Welcome to a series of interviews we are doing with key people across a range of sectors that use with video as part of their organisations.
In this first interview I spoke to Derek Maltby, Managing Director of Global MSC Security. They work with a range of security organisations both in the public and private sectors delivering independent advice on security technology. The theme of this interview is on the topic of Ethics in surveillance, a subject close to our work at Col8.
What is Global MSC and a bit on your background?
Formed in 1999 as MSC Security Consultancy and through a series of mergers over the years renamed to Global MSC security we deliver independent advice and knowledge on security technology, deployment, funding and audits. As a trusted partner of many public bodies like Traffic Wales, Exeter & Bristol City, Thames Valley and Dyfed Powys Police and even insurance companies like DAS and The Prudential.
I am a former police sergeant in the Avon & Somerset Constabulary before moving in helping organisations manage their security more effectively getting my first bid break working on behalf of Bristol City Council to obtain over £300k worth of funding for the first public space CCTV system in the shopping area of Broadmead in conjunction with the newly opened Galleries shopping centre.
In this year's edition of Global MSC Security’s annual event taking place in November the theme is the ethical use of surveillance technologies. Why that theme and what does it mean?
There is much debate on the use of facial recognition technology in the use of CCTV / Video Surveillance Systems (VSS) and with GDPR, there is concern that the use of such devices is breaching the human rights of people going about their daily lives. This concept is being challenged through the courts by civil liberties groups who are taking on the Met and South Wales Police over their use of such systems. Now that the genie ‘is out of the bottle’, it will be up to regulators to make sure that it is used correctly with any central guidance and in compliance of any legislation that may need to be applied; such as the Data Protection Act. The public and local authorities are in need of guidance from the Home Office about how such technology can be used; this extends beyond VSS and could include tracking devices and eavesdropping systems.
Who guides the current ethical framework at the moment for surveillance systems?
To my knowledge there is no ethical guidance being handed down; just legislation and best practice from the Information and Surveillance Camera Commissioners. There are no references to the word of ‘ethics’ by either of these Commissioner’s Code of Practice which suggest it has only been on the radar with CCTV in recent years and coming to the fore with the introduction of invasive technology that the public and civil liberties groups may not be comfortable with.
Are there any organisations at the moment you think are leading the way with the ethical use of surveillance technologies?
Not really… "2,000 positive matches reached with our ‘Identify’ facial recognition technology in past 9 months with over 450 arrests” South Wales Police web page. A quick search of this web site about ethics and there is nothing to do with the use of surveillance technology. I am not aware of any guidance or research in this subject to local authorities.
How much accountability and transparency do you think organisations such as councils should have when it comes to how they use data like CCTV?
Councils generally don’t ‘use' the data as they are not the prosecuting authority; It needs to be handled in compliance with the local Code of Practice and any MoU that may be in place about data sharing protocols and who is ultimately the Data Controller once the data has changed hands. If the councils don’t comply with their CoP then they may be in breach of the Data Protection Act. We are aware of authorities who don’t display signage in accordance with these rules but no enforcement acton is taken because this is low level breaches and nobody is harmed. It makes a mockery of the whole thing when government bodies don’t comply with the law.
Audits of systems would help ensure accountability and transparency but that comes at a cost when there is still austerity. It’s amazing how we can be less compliant when there is no money!
With the advent of the General Data Protection Regulations (GDPR) in 2018 this introduced more rights of the public to their data. Has this had a big impact in your industry?
Local authorities were ‘frightened’ about GDPR and the large fines that ‘compliance’ companies used to scare organisations into spending money with them to ensure this didn’t happen. Things have now quietened down and although we were employed to flag up DPA breaches in CCTV systems irrespective of GDPR, to my knowledge companies are reluctant to act on the advice due to the cost!
When Subject Access Requests to view CCTV evidence is concerned, some owners/operators may just say the camera was facing the 'wrong way' and there is no relevant data recorded. It is possible the public may be seriously misled and a more robust system of audits of public CCTV is required.
By working with the ICO we have confirmed that video of people is deemed personal data so covered by GDPR, how do you think that will affect organisations collecting video data?
Unfortunately organisations will probably continue to ignore the advice and there is no one to check on their systems to make them comply; this will continue until there is a high profile court case (which in the last week or so we have seen great press on large fines)!