The important question, only important question IMHO, is how they handle positives. Do they go all guns blazing and arrest the person on the spot? Or do they use a restrained approach and first nicely ask the person if they have any ID, etc? That's the important bit.
What if your child falls victim to a false identification, and then given that children are far less likely to have some form of ID on them than adults, they're stuck for much longer?
Do you trust the British police to take good care of your child? Or will they strip-search her and threaten her with arrest like they did with the then-15-year-old Child Q because they decided that she "smelled of weed"?
Do you really want more unnecessary interactions with the police for yourself or those you care about when your "suspicious behaviour" was having an algorithm judge that your face looked like someone else's?
Investigatory Powers Act 2016 literally nicknamed Snoopers' Charter. Means ISPs keep all your traffic for minimum a year, police are given access to it, but politicians are exempt and need a warrant to have their data viewed?!?!?
UK police have been rolling out Live Facial Recognition in London and Wales