Breaking news: BBC FINALLY spots millions of mugshots on cop database The BBC's Newsnight team lurched into action last night by "revealing" that "up to 18 million" mugshots of Brits were being stored on a huge police database without proper regulatory oversight. Setting aside the fact that we already knew back in December that many of the photos kept on the Police National Database (PND) …
QUOTE
MacGregor told the Beeb last night that there were "grounds for doubts" about the reliability of facial recognition tech.
UNQUOTE
Quite right.
There's lots of evidence that the technology doesn't work, – http://www.theregister.co.uk/2009/08/14/biometric_id_delusion/ – and no evidence that it does.
Not just an invasion of privacy but also a waste of money. The police may want to be seen to be "doing something" but this is a double whammy black eye and not a feather in the cap at all (Catch-22).
Ever seen a test of eyewitness identification? (Fake crime, take statements from unsuspecting witnesses, use those who reckon they got a good look for lineup / mugshot ID).
Makes automated facial recognition look ruddy infallible by comparison. If you really must have a fucked up method of identifying people, the one that's not admissible as evidence strikes me as preferable.
Well there is some evidence that it does work, as the reporter tried it on Newsnight last night and it worked perfectly. He had his mugshot taken and then went outside where a Police Officer identified him with his wearable camera - scary stuff!
I wonder how much the police have spent on all this. Apparently they managed to get 8 million records into the system within about 10 months - quite some going and must have cost a bit to pull off.
The problem with facial recognition systems is it depends on how old the 'reference' photo is.
I recently came through passport control at Heathrow, and it took the system around a dozen scans of before it could decide if my face matched my 5 year old passport photo.
There have been past El Reg articles on who good, or not, the system the US Homeland department, and also the scrapped UK ID cards, all the same issue, with 'old' reference photos.
@BobWheeler I thought facial recognition worked by looking at the separation of eyes and other features that shouldn't be affected by the age of the photo. But according to Wikipedia, some systems do perform a crude statistical comparison with a reference image, and that would be affected by aging. So I guess it depends what system the police are using.
But either way, Facebook is a handy public database of names and recent photos. They might even arrest a few genuine cat buglers. (Yeah, mine's the one with the moggy in the pocket: his canine accomplice is holding my canary hostage at an undisclosed kennel.)
"The problem with facial recognition systems is it depends on how old the 'reference' photo is."
This is why you're also not allowed to smile/look happy in passport photos. To give the immigration machines a fighting chance, your photo needs to look like you, tired, pissed off after a long flight and long queue. And then being directed to the 'express' queue where you can gurn for the amusement of the people queuing around you. It would probably be easier, faster and more accurate if they just flashed your photo up on a screen and let your fellow travellers vote on if you were you, or not.
There were tests done a few years ago on fingerprint databases in the US. Although they only got access to a limited amount of fingerprint data (iirc it was only one state), they were still able to hit something like 2000 false positives using the standard used by police and FBI. This is the risk that comes in with having a large data set, the more data the more specific you have to be to avoid falsely tying someone to a crime
"I wonder how much the police have spent on all this. Apparently they managed to get 8 million records into the system within about 10 months - quite some going and must have cost a bit to pull off."
More to the point I'm shocked that a public sector IT system appears to...work? That almost gives me the confidence to suggest that it could have done the double whammy and actually come in on or under budget.
Nah. Crazy talk, that.
From the Beeb's website:
"Andy Ramsay, identification manager at Leicestershire Police, told Newsnight the force now had a database with 100,000 custody photos.
He said searches of the database using facial recognition were 100% reliable in cases where there were clear images, and could be completed in seconds."
So you can be reassured that your photos are safe in the hands of an incompetent prat who couldn't recognise a clue if it smashed him over the head.
Like someone who has snout firmly in trough.
In fact I think he even had a bit of something still stuck on the end of his nose, while he was effectively saying he was gleefully exploiting a loophole.
OK for them, not for us, he certainly seemed to think he was much more equal than everyone else.
sales of Burka's and David Cameron Face Masks have both increased by 200%
Don't PC Plod realise that if they go around holding piccies of at least 30% of the UK Population then more and more people will seek to avoid being snapped.
It is not only crims that don't want their picture on this Database.
Posting AC because one target on my back is enough
MacGregor told the Beeb last night that there were "grounds for doubts" about the reliability of facial recognition tech.
That's strange. It always works on TV. It can spot a terrorist wearing a fake beard and dark glasses in the middle of a crowd of people. What could possibly be wrong with it?
