured and stored, who can access those images and how long they are stored for.

The Government’s new biometric strategy takes a small step forward on oversight, with a board to evaluate the technology and review its findings, but it meets too infrequently—three times since last July, as far as I can tell—to have effective oversight of the operational use of the technology. In any case, it is clearly not designed to provide operational safeguards, and that is where big questions remain about discriminatory use and effectiveness. The lack of operational safeguards and parliamentary scrutiny may lead to ill-judged uses of the technology.

I am hopeful that the Minister can assure us today of the Government’s intention to make things a lot clearer in this space, that existing and emerging technologies will be covered by clear, consistent guidance and legislation from the Home Office, that the relevant commissioner will have all the powers they need to regulate these technologies, and that our law enforcement agencies fully understand what they need to do, both before any technology or new method of data collection is rolled out, and afterwards, when an individual’s data rights may have been abused. We need clear principles, and I am not convinced that the legislative landscape as it stands provides that.

--- Later in debate ---
Darren Jones Portrait Darren Jones
- Hansard - -

I thank the hon. Member for Strangford (Jim Shannon), my hon. Friends the Members for Stretford and Urmston (Kate Green) and for Newcastle upon Tyne Central (Chi Onwurah), and the shadow Minister, my hon. Friend the Member for Sheffield, Heeley (Louise Haigh), for their contributions. I also welcome the interventions of the Chair of the Science and Technology Committee, the right hon. Member for North Norfolk (Norman Lamb), and the Minister’s responses.

It is clear from today’s debate that everyone, including the Minister and, by extension, the Home Office, agrees that we have some work to do, which is a good conclusion. I put it on the record that the Select Committee is interested in the actions being taken by the Scottish Government in the biometric data Bill that the hon. Member for Cumbernauld, Kilsyth and Kirkintilloch East (Stuart C. McDonald) mentioned. We will keep a close eye on the work being done in Scotland, and think about what lessons we might learn in Westminster.

As my hon. Friend the Member for Stretford and Urmston said, if we have 29 million facial scans for one hit, we clearly need to have a better debate about the balance between impact and invasion of privacy. As many colleagues mentioned, the demand for a stronger regulatory system comes from not just police forces, commissioners, politicians and the public, but from the technology companies providing such solutions. They wrote to me in advance of the debate to say that they want to do the right thing, and would rather that there were a framework in which they can operate so that—no doubt for their own brand purposes—they are not pushing the envelope by delivering solutions that police forces and others may take too far.

I welcome the Minister’s commitment to privacy impact assessments. I am sure that we all welcome that confirmation. I understand that dealing with legacy IT systems is difficult; we have been talking about that on the Select Committee too. We encourage the Government not to put a sticking-plaster over old systems, but to invest in new ones, so that we are not just dealing with a legacy problem, but building something fit for the future. I look forward to reading the letter that the Minister referred to from Baroness Williams of Trafford.

The Minister said that it was good that in our system we can hold the Government to account and show our interest in such matters. It is clear from the debate, and from the Select Committee’s ongoing work, that we will continue to do so. We therefore look forward with anticipation to the further announcements that the Minister has committed to in the season of “summer”. Even though we do not quite know when that will start or end, we look forward to those announcements, and I thank him for his contribution.

Question put and agreed to.

Resolved,

That this House has considered facial recognition and the biometrics strategy.