Good morning and thank you to Security Twenty 15 and Professional Security Magazine for inviting me here today to speak to you.
As you will know one of my responsibilities is encouraging compliance with the Surveillance Camera Code of Practice – it was launched by the Home Office just over two years ago in June 2013.
I’m also required to offer advice on the code and review its impact. It’s the last of these I want to focus on in my speech to you today – I want to look at some of the challenges facing us.
Later this year I will be presenting a review on the operation of the code to the Home Secretary – I’m working on it at the moment. I’ve recently conducted a survey which some of you may have completed, I have round table events planned and I’ll be holding one to one interviews too. I want to get a rich range of views to inform my thinking so I can make credible, evidence based recommendations to Ministers.
Surveillance is an ever increasingly hot topic – every day there is something in the media related to it. Over the last five to ten years we’ve seen an interest in surveillance from civil liberty groups, politicians and the media as well as members of the public.
We’ve seen the fall out from Snowden, the concerns about the data Google capture when we use their search engine and the Smart TVs that record everything in its owner’s home.
Surveillance is at the forefront of a lot of people’s minds – that includes CCTV – and the UK has installed between four and six million cameras depending on which research you read.
I recently heard a stat that astounded me. In an urban area in the UK you are likely to be captured by about 30 surveillance camera systems as you go about your daily business – not cameras, systems! If you want to know that’s probably around 300 cameras!
You’ll also know that most cameras operated in England and Wales do not fall under the auspices of the code – relevant authorities such as police forces and Local Authorities must pay due regard to the code, for everyone else adoption is voluntary.
That means only around five per cent of cameras fall under the code.
Local Authorities are still in the midst of austerity – the need to make savings is a key issue for all of them. In this financial year alone (2015-16) councils in the UK will have to find £2.6 billion of savings – a mind-boggling figure!
Local Authorities have told me time and again the challenges they face, that we’re still in an economy where savings must be made in nearly every aspect of the services provided to the public. Public space CCTV in the UK is not a statutory function that Local Authorities must provide. I am now beginning to see evidence that councils are looking at reducing or already have reduced their CCTV provision.
I’ve seen councils in large towns like Blackpool and Derby stop monitoring their systems twenty-four seven. My understanding is that this is not as the result of a review or public consultation but simply to save money.
I am also concerned about the level of knowledge that Local Authorities have about the totality of public space surveillance cameras controlled by their organisation. And if they are all code compliant – remember that is a legal requirement.
I am sure that most town centre public space CCTV is in line with the code or fairly close. But I recently asked a large city centre council to do a survey of all public space surveillance cameras within it. What has come back is quite shocking but not unexpected.
Outside of the domain of the CCTV manager cameras are being used by traffic management, waste management, housing and environmental services.
It would not surprise me if this kind of thing is happening in Local Authorities across the UK – breaches of the code that they have a legal requirement to pay due regard to.
No privacy impact assessments, no regular reviews and no familiarity of the code at all!
So, there is still a huge challenge to get all parts of Local Authorities code compliant but it’s one that I’m determined to overcome. I will continue to offer advice on how to comply with the code and where necessary meet minimum standards.
As I mentioned earlier only relevant authorities must ‘pay due regard’ to the code – which accounts for five percent of cameras. This was one area of fervent debate when the Government consulted on the code in 2013 – Government opted for an incremental self-regulated approach.
But what about all the other places that the public have access – Universities, Football Stadiums and shopping malls but to name a few. All places that a member of the public would probably consider as public space.
When someone walks form a street monitored by Local Authority CCTV in to a shopping mall monitored by a private company do they consider themselves in a public space – I would hazard a guess that they do. So, why must one organisation comply with the code whereas it’s voluntary for the other?
Should any organisation operating CCTV that monitors public space have to comply with the code? Would they have to do much more than they are already doing such as comply with the data protection act.