Also the interface on TV is always incredibly slow, showing each face in turn as it flicks through them. That always seems like weirdly stupid design to me- what are we going to do with the glimpses of all those faces? - but then I do watch films and worry more about the realism of the user interfaces they are using than the implausible stunts so it is more than possible that I am a total idiot.
One of the requirements of the Data Protection Act is that personal data is used only for the purpose for which it was collected.
"Barton also said he was "unashamed" about keeping the photos of innocent Brits on the database because the police apparently needed them "for different purposes"."
Oh dear. Epic fail.
> One of the requirements of the Data Protection Act is that personal data is used only for the purpose for which it was collected.
Yeah, but there's a lovely weaselly cop-out clause that adds an exception for "the prevention, detection or investigation of a crime".
One purpose for holding images of innocent people is missing persons. Another is searching for wanted people who haven't been convicted, or persons of interest (suspects), how would ports and airports know who to watch for without their photo. There are lots of legitimate uses for photographs, and the MK1 eyeball is also employed. Don't forget the Police also have access to the DVLA database so they can match your face to your driving licence if they stop you, amongst other things.
Don't forget the Police also have access to the DVLA database so they can match your face to your driving licence if they stop you, amongst other things.
They can look at specific records in the DVLA database. They are not allowed to search through each photo on the DVLA database to compare it to CCTV, and then use that as "evidence".
People are concerned that their photo might be in the police database, yet they are happy to post their photo's all over facebook and other internet sites.
Of course nobody wants to be in an identity parade in case they get wrongly fingered for a crime. But if the police have a photo of somebody they want to interview, and there's no match in the PND, I don't see any technical reason why they couldn't run their face recognition technology against facebook.
Of course nobody wants to be in an identity parade in case they get wrongly fingered for a crime. But if the police have a photo of somebody they want to interview, and there's no match in the PND, I don't see any technical reason why they couldn't run their face recognition technology against facebook.
I hope you see a moral reason sometime soon.
Doesn't the arithmetic of false positives apply here just as it does to the mass interception of emails phone calls etc?
These folk are looking for a particular needle in a sizeable haystack.
The more photos in the database, the larger the haystack, and the more misidentified results there will be, diverting limited police Human Resources off on wild goose chases.
What could possibly go right?
Only if face recognition is the only lead they have - in most cases they'll also have an address, a reason the person's in the database (even if innocent, said person was presumably arrested on suspicion of a particular crime), etc. Even if 100 false positives turn up the police should be able to narrow that down considerably.
Still not a justification for holding innocent people's data, but it does show that it's not such a problem.
@JDC
Not too long ago, Plod was arresting all sorts of people with the wrong address, wrong age, wrong physical appearance, etc on the basis of false positive DNA matches. And then forced them to prove their innocence; and leave their details on the PND because they had been arrested on suspicion of ...
Apart from being 6 weeks behind The Register what have the BBC done to deserve another snippy article?
They certainly didn't "claim(ing) a scoop". I heard 'The BBC has learned' but no mention of a scoop.
Newsnight certainly didn't defend the police. Both guests in the studio attacked the police in this matter. In fact only the police officer put up any sort of defence of their behaviour.
What did we learn from Newsnight? Depends who you are. El Reg readers: probably not so much. Newsnight viewers: probably enough to have their opinion of the police taken down another notch.
What have we learned from El Reg? Well I've learned that tabloid tactics aren't just used by the print media.
Evan Davis: For a year or so you have been introducing the unconvicted into the database as I understand it and using facial recognition software knowing that a court has asked you not to do that
Chief Constable Mike Barton: Well no! I am unashamed about keeping unconvicted photographs in this because we need them for different purposes than DNA and fingerprints and they are not covered by the same legislation.
Essentially that amounted to a Chief Constable saying "Judges? Pah! I don't care what they order!"
There should be alarm bells ringing on so many levels!
> Essentially that amounted to a Chief Constable saying "Judges? Pah! I don't care what they order!"
That's probably due to the way that politicians have taken to passing knee-jerk anti terror/paedo/whatever legislation that permits gross infringement of civil liberties on the say-so of a senior police officer, rather than requiring judicial oversight. Chief Constable Barton has obviously got used to this lack of accountability and doesn't expect to face it any time soon.
a perfectly valid reason they are doing this.
Such as once the entire population is on the database, they'll know who committed what crime and where.
So the politicians standing for power many years later get a nudge saying "Make sure the police get plenty of money, or we''ll tell the world exactly what you were doing behind the bikes shed aged 15&3/4 with Fionna Leatherington"
And they'll have the pictures to prove it!
Wheres the paper bag over your head icon ?
"If the police make an arrest, they can tick a box and add 1 to their totaliser."
