back to article Cutting custody snaps too costly for cash-strapped cops – UK.gov

The UK government has admitted it can only delete custody images from its massive database through a complex manual process, and that it would cost too much to weed out all the images of innocent people by hand. The custody image database now holds around 21 million shots of faces and identifying features like scars or tattoos …

  1. Voland's right hand Silver badge

    "Any weeding exercise will have significant costs and be difficult to justify given the off-setting reductions forces would be required to find to fund it," she said.

    As any small business or individual will tell you - Compliance with the law costs what it costs. For some reason we, the proles, are obliged to comply with it, but the police will refuse to comply because it is too costly fro them.

    Screw that sidewise with a chainsaw. Comply and stop looking for excuses.

    1. Anonymous Coward
      Anonymous Coward

      I do agree, but....

      as someone who runs a small business and have had to jump through hoops every time a EU burofatcat scratches their arse, its only fair that government should have to comply with the rules too.

      BUT.....

      while we are in this current fiscal black hole and crime is on the rise while police funding is on the fall, spending a couple of billion cleaning out data from a databases is something that will, and should be on the bottom of the pile.

      you have internet paedophile hunting groups finding and exposing tenfold the number the police can afford to do. In one instance a group found and placed under a section 24a citizens arrest a man that the police have been trying to find for the last 10 years. who has links to international paedophile trafficking groups. He was caught while grooming two 12 year old girls, and had false number plates in his possession and had asked them for passport type photographs.... He was living less than 10 miles from the last address the police had for him, but were unable to trace him. The hunters found him in a matter of weeks after he popped up on their radar, saving a couple of kids from Christ knows what.....

      so, I would sooner the police clean the streets of scum than clean the database, even though I know that my photo and fingerprints will be on the database after I was arrested for something I did not do. I assumed all the data would be deleted, but I guess not .

  2. alain williams Silver badge

    I wonder what would happen ...

    if I told a government department that I would not obey the law because ''my IT systems made it technically impossible" to do what I was supposed to do ?

    1. Teiwaz

      Re: I wonder what would happen ...

      if I told a government department that I would not obey the law because ''my IT systems made it technically impossible" to do what I was supposed to do ?

      Not likely, seems 'Computer says No' is an excuse gov has decided only it has the right to use.

      Everyone and everything else must bend to the law of her Majesties Government - including the laws of mathematics the next time some whitehall cretin starts banging on about things going dark due to encryption.

      1. StewartWhite

        Re: I wonder what would happen ...

        Actually other organisations HAVE been allowed to use "our systems are rubbish and it's all a bit complicated" as en excuse to avoid complying with the law. Queen Mary University of London (QMUL) was able to weasel out of supplying the raw data used in the discredited PACE trial by the following ruse which the ICO in a piece of rank stupidity allowed and in so doing created a ridiculous precedent whereby if you deliberately make the data not directly accessible and then end the contract of the only person who knows how to extract the data you're magically absolved of the need to provide it. Seems to me like a suitable "Get out of jail free" card to be used when GDPR comes along for all unscrupulous organisations.

        "QMUL explained to the Commissioner that the relevant raw data is held in a very large database of 3000 variables with 640 rows. It went on to explain the steps required in order to provide the information to the complainant. The Commissioner considered the explanation of the steps required to locate, retrieve and extract the information. He determined that the application of section 12 was not appropriate in the circumstances of the case. QMUL was, in fact, stating that it would be

        ‘creating’ the information and the information was therefore ‘not held’." See https://ico.org.uk/media/action-weve-taken/decision-notices/2015/1043578/fs_50557646.pdf (section 12):

        "QMUL has explained that the Chief Investigator of the PACE trial retired from QMUL on 31 December 2016. While QMUL remains the holder and owner of the raw data from this clinical trial, it has effectively lost the means to locate and extract it because this requires specialist knowledge. There is no longer anyone at QMUL with the ability to produce data from this trial. QMUL no longer employs anyone involved with the PACE trial."

    2. Kane
      Big Brother

      Re: I wonder what would happen ...

      "if I told a government department that I would not obey the law because 'my IT systems made it technically impossible' to do what I was supposed to do ?"

