After unlawfully hoarding millions of mugshots of one-time suspects, police chiefs in England and Wales were this week told to delete the snaps – but only if people in the photos complain. And even then, requests can be easily waved away.

This is all set out in the UK Home Office's "Review of the Use and Retention of Custody Images" [PDF], which was published on Friday. That review was launched in 2015 and discovered that police had amassed more than 19 million mugshot photos.

That's rather unfortunate because the High Court in London had ruled this practice of keeping pictures of presumed innocent people on file unlawful in 2012.

Essentially, detectives were stashing away photos of people arrested, quizzed and ultimately not convicted of any crime, just in case. The review sought to set in place rules for police forces in England and Wales maintaining libraries of photos following that High Court showdown. Whereas there are regulations on the storage of DNA evidence and fingerprints, there are little or no controls on photographs.

That High Court judgment, in R (RMC and FJ) v MPS, recognised that mugshots of people taken into custody were useful to officers: for example, frontline coppers can use them to clock known suspects and people out on bail. Crucially, the court called for an urgent review on police retaining the images. Lord Justice Richards said: “It should be clear in the circumstances that a ‘reasonable further period’ for revising the policy is to be measured in months, not years.”

Five years later and the UK government has finally officially offered some guidance to police forces in Blighty.

Astonishingly, the Home Office stopped short of demanding the deletion of all images of innocent people no longer under investigation because, apparently, there are so many photos on file, it would be impractical to ask officers to go through all their databases and remove photographs of individuals who have never been convicted of an offence.

Instead, if your mug is still on file, and you haven't been found guilty of anything, you can ask nicely to be removed. If investigators think they need to keep your snap "for a policing purpose", your request can be denied.

And if you have been convicted, or released from prison more than six years ago, you can ask the plod to delete your mugshots, the review suggested, although, again, it's completely up to the police to fulfil your request.

“Following consultation with key partners, the principal recommendation [of the review] is to allow ‘unconvicted persons’ to apply for deletion of their custody image, with a presumption that this will be deleted unless retention is necessary for a policing purpose and there is an exceptional reason to retain it,” said Home Secretary Amber Rudd on publication of the review.

Big Brother Watch’s Renate Samson responded: “The opportunity for people to have their custody photo deleted from the database is welcome, [but] we believe they shouldn’t have to ask, it should be an automatic process. The explanation as to why this can’t be done reveals a poorly designed IT system which is impacting innocent people’s right to privacy. Going forward, a system should be created whereby those who are found to be innocent have their images deleted automatically, as is the case with DNA and fingerprints.”

Meanwhile, Biometrics Commissioner Professor Paul Wiles said of the Home Office's recommendation that people can ask to be removed: “This limited application process does add a degree of proportionality, but whether this would be enough in the face of any future [legal] challenge may depend on how many presumed innocent people apply successfully to have their images deleted before the minimum six-year review period.”

He continued: "The review leaves the governance and decision making of this new process entirely in the hands of the police, but future public confidence might require a greater degree of independent oversight, transparency and assurance than is proposed."

Extensive

Police forces hoarding archives of photos is even more troubling when you consider the plod's dalliances with automated facial recognition (AFR) technology. Of those 19 million custody images held in the UK, 16.6 million are held within the Police National Database’s facial recognition gallery. According to the UK's previous Biometrics Commissioner, “hundreds of thousands” of these images belong to “individuals who have never been charged with, let alone convicted of, an offence.” And yet their faces are being stored in a system designed, in theory, to pick them out of crowds and potentially link them to wrongdoing.

The Register has reported at length on officers using AFR in the UK, including two public trials of real-time recognition systems, which snapped away at Download Festival in 2015 and the Notting Hill Carnival in 2016 – and both of which failed to detect any criminals.

In his annual report for 2015 as the then-Biometrics Commissioner, Alastair MacGregor QC wrote that “a searchable police database of facial images arguably represents a much greater threat to individual privacy than searchable databases of DNA profiles or fingerprints." He noted that "this new database is subject to none of the governance controls or other protections which apply as regards the DNA and fingerprint databases by virtue of [the Protection of Freedoms Act 2012]” ... and “has been put into operation without public or Parliamentary consultation or debate.”

On Friday, Big Brother Watch’s Samson said: “Whilst [this week's] review addresses custody photos, it makes no recommendations regarding the revelation that three police forces are using facial recognition systems to create biometric records of people’s faces. We trust that the government’s other long-overdue strategy into biometrics will deal with this when it is eventually published.”

Last year, the Home Office was warned that its delays in addressing police use of AFR technology with innocents’ custody photographs risked inviting a legal challenge. A month following this warning, The Register revealed that the department had been seeking secret out-of-court settlements with claimants who had alleged that police had unlawfully retained their biometric information.

This week's lightweight guidance now occupies what was a vacuum of legislation regulating the police use of AFR, with the promised Biometrics Strategy now four years late. The Register understands that this strategy has been completed but not yet published, as it was considered to be completed to an unsatisfactory standard, with the Home Office consistently informing us that it would be released “in due course” every time we have enquired over the past two years.

This has not stalled development of the Home Office’s £640m (US$797m) Biometrics Programme, which “will provide a single platform across the Home Office and wider government for biometrics, focusing on fingerprints, DNA and facial recognition services.” According to the eighth annual report of the DNA Ethics Group [PDF], the Home Office has continued to work on its Biometrics Programme and Biometrics Strategy throughout 2016.

Home Office data regarding its major projects portfolio from September 2015 stressed the need of the Biometrics Strategy, explaining that “mechanisms will be required to ensure that the ethical and legal issues are considered in relation to the storage of the data and the strategy will set out clear regulatory regimens to ensure the legal and ethical legitimacy of data sharing and linkage.”

Finally, this week's custody image review made one other recommendation: “Future local or national IT systems, that will be used for the storage of images, should be designed to integrate relevant data – including court and CPS data – to facilitate a more efficient method of search, retrieval and deletion of images and aim to link and integrate intelligence, crime and prosecution data (subject to relevant legal considerations), and that this should be regularly reviewed. This will help facilitate a more efficient method of search, retrieval and deletion of images.” ®