...and have you noticed how everyone at the scene is now "arrested on suspicion" and no one is "helping with enquires" anymore? Of course, once "arrested", photos, fingerprints and DNA all get taken and filed forever, whereas "helping with enquiries" doesn't allow them to do that.
There are far less arrests now - PACE Code G and the necessity test has a lot to answer for. Many people suspected of crime (from traffic offences to serious matters) are voluntarily interviewed at a police station - in some cases even where the necessity for their arrest would exist.
The need to get fingerprints/DNA/photograph are not a necessity but might fall under 'prompt and effective investigation' if the police needed that information for their investigation (e.g. they had found a stain at a crime scene).
Remember that if you receive an out of court disposal (caution) or are summonsed for certain offences but were never arrested, the police can still request (order) you come to the police station to have DNA/prints/photo taken.
'Helping with enquiries' has always been a euphemism for being arrested!
Actually you're wrong on most points there. Arrest means you're taken to a police station to have your mugshot, dabs and cheek (DNA) swab taken, if necessary by force. There are quite a few ways and means by which the police can arrest people, deprive them of their liberty for up to 36 hours, and then release them with no further charge.
By that point they've already got your sensitive personal data and it's on their databases, which is more often than not the undeclared point of the arrest aside from buggering you around. The only way to avoid that is if you are, miraculously, de-arrested at the scene. This happens to very, very few people - Green Party politician Jenny "don't you know who I am!" Jones is one of these.
"Helping with their enquiries" is not, and never has been, a euphemism for arrest. It is a euphemism for "being coerced into giving us information in a way that stops short of arrest because that triggers the need for a lawyer and a raft of legal protections which we find inconvenient".
I'm quite aware of what an arrest is. The point you're missing is that under PACE Code G the police have to have a necessity (aka lawful reason) to arrest you - simply suspecting you of a crime is not good enough - there have to be reasons why you need to be taken there and then to a police station (e.g. to stop you doing something, to investigate the matter promptly, to protect the public etc). The need to photograph/print/DNA you is NOT one of these necessities (unless the investigation necessitates it - e.g. you're a suspect AND the police have ALREADY found stains at the crime scene).
The police are not under any pressure to arrest people - quite the opposite. An arrest only leads to more paperwork and being kept late for most officers (a typical prisoner will take at least four hours to process, even if the officer is handing the case over to another department). A voluntary interview on the other hand takes about an hour at mutually convenient times.
You should join the BBC with sensationalism numbers such as 'up to 36 hours'... PACE is quite clear - prisoners must be dealt with expeditiously, if they're not being dealt with in that way the custody officer will release them on bail or NFA (no further action), simple. You also fail to mention that 24 hours is actually the maximum WITHOUT an Superintendent's authority. The Supt wouldn't grant this lightly - it's only in cases where the additional evidence can be gathered in the additional 12 hours (e.g. awaiting forensic results or hi-tech analysis of devices) AND the person can't be safely bailed (e.g. serious crime where they might skip the country or be a danger to society). They also won't grant it if the office in the case could have gotten the evidence in the original 24 hours. The other point to make is that people are typically kept in custody for far less than 24 hours anyway, despite what the documentaries would have you believe!
Helping with enquiries is a humorous euphemism for arrest in modern times amongst officers. I don't think it's used publicly or by the general populous. I don't think your description of "being coerced into giving us evidence" is fair in modern British policing; read R v BRYCE...
If the necessity for arrest is there, you're more often than not arrested, if the necessity isn't but the grounds for suspecting you committing a crime are, you're invited to be voluntarily interviewed (and perhaps if you refuse, the necessity for arrest would arise)... It doesn't matter though, if you're arrested or not, if the police intend to ask you about a crime you may have committed you have the same rights - solicitor, right to silence etc. R v BRYCE again.
Since the photos are apparantly covered by the DPA along with presumably other data the police hold on you, perhaps we should all issue Subject Access Requests to the police asking for copies of any and all data they hold on us.
Either they will be forced to waste their time finding and supplying the data or in fobbing us off.
It depends... If you're not under active investigation you will get your data although some of it (e.g. identities of officers involved in your case, details of other suspects, victims etc) associated with you will be redacted.
In other cases the police will outright refuse or 'neither confirm nor deny'...
However, if you've been arrested once for being a drunkard two years ago and gave a statement about a theft of cycle last month but aren't exactly the career criminal, the police will give you your data - try it!
What you need to do is carefully word your request - if you ask for everything they may deny your request based on the bits they don't want to give you... Target it carefully "Please send me a copy of the photograph taken of me when I was arrested on 01/01/2013".
