2014
PIA 29 10 2014
CONTENTS
Regulatory Considerations
Custody Images
Information Flow
Consultation
Privacy Solutions
Location
Management
Operators
Use of Neoface
10
Risk
11
Evaluation
12
Sign off
12
12
Action to be Taken
12
12
Appendix 1
PIA 29 10 2014
1.1
1.2
The Police Service has a statutory duty under the Police Act 1996 and a duty at
Common Law to prevent, investigate and detect crime as well as safeguarding the
public. Clearly that duty requires the Force to introduce new methods and
technology to meet public expectations, but at the same time, ensuring such
methods and technology are in compliance with relevant legislation.
1.3
Regulatory Considerations
2.1
When processing personal information, the Data Protection Act 1998 (DPA) and the
Human Rights Act 1998 (HRA) must be adhered to. The DPA provides the
Conditions under which the processing of personal information can occur. The HRA
provides information around the privacy considerations which must be taken into
account when using personal information, including decisions around proportionality
and public interest.
2.2
PIA 29 10 2014
3.1
3.2
3.3
The policing purpose prescribed under Common Law includes the prevention and
detection of crime, the apprehension and prosecution of offenders and the
maintenance of law and order. Identifying and dealing with individuals who
perpetrate offences fulfils the first two objectives of Our Duty; a commitment by the
Office of the Police and Crime Commissioner and the Chief Constable to the people
of Leicestershire to deal with those who cause most harm and to protect vulnerable
people from future offences.
3.4
The ability to identify a suspect as soon as possible and make an early arrest is
extremely important for several reasons:
to secure evidence
3.5
The software technology identified to assist the Force in their policing purpose is
NEC NeoFace, which fulfils a further two of the Our Duty principles namely
effectively deploying our people and ensuring effective and efficient use of
technology. With the budgetary constraints placed upon the Force, both principles
PIA 29 10 2014
are becoming ever more important if the Force is to meet its policing obligations and
the expectations of the public it protects.
3.6
Custody Images
4.1
Custody images are those images obtained when an individual is detained by the
police.
4.2
The police derive their powers to obtain an individuals image from Section 64A of
the Police and Criminal Evidence Act 1984 (PACE)1. PACE and the PACE Codes of
Practice provide the core framework of police powers and safeguards around stop
and search, arrest, detention, investigation, identification and interviewing detainees.
The legislation looks to address the balance between the powers of the police and
the rights and freedoms of the public. Maintaining that balance is a key element of
PACE.
4.3
PACE states that where a person is detained at a police station they may be
photographed with the appropriate consent or if the appropriate consent is withheld,
or where it is not practicable to obtain it, without consent.
4.4
4.5
PACE permits the police to photograph an individual where the individual has been:
(a) arrested by a constable for an offence;
(b) taken into custody by a constable after being arrested for an offence by a person
other than a constable;
PACE has received a number of amendments including those under the Anti-terrorism, Crime and Security Act 2001, the Serious
Organised Crime Act 2005, the Police reform Act 2002 etc.
PIA 29 10 2014
4.6
The custody photograph is then stored within the police data base known as
Custody Image Management (CIM) which holds over 104,000 such photographs.
5.1
The NeoFace technology is software that is able to compare images presented to it,
which have been captured on media such as CCTV and body cams (one data set)
against photographs of individuals detained under the Police and Criminal Evidence
Act 1984 (second data set).
5.2
NeoFace technology compares the two data sets and identifies matches from facial
characteristics.
5.3
NeoFace does not base its selection on gender, age or race and so will return
images of all ages, genders and race. (Leicestershire Police has chosen not to
incorporate metadata at this time).
5.4
For each comparison search, NeoFace will select the most likely matches, up to a
total of two hundred. Using new technology to identify potential suspects from an
existing database by automated means, clearly results in a vast amount of personal
data being processed, during each search.
PIA 29 10 2014
5.5
The use of this technology is not only new to Leicestershire, but to the police service
in general and given the extent of processing by automatic means, a full Privacy
Impact Assessment was undertaken. This decision was also based on the interest
the technology may attract to ensure that during implementation privacy issues had
been identified, recorded and ultimately addressed.
Information Flow
6.1
6.2
6.3
As previously stated, it is the 104 000 photographs held in CIM that Neoface
compares with the photographic images presented to it. A process for the use of
NeoFace has been identified and is illustrated in the flow chart below.
PIA 29 10 2014
Email sent to
IMU
Bodycam
Image
Social Media or
Photo from
mobile phone
Surveillance
Image
EFIT-V
Unsuitable:
Inform the requesting
OIC.
