How surveillance sensitive are you? When it comes to public space surveillance it’s an important question if you happen to live in what is one of the world’s most watched democracies.
And it’s even more important now that the government has said that some leading providers of the surveillance cameras and systems watching our public spaces aren’t to be trusted. The announcement on 24 November is the first public acknowledgement by the government of what security professionals have known for some time: that these companies can’t be trusted with sensitive surveillance functions. They have also been directly linked with human rights atrocities perpetrated by the police. Both of these aspects raise significant trust issues. Some local authorities and even government departments stepped up to the ethical leadership plate - now the UK government has directed the removal of their surveillance systems initially from ‘sensitive’ government sites.
So what’s next? I have likened the situation to digital asbestos because:
- These systems have been widely installed by a previous generation largely on the basis that they were cheap and got the job done.
- Now we know they bring significant risk we should probably stop installing any more until we understand the depth and breadth of those risks.
- Then we should set out a timeline for assessment and removal/replacement where appropriate, some of which will need to be done immediately, some over decades.
Local authorities and police forces in England and Wales have already been in contact with my office asking what constitutes a ‘sensitive’ site in their context. The government hasn’t defined ‘sensitive’ and of course surveillance extends far beyond fixed geographical locations, so we must decide that for ourselves. Here are some questions that might assist in framing the issues.
- Where do we want untrusted companies and equipment watching us? On the underground, screening our luggage at airports, coming into police custody, or hospitals or universities? How about people visiting places of worship, trade union offices, polling stations or abortion clinics? Probation offices, domestic violence refuges, rehabilitation centres, care homes, hospices, witness care locations? In data protection and privacy terms these would almost certainly be ‘sensitive’ and any personal data being collected from them potentially falls into a Special Category under GDPR.
- Sensitive public space surveillance can be a question of function as much as location. Which of our policing or local authority functions are not sensitive enough for us to insist on trusted surveillance partners and equipment? I have just completed a biannual police survey which shows that over 1/3 of police forces are using surveillance equipment from the companies denounced as a risk by the government.
- Most policing bodies use drones to carry out surveillance, the majority of which are supplied by companies that are already known to be unsecure and untrusted and which are banned in countries such as the United States. If our drones won’t be allowed to fly over ‘sensitive government sites’, are they OK to be trusted with sensitive surveillance functions by policing and law enforcement?
- My survey also covered local authorities’ use of public space surveillance and the results of that will be available early next year but it’s already clear that many councils use these companies extensively. How far have we explained and discussed these surveillance sensitivities with affected communities? What did they tell us? And as the police use local authorities’ surveillance cameras for some very sensitive functions, how joined up is the approach to public space surveillance sensitivity – and risk?
To be clear, this isn’t a ‘police’ problem and it’s not a ‘local authority’ problem; it’s not just a procurement or an ethical one: it’s a democratic one. And it’s international. As such it extends far beyond my limited statutory functions for the government’s Surveillance Camera Code of Practice. Which is why I met the Security Minister to discuss whether the further risks and requirements from surveillance sensitivities might be taken forward by his recently announced Task Force. My letter can be found here. The meeting was brisk and business like and I left believing that things will begin to happen.
Following almost two years of meetings with politicians, Peers, partners; with chief police officers, chief executive officers, experts in surveillance, cyber risks and ethics; with journalists, lawyers, academics and human rights practitioners all under the auspices of the National Surveillance Camera Strategy, I’m pleased to say that the issue has now moved on. Since the Written Ministerial Statement we’re no longer talking about whether certain surveillance companies can be trusted any more. We’re now asking ourselves what can be done to ensure that only those companies who have demonstrated their trustworthiness are working across any of our sensitive democratic infrastructure.
There’s a Chinese proverb which says “even a journey of a thousand miles begins with one small step”. This is that small step - and there’s a long way to go.
Leave a comment