‘We need a biometrics commissioner for more than policing’
The term biometrics is not particularly well understood. And yet, this is the unassuming umbrella term for our most valuable personal data and we should care about how accessible it is to others.
One recent report defined it as “any physical, biological, physiological or behavioural data, derived from human subjects, which have the potential to identify an individual”. That’s wordy, but what we’re talking about is the capture of personal characteristics – fingerprints, DNA, scans of your eyes and much more.
To put it crudely, biometrics takes what makes you you, and turns it into a tool for others to identify you. But who is interested in getting hold of this, and why should we be bothered if they do? Law enforcement are among those most interested in the potential of biometric technology.
In 2015, in England and Wales, police forces even went so far as to unlawfully upload 18 million photos of people to a facial recognition database. Mugshots of people cleared or never even charged of an offence were put on there. Police Scotland, while not uploading photos they shouldn’t have been, were accessing the photos put on there by other forces.
Why is such a database so powerful? Images captured elsewhere, perhaps at a street party or football match, can then be compared against this database. Facial recognition technology was even deployed by police at a convention of Elvis impersonators in Wales, I believe to identify potential troublemakers rather than judge the quality of their sunglasses and wigs.
But without regulation, many organisations would say thank you, thank you very much. Don’t get me wrong, such technologies can play a significant role in bringing people to justice. But we can’t just gift public authorities, or indeed private companies, such a powerful tool.
Join us for FutureScot’s Digital Justice Conference, 21 November.
There are strict rules on indiscriminately taking and cross-referencing well-established biometrics such as our fingerprints and DNA for a reason. For instance, we have seen that mistakes and false identification can lead to miscarriages of justice.
Surveillance is steadily being normalised, to the extent that the presence of an audience beyond the people you can see often feels inevitable. Privacy now exists in this context.
We should be reflecting on what right someone has to possess our details and what they intend to do with them. There must be robust safeguards and that is why the lack of rigorous regulation around emerging technologies is a worry.
Two independent expert reports have echoed my party’s call for stronger governance and independent oversight. They have said a proper framework is necessary and recommended that Scotland get itself a Biometrics Commissioner.
The Scottish Government has been remarkably slow in responding. But it finally announced this month that it plans to introduce a Biometric Data Bill and establish a Scottish Biometrics Commissioner.
Our laws need updating. This was last looked at in 2008, after issues around the retention of DNA and fingerprint data were raised by Professor James Fraser. You only need to remember what your phone looked like in 2008 to see how much technology has moved on.
Fingerprints and DNA were the so-called first generation of biometrics. A second generation included facial, speech and iris recognition. Now a third generation is making use of the ability to recognise step and movement patterns with the development of gait recognition.
Technology doesn’t stand still. Data use and retention is a cornerstone of the modern world, and the benefits of its use create shortcuts and fast-tracks that can make it a more efficient place. Unlocking your phone with your fingerprint is an attractive proposition. Getting through passport control quicker is appealing too.
We need a new legal framework to be capable of coping with such change. It needs to be future-proof, capable of protecting the public from the misuse of existing systems and those that haven’t even been invented yet.
England and Wales already have a Biometrics Commissioner. Scotland needs to catch up in that respect too.
The new Commissioner should play an important role in keeping Parliament and the public aware of developments, the technologies coming down the line and what the implications of them are for our human rights and privacy. They are expected to start by overseeing the use of data in policing and criminal justice, but the Scottish Government must be open to their scrutinising what is going in health, education and the private sector.
If this doesn’t happen, we risk being left open to the discretion of persons unknown.
Liam McArthur is the Member of Scottish Parliament for Orkney Islands for the Scottish Liberal Democrats. He is the Liberal Demcrat’s spokesperson for justice and a member of the Justice Sub-Committee on Policing.