UK Puts Hundreds of Thousands of Innocent People in Facial Recognition Database

British police have loaded 18 million faces into a facial recognition database, including the mugs of "hundreds of thousands of individuals who have never been charged with, let alone convicted of, an offence." That interesting datum was first reported last month by the BBC, and confirmed a few weeks ago by a parliamentary report. That's a revelation that should be of concern not only to Britons, but to citizens of a certain republic on the other side of the Atlantic Ocean where intrusive and fallible facial recognition technology has been embraced by the authorities with an enthusiasm rivaling that in the UK.

In February, the BBC's Nick Hopkins and Jake Morris revealed:

Police forces in England and Wales have uploaded up to 18 million "mugshots" to a facial recognition database—despite a court ruling it could be unlawful.

They include photos of people never charged, or others cleared of an offence, and were uploaded without Home Office approval, Newsnight has learned.

Photos of "hundreds of thousands" of innocent people may be on the database, an independent commissioner said.

The database complies with the Data Protection Act, police insisted.

Biometrics Commissioner Alastair MacGregor QC said he was concerned about the implications of the system for privacy and civil liberties.

How many mugshots? And of innocent people? What?

That information turned out to be a leak from an extensive report prepared by members of Parliament for the House of Commons Science and Tchnology Committee on the use, misuse, and undirected adoption of biometric technology by the UK government. In the case of facial recognition, the above-mentioned Alastair MacGregor is quoted as noting the hoovering up of hundreds of thousands of apparently innocent—or at least not obviously guilty—people into the Police National Database. That hoovering came courtesy of a bit of a legal oversight.

Compounding this confusion was an apparent 'gap' in the legislation regarding the retention of images, and the use of facial recognition software, by the police. The Information Commissioner's Office (ICO) stated that the Protection of Freedoms Act 2012 "does not cover photographs" and that there was "no specific legislation covering their retention or their use".

Nobody told the cops they couldn't load every snapshot they got their hands on into the system, so they did.

If all of this sounds a bit familiar, it should. Last year we found out that America's own FBI plans to load 52 million of our mugs into own Next Generation Identification database. That's in addition to roughly 120 million snaps stored in independent (for now) state databases. The ACLU's Jennifer Lynch warned at that time that the sourcing for some of those shots was a bit vague, raising the very real possibility of innocent people being entered into the system for a permanent role in police lineups.

Which is a bit disturbing when you consider that FBI specs allow for tagging "an incorrect candidate a maximum of 20% of the time."

British parliamentarians also fret about just who has access to all of that sensitive biometric data. The report noted that "the more agencies and organisations that have access to an individual's biometric information, the greater the likelihood that this information will be used for another purpose beyond that for which it was originally collected."

But Americans are way ahead of the UK there. Two years ago, Ohio Attorney General Mike DeWine quietly added facial recognition capability to the state's store of photographs, and then handed access to 30,000 of his friends. What could go wrong? Oh.