23 Sep 2019
This is a guest blog from Dr Carole McCartney, Professor in the School of Law, Northumbria University.
Published in May 2018, the Science and Technology Committee’s Fifth Report, Biometrics strategy and forensic services, documents the frustration of the committee with seeming Governmental negligence in not producing a biometrics strategy, as well as the shortcomings of the Forensic Science Strategy published in 2016. This strategy was itself two years late and found by the preceding Committee to be inadequate. The Committee now, is urging that it be revised and re-evaluated, as weaknesses already identified are being exacerbated by the growing vulnerability of the private forensic market, and the lack of full accreditation of forensic service suppliers (most notably the police). The biometrics strategy meanwhile, has yet to materialise, without a “convincing rationale” for this omission.
The Minister for Countering Extremism, Baroness Williams, told the Committee that, when eventually delivered, the Government envisaged a biometrics strategy that would outline a “framework for governance and oversight“ and would be “flexible and fit for the future“. They acknowledged that this needed to be in place “quite urgently“ and would necessarily consider both ethical and legal questions. The Minister explained that a Directorate for Data and Identity has been created in the Home Office to help “align common forensics and biometrics interests“. Despite such assurances, the paucity of detail, underlying principles, and lack of ‘strategy’ contained in the belated forensic science strategy, gives justifiable rise to concerns about the content, and intent behind the much anticipated biometrics strategy.
Yet the obligation on the Government to now produce a biometrics strategy that is both adept and adroit cannot be overstated. The Committee stressed at several points, both the urgency and importance of adequate governance and oversight of both forensics and biometrics: “This is vitally important because these disciplines, and the way their techniques and data are used, are at the heart of our courts system and underpin essential confidence in the administration of justice.” Indeed, the importance of creating a transparent and accountable regime for the forensic use of bioinformation that is simultaneously legally justifiable, socially acceptable and ethically sound, was the core message of the Nuffield Council on Bioethics’ influential 2007 report, The forensic use of bioinformation: ethical issues, which I was involved in producing. The report argued that the use of biometrics ought to provoke debate around vital issues such as liberty, autonomy, privacy, informed consent and equality. While acknowledging that these values are not absolute, the Nuffield Council stressed that there is: “a strong presumption in liberal democracies in favour of not restricting them“. The Council thus advocated a rights-based approach that recognises: “the fundamental importance to human beings of respect for their individual liberty, autonomy and privacy“. In appropriate circumstances, these rights can be restricted, in proportion with the need to protect the rights of others, balancing the public interest in detecting and prosecuting criminals and that of maintaining privacy and liberty of citizens. In Scotland, the recent 2018 report by the Independent Advisory Group on the Use of Biometric Data, similarly called for the development of biometrics to be undertaken in a “principled manner which gives appropriate weight to considerations of public protection and security on the one hand, and privacy and other relevant human rights and ethical considerations on the other”.
Shortly after publication, the Nuffield Council report was relied upon, and quoted in support of the unanimous European Court of Human Rights ruling in S & Marper vs UK, which found that the retention of DNA profiles and samples from unconvicted individuals in the UK breached human rights, and thus demanded legislative amendment, eventually enacted by the Protection of Freedoms Act 2012 in England and Wales. This was accompanied by the establishment of a Biometrics Commissioner to oversee the retention of DNA profiles on the National DNA Database (NDNAD). Just prior to the Marper judgement, the Government had created an Ethics Group to advise the NDNAD custodian on ethical issues. More recently, this Ethics Group was empowered to consider issues surrounding fingerprints as well as DNA, and now has had their remit further extended, becoming the Biometrics and Forensics Ethics Group.
Thus, while the Government has responded to issues concerning DNA and fingerprints, and positive changes have been made, the Committee stressed that at present, the use of other biometrics, in particular, facial images, remains largely ungoverned. The Committee’s report focused in particular on the use of facial images by police, voicing concern about a lack of reliability with the questionable accuracy of the technology, and the potential for discriminatory bias. In evidence, the Information Commissioner also articulated apprehensions about privacy, stating that: “how facial recognition technology is used in public spaces can be particularly intrusive. It’s a real step-change in the way law-abiding people are monitored as they go about their daily lives.” The Committee confirmed that there are: “important ethical issues involved in the collection, use and retention of facial images that have greater salience than for DNA, fingerprints and other biometrics, not least because facial images can easily be taken and stored without the subject’s knowledge and because (unlike DNA and fingerprints) facial images databases – passports, driving licences and custody images – already contain 90% of the adult population”. The Government approach to retention of custody images was deemed unacceptable: “unconvicted individuals may not know they can apply for their images to be deleted, and because those whose image has been taken should not have less protection than those whose DNA or fingerprints have been taken”. The Biometrics Commissioner confirmed that facial images were a powerful new biometric lacking governance arrangements, and thus there is no public assurance that: “their use will be in the public interest and intrusion into individual privacy is controlled and proportionate”.
In common with earlier demands made of the governance of DNA and fingerprints, the Committee argued a need for: “further refinement of the oversight architecture, including how image databases should be managed and regulated, potentially by a dedicated ‘regulator’, or by the Biometrics Commissioner with an extended remit”. The Home Office stated that they are now considering an ‘oversight board’ for facial recognition bringing three regulators and oversight bodies together (the Biometrics Commissioner, the Surveillance Camera Commissioner and the Information Commissioner) with the police (there was no mention of why the Forensic Regulator would also not be included in this ‘conglomerate of regulators’).
While the Nuffield Council report was written over ten years ago, its central message is still germane. Biometrics can undoubtedly enhance crime control efforts, and technologies will continue to proliferate and their use intensify, but such developments cannot take place in a policy void. Such policy must be underpinned by considered debate, incorporating vital ethical concerns. As the Nuffield Council iterated in 2007, effective governance of biometrics should ensure: “not only that their utility is maximised, but also that their potentially harmful effects (such as threatening privacy, undermining social cohesion and aggravating discriminatory practices) are minimised". It must be hoped that the forthcoming biometrics strategy can achieve these aims.