What do people believe a public authority to be – should it include residential social landlords who’ve taken over housing departments of councils? Should it include large travel operators like Transport for London? Should it include any organisation that provides a public service and receives funding from Government? Currently it doesn’t – organisations like these own and operate tens of thousands of cameras.
Elsewhere, advancing technology provides us with numerous opportunities as it does challenges. From Body Worn Video to drones and facial recognition – technological developments are moving at the speed of light!
I’m certainly not a Luddite and believe we should embrace what technology has to offer but this can not be at the expense of our civil liberties – there is a balance to be struck.
And as technology advances much of our legacy systems lag behind unable to support what is emerging. This is particularly true of Local Authorities – many CCTV systems are not of a high enough specification to support facial recognition or algorithms that can predict behaviour. So, whilst the technology is there a question remains whether it can be successfully used – more in facial recognition in a moment.
We’ve seen the use of Body Worn Video increase significantly over the past 12 months. Most police forces have rolled it out or are at least trialling the kit.
I’m fairly satisfied that majority of forces are complying with the Code or moving towards compliance.
I’m less convinced that organisations outside of the police are using body worn video with the same rigorous oversight. I’m talking about door supervisors at night clubs, traffic enforcement officers and environmental officers – there are others too.
You have kit that can be picked up off a shelf for peanuts and be up and running in hours. Will your postman wear one to capture your dog barking at him? Will the local corner shop owner have one to pre-empt any robbery or theft?
- are these people receiving the correct training that the police are?
- are there policies in place to ensure the data is secure?
- are there policies to ensure only the authorised people can view what’s been recorded?
Here, I’m positive that there probably aren’t in all cases, so there is work to do here.
As technology advances my concern is around the public’s knowledge of what the technology is and how it is used. The public must be made aware of how advancements in technology can alter the way they are monitored. There needs to be consultation and debate on matters that can severely impact on an individual’s right to privacy.
Because there is a key issue that I need to reconcile and that is the extent to which the public know they are being monitored and the factors that affect that.
Are they aware of what technology can or can’t do. On one hand you have TV programmes like 24 or NCIS depicting a surveillance camera system that can pick out the time on someone’s watch from a million miles away. When in reality lots of CCTV systems are fairly old and will give you a grainy image at best if they’re not HD.
On the other hand you have the advent of facial recognition technology. You may have seen the media stories a few weeks ago about its use at the Download music festival by the Leicestershire police force. When it should have been Slipknot, Muse or Kiss picking up the headlines for their head-banging (I’m told these are heavy metal acts that performed at the festival) it was facial recognition.
A key concern was that it was being used without the public’s knowledge causing an outcry from civil liberties groups – quite rightly I think.
Meanwhile, we’ve also seen it reported that senior police officers have said that CCTV cameras should be placed lower down – at face level – so the new facial recognition technology can be used as effectively as possible.
Again, how well sighted is the average person on the street on these developments? Currently CCTV is perched up high looking down away from an individual’s line of sight. But how would they feel if it was at head height – literally in their face. And how would they feel if they knew the camera set up to protect them was now a device that captured their image which was then put into a database and compared to millions images to see if they are a potential threat. Is that protecting them? Is that keeping them safe?
We’re also seeing an increase in cameras being used for more than one purpose. So, the camera that people thought was there for public safety is now being used for traffic management fifty percent of the time. If this dual use was made more transparent amongst communities would they be happy with this? Or would they be worried that the camera that they understood was keeping their community safe was actually only doing that half of the time.
And whilst I’m on traffic management it’s worth briefly mentioning ANPR. In the UK ANPR is everywhere – it’s hardwired into our daily lives. The police use it for counter terrorism and serious organised crime – it’s an essential tool in combating both of these.
More recently ANPR is being used to monitor if road tax has been paid on vehicles. The cameras read licence plates and if the vehicle is not registered as having paid road tax or it’s lapsed a fine will be issued – I have no problem with this.