      You'd be employed by the Home Office?

      1. DJV Silver badge

        "You'd be employed by the Home Office?"

        Or by Mark Suckallyerdataburg...

  3. Davisch
    FAIL

    Too difficult?

    What a bunch of fucking numpties.

    If you don't put it the database to begin with you don't have to find it to delete it.

    Put the pre-conviction images in a PRE-FUCKING-CONVICTION database and only transfer them on conviction. That way you can just delete them from the pre-conviction database, after X amount of time, regardless of conviction status: simples.

    The local plod should work on the same basis. Once it has been sent to the national register, it gets purged automatically, they can still get the info from the central database.

    1. Mark 65

      Re: Too difficult?

      She argued that trying to clean up the central database to remove images relating to people without charges might not be worth the time and money, especially as the cops would have to cough up themselves.

      Reading that I thought "Is that the best you can come up with?". We need to keep all this illegally retained but nevertheless really handy for facial recognition data because...too hard, much cost, not worth it.

  4. Anonymous Coward
    Anonymous Coward

    changing data storage always costs

    However costing money is not held as being a reasonably excuse for break the law for anyone else so the police should be doubly certain they act within the law.

    Given that the last 4 times I contacted my local police, they either refused to address the issue or did a half arsed job by sending a PCA for a process requiring an actual PC, one wonders exactly what they do at work.

    One of the things I liked when I lived in Spain was that paying for local policing (not serious crime which was handled by the Guardia De Seville) was optional. So the local police handled civil enforcement issues but only if you paid them and handling the issues yourself (within the law) was allowed as an alternative.

    1. Dr_N

      Re: changing data storage always costs

      > not serious crime which was handled by the Guardia De Seville

      Blimey that's a big commute for them if there's a shout in Barcelona or Valencia, eh?

    2. Dan 55 Silver badge

      Re: changing data storage always costs

      So the local police handled civil enforcement issues but only if you paid them

      Is that what they told you? In cash, no receipt?

    3. ecofeco Silver badge

      Re: changing data storage always costs

      It's almost universal. Cops don't care to actually do their job.

  5. cantankerous swineherd

    the home office are lying.

    1. Dan 55 Silver badge
      Devil

      The Home Office can do data protection when they want. Or at least that's what they said about the landing cards.

    2. DontFeedTheTrolls
      Coat

      Perhaps they should be arrested on suspicion of a crime and have a custody photo taken?

  6. Tom 38

    Interesting definition of "not possible"

    I didn't know you could use it to mean "our systems are shit and we cba to fix it".

    I wonder how that would play at a GPDR audit: "Oh its not possible to generate a list of what PII we have, its spread over everyone's different machines. I know it's the law, but its just not feasible, so we'll just keep doing it the broken way. Still, good enough for the Home Office eh?"

  7. Lee D Silver badge

    And I'd have to dig out the line I used for everything from telemarketers to complaints departments:

    I don't care what your SYSTEM is capable of. That's not my problem. Your poor implementation is your own fault.

    I'm asking you to remove me from the database / not call me again / delete my record / whatever. How you do that is up to you to sort out and having inadequate processes doesn't excuse you that obligation.

    THIS is your formal notification that I've given notice / asked you to remove me / informed you of your error / cancelled your direct debit / whatever. If I still continue to be present on your database / get phone calls / be charged for that good/service / etc. then this will come up in court.

    P.S. I've recorded this message / put it in writing / copied in your head office / whatever for a reason. I will present this evidence in court if you fail to deal with the situation.

    Otherwise, literally, every company would just put in a convoluted process that says "Oh, well, we can't remove you from our mailing list because our data manager requires the blood of a virgin, a form filled out in triplicate and a holiday in the bahamas as part of his process, and then he has to go through and tippex out your name from a million pieces of paper" and use it as an excuse not to follow the law.

    1. ecofeco Silver badge

      God knows every company tries!

    2. rskurat

      This is, essentially, how The New York Times currently operates. After hearing stories from a number of friends about how subscription cancellations take 40 minutes and three CSRs to complete, I just called my bank & reported my card lost. Problem solved, but only if your automated debits are few.

