The UK police forces’ automatic number plate recognition systems form arguably the world’s largest civilian surveillance system, taking about 1 billion number plate reads a year. Some years ago I was put on a panel to help the criminal justice system improve its transparency and made enquiries about ANPR governance. ANPR is a powerful, important system – to operate effectively it needs modern, robust governance that engages the people it surveys and keeps safe, as well as system users. The current governance system isn’t up to the task. I have been meeting with interested parties for a while now and publish my work here (you can find it all at this link). The police are amenable to improving the governance. The Crime and Justice Sector Transparency panel on which I sat was abolished this summer and it isn’t clear what replaces it, nor what their locus will be. So I continue my work. Here is the latest correspondence with the police.
ACC Paul Kennedy
Chair, National ANPR User Group
North Yorks Police
5 September 2016
Dear Paul Kennedy
Governance of ANPR
I am grateful to you for our meeting on 4 August, I welcome your continued leadership in engagement between the police and civil society actors on ANPR. I am pleased that we share the ambition for the UK to have the world’s best governance system for the world’s biggest ANPR system.
At the meeting, we discussed a wide range of issues concerning ANPR governance and after a holiday break, I set out my thoughts below.
Putting ANPR on a proper statutory footing is the best way of balancing rights and responsibilities. It gives parliament a proper chance to debate and scrutinise the issues. And would provide an effective accountability structure. I am pleased that the police will take this issue forward with the Home Office later in 2016. The Surveillance Camera Commissioner referred to this in his blog post of 23 August. But this will take many years to bring into effect, even if Home Office agrees.
The lack of a statutory underpinning is at the heart of ANPR governance issues.
ANPR is a system that is run by the police for a variety of reasons – initially CT, then as its capability increased (and/or as forces understood better how to use it) serious crime. As it becomes easier to use ANPR systems (as intended by the procurement of a new national systems from Finmeccanica/Leonardo) it is being used for less serious crime, such as whether a vehicle is insured or not. It has no particular legal footing, other than the Data Protection Act. I don’t think Parliament has had a debate on modern ANPR in the round, which seems wrong for arguably the world’s biggest civilian surveillance system.
It’s a common practice while waiting for legislation to set up a ‘shadow’, interim or provisional arrangement. This allows the development of practice through application that can inform legislation. Shadow arrangements can last for some time. The existence of a shadow body could also help with any challenges made under the existing law. However, shadow arrangements usually take forward the gist of agreed policy (eg a White Paper). We lack that for ANPR. As I said in the meeting, a report by a panel of independent experts could be valuable, I should be happy to contribute to that. My work on OFCOM many years ago involved a paving bill which enabled preparation to be done, but i doubt there is a case for that here.
Short term improvements – privacy group
At our meeting were police experts, Home Office, Surveillance Camera Commissioner’s office, ICO and Big Brother Watch (Liberty was invited to the first meeting but decided it could not attend). We agreed that our next meeting in the Autumn would include a larger group as a step towards shadow regulation. You asked for suggestions as to attendees. I wrote an article earlier this year on how an ANPR regulator could be composed – I paste the bulk of that in an Annex below. See
I have approached a technical expert who is interested and will put them in touch.
I mentioned the work of ‘The Ferret’ an investigative journalism website site that has covered issues with ANPR in Scotland, on which they consulted me. It seems that Police Scotland, although working under the same data protection law, have come to differing conclusions to the english police about data retention. It also seems that there are technology problems there too. The article is here https://theferret.scot/police-scotland-dump-millions-anpr-records-privacy-fears/
‘A Police Scotland spokesperson confirmed that a “short life working group” has now been set-up to tackle the issue and that it planned to delete the older data following a decision by the force executive.
But they also admitted that the body had not yet worked out which data should be retained and which data should be deleted from its huge archive. Neither could they provide a timescale for when the work would be completed.’
Data retention – proportionality
The retention of large quantities of data about innocent people to solve a small number of crimes requires an assessment of proportionality. This is particularly challenging for ANPR given the substantial scale of collection. Taking a simplistic, reductionist mathematical approach, with 1 billion ANPR reads per year if ANPR contributes to detection or solving of say 1 million crimes a year (about 15% of all crime incidents) that is only 0.001 % of reads. A more realistic assumption might be 100,000 incidents, 0.0001% of reads. Superficially, it is hard to say that this is proportionate.
