back to article Scot.gov wins pals with pledge not to keep hold of innocents' mugshots and biometric data

The Open Rights Group has backed the Scottish government's plans to immediately delete mugshots at the end of legal retention periods – something Whitehall said is impossible in its own systems. The Scottish government is consulting on proposals to improve oversight of the use and retention of biometric data, which would see …

  1. Loyal Commenter Silver badge

    But the Home Office has countered that it isn't technically possible to automatically link or delete records because national and local databases don't talk to each other, and that doing it manually would be too costly to justify.

    If you can't do something right, on the basis of it being too costly, that doesn't preclude you from not doing it wrong in the first place. In other words, it doesn't stop the government saying to the police that they should not be permanently recording people's images in the first place, unless they have a good reason for doing so.

    As with these new rules the Scottish Government is proposing, you can easily draw a distinction between designing the capability into new systems to remove data once it is no longer needed, and the inability to do so in legacy systems, and thus make sure it is done properly when those systems are replaced or upgraded.

    The fact that UK.gov has avoided doing so tells you all you need to know about the data fetishism of both the Home Office and various police forces (I suspect the likes of the Met and North Yorkshire are particularly bad, given their respective track records on respecting Human Rights). I'd like to point out, also, that there is a world of difference between the policies of Police management, and the actions of individual officers, who are bound by those policies. The archetypal bad cop aside, I think a lot of the rot within forces like the aforementioned is in the senior ranks, not the rank-and-file officers, who on the whole do a difficult, underpaid, and stressful job with little recognition in the face of an often hostile public.

    Oh, and for those who like to go on about 'unaccountable bureaucrats' it is worth remembering that there are over 300,000 civil servants in the UK (compared to the 46,000 odd employed by the EU), and this sort of fetishism almost certainly originates with the senior ranks of civil servant within the Home Office, and not with Ministers.

    1. veti Silver badge

      It seems to me that "doing it manually would be too costly to justify" is another way of saying "we're not being penalised enough for doing it wrong".

      If the respective forces were being fined, say, £10 per person per day for every biometric record they kept after the justification for keeping it had expired, they'd pretty soon figure out a way to delete them. Nothing focuses C-level attention quite like the promise of a huge gaping hole in next year's budget.

  2. Anonymous Coward
    Anonymous Coward

    Interesting development given that Serco et al. go to Disclosure Scotland for their employee background checks to take advantage of Scotland's far more porous privacy laws.

    1. EnviableOne Bronze badge

      NOt so, i believ the driving factor for disclosure scotland use is as with most things Serco et. al are involved with is COST

      Disclosure Scotland is cheaper than DBS

  3. GnuTzu Bronze badge

    "...There must be a distinction between convicted and non-convicted people"

    That should mean that you only get to keep the images that have been proven to be of those with a record of conviction--with all others assumed innocent--and deleted within the requisite time period. I suspect that those who say it's "impossible" are confused about what this means (or making other excuses).

    1. Anonymous Coward
      Anonymous Coward

      Re: "...There must be a distinction between convicted and non-convicted people"

      the distinction is that enough data hasn't been collected for their conviction yet - they're bound to be guilty of something, aren't they?

    2. Anonymous Coward
      Anonymous Coward

      Re: "...There must be a distinction between convicted and non-convicted people"

      Is the Scottish additional legal verdict of "not proven" treated as "not guilty" for record keeping?

  4. This post has been deleted by its author

    1. CommanderGalaxian

      Re: When it comes to themselves

      You must really hate Scotland. Fuck off Yoon troll.

  5. Peter2 Silver badge

    Challenge: the various systems operated by each police force are setup to automatically send information to the national police database, but are not programmed to retrieve data from the national system when a case is deleted, meaning that deletions would have to be a manual process until change requests are done for each of the systems in question.

    https://en.wikipedia.org/wiki/List_of_police_forces_of_the_United_Kingdom

    Whitehall has 44 county police forces, plus the British Transport Police, the Civil Nuclear Constabulary and the Ministry of Defence Police. =47 police forces to deal with. If you take a dozen people per force * 47 forces this would require a commitment of 564 staff.

    Scotland has one police force to deal with. 1 * 12 = 12 staff.

    This might have some bearing on why Scotland.gov is happier to quickly commit to things like this than Whitehall.

    1. Loyal Commenter Silver badge

      On the other hand, all those different forces get more funding in total, largely from council tax, which covers more people than that single force, so is a proportionately higher amount. So they might need 47 times as many staff, but they almost certainly have 47 times the budget to deal with it. If not, then blame austerity!

      1. Anonymous Coward
        Anonymous Coward

        by way of comparison

        Norfolk constabulary employs about an eighth the numbers of Police Scotland and has a budget around a eighth of Police Scotland but the population is a sixth.

        Smaller forces don't get the economy of scale, or would you rather England had a single police force?

    2. Halfmad

      It certainly makes it easier to commit, however until recently Scotland had several Police forces so even though those were much smaller than most other forces in the UK it still meant different entities.

      Also need to look into the political dimension here. The Scottish Government love to highlight things they do better than Westminster, this is yet another one to add to that list. I suspect irrespective of the number of forces, they would have set this out anyway.

  6. SVV Silver badge

    Impossible?

    I suppose the idea of just installing the Scottish computer system in England has been conveniently not considered. I know the legal systems are different, but the link with the national database to transfer the person's data still works. Surely then the systems will be easy to populate from the national database, as there will be a foreign key on each record linking to the originating police force (won't there?). No, there must be some deeper technical issue, otherwise such a blatant for the sake of it data grab would never have been contemplated by the government of Theresa "liberal" May.

  7. Insert sadsack pun here

    "It said that the code would apply to Police Scotland [etc...] - but not for national security or private companies."

    Private companies would of course continue to be covered by the DPA/GDPR.

  8. eldakka Silver badge

    But the Home Office has countered that it isn't technically possible to automatically link or delete records because national and local databases don't talk to each other,...

    Then how does the data get propagated across all those databases in the first place? If someone is booked in police region X, and the databases don't talk to each other, then surely the only place that data (photos, DNA, etc.) is located in is that regions database, and thus that is the only place in which it needs to be deleted, the region that submitted the charges and took the matter to court.

    Otherwise, surely the same mechanism that is used to propagate that data can be used to delete it?

    ...and that doing it manually would be too costly to justify.

    Can I use that excuse, that it'd be too costly for me to justify, if I ever get pulled up before a court?

  9. Anonymous Coward
    Anonymous Coward

    It's very simple to fix...

    ...give them 18months to sort it or delete everything.

  10. Anonymous Coward
    Anonymous Coward

    Well...

    If facial recognition data is held when taken at airports we havent got much to worry about.

    My son managed to cause mayhem at the security gate at Heathrow by discovering a 0day.

    He's three years old and broke the facial recognition system by wearing a Thomas the Tank engine t-shirt.

    I was looking at the screen while the lad was doing as he was told and the software focused on Thomas.

    Apparently, the facial recognition algorithm determined that Thomas was more human looking than my lad.

    They adjusted his standing position and it finally stopped detecting Thomas and went for Percy instead.

    They ended up just waving him through as the queue was piling up fast.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019