  8. }{amis}{
    Mushroom

    Nuke it from orbit!

    If its too expensive to weed the system then the entire system will have to be destroyed as it's not fit or legal for purpose.

  9. Primus Secundus Tertius

    They know, you know

    When the police hold someone they know a lot about that person, including e.g. national insurance number or some kind of immigration number. How hard is it to do a database delete of images with a certain NI number?

    1. Korev Silver badge

      Re: They know, you know

      Is there actually a "central" number in the UK? I can think of NHS, NI, passport and DVLA* but can't think of a "central" one.

      *Of these only the NHS number is universal ie covers children, no drivers etc.

      1. Lee D Silver badge

        Re: They know, you know

        That's part of the problem, but the real problem is that nobody is BOTHERING. If you delete at the police station those systems inform the central police computer. But if you delete from the central computer, it just lets all the copies of that data (why are there copies anyway?) linger around and orphan themselves with no central control.

        The problem is not "we don't know how". The problem is "we put in too many different systems that it's a hassle to do".

        To be honest - my brother got into his 40's without a passport or driving licence or any other formal photo ID. He has bank accounts and everything normal, but he only has a birth certificate and a range of information to provide as identity.

        He certainly has a national insurance number but that's hardly ID (take note America, SSN's are NOT ID!). But can you really imagine someone being briefly arrested and then immediately being able to provide national insurance numbers etc.? I can't. I can't even imagine that such an ID is even useful - if I give you my NI number, would you be able to tell me where I'm living? Not with certainty. I don't inform ANYONE at NI when I move house, unlike DVLA, etc. Do I have to login to some portal and provide NI to actually do anything? Not really.

        The closest we have to actual ID is the government gateway (which used to issue individual client certificates but is now just username/password). That lets me renew driving licence, passport (even change the photo), file tax returns, etc. so it's pretty central and integrated. But we don't use that for anything like that - the closest is when you have to get one of those codes from it where the DVLA certify who you are so that you can hire a car.

        And I think we're now scrapping GG, aren't we? I know there's been talk of it. The ID card debacle basically put the nail in the coffin of central integrated services.

        1. Anonymous Coward Silver badge

          Re: They know, you know

          [puts hand up]

          Yes, I could instantly supply my NI number.

          Whether I would proffer that information is another matter.

      2. Anonymous Coward
        Anonymous Coward

        Re: They know, you know

        "Is there actually a "central" number in the UK? I can think of NHS, NI, passport and DVLA* but can't think of a "central" one."

        Yes there is. It's used as your index on the big database that doesn't exist, with all the data intercepts that aren't happening. If you've got any official number from any of the five eyes, you're in it.

    2. Anonymous Coward
      Anonymous Coward

      Re: They know, you know

      All the information they know, is on different systems... PNC holds data of people charged with a crime, PND holds intelligence. Custody will hold something else.

      The officer ends up looking though all of them to build the picture. NLEDS is suppose to put all of this in one place to search...

  10. smudge

    I don't believe it

    These records are structured around a person’s contacts with the police...

    However deletion from the PND will not lead to an automatic deletion from the local police system as there is no link back from PND to local systems.

    It's not clear whether "these records" refers to the local records or the PND records.

    However, there must be some structure and context around PND records. There must be identification of who the images are of, and probably why they are there, when they were created, and where they came from. Otherwise it's just a jumble of unlabelled images.

    So there must be a link back - albeit an inefficient one - to local systems.

  11. Anonymous Coward
    Flame

    Yet..

    ....they have the money to slurp and store data, be it voice, photo or video from every single person in the UK.

    1. Killfalcon Silver badge

      Re: Yet..

      Different department - that one deals with scary terrorist people, who are currently hiding behind you being all terror-y, and they need to check your phone's cameras to keep you safe.

      The one that doesn't have the money to delete all this well buried stuff (or indeed afford to have done it properly in the first place) is the one that's had it's budget's cut repeatedly and expected to pick up for a wide-scale collapse in funding for social services (particularly around mental health). They also, perhaps obviously, lack the technical capabilities to slurp all of the things.

      It's a matter of priorities. The health and security of the nation's communities lose out to being able to bomb approximately the right terrorist's neighbourhood.

