The government has failed to properly legislate for the increasing use of biometric data, leading to oversights and gaps in how it is managed, MPs have warned.
The Science and Technology Committee has voiced concerns about how information is collected, stored and used in its ‘Current and future uses of biometric data and technologies’ report.
Warnings cover a range of areas, including how the police are able to collect and retain biometric data about those who aren’t guilty of any crime and how banks are increasingly turning to biometric information in order to identify clients.
Technologies including Barclays’ blood-reading finger vein authentication and fingerprint reading by Apple’s iPhone 6 – recently deployed as a security measure for mobile banking by RBS – are both mentioned by the Committee’s report.
While MPs recognise the useful potential of biometrics, the Committee warns that a ‘governance gap’ has developed and must be fixed in order to properly regulate it in future.
“As we struggle to remember ever more passwords and pin numbers in everyday life, the potential benefits of using biometric technologies to verify identity are obvious,” said Andrew Miller MP, chair of the Committee.
However, he cautioned that biometrics “also introduce risks and raise important ethical and legal questions relating to privacy and autonomy” and particularly warned that the technology is already being used in an unregulated manner by the police.
Evidence provided following an inquiry by the Biometrics Commissioner Alastair MacGregor QC stated that police were uploading photographs taken in custody – even of those not charged with a crime – to the Police National Database and applying facial recognition software.
Meanwhile, the Information Commissioner’s Office (ICO) told MPs that the Protection of Freedoms Act 2012 “did not extend to photographs and that there was no specific legislation covering their retention or use by the police.”
Ex-GCHQ chief Sir John Adye also provided evidence to MPs, arguing that the use of biometric data in mobile phone devices needs to be better controlled.
While Miller said the Committee is “not against the police using biometric technologies like facial recognition software to combat crime and terrorism,” he expressed alarm over how “the police have begun uploading custody photographs of people to the Police National Database and using facial recognition software without any regulatory oversight.”
Miller went on to state that MPs are “concerned that this gap in the legislation has persisted, despite being known to both the police and the Government.”
The Science and Technology Committee has urged that an “effective regulation and a clear strategy” needs to be in place if biometric technologies are to be successfully exploited and their risks minimised. MPs also stated that the government’s failure to publish a proper biometrics strategy is having detrimental effects which are leaving a clear gap in legislation.”
“Management of both the risks and benefits of biometrics should have been at the core of the Government’s joint forensics and biometrics strategy,” said Miller.
He continued: “In 2013, my committee was told by the government to expect the publication of a strategy by the end of the year.”
The report still hasn’t materialised, something the Science and Technology Committee has strongly voiced concern about.
“We were therefore dismayed to find that, in 2015, there is still no government strategy, no consensus on what it should include, and no expectation that it will be published in this Parliament,” Miller concluded.