APPENDIX 3
Digital Images as Evidence: Government
Response
Introduction
The Government welcomes the report of the
House of Lords Select Committee on Science and Technology. The
Committee's report has helped to clarify the key issues on the
use of digital images as evidence.
The recommendations concerning digital
images are generally supported, in particular that consideration
be given to removing the uncertainty surrounding the use of digital
images as evidence. The Government also supports the use of CCTV
surveillance in public places to help in tackling crime and disorder.
However, the Government shares the Committee's view that to be
successful, CCTV schemes must commend the confidence and support
of the local community: CCTV systems must be deployed and operated
with integrity and with respect for personal privacy and civil
liberties.
The Government also shares the Committee's
view that CCTV material should be used for the detection of crime
and the prosecution of offenders and deplores the sale of CCTV
material for entertainment purposes. Hitherto, CCTV has been subject
to voluntary regulation, through locally adopted codes of practice.
While model codes, such as that developed by the Local Government
Information Unit, are now widely adopted, the Government accepts
that there is a need to underpin good practice in law.
The provisions of the Data Protection Bill,
currently before Parliament, will regulate CCTV material.
The Government is also committed to statutory
regulation of the private security industry, including private
operators of CCTV systems.
The Data Protection Bill
The Government believes that the controls
available under the Bill, which bite where information is processed
on identifiable individuals, will be able to address the Committee's
main concerns in relation to CCTV systems. The Bill gives effect
to the 1995 EC Data Protection Directive which Member States are
required to implement by 24 October 1998. It builds on the
data protection regime established under the Data Protection Act
1984, which it will replace. Like the 1984 Act, the Bill is framed
in general terms rather than by reference to specific technologies,
which can swiftly be superseded by new ones.
Many CCTV systems are outside the scope
of the 1984 Act because of the limitations of some of its key
definitions. The Government considers that the equivalent definitions
in the Bill are sufficiently broad to encompass not only the sophisticated
types of CCTV systems with which the Committee were concerned,
but even much simpler equipment which merely projects images of
identifiable individuals passing a shop into the shop window without
actually recording.
The Bill will require data controllers,
including the controllers of CCTV systems, to notify details of
their processing to the Data Protection Commissioner and to comply
with eight enforceable data protection principles. Among other
things, the principles require personal data to be processed (a
term which encompasses obtaining, holding, use and disclosure)
fairly and lawfully; to be obtained only for specified and lawful
purposes, and not further processed in a way incompatible with
those purposes; and to be surrounded by appropriate security measures.
The Bill will give the Commissioner wider
enforcement powers and duties than she has as Registrar under
the 1984 Act. In particular she will have a duty to promote the
following of good practice by data controllers; a power to prepare
and disseminate codes of practice for guidance as to good practice
and to encourage other bodies to do so; and a duty to advise on
the adequacy of codes submitted for her consideration. There will
also be a power for the Secretary of State to direct the Commissioner
by Order to prepare codes of practice, and any such code would
have to be laid before Parliament. Although none of these potential
codes of practice would have direct statutory force, they would
amplify how the data protection principles, enforceable under
the Bill, should be applied to the particular type of data use
concerned.
The Commissioner would not need to wait
for a complaint before initiating an investigation. The Bill empowers
her to issue an information notice requesting relevant details
from a data controller where she reasonably requires these to
determine compliance with the principles. This power is backed
up by powers of entry, inspection and seizure in cases where there
are reasonable grounds for suspecting a contravention of the principles.
The Bill also provides for a system of prior checking by the Commissioner
of certain processing, to be specified by the Secretary of State
by order, subject to affirmative resolution, to assess its likely
compliance with the Bill's requirements. Processing will be prohibited
during the assessment period. If the Commissioner concludes that
the processing is unlikely to comply with the requirements, the
processing may still go ahead, but the data controller would then
be at risk of enforcement action for any subsequent breach.
DETAILED
RESPONSE
Recommendation 3.11
That the Government encourage the appropriate
legal bodies to draw greater attention to the change to digital
processing and to widen public awareness that paper originals
are rarely necessary.
The Government agrees with this proposal
but notes that while paper originals may rarely be necessary,
retention of the original digital file, captured from the original
paper or other source, is considered highly desirable, if not
essential.
Recommendation 3.18
That evidence should not necessarily
be inadmissible because it does not conform with some specific
technological requirement.
The Government accepts this recommendation
although it is unclear how this sits with the concept of type
approval as described in paragraph 3.32 and recommended in 3.33.