I wholly understand the police argument that ANPR is about detecting or deterring serious crime, which multiplies up the value/numerator, but I would suggest that the burden is incumbent upon the police and government to make that case more effectively. The ICO raised the weak police evidencing of ANPR’s impact in their letter to you of 30 June 2015, released under FOI.
You mentioned an empirical study by academics that was about to start – it would be helpful to learn some more about this.
Data retention – legal advice
I am pleased that the police are now seeking advice from leading counsel on ANPR data retention issues, due in Q4 2016. Your counsel has queried why the existing data retention provisions (two years in theory) are any different to those set out for communications data retention (one year). Again, the police need to improve their communication of how ANPR works in fighting serious crime. Whilst I acknowledge that legal advice is privileged and protected from FOI, it would be helpful and in the public interest if you were able to publish counsel’s opinion.
‘Olympic feed’ – Met Police copy of ANPR data back to 2012.
I was also pleased to learn that you now have a process in place to review data retention/deletion of the Met Police’s copy of 10 billion ANPR reads from the national system dating to 2012 (the retention period is 2 years). In my research and meetings on ANPR I have not seen a case for keeping this much data for this long and I would urge you to delete it, or make a compelling case for retention for public debate. I understood from the meeting that there are now technical problems accessing this aging data store effectively and affordably. This strengthens the case for deleting it.
Anderson’s review of bulk collection powers examines regimes that will be covered by the IP Bill. Anderson does not explicitly cover ANPR, in part because it already exists and it is not on the face of the IP Bill. He finds that bulk collection, with safeguards is justified for CT and serious crime work. I agree with that, naturally. However Anderson explicitly excludes non-serious crime. On a first read of Anderson, the contrast between the regimes in place to support comms data etc retention and the lack of a safeguards framework for ANPR are stark.
The reports of the issues with the procurement of the new national system from Finmeccanica/Leonardo and issues with physically moving the replacement system for the Met out of Scotland Yard cause me concern. I have worked with many enterprise scale traditional public sector procurements. Pausing such programs, as has happened with the Finmeccanica system usually leads to a substantial reduction in scope and marginal decrease in cost. The cost then increases later as functionality is sought to be added back in. American contractors have often underestimated the amount bespoking their systems require for the UK public sector, it would be a shame if Leonardo-Finmeccanica had also fallen into that trap. If the police end up having to create another copy system (like the Met’s Olympic Feed) in order to enable modern system operation while waiting for or to enable a new system due to delayed go live then there is all the more case for better governance.
I referred in the meeting to the Advocate General’s opinion in the Watson/(formerly) Davis case.(http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d2dc30d5ddcf38f05aa94481bf2098f4406d7a38.e34KaxiLc3qMb40Rch0SaxuTc3j0?text=&docid=181841&pageIndex=0&doclang=en&mode=req&dir=&occ=first&part=1&cid=305058)
in which he set out obligations for a large scale surveillance regime:
‘the obligation and the safeguards which accompany it must be provided for in legislative or regulatory measures possessing the characteristics of accessibility, foreseeability and adequate protection against arbitrary interference;
the obligation and the safeguards which accompany it must observe the essence of the rights recognised by Articles 7 and 8 of the Charter of Fundamental Rights;
the obligation must be strictly necessary in the fight against serious crime, which means that no other measure or combination of measures could be as effective in the fight against serious crime while at the same time interfering to a lesser extent with the rights enshrined in Directive 2002/58 and Articles 7 and 8 of the Charter of Fundamental Rights;
the obligation must be accompanied by all the safeguards described by the Court in paragraphs 60 to 68 of its judgment of 8 April 2014 in Digital Rights Ireland and Others (C‑293/12 and C‑594/12, EU:C:2014:238) concerning access to the data, the period of retention and the protection and security of the data, in order to limit the interference with the rights enshrined in Directive 2002/58 and Articles 7 and 8 of the Charter of Fundamental Rights to what is strictly necessary; and
the obligation must be proportionate, within a democratic society, to the objective of fighting serious crime, which means that the serious risks engendered by the obligation, in a democratic society, must not be disproportionate to the advantages which it offers in the fight against serious crime.’