Log on spreadsheet and
file image
Suitable:
ID officer will run the image through NeoFace and check the
top 200 returned faces for potential suspects.
Images compared against the lawfully held custody database
6.4
Fig 1
The image of the suspect to be identified is input into NeoFace. The Technology
compares the image of the unknown suspect, to the database containing images of
known persons, detained by the Force. Those NeoFace identifies as matching the
image of the suspect are selected. A search can return up to a maximum of 200
images and will include images of both male and females.
6.5
The operator will view the matches identified by Neoface and manually remove
photographs of those whose images do not resemble the image of the suspect. This
is the point at which human intervention takes over from automated processing.
6.6
Wrong gender
Wrong ethnicity
PIA 29 10 2014
Consultation
7.1
Home Office
Chief Constable
During the pilot period and subsequently, the technology and the process has been
televised, using fictional images. It has also attracted visits from the legal profession,
other enforcement agencies and other police forces from around the world.
8.1
The CIM system contains over 104,000 images, all of which were obtained under
PACE when the person was detained and therefore provides an audit trail showing
both the name provided by the individual at the time and their description also
recorded at the time, which is then held with their image.
8.2
An image and the personal data associated with it, is used before charge for the
following reasons:
in the event of an allegation that an individual has given a false name which
has resulted in an innocent party being summoned;
8.3
An image and the personal data associated with it, is used after charge but before
conviction for the following reasons:
to identify an individual when a warrant has been issued by the Court and
police officers have a duty execute it as soon as possible 2.
If issued under s13 Magistrates Courts Act 1980, it will be valid indefinitely.
PIA 29 10 2014
Should they have been remanded in custody and after being taken before a
court, bailed to re-appear, but have failed to do so.
Where the court has issued a further bail notice (court bail) and the person
does not attend the hearing
8.4
Key privacy issues relate to the retention of images whereby the individual, although
arrested, did not appear before the court because:
8.5
The Police and Criminal Evidence Act states that photographs taken under s64 may
be used by, or disclosed to, any person for any purpose, related to the prevention or
detection of crime, the investigation of an offence of the conduct of a prosecution or
to the enforcement of a sentence and may be retained provided they are used for
the same purpose for which they were initially obtained.
8.7
Retaining all images of individuals taken under PACE, whether later convicted or not
allows Neoface to search across the whole of the data base and may return images
found in both data sets.
Privacy Solutions
9.1
Action being taken to address issues and reduce the risk is already being
undertaken by the Identification Suite (See Data Protection Table).
9.2
10
The NeoFace system has been installed in the Identification Suite (ID Suite).
PIA 29 10 2014
The Identification Suite is separated from the reminder of the building and is
secured.
9.2.2 Management
9.2.3 Operators
10.3
Use of NeoFace
10.3.1 All requests for the use of NeoFace are submitted to the ID Suite and overseen by
the ID Suite Manager.
10.3.2 A Form has been created and must be submitted with each request, which details
the reason for the request and the provenance of the images being presented.
10.3.3 After accepting the image(s), the Operator will undertake the search.
10.3.4 Once the matches are returned by Neoface, the Operator will undertake a visual
assessment and remove any that clearly do not match the image of the individual
sought. E.g. different gender etc.
10.3.5 The Operator will provide the matches which NeoFace has identified and have
been verified, to the OIC as well as making it clear that the images are to be
11
PIA 29 10 2014
treated as information only and that further police enquiries are required to
establish whether the person could be considered as a suspect or not.
10.3.6 The OIC will be reminded that the information being provided is sensitive personal
information and therefore must be treated as Restricted and if the images
returned are to be sent to the OIC by e-mail, then the Operator will ensure the email is marked Restricted.
10.3.7 The Form which accompanies the returned images, reminds the OIC that the
matches are for intelligence purposes only and cannot be used as evidence. They
are not informed as to the status of the person in the custody image.
10.3.8 Guidance should be issued to ensure the decision making during the public interest
test is recorded.
11
Risk
See Appendix 1.
12
Evaluation
12.1
12.2
13
13.1
The Project and the privacy risk have been accepted by D/ Ch. Supt Prior.
The privacy risks involved in the project have been accepted by D/Ch. Supt Prior.
(Still awaiting the outcome of the two privacy court cases).
12
PIA 29 10 2014
14
14.1
The ID Suite Manager will be responsible for integrating the PIA outcomes back into
the Project Plan and keeping the Head of the Delivering Justice Directorate
informed.
14.2
PIA outcomes will be addressed by the ID Suite Manager in consultation with the
Head of the Delivering Justice Directorate.
