As featured in the June print edition of Professional Security Magazine, the regulator for the video surveillance sector – the Surveillance Camera Commissioner – is a casualty of the UK Government’s efforts to adapt itself to the fast-developing tech world, of AI (artificial intelligence) and data, of which video data for security and public safety, and management of public spaces in general, is but a part. Mark Rowe writes.
That the ten-year-old Surveillance Camera Commissioner’s office is being abolished, with nothing apparently to replace it, means the withering of all the (voluntary) work by industry people who came together in goodwill to tackle cyber and other standards, long missing in the CCTV world. Last year the Commissioner added biometrics to his title, and his annual report earlier this year showed how wide his remit has become – including drones, police use of facial recognition software, body worn video, dash-cams in cars, and smart doorbells in homes. The outgoing Commissioner, Prof Fraser Sampson, spoke of ‘the opportunities presented, and the threats posed by, the explosion of capability in AI-driven biometric surveillance’.
He said: “Now more than ever, we need a clear, comprehensive and coherent framework to ensure proper regulation and accountability in these crucial areas.”
As he hinted, the police and anyone else using such technology for private or public purposes cannot win – either they do not use it enough (in the private sector, businesses fall behind, and the police miss out on detecting criminals) or they use it too much, recklessly and not according to the law (if it is keeping up, as, to quote the report, tech is ‘advancing at an exponential rate’?).
However, as he set out in his report, the Government is taking the Data Protection and Digital Information Bill towards becoming law. It will make a further shake-up of the data protection regime and would see the setting up of an ‘Information Commission’.
While Prof Sampson warned of ‘mission creep’ in his report, he meant ‘mission creep’ of users of surveillance technology for security gradually seeing the use in it for other, non-security, purposes. Another ‘mission creep’, we might say, is around what place (if any) surveillance cameras will have in the proposed Information Commission. The data protection regulator the ICO has historically had its hands full with the public’s complaints about telephone marketing, and has given next to no consideration of CCTV. Hence the founding of the Surveillance Camera Commissioner, in the Coalition years, and the making of the Surveillance Camera Commissioner’s code, for typically council users of CCTV (and their installers and specifiers) to have something to guide them, ethically and practically. That was necessary work – for (to hark back to the previous Commissioner, Tony Porter) showing public space surveillance was done according to principle, to gain the consent of the tax-paying public, rather than on-street surveillance, like policing, being something intrusive, done to the people. That code will presumably wither as the new regulator has more pressing and newsworthy AI to grapple with.
There is also the matter of whether UK Government is nimble enough to keep up, or whether laws (and codes) will become ever more out of date. The UK’s data protection law is the Data Protection Act 2018, which embodies the UK’s making into law of the European Union’s GDPR (general data protection regulation) while the UK remained in the EU, even though the vote in 2016 had been for exiting the Union. We are five years on and still a Brexit-making UK Government has not made a post-EU era data protection regime, to supposedly make the UK distinct from the EU, to attract business (which would imply giving businesses more of a carte blanche to use data as they see fit).
The Information Commissioner’s Office (ICO) meanwhile recently warned of emerging neurotechnologies, for use in the personal wellbeing, sports and marketing sectors; even for monitoring in the workplace. In plainer English, monitoring of neurodata, the information coming from the brain and nervous system. It might sound the stuff of science fiction – sinister reading of minds; but this technology is real and it is developing rapidly, said Stephen Almond, Executive Director of Regulatory Risk at the ICO.
He said: “Neurotechnology collects intimate personal information that people are often not aware of, including emotions and complex behaviour. The consequences could be dire if these technologies are developed or deployed inappropriately. We want to see everyone in society benefit from this technology. It’s important for organisations to act now to avoid the real danger of discrimination.”
For more see the report – ICO tech futures: neurotechnology. It touches on neurodata that might be inferred from broader biometric information, such as eye movements, gait or heartrate tracking; and monitoring of gait (the way you walk; something mentioned in passing in George Orwell’s novel 1984) has obvious application for security (who’s walking around shiftily as if they don’t have good reason to be there?).
The need for the Surveillance Camera Commissioner won’t go away with the abolishing of the office; the likelihood is that the work painfully started upon will wither and get swamped in the rush to get to grips with AI.
Meanwhile, what of the cyber-security of all this data? asked a conference in Brussels earlier this month. The European Union Agency for Cybersecurity (ENISA) has published reports: on good cybersecurity practices for AI; two use cases of cyber and AI – forecasting demands on electricity grids and medical imaging diagnosis; and what further research is called for.
Juhan Lepassaar, Executive Director of ENISA, said: “If we want to both secure AI systems and also ensure privacy, we need to scrutinise how these systems work. ENISA is looking into the technical complexity of AI to best mitigate the cybersecurity risks. We also need to strike the right balance between security and system performance. The conference today will allow to brainstorm on such challenges to envisage all possible measures such as the security by design approach. With generative AI fast developing, we are ready to get up to speed to best support policy makers as we entered this new phase of the AI revolution.”
Photo by Mark Rowe; street art, Southend city centre.