The aim of this audit and assurance review is to consider the state, effectiveness and efficiency of the arrangements surrounding the use by Police Scotland of the facial search technology capabilities contained within the UK Police National Database (PND).
In doing so, we also consider the statutory framework that underpins the police use of biometric data in Scotland. It should be noted that we use the term ‘facial search’ and not facial recognition as police images in the Criminal History System (CHS) in Scotland, and those in the broader UK PND system, are not of sufficient digital resolution for them to be used against software that would deliver a true automated recognition capability . In other words, PND does not deliver a facial recognition capability, but instead returns a list of potential image matches that then require further human assessment and investigation.
The audit and assurance review follows on from questions directed to the Scottish Government in 2015 relative to the police use of facial recognition technologies in Scotland. It also takes cognisance of a request from the Cabinet Secretary for Justice for HMICS to consider including scrutiny of this area in our programme of work for 2015-16.
As part of this audit and assurance review, we have examined Police Scotland’s current practice and have assessed compliance with internal policy. We have also reviewed governance and oversight arrangements within Police Scotland including the administrative and technical interface between CHS and the wider UK PND with regard to the recording, weeding and retention of information by Police Scotland. This has included a review of how Police Scotland interfaces with wider UK governance arrangements around PND, and how the arrangements in Scotland align with current statutory PND Codes of Practice for England and Wales.
This audit and assurance review also provides comparisons with the legislative approaches to biometric data retention in England and Wales. It also considers the use of the PND and other facial search software adopted by forces in England and Wales, and considers the wider policing and societal opportunities and threats which arise from the police use of such new and emerging biometric technologies.
This audit and assurance review was conducted as part of our scrutiny programme for 2015-16. Our programme provides flexibility to scrutinise new and emerging issues affecting policing in Scotland.
Scottish Government should work with Police Scotland and the Scottish Police Authority to consider legislative provision in relation to the retention and use of photographic images by the police.
Scottish Government should work with Police Scotland, the SPA, COPFS and other interested parties to consider the establishment of an independent Scottish Commissioner to address the issues of ethical and independent oversight over biometric databases and records held in Scotland, with sufficient flexibility to embrace future technologies and relevant codes of practice.
Police Scotland should amend its internal PND Search Request Form so that the reasons for requested PND searches are coded to align directly with the PND Search Reason Codes in the live database.
Police Scotland and the Scottish Police Authority should consult with Scottish Government and other stakeholders on the potential development of a statutory Code of Practice for the use of biometric data in Scotland.