As someone who knows a little bit about this article, I would point out the following:
1) The facial recognition software does not search the PND image database, it only searches the local custody database of the force in which it's deployed. The BBC suggested it could search the entire PND in the way they presented the piece. The rules on the usage of data from the PND are such that this would be extremely difficult (politically and technically to achieve). Even a simple search of the PND requires a lot of justification and authorisation (typical reasons allowed are major crime, national security, child protection and sexual cases only).
2) The police can only access DVLA database in connection with driving matters (e.g. to check you have a driving licence). They certainly cannot get the images and put them through image recognition (although who knows, perhaps other agencies can?) I doubt they would ever be able to do this.
3) The match provided by the facial recognition software is as some elude to based on the measurements between facial features. It provides a score and presents options. The version I've seen cannot differentiate particularly well between male and female or across ethnicities. It's certainly not 100% but if the reference and source photos are good enough, it will match, no questions.
4) The quality of the reference photo and the source are very important. The reference photo has to be a very high-quality custody photo (taken in good lighting, good lens, 10MP or more) and must be square/looking forwards, other sources don't work particularly well. For this reason hoovering Facebook for references etc wouldn't work (as well). Likewise the source has to be reasonably good quality too. In the example they showed with the bodyworn video, it was taken in good light on a HD camera - the quality of a still be very good. This is not typical of say poor quality CCTV or bodycam in a dark rainy street.
5) As the Chief Constable eluded to, the best way to recognise a face is with a human brain. It is for this reason that the results are treated as 'intelligence'... Arrests/police action is not solely based on the computer going 'ping'... Someone looks at the results and goes 'hmmm, I agree that person does look a lot like the source... Oh look, their mother lives door to the victim, oh look their mobile phone number was mapping in the area, oh yes a witness did describe the person have a limp on the left leg like the intelligence for the match says'... This is the same as what happens if the police find your DNA at the scene or if your mobile phone was in the vicinity of a crime scene - they look at all the available information this first 'clue' uncovers and if more evidence is available, they can take it forward.
What I'm saying is, this is a tool for the police. It's available so why shouldn't they use it? I think the sensationalism the BBC was trying to generate was unfounded - most people who have had their mug shot taken are convicted criminals or people who are guilty of offences. I agree that those who are released no further action (and who have no other criminal record) should be able to have their photo removed but in reality this is a very small number of people. As the Chief very poorly explained, most of the photos will be repeats of the same people... I.e. although there are 18m photos, that certainly doesn't represent 18m people!
Nice to have someone with a bit more of an inside knowledge on this comment, cheers. Interesting that the facial recognition can only be run on the local database.
There were a whole lot of facts conflated in that interview but the key one for me is that innocent people's mugshots are being kept at all. I'm not worried about facial recognition or national databases of faces so long as it's only convicted criminals on there.
I note Mr Plod - busily defending his following the letter of the law, if not the spirit - when asked directly about "how many people on that database have not been convicted of a crime" was unable to say, despite that fact that this was arguably the key point that the interview revolved around.
We've got your assertion that it's a "very small number", well I'd like to know what that number is myself. Perhaps you could run SELECT COUNT(*) FROM IMAGE OUTER JOIN PERSON WHERE IMAGE.PERSON=PERSON.ID AND PERSON.PORRIDGE IS NULL when you get a minute and let us know the result?
I think the difficulty would come with the fact that the PND stores both criminal convictions (taken from PNC and other sources) and local intelligence/disposal information (e.g. non-court disposals where someone is still guilty of a crime but it's been dealt with in another way). It doesn't always fit nicely into a single nominal record e.g. if you search on a name it may bring back a person with similar details from the Met and another person with similar details from the GMP. A human can work out if they are the same person, the software cannot necessarily do this unless the local force has put them together with a unique identifier - e.g. PNC ID or CRO.
But assuming you could design a sensible query to work out the number of individuals whose photographs are stored but whose number of convictions = 0, the BBC didn't tell the Chief they would be asking those sorts of questions so he was not prepared with those sorts of answers! You, me or the BBC are quite able to making an FOI request to ACPO or the College of Policing (who run the PND) and you'd probably get the information...