Paragraph 3.14 seems to cast a doubt over type approval.
Recommendation 3.20
That the Government encourage the use
of authentication techniques. Members of the legal profession
should be made aware of the benefits of these techniques, their
value in adding weight to evidence and the possible significance
of their omission.
The responsibility of proving the reliability
and authenticity of data falls to the body carrying out the capture,
processing and modification. Thus an audit trail, either electronic
or enshrined in operational procedures, or preferably both, is
essential. While any digital image can be considered for presentation
as evidence, the court would be well advised to place a greater
weight on evidence which can be rigorously demonstrated to have
been derived from an authenticated original. The Forensic Science
Service has offered to support any training initiatives where
it could make a useful contribution.
Recommendation 3.21
We recommend that the Government produce
guidance on the benefits of conformance with procedural measures
necessary to establish the reliability of evidence, with particular
reference to existing standards. When this guidance is available,
we recommend that the trade associations of those organisations
likely to be concerned with it produce training material on its
use.
The Government accepts this recommendation.
The use of accepted procedures, particularly those based on existing
standards where they might exist, provides a means for establishing
the reliability of evidence. Unfortunately, as far as is known,
there do not appear to be any recognised specific standards in
this field but this should not be a barrier to establishing what
such procedures might be. The FSS, for example, works to standard
procedures within a quality management system which at the same
time meets the requirements of the International Standard ISO
9000 and ISO Guide 25.
Recommendation 3.27
We recommend that consideration be given
to the Turnbull Warning being appropriately adapted so that the
uncertainties inherent in images as evidence are made clear to
the jury, particularly the implications of any measures to substantiate
authenticity and breaks in the audit trail, and any processing
which the image has undergone. This is a matter which the Judicial
Studies Board may care to take up.
The Government supports this recommendation
and will invite the Judicial Studies Board to give it consideration.
Recommendation 3.28
That consideration be given to measures
to reduce the uncertainty over the use of digital images in court
and Government ensures that there is a satisfactory resolution
of the uncertainty.
The Government agree that the best way
to reduce uncertainty over the use of digital images in court,
in particular those relating to fingerprints, is to put appropriate
legislation in place. That is why the Home Office is reviewing
existing fingerprint legislation to ensure that it reflects recent
technological advances and is considering whether to consult interested
parties.
Recommendation 3.33
That the Government encourages the adoption
of technological measures for the authentication of images as
evidence by giving type approval to them. The Forensic Science
Service should provide ongoing advice for manufacturers and users
of imaging equipment on authentication technologies; and
Recommendation 3.36
that the Government devise incentives
or put in place measures such as the endorsement of relevant codes
to increase the adoption of good practice.
The Government supports these recommendations.
While the Government may usefully set standards for systems, actual
type approval, i.e. allowing the use of particular makes and models
in a global permissive statement, can never be more than part
of a package of recommendations. The quality, integrity and authenticity
of data produced by a system depend on a number of factors, examples
of which are:
|
| the manner in which the system was tested: factory or on-site, by technicians or users;
|
| | |
|
| setting up procedures;
|
| | |
|
| calibration: extent, rigour, frequency;
|
| | |
|
| maintenance: extent, rigour, frequency;
|
| | |
|
| environmental conditions;
|
| | |
|
| operational procedures;
|
| | |
|
| user selection and training;
|
| | |
|
| automatic quality warnings and overrides thereof.
|
Recommendation 3.34
We recommend that the Judicial Studies
Board consider establishing a programme of education on the implications
of digital technology for the judicial system.
The Government supports this recommendation
and will invite the Judicial Studies Board to give this matter
consideration.
Recommendation 4.6
That the Government commission a substantial,
rigorous and independent study of the cost and effectiveness of
publicly funded surveillance systems; and
Recommendation 4.7
that an interim report be available
within 12 months to provide a broad indication of the scale of
any increase in convictions, any reductions in crime and the fear
of crime, and separately, disorder, that have been achieved by
public space surveillance systems.
The Committee's report recognises that
there are a number of professionally conducted case studies which
indicate that CCTV can have a real impact on crime and disorder.
All of the schemes funded by the Home Office are required to conduct
an independent evaluation of effectiveness and the reports will
be scrutinised by the Home Office Research and Statistics Directorate.