Although this opinion concerns communications data retention, the reasoning forms a general approach towards personal data gathered by the state on a large scale – as your counsel has apparently pointed out in relation to advising you on the retention period. I am not a lawyer, but it strikes me that, when set against the AG’s opinion, ANPR used for fighting serious crime in a targeted way is deficient in several regards – lacking a specific governance system in law, and in some respects on access to the data and data retention. I discussed proportionality above. Although there is thinking in place to address these issues, ANPR in its current form must be seen to be vulnerable to challenge, while we remain under the jurisdiction of the ECJ.
However, it is harder to reconcile a national, permanent ANPR system of systems for tackling minor crimes, as the Metropolitan Police’s website puts it:
community confidence and reassurance, and crime prevention and reduction.’
Does current working practice used the national ANPR system for these, or are they the preserve of mobile or temporary units?
Ethics in regulation
Our discussion touched upon ethical regulatory models. Elsewhere in regulatory practice, a strong, effective ethical regulatory system is a strength of the British medical industry – it allows our scientists to do things at the edge of practice and retain public confidence. The better the regulation, the more the risks they can take. Regulation is an enabler because it retains public confidence in the system as a whole, when, given the highly sensitive nature of the work without regulation only one or two errors could de-stabilise it preventing any further work.
Dame Mary Warnock’s 1984 report on ‘test tube babies’ was a milestone in ethics in regulation. Warnock was (is) a professional applied ethicist and she balanced an ethical dimension on this most challenging of subject with pragmatic advancement of science and delivering service to the public. She did this by setting out a regulatory system that still holds today where people who want to advance practice (scientists, practitioners) sit down with a broad spectrum of informed members of the public in panel and work out what is acceptable, balancing the interests. Warnock also held people’s fears to have weight, even if they were not rationally grounded. Scientist and practitioners are in a minority on the regulatory body, with an independent chair. The public/lay members include people who have received successful and un-successful fertility treatment, a journalist, a barrister, a bishop (who is a former scientist) etc. After Warnock’s 1984 report, the medical industry self-regulated and created a shadow licensing authority that ran for six years before government legislated.
Whilst individual ANPR decisions are not as ethically weighty as embryology, the scale of the ANPR systems and the indiscriminate nature of collection and retention means that a case can be made for a heavy-duty governance body. The Advocate General discusses the disadvantages of large scale data retention in paras 250 onwards of his judgement.
I welcome your proposal that a larger group should meet in November as the next step.
Thank you for convening this meeting and for your consultative, constructive approach. I am copying this to the police attendees, Home Office, ICO and SCC office representatives whose emails I have and Renate Sampson of Big Brother Watch. I shall also place a copy on my website at http://talkaboutlocal.org
Annex Shadow Board
I wrote an article in January 2016 suggesting an interim/shadow body ( https://talkaboutlocal.org.uk/anpr-towards-a-regulatory-structure-for-probably-the-worlds-largest-civilian-run-surveillance-system/ ) where I suggested a board membership as follows:
Independent executive chair
Chief Executive for ANPR
Surveillance Camera Commissioner
representatives of three police forces
a representative of the intelligence agencies
Police and Crime Commissioner
barrister whose practice is representing clients at the Information Tribunal
civil liberties body
data scientist (s) (at the leading edge of large data systems)
victim of crime whose case was solved through ANPR use
appropriate intelligence services regulator
journalist specialising in data protection issues
Following our discussion I would add in a parliamentarian of some sort – an MP or Lord or MSP or AM (Stella Creasy MP say) and a modern database engineer with experience of building and running commercial large data systems (eg someone from Amazon or similar NOT one of the systems integrator IT companies who sell systems to government).
Latest posts by William Perrin (see all)
- Digital opportunities presented by Brexit – Cardiff discussion - 13th December 2016
- Response to draft CCTV strategy - 5th December 2016
- In memoriam Steph Clarke - 25th November 2016