The question here is that just because someone is not convicted it doesn't always make them not guilty of the offence (e.g. where they get off). So Parliament has decided that it's right that in those circumstances their biometrics (DNA/prints) are removed in most cases but their data (e.g. their name, the facts of the arrest, the records of suspicion) are kept in line with MoPI (so if you are a suspect of rape, you will be linked to that offence forever)... The police have decided the photos are data and treated them as such. This is the bit I think needs questioning but how can you balance protecting the public (e.g. Soham murders) vs. the people's right to privacy!
most people who have had their mug shot taken are convicted criminals or people who are guilty of offences
I once told a traffic warden to fuck off after a week of harassment. Imagine my surprise when I found out that it was not only illegal but a criminal offence. The officer pretended to be "alarmed harassed and distressed" or whatever the words were and I was duly nailed in court with a shiny new criminal badge on my personal stats.
So that bollocks about "they're all criminals so they deserve it" is just that...bollocks.
===========================================================
Just FYI, elude means "to dodge" and allude means "to refer to". So you definitely used the wrong word in point 3)...could go either way in your point 5) reference to a Chief Constable's statement.
"The rules on the usage of data from the PND are such that this would be extremely difficult "
So? You're not seriously trying to tell us that rules don't get broken by police + associates?
Exhibit one (many others available):
http://www.bbc.co.uk/news/uk-wales-21451611 (Feb 2013)
"Police officers and staff in Wales have broken the Data Protection Act 62 times in the past two years."
And what consequences were there of these very serious breaches?
"Four people were sacked and 14 resigned as a result of the breaches."
What kind of stuff were they up to?
"given a formal police caution for checking the database "pertaining to an associate, altering own record on police system and checking third parties on police system not for a policing purpose".
Another who resigned was convicted at court after researching and disclosing information to a third party.
The other five resigned after:
checking incident involving relative
checking incident involving former partner
misusing access to system
checking family members on database
inappropriately accessing footage of incident.
In addition, one personnel member was dismissed after "checking partner and third party on system".
So whatever alleged deterrent effect the rules are supposed to have doesn't seem to have worked particularly well in these cases.
Yes of course rules get broken by a minority of individual officers. However:
1) There is a massive difference between some idiots accessing police databases for individual unlawful purposes than forces as a whole deciding to plug the PND into facial recognition. Yes you could probably do a one off search unlawfully and probably get caught but I suspect the administrators of the PND would start to notice if 18 million images were being searched regularly by one force ;).
Unless of course you are suggesting the entire establishment is corrupt and would do this without anyone knowing... But then that's not really corruption is it (e.g 'having or showing a willingness to act dishonestly in return for money or personal gain')?
As far as police data goes, what's on the PND is pretty sacrosanct. Getting access is difficult enough. Syphoning the data off for facial recognition without massive investment, oversight and project planning would be impossible without it being driven by the government (Home Office Policing Innovation Funding for example) in the first place!
2) The breaches mentioned almost certainly do not include misuse of the PND. They will be searches of local intelligences and crime systems, electoral registers (all of which are 'self serve') and the PNC (relatively easy to access in comparison with the PND). The way the PND is implemented is that literally every search is scrutinised by other people - unless the entire chain is corrupt, I think misuse would be much harder (obviously not impossible).
Of course what probably hasn't been thought about is whether the operators of the facial recognition on a local basis might be corrupt (e.g. identifying people for money or personal reasons). However, one would hope that vetting and monitoring of the use of the tool by anti-corruption departments would get to the bottom of this (much like it does with misuse of other police systems).
Remember this TOOL is one of (probably hundreds) systems that the police can lawfully access... Think about your criminal records, police records (intelligence), prison records, court records, phone records, internet records, travel records, financial records, benefits records, education records - most can be accessed by the police through a combination of data sharing agreements, S29 DPA requests, RIPA and court warrants already. The police can even bug your home or tap your phone line if they can justify it and get the authorisation to do so.
Sadly there are corrupt elements and yes there are bound to be privacy concerns but why is this one issue much more toxic when in reality all facial recognition does is provide an 'intelligence tip off' that a wanted person might be someone the police have already met? It's not like this is happening automatically - it's done in one-off cases in response to a policing need (e.g. the need to solve a crime). The same goes for the CCTV gait analysis - it's not done like it is on Spooks to every government CCTV feed; it's done in one-off cases where a forensic need exists.
Taking your words as gospel, that's the state of play at the moment.
However.
The current government seems to be assembling a DIY dystopia kit (as was the last one) and -tecnologically speaking- it would be relatively simple to 1) desanctify the PND and 2) apply face-recognition and gait recognition to everything, as an overlay (it's only software after all).
We are already talking about a country with the highest number of cameras per head in the world, so yes, the general drift of events is a major cause for concern.
I'm surprised this hasn't been mentioned, but one of the stipulations of Data Protection is that data is held securely.
What is the track-record of government-related bodies on this particular aspect of data-retention? I don't think I need to give examples, there being a multitude of them.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
