UK Police: 'Innocent people' on unregulated photo database

Police forces in England and Wales have uploaded up to 18 million "mugshots" to a facial recognition database. This is despite a court ruling it could be unlawful. They include photos of people never charged, or others cleared of an offence, and were uploaded without Home Office approval.

Photos of "hundreds of thousands" of innocent people may be on the database, an independent commissioner said.

The database complies with the Data Protection Act the police insisted.

It comes despite a ruling in 2012, when two people went to the High Court to force the Metropolitan Police to delete their photos from databases. The judge warned forces should revise their policies in "months, not years".

Met Police Commissioner Sir Bernard Hogan-Howe told the BBC that since the court case, his force had stopped putting images on the national database until the law had been clarified.
"So the broad concern is - are we keeping images of people who aren't convicted, and are we using them?" he said. "I don't think this is against the law but of course we always want to catch criminals." He added that he would look into the matter.

Biometrics Commissioner Alastair MacGregor QC said he was concerned about the implications of the system for privacy and civil liberties. MacGregor said police had been warned to put rules in place regarding the use of police mugshots - but had not done so.

He said he recognised the potential value of the database to the police, but warned senior officers had rushed in without considering all the implications. "These are important issues and it does seem to me surprising that they have not been addressed more carefully," he said.

Chief Constable Mike Barton, of the Association of Chief Police Officers, said forces had to stay up-to-date with new technology. "Everybody is very keen that the police enter the cyber world," he said. "I hear much criticism of policing that we're not up to speed and it does come as a surprise to me that we're now being admonished for being ahead of the game."

However, the use of the system has been criticised by some MPs and David Davis, the former Tory shadow home secretary, said that police forces should not "misuse the data in this way. There is a mind-set here, which is flawed…It's quite understandable, police always want more powers, but I'm afraid the courts and parliament say there are limits," he said. "You cannot treat innocent people the same way you treat guilty people."

http://www.bbc.co.uk/news/uk-31105678

« Anthem failed to encrypt data prior to cyber-attack
Snowden Reveals that China Stole Plans For New F-35 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Brainwave GRC

Brainwave GRC

Brainwave GRC is a leading European software provider focused on Identity Analytics and intelligence to strengthen IT security and compliance.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

CyRise

CyRise

CyRise is a venture accelerator focused squarely on early stage cyber security startups.

CyberCareers.gov

CyberCareers.gov

CyberCareers.gov is a platform for Cybersecurity Job Seekers, Federal Hiring Managers and Supervisors, Current Federal Cybersecurity Employees, Students and Universities.

Sompo International

Sompo International

Sompo International is a global specialty provider of property and casualty insurance and reinsurance services including Cyber & Network Risk.

NetSPI

NetSPI

NetSPI is an information security penetration testing and vulnerability assessment management advisory firm.

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

Kodem Security

Kodem Security

Our mission is to make AppSec simple. Meet the world’s first dynamic software composition analysis platform. Only Kodem uses runtime intelligence to determine application risk.

CyberNut

CyberNut

CyberNut are a security awareness training solution built exclusively for schools.

ELK Analytics

ELK Analytics

ELK Analytics is a specialized Managed Security Services Provider (MSSP) that focuses on endpoint security and monitoring & alerting for any type of structured or unstructured data.

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.

Aikido Security

Aikido Security

Aikido is the no-nonsense security platform for developers. Secure your code, cloud, and runtime in one central system. Find and fix vulnerabilities automatically.