The ANPR system in the UK captures around 27 million images each day – a huge number. Surveillance on a massive scale. However, whilst there is some transparency on the number of images captured – which is generally number plates the total number of ANPR cameras remains a mystery. I can understand why the police would not want to reveal the location of cameras as this could influence how organised criminals use the road network. But I see no downside to saying how many cameras there are – it’s keeping the public in the dark.
So, across the surveillance camera landscape there is certainly a level of ‘public blindness’. If their eyes were opened to some of the issues I’ve mentioned – facial recognition, cuts to services and ANPR – would the support for surveillance cameras fade? Perhaps it might.
Individuals must be given the full picture so they can make an informed decision around their support for CCTV. If these uses are revealed in sensationalist media articles or through people like Snowden rather than through serious consultation with communities it will only damage the image of surveillance and the good it can do as opposed to the bad.
Standards are another challenging area and I have a Standards Board dedicated to looking at issues surrounding standards.
The standards framework is horribly complex how do you know which standards are relevant? Well, I have published a list of relevant standards on my website. It sets out in plain English what each standard is and links through to the standards on BSI site should you wish to buy them.
And they also cost money. I’m told that if you wanted to pay for all the possible standards you could have in relation to a CCTV control room it would cost £1,402.00 (or £701.00 if the organisation is a member of the BSI). That is not to say that every standard needs to be purchased. I don’t think that is an extortionate amount for an organisation that’s serious about running an effective CCTV system.
Obviously there is also the requirement of time and staff resource to facilitate the visit to check you’re meeting the standard.
And I’m not in the camp that thinks CCTV managers must know the detail of every standard and a number may not be relevant depending on your set up.
I was speaking to a public space CCTV manager a few weeks ago who said to me that there was no way he would be able to or need to know the details of all possible relevant standards. He needs an overview of the standards and be able to put trust in others that they are being met.
Although, take-up of British Standards is low – certification bodies such as the NSI tell me that only around 20 organisations are certified to BS7958. A miniscule amount!
But why is this?
Some of you may be aware that the BSI held some workshops at the end of last year looking at the standards framework and what can be done to simplify it – you may have attended one?
The report that followed the workshop highlighted a number of recommendations to take forward – it pointed to confusion, information in numerous places and lack of awareness of the standards and guidance available. To meet several of these, a further project has been agreed, to help with delivering the aim of a national framework of information for CCTV.
A key aim is to help develop more specific guidance and create an information hub, whilst also helping to clarify, harmonise and simplify existing guidance.
This is a little way off but I hope once developed will help demystify the standards framework.
Sanction and inspection
But what if people are failing to meet standards or failing to comply with the Surveillance Camera Code of Practice?
One thing that has been levelled at the code and my role is that it lacks teeth. This is a fair comment I think. I don’t have any powers of sanction or inspection. So if a relevant authority is not paying due regard to the code of practice there is not much I can do.
The government is committed to light touch regulation and minimal red tape for business – this is understandable. But I don’t think that ‘light touch’ regulation should be confused with doing nothing if organisations don’t comply with rules or regulations.
Should I have a stick to beat people with if those who are meant to comply fail to do so? How big should it be? What should it look like? I was once told embarrassment is a very powerful tool, if not the most – would a list of non-compliant organisation published for all to see suffice rather than a financial penalty?
Conclusion – Review
I said when I started speaking that one of my objectives is to review the operation of the code and report back to the Home Secretary. How is it working? Is it working? What works well and what needs to change?
I’m reporting back this autumn.
But more than that I want to explore the regulatory landscape that CCTV occupies so I can provide some real recommendations to ministers that will make it better and improve it.
By improve it I mean improve it for all – installers and manufacturers, operators and managers as well as the police as end users and members of the public.
I’ve outlined some of the issues that I think the industry is facing which are also areas my review is focussing in on. By placing a lens on these issues I hope to be able to provide recommendations and solutions that will benefit us all.