Surveillance: Citizens and the State - Constitution Committee Contents

Memorandum by Pauline Norstrom, Group Head of Marketing, AD Group


  The application of CCTV has grown dramatically in the UK in the fight against crime and terrorism. Given this it is vital that sufficient attention is given to the privacy of citizens, especially in light of the implementation of new technologies. The breaching of current legislative controls on CCTV to gather evidence—however beneficial it may at first appear—should only be allowed in exceptional circumstances such as after a terrorist attack. Attention also needs to be paid, with the advent of digital technology, to the potential for different types of information to be cross referenced and provided to third parties without the knowledge of the individuals concerned.


  When it comes to surveillance in the UK today CCTV (Closed Circuit TeleVision) is pivotal to any discussion regarding the right balance between the citizen and state and the likely impact of such measures on their privacy. The reality is that individuals are now liable to be monitored and recorded in a multitude of settings, whether it be walking through our town centres; taking cash from an ATM; shopping in a retail outlet; traveling by public transport or even in their vehicles as part of congestion charging schemes.

  Given that CCTV is a technology where Britain leads the world in terms of the number of systems per head of population, it is important not just for our own citizens but others who look to us for a lead—the French for example have changed their restrictions on public space surveillance as a result of the quality of evidence which CCTV produced in the wake of the London bombings—that the way CCTV is being applied to tackle crime and terrorism pays due attention to the privacy of the individual.


  The capability of CCTV systems has changed dramatically in recent years with the move from analogue to digital allowing more powerful and flexible systems to be rolled out for commercial and public space surveillance; the ability to record more pictures per second (driven by the development of more powerful video signal processors); cheaper storage; mobile systems on buses and trains; the increasing application of CCTV in a networked environment and new ways to automatically analyse images—from automatic number plate recognition to patterns of behaviour—and associate images with data captured elsewhere. Necessarily this rapid transformation brings with it new challenges to which legislation and industry standards must be able to respond.

  There are, of course, already a number of key measures in place which impact positively on CCTV, such as the Human Rights Act 1998, the Data Protection Act 1998 and a CCTV Code of Practice produced by the Information Commissioner's Office which first appeared in 2000. These have been supplemented by the development of controlling standards in specific areas—BS8418, the Code of Practice for detector activated CCTV is a good example—and licensing of CCTV operatives that monitor cameras in public spaces through the SIA (Security Industry Authority).

  Whatever the pressures from the Police or security services in the fight against crime and terrorism we need to be extremely cautious in how—if ever—we choose to breach the terms of Human Rights Act and Data Protection Act with regards to CCTV. This should only be considered in exceptional circumstances, for instance to gather evidence in the wake of a major terrorist incident, and even then any breach should be within carefully defined boundaries.


  One area which serves to illustrate the need for users of CCTV to respect the privacy of individuals, and for effective safeguards to be in place, is so-called "Privacy Masking". Basically this refers to techniques applied to control what can and cannot be seen by a CCTV system and applies equally to images displayed in real time for surveillance purposes and images recorded for later use. An example could be windows of private dwellings within the field of view of the CCTV system.

  The application of Privacy Masking in the UK has been driven by the legislation mentioned above and a CCTV Code of Practice produced by the Information Commissioner's Office which first appeared in 2000. This includes the following requirement: that equipment should be sited in such a way that it only monitors those spaces which are intended to be covered by the equipment.

  It is vital that if camera fields of view overlap surrounding spaces then measures are taken to ensure privacy. One approach is through the positioning of cameras, where this is not possible—and the camera's view still infringes a private area—then either written permission from the person who owns or resides in the space has to be obtained, or physical or electronic image masking needs to be employed.


  Focusing on electronic forms of masking, typically this takes place in or close to the camera, in which case images behind the mask can never be retrieved but with advances in digital recording technology, the masks can also be within the recording device itself; allowing authorised users' access to the masked part of the image. The latter capability raises the question of who should or should not be given access to the masked images. Where a terrorist attack occurs there may be a legitimate case for requiring organisations adjacent to the event to give Police officers access to masked footage if this covers an area pertinent to an investigation with valuable evidence likely to be retrieved.

  Masked images of areas outside a specific scheme should not be made routinely available to law enforcement or Governmental agencies as such a move has the potential to undermine the rationale for implementing privacy masking in the first place and raise genuine concerns amongst private citizens adjacent to schemes.

  It is also critical that the integrity of the privacy masking system is maintained, with its configuration protected to prevent settings being altered, bypassed or overridden by unauthorized persons.

  The BSIA (British Security Industry Association) has produced guidance in this area which can be downloaded at


  The rolling out of the high profile chip and PIN initiative—launched in February 2006—to combat credit and debit card fraud in the UK serves to underline the need for vigilance when integrating different surveillance technologies to ensure that the protection afforded to an individual by one measure is not undermined by the ill considered use of another.

  There are a number of issues which need to be addressed regarding the use of CCTV in the context of the successful operation of Chip and PIN; specifically the positioning of Chip and PIN terminals both static and mobile; CCTV at the point of sale, particularly the location of fixed cameras, so PIN information cannot be clearly identified; how cameras used for transaction monitoring should be handled and, crucially, to ensure that the pre-set positions of moveable cameras are not going to capture a customer's PIN information.

  In the event that CCTV systems are integrated with an EPOS (Electronic Point of Sale) system to record CCTV data associated with a transaction it is also imperative that PIN data is excluded.


  With the growing sophistication of CCTV—and the potential to cross-reference images with other data—legislators need to be wary of connections being made between such information—through processes such as data mining—and questions need to be asked about where both the ownership of such data and the consent for its use actually lies.

  Travelcards can, for example, highlight the behaviour of millions of individuals and potentially allow associated digital CCTV images to be called up—without a person's knowledge or any effective governmental control. There is even the chance that this sort of data could be made available to third parties. Monitoring for congestion charging also has the potential—tied-in with ANPR (Automatic Number Plate Recognition)—if left unchecked to throw up similar problems.


  Undoubtedly, CCTV plays an invaluable role with regards to crime detection and prevention in the UK and still maintains widespread public support—underlined by research undertaken by the Information Commissioner's Office (Public Attitudes to the Deployment of Surveillance Techniques in Public Places). It is therefore essential, moving forward, that checks and balances are adequately maintained—eg the Data Protection Act—to ensure that CCTV is not used inappropriately and that legislators closely monitor the potential impact of new technology on the privacy of individuals.

About Pauline Norstrom

  Pauline Norstrom is a key figure in the development of CCTV standards. She is Group Head of Marketing at AD Group and Chairman of the CCTV Section of the British Security Industry Association (BSIA). Pauline also heads-up TC/10, a technical committee within the BSIA which looks at CCTV best practice and has been actively involved in the development of a standard for Digital Video Evidence and consultations regarding this issue on both sides of the Atlantic. Pauline is a regular speaker and writer on CCTV issues ranging from BS 8418 to the implications of Chip and PIN.

About AD Group

  AD Group with its headquarters in Warrington, England, was established in 1997, its primary objective being to create and bring to market leading edge CCTV solutions. The pioneering nature of the Group's products, with the emphasis very much on R&D, has undoubtedly been a critical element in AD's success to date, receiving the Queen's Award for Enterprise: Innovation for its TransVu mobile CCTV system deployed on buses and trains.

19 June 2007

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2009