  12. Anonymous Coward
    Anonymous Coward

    This really is tosh

    Just delete all of the old ones from the local forces database. Job done.

    One command. I'll do it for less than a million pounds.

  13. Anonymous Coward
    Anonymous Coward

    Reads like a classic example of strategic incompetence.

    It works for them and they can use their own incompetence as an excuse to keep it.

  14. Dr_N
    FAIL

    Yet another example

    ... of why uk.gov will never "take back control" of anything.

    Incompetent buffoons.

  15. Martin Milan

    Database of hashes of deleted photos on PND, local forces obliged to check every x number of days and remove any photos on their own database with matching hash.

    I'll waive my consultancy fee in the spirit of public service...

  16. Doctor Syntax Silver badge

    If you can't afford to run the operation properly - and that means in accordance with the law - then don't do it at all.

    Maybe in a few weeks time we'll see Privacy International starting private prosecutions against Chief Constables under the appropriate section of the new DPA (191 IIRC).

  17. codejunky Silver badge

    About time

    Law makers realising that laws are a cost and complying with increasing regulation increases costs.

  18. teebie

    How an effective government would deal with this

    "There's no way to isolate images for unconvicted people"

    "In March next year we will pass a law requiring you to delete all images that can't be shown to be for people who were convicted"

    "We have now found a way to isolate images for unconvicted people"

  19. Anonymous Coward
    Anonymous Coward

    Unlike the government’s DNA and fingerprint databases, where data on unconvicted people is automatically deleted,

    Are you sure about that? I seem to remember a large number of complaints about the police NOT doing that because it was too hard, just like their ANPR database of pictures.

  20. mark l 2 Silver badge

    Why are images being stored locally by different forces as well as stored in the PNC?

    Once the data is upload to the PNC it shouldn't be stored locally, as surely there is a chance that the info stored locally could be out of date compared to whats on the PNC.

    Each force should upload all their current photos to the PNC and then erase everything held locally so they can then do a simple purge on the PNC to delete photos of innocent people.

    1. Anonymous Coward
      Anonymous Coward

      PNC

      PNC doesnt hold images - in house techs proved it could, but management decided to go with another solution - provided my external companies...

  21. fredj

    So, Google manages to photograph everything that has ever been printed of any use and OCR'd and indexed all of it along with photo recognition in just a few years and our plod can not do whatever for asmall number of photos for a small country.

    I have heard from a reliable source that just turning on a windows computer at plod base can take over an hour. This makes report filing and so on a very time intensive task and economically not worth the bother. 'ugger the public.

    I am sure things are getting better, yes that must be true of course?

  22. LeahroyNake

    GDPR

    Quote from the ICO guidelines.

    Implementing the GDPR could have significant resource implications,

    especially for larger and more complex organisations. You may find

    compliance difficult if you leave your preparations until the last minute.

    I don't believe that complex is an excuse ?

  23. Anonymous Coward
    Anonymous Coward

    This pretend incompetence isn't real

    So Senior Plod (and their Home Office serfs) make claims to be incompetent or lacking in a necessary facility or something. Eyewash!

    Senior Plod does exactly what Senior Plod wants to do. No more, no less.

    Any "problems" that Senior Plod has with doing what we think the Plod Department ought to be doing are because Senior Plod doesn't want to do it. Senior Plod is not our friend, and has his own agenda.

  24. handleoclast

    Ummm

    I'm puzzled (as usual).

    They have a whizz-bang facial recognition system. How hard can it be to let it romp through the various databases flagging up possible matches for Fred Bloggs, 27 Green Street, Auchtermuchtie so that some plod can say "Aye, that's him" and delete the image?

    1. tfewster
      Facepalm

      Re: Ummm

      They can afford new computer systems that break the law. But they can't afford a simple* fix to their existing systems that break the law.

      * Other commentards have already made the suggestions that sprang to my mind. Add in a bit of testing and release management, and I can imagine the costs rising to a few K.

  25. ecofeco Silver badge

    LAN party?

    Funny how some kids who like games can make a LAN party work in a few hours, but the adults with millions of resources, can't see to find their arse.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like