Is over-policing the future?: Development of the UK Law Enforcement Data Service (LEDS)
The Home Office development of the Law Enforcement Data Service (LEDS) is problematic and needs parliamentary oversight. Here's why we are concerned and what we are doing about it.
- The UK College of Policing has launched a public consultation lasting until 9th September 2020 on a new, UK-wide police "mega-database"
- PI and other UK NGOs have been involved in "open space" meetings with the Home Office to provide feedback on the project since 2018
- PI, together with other organisations, have written to three Parliamentary Committees urging them to review the development of LEDS and its Code of Practice. This is the only parliamentary oversight that the development of LEDS will be subject to.
- Here's everything we know so far and how you can have your say
What is LEDS?
How will LEDS work?
What's the problem with LEDS?
The Law Enforcement Data Service (LEDS) is a unified, common interface to a new mega-database currently being developed by the Home Office National Law Enforcement Data Programme (NLEDP).
It might not sound like the most exciting thing in the world (and it isn't!) - but it will have a profound impact on policing and surveillance in the UK for generations.
We believe that the development of the programme poses a threat to privacy and other rights and must be subjected to strong oversight, safeguards, and transparency measures.
By combining datasets which are currently siloed, the information routinely provided by LEDS will be much broader than the current single database searches. The Home Office expects the first stage of LEDS to be operational by late 2020, and will continue to add further data sources through to 2023, and beyond.
A single interface to numerous diverse databases provides much more information than would traditionally be expected for policing - including immigration status, driving licences, and material gathered from intelligence.
As a result, since 2018 PI - alongside other civil society organisations - has been involved in LEDS stakeholder meetings with the Home Office and the College of Policing. Below, we're publishing everything we know about the programme so far and the documents the Home Office has released as part of the process.
PI has written to three Parliamentary Committees (the Science and Techonology Commitee, the Home Affairs Commitee and the Joint Commitee on Human Rights) urging them to review the development of LEDS and its Code of Practice. Numerous organisations supported our letters, since this is the only parliamentary oversight that LEDS will be subject to prior to its launch.
In June 2020, the College of Policing announced a public consultation into the LEDS Code of Practice, a crucial policy which outlines how the database is to be used and protected. The public consultation is open until 9th September 2020. PI is urging anyone with an interest in LEDS to submit their views to the College of Policing.
Below, we provide a summary of the project, our main concerns and recommendations as well as all of the relevant documents to inform public participation in the consultation.
LEDS is a new platform, which will replace and combine the existing Police National Database (PND) and the Police National Computer (PNC). We're told that this is out of necessity because the current systems are difficult and expensive to support and maintain and must be replaced somehow.
So the vision of the Home Office is to provide police and others a super-database, with on-demand, at the point of need access, containing up-to-date and linked information about individuals’ lives.
The stated aim of LEDS is to “prevent crime and better safeguard the public”. As such it will be accessed by both police and a diverse range of agencies, including – but not limited to – the National Crime Agency, HMRC, and the Gangmasters and Labour Abuse Authority. LEDS will also be accessed by a number of private sector organisations that have aims that are complementary to law enforcement.
In the longer term, the Home Office seeks to enable further data sharing between a range of organisations. This will be done by the addition of more systems to the platform or through links to systems owned by other organisations, such as Border Force. The aim of this is to enable a more “joined up” approach in the law enforcement field.
Whilst an initial list of organisations with access to LEDS has been provided, this list is not exhaustive and does not contain all the private organisations that will be granted access. This is very problematic, considering the impact that being wrongly entered into or accessed through the database can have on an individual’s private life.
The data in LEDS is vast, ever-increasing, worryingly mixes both evidential and intelligence material – which have traditionally been collected, kept, and searched for different reasons – and makes it all searchable in the same single interface.
The Police National Computer, first introduced in 1974, holds information on citizens – such as their vehicles and property – as well as arrests, charges and court disposals (including but not limited to convictions). The PNC holds 12.6 million persons’ records – the equivalent of approximately 1/5th of the UK’s population.
The Police National Database, introduced in 2009, receives daily intelligence data from “law enforcement” agencies (predominantly police constabularies) concerning persons, events, locations, organisations (including criminal) and objects. The number of records on PND is not easily established, as due to how it stores information there is no equivalent to a single person’s record. Additionally, LEDS will continue to integrate a number of other data sources into its common interface.
LEDS will be accessible to all of those agencies who can currently access the PNC and the PND. Front line officers will be able to ‘radio in’ to LEDS terminal end users, in order to request a LEDS check.
The Home Office recognises that allowing access to both the PNC and the PND via a single search will return a larger number of results than would have been offered about individuals previously. This is problematic, particularly where no wrongdoing is suspected.
PI believes that the development of LEDS is problematic and should be subject to parliamentary oversight. There are numerous challenges to overcome with the creation and use of LEDS:
1. Conflating intelligence and evidence
LEDS will contain a significant amount of data previously reserved for intelligence rather than evidential purposes.
The transition from the separate PNC and PND systems to the combined LEDS interface consolidates information which (with some exceptions) is a matter of public record, with information derived from intelligence sources.
This may include subjective information from first-hand experience of the reporting officer, from covert human intelligence sources, and from lawfully authorised technical deployments such as trackers or listening devices.
The nature of intelligence material is such that it is very unlikely to ever be subject to scrutiny or challenge. To the extent that the intelligence material is inaccurate, those inaccuracies may go un-corrected for a considerable period of time – if ever.
Numerous agencies and organisations will have access to this information, which can be utilised in a way negatively affecting individuals’ lives, employment, state benefits, immigration status, and will only become more intrusive as data sources continue to be added.