However, an evaluation at national level was not envisaged by
the previous administration and mounting such an exercise retrospectively
would be a significant task which raises a number of technical
issues, such as comparability of data and isolating the effect
of CCTV, which is often introduced as part of a package of crime
reduction measures, from other factors which could also influence
recorded crime. The Government believes that the limited resources
available are best focused on particular schemes where the evaluations
indicate that there may be scope for developing best practice.
Round 4 of the CCTV Challenge competition, which the Government
announced in November 1997, is targeted at innovative and imaginative
schemes. The evaluation criteria have been specified in more detail
than in previous rounds to ensure that effectiveness can be measured
and validated so that lessons on what works, and why, can be learned
and applied elsewhere.
Recommendation 4.11
That the Government establish a uniform
policy on the control and release of CCTV-derived images from
publicly owned surveillance systems.
The Data Protection Bill will provide a
regulatory framework for the processing of information relating
to identifiable individuals, including the obtaining, holding,
use or disclosure of such information. As explained above, the
Bill will apply to CCTV-derived images.
Recommendation 4.14
That the Government give urgent consideration
to introducing tighter control over any system, either publicly
or privately owned, covering sites to which the public has free
access.
The controls available in the Data Protection
Bill will apply both to publicly and privately owned CCTV systems.
The Bill's data protection principles constitute a form of statutory
code of good data handling practice. As explained above, the Bill
additionally provides for the issue by the Commissioner of codes
of practice which, although having no statutory force in themselves,
could be expected to include a statement of detailed application
of the enforceable principles. As further explained above, the
Bill also gives the Commissioner powers to require information
from data controllers, which are backed up by powers of entry,
inspection and seizure in appropriate cases. Failure to comply
with an information notice, or with any other form of enforcement
notice, will be a criminal offence.
The Government is committed to introducing
statutory regulation of the private security industry, including
the operators of CCTV systems. There is unlikely to be time for
early legislation on this issue but the Government is using the
time to develop a comprehensive, effective and streamlined system
for the private security industry. The Government is considering
the results of a recent consultation exercise with the police,
the industry and others and hopes to be able to publish proposals
for the regulation of the private security industry later this
year. One of the options which is being considered is a national
licensing scheme for the whole of the private security industry.
The Government is also considering ways in which training standards
and codes of practice could be laid down for different sectors
of the industry.
Recommendation 4.20
That the Government produces guidance
for both the public and private sectors on the use of data matching,
and in particular the linking of surveillance systems with other
databases.
The Registrar/Commissioner will be responsible
for issuing guidance on data protection issues. The preamble outlines
her powers and duties in this regard under the Data Protection
Bill. Datamatching already comes within the scope of the 1984
Act regime and it will also be caught by that of the Bill. The
Registrar has a duty under the current Act to promote observance
of the data protection principles and in August 1997 she issued
guidance on developing codes of practice on data matching. Its
aim was to provide a framework within which codes of practice
could be developed within particular sectors, leading ultimately
to model codes which could be commended to those seeking to establish
new data matching systems.
Recommendation 4.17
That the new law encompass CCTV and
the DPR be given responsibility to issue or oversee enforceable
codes of practice for such systems. The maintenance of public
support for CCTV would be further strengthened if the DPR were
to be given powers to check, that is to audit, the operation of
these systems, and not to have to wait for a complaint to be lodged
before taking action; and
Recommendation 4.21
we recommend that the DPR be given powers
to audit the operation of datamatching systems.
As indicated in the responses to Recommendations
4.14 and 4.20, the Government believes that the Data Protection
Bill regime will be able to provide the controls sought by the
Committee over CCTV and datamatching.
The categories of processing to be subject
to the "prior checking" mechanism described in the preamble
would be set out in an Order subject to affirmative resolution
once the Bill had become law: the Government has already identified
operations involving datamatching as primary candidates.
Recommendation 4.22
We want to see public acceptance of
surveillance, introduced to deter and assist in the capture and
prosecution of criminals, blossom and flourish. This is more likely
to be the case if there is a wide public debate of the issues
involved, and we recommend that the Government should promote
such debate.
The Government will take every opportunity
to promote good practice in the use of CCTV. The Data Protection
Bill imposes a duty on the Commissioner to make information publicly
available about the operation of the Bill, about good practice
and about other matters within the scope of her functions. The
Registrar discharges a broadly similar obligation under the 1984
Act in a variety of ways, including the issuing of guidance and
discussion papers, the provision of training materials and seminars,
attendance at conferences and exhibitions, and publication of
an Annual Report to Parliament.
22 April 1998
|