Authorities Must Act on Police Face Surveillance Network by the Backdoor

Privacy International is calling on regulatory and law enforcement bodies to investigate the roll out of a face surveillance network by a UK company called Facewatch.

Key points
  • Facewatch provide facial recognition analysis and biometric watchlists to shops, pubs, and other public venues
  • According to pricing and data-sharing templates, Facewatch is offering to transform its crime alerting system into another surveillance network for UK police forces
  • Privacy International is urging regulatory and law enforcement bodies to investigate and take steps to ensure that no ‘backdoor’ for unlawful facial recognition surveillance will be developed.
News & Analysis

Privacy International (PI) has today warned UK regulatory and law enforcement bodies about the potential deployment of an extensive and potentially nationwide police facial recognition surveillance system. We are urging them to investigate and take steps to ensure that no ‘backdoor’ for unlawful facial recognition surveillance will be developed under the umbrella of a crime reporting system.

According to pricing and data-sharing templates, UK surveillance company Facewatch is offering to transform its crime alerting system, currently in use by retailers, restaurants, and bars to share facial images of ‘subjects of interest’, into another surveillance network for UK police forces. The system would allow police forces to ‘plug in’ to the data pool of facial images held by Facewatch, stemming from the thousands of cameras operated by Facewatch’s customers, in order to allow them to run people’s faces against their own watchlists in a ‘stand-alone’ and ‘segregated’ system.

If such a system, as Facewatch’s, were to be widely deployed, it would be a radical extension of the police’s surveillance powers. It would extend police use of facial recognition, currently under legal challenge, into every participating shop, restaurant, or bar. The outsourcing of facial recognition to the private sector in such a way would enable the surveillance of drastically higher amounts of people while while depriving them of adequate due process rights and legal safeguards.

The system would potentially undermine assurances by the London’s Metropolitan Police announced, which earlier this year claimed its use of live facial recognition technology would be at “specific locations” focused on “small, targeted” areas which would be “clearly signposted [and] not linked to any other imaging system[s].”

PI is not aware whether Facewatch has in fact entered into any such agreements with any UK police force, and has not received a response from Facewatch when we asked the company in June 2020 and again failed to respond last month. In response to a Freedom of Information request, available in the attachments on this page, the Metropolitan Police Force confirmed to Privacy International that they did not have “a copy of any data sharing agreements or similar such contracts with FaceWatch” between 1 January 2015 and 10 May 2019.

However, Facewatch has uploaded a template Information Sharing Agreement (ISA) to the government G-Cloud system, which it states is “Based originally on Met Police Template.” As explained in the ISA:

Facewatch also enables the Police to upload images to the Watchlist and be alerted to Major Crime SOIs and Missing Persons if they enter Subscriber Premises. These Major Crime SOI’s and Missing Person SOI’s and any alerts related thereto are not shared with Facewatch Subscribers.

As a result, we are asking the Metropolitan Police Service, the Information Commissioner’s Office, the Surveillance Camera Commissioner, and the Deputy Mayor for Policing and Crime in London to investigate whether such an arrangement is already in place, whether it is legal, and if they will provide more information and assurances to the public.

A full copy of our concerns and questions to them is available in the attachments on this page.

A profile of Facewatch is available here.