Providing access to private sector organisations is particularly problematic in light of this intelligence-gathered material that will be available on LEDS.
2. Expanding watchlists for facial recognition
There is a lack of clarity as to what images will exist on LEDS once the PND and PNC are combined. There are currently about 12 million images enrolled into the PND gallery, some of which are retained unlawfully. A process of deletion of unlawffully retained images is still ongoing.
LEDS will maintain the facial matching capabilities which currently exist on the PND. The PND facial search facility, added in 2014, enables authorised users to upload a probe image from an external source. This can include images from CCTV footage, mobile phones, cameras and photocopied documents, such as passports.
Once probe images are uploaded into the PND, they can be searched and compared across all persons’ images attached to personal or custody records to see if there are any suggested matches.
The prospect of the integration of these databases with other data sources provides a further, rich source of potential “watchlist” images.
Once operational, the Home Office will not be able to control police or others’ use of LEDS. They would not, for instance, be able to prevent the downloading of images for other purposes.
Absent further legal control, all of the information on LEDS will be liable for integration with locally-held databases used for other purposes, including potentially automated facial recognition technology (AFR). It is also possible that constabularies build their own parallel databases (such as the Metropolitan Police’s Gangs Matrix) and/or augment their existing local databases with data from LEDS.
The prospect of integrating LEDS with AFR technology drastically expands the potential range of source images available for use in AFR watchlists. This would include information held in databases: (i) comprising solely, or primarily, intelligence material; rather than evidential material; and (ii) collected on the basis of an individual’s wholly lawful conduct (e.g. immigrating to the United Kingdom).
3. The police are not the Border Force
LEDS will facilitate access to immigration data, including biometric data. For example, the LEDS interface can show if an entry exists in the Immigration, Asylum and Biometrics System (IABS), as well as the IDENT1 (Law Enforcement and Security Biometrics System).
The recent roll out of mobile scanning equipment by police constabularies across the UK combined with integration to backend databases has enabled rapid checks of people’s immigration status. This is transforming frontline police into border control agents, with little scrutiny or public consideration of the implications.
The Home Office has emphasised that the information available on Home Office Biometrics (HOB) Programme and LEDS will be limited to role-based access controls. However, it remains to be seen how effective these will be - and they can be subject to change.
It is unclear how these controls will be allocated, who will oversee them and importantly, how access to information outside of a specific role might be gained.
PI is concenred that it may be possible for a police officer without specific role-based access controls to simply contact the control centre and obtain the relevant information. As a result, it is unclear if this method of limiting access will be effective.
Even if HOB and LEDS databases are kept "physically" separate, as soon as they become accessible through a common interface such as LEDS there is no longer any "logical" separation.
4. LEDS risks over-policing
Granting such broad access to information, absent further legal safeguards, will negatively affect the trust between citizens, the police, and other agencies.
Establishment of LEDS risks leading to over-policing, further embedding distrust in the police of individuals from ethnic minorities and migrant backgrounds, as well as those who are in vulnerable positions, such as trafficking victims or missing persons.
5. Huge Risk of Mission Creep
By developing the technical capability in the back-end to converge disparate data and make it more easily accessible, it will allow more authorities to access more data. This means that whatever access controls are put in place at the moment, they are subject to change and at the discretion of decisions made by whoever is in power in the future.
It is essential therefore to ensure the system and decision making process is as transparent as possible and subject to sufficient oversight.
PI is concerned about the creation of LEDS because it leads to the spectre of allowing access to incredibly powerful wide-ranging capabilities, which are far greater than the sum of their parts.
There are no statistics on the actual number of individuals and bodies who will have access to LEDS, however it is known to include a large number of bodies with "law enforcement powers", and other third parties. Without sufficient safeguards and oversight in place, providing access to a broad range of users and agencies can lead to misuse and exploitation of personal data stored on the database. For example, there have been reports of the local authorities using the powers under the Regulation of Investigatory Powers Act (RIPA) 2000 to spy on the public in secret. The local councils used the 'anti-terrror law' to spy on people walking their dogs, feeding pigeons and those suspected of 'bin crimes'. This demonstrates the ease with which broad access to a vast amount of information can be exploited.
PI is also worried about the prospect of integration between LEDS and automatic facial recognition (AFR) technology. This drastically expands the potential range of source images available for use in AFR watchlists. If the information held in LEDS is to be intergraed with AFR technology, this will increase the the likelihood that individuals will be subject to surveillance. Importantly, that surveillance will be more intrusive than that which would be available without AFR – because it will involve processing of sensitive biometric information.
Further, it is highly unlikely the Home Office will be able to control how local constabularies and other relevant bodies will use LEDS. This ultimately means any and all images accessible via LEDS could be considered "fair game" to create watchlists.
We believe LEDS will facilitate rapid checks of people’s immigration status. For example, police already use mobile fingerprint devices linked to IABS. These devices comprise software produced by the Metropolitan Police staff, used on an Android smartphone handset and paired with a fingerprint reader.
If a suspect has a criminal record or is known to immigration enforcement their identity can be confirmed at the roadside. An officer, with relevant access levels, can also use the device to check the Police National Computer to establish if they are currently wanted for any outstanding offences. Linking IABS to mobile biometric devices would allow officers to instantly query someone’s immigration status, possibly via their facial biometrics. It would also enable them to populate any watchlist with immigration enforcement-based individuals of interest.
As a result of these issues PI has written to Parliamentary Committees urging them to undertake a review of the development of LEDS. Further, PI is currently in the process of drafting a response to the College of Policing public consultation on the LEDS Code of Practice. We urge anyone with an interest in LEDS to submit their views to the College of Policing by 9th September 2020.
Information that can help identify an individual or can even make an indvidual identifiable.