14.3
The ID Suite Manager will be responsible for implementing any solutions to issues
identified back in to the project.
14.4
The ID Suite Manager will confer with Information Management Section regarding
future privacy concerns which will then be raised with the SIRO.
15
Action to be Taken
15.1
As the Data Protection Act 1998 provides the legal framework around the
management and use of personal information, recording the implications the DPA
has on the use of existing custody photographs with the Neoface technology, will
sign post issues to be considered and addressed.
16
16.1
17
17.1
See Appendix 1
13
Appendix 1
Neoface Privacy Impact Assessment implications for the compliance with the Data Protection Act commenced on the 29.10.2014
The following are the Principles of the Data Protection alongside the risk to the Act in relation to the use of Neoface. This is a living document and should be
updated and dated accordingly.
Principle 1
Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless:
a) at least one of the conditions in Schedule 2 is met, and
b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
Considerations
What is the purpose of this
technology?
Explanation
Additional Considerations/Risks
Action/Mitigation/Justification
ID Suite Operator overseas the
management of PACE Photographs.
ID Suite Operator undertakes
Human intervention to ensure the
photographs identified by Neoface
are similar or the same as the image
being presented for comparison.
Any photographs returned by
Neoface which do not match are
rejected.
Only details of those whose image is
identified as being the same or
similar are provided to the officer in
the case, who will undertake a
second sift and again reject any they
feel do not match the person they
are seeking.
PIA 29 10 2014
15
PIA 29 10 2014
contained in statute.
Pressures to find quicker and more
efficient ways of identifying suspects
and solving crime are at the
forefront of the Police Service.
The use of biometric technology to
identify potential suspects from
existing photographs held by the
police is clearly a more efficient,
effective and a less time consuming
process.
The efficiency of the system does
increase the privacy concerns
surrounding its use.
16
PIA 29 10 2014
RIPA Authority
17
PIA 29 10 2014
18
PIA 29 10 2014
Schedule 3
(6) Legal Proceedings
(7) Administration of Justice
SI 417 regarding the processing of
sensitive personal information.
If you are relying on consent to
process personal data, how will
this be collected and what will
you do if it is withheld or
withdrawn?
19
PIA 29 10 2014
20
PIA 29 10 2014
Principle 2
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with
that purpose or those purposes.
Considerations
Explanation
Additional Considerations/Risks
Action/Mitigation/Justification
PACE permits the use and retention
of photographs obtained lawfully.
The further use of the photographs
already held is in connection with
the policing purpose.
Does your use of Facial
Recognition cover all of the
purposes for processing
personal data?
Yes at present.
21
PIA 29 10 2014
Principle 3
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
Considerations
Additional Considerations/Risks
Action/Mitigation/Justification
The photographs obtained under
Is the information you are
PACE are of very good quality.
using of good enough quality
for the purposes it is used for? The images obtained for
comparison are assessed and if they
are of poor quality, are not
presented to Neoface.
Have you considered what
personal data should not be
used, without compromising
the needs of the project?
22
PIA 29 10 2014
23
PIA 29 10 2014
Principle 4
Personal data shall be accurate and, where necessary, kept up to date.
Considerations
Explanation
Additional Considerations/Risks
If you are procuring new
software does it allow you to
amend data when necessary?
24
Action/Mitigation/Justification
PIA 29 10 2014
images be retained?
25
PIA 29 10 2014
Principle 5
Personal data processed for any purpose or purposes shall not be kept for longer than necessary for that purpose or those purposes.
Considerations
What retention periods are
suitable for the personal data
you will be processing?
26
Explanation
All custody photographs are
retained.
Additional Considerations/Risks
Action/Mitigation/Justification
PIA 29 10 2014
Principle 6
Personal data shall be processed in accordance with the rights of data subjects under this Act.
Considerations
Explanation
No change
Additional Considerations/Risks
Action/Mitigation/Justification
27
PIA 29 10 2014
Principle 7
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss
or destruction of, or damage to, personal data.
Considerations
Explanation
Additional Considerations/Risks
Action/Mitigation/Justification
Do any new systems provide
protection against the
security risks you have
identified?
Access to biographical
technology is restricted to
Identification Unit Staff only.
Each Operator is individually
trained in the operation of the
system and the rules around its
use.
Each Operator is reminded of the
general requirements around
security:
Logging on and off
Password composition of
Prevent shoulder surfing
28
PIA 29 10 2014
29
Included in Policy
PIA 29 10 2014
30
PIA 29 10 2014
31
Additional Considerations/Risks
Action/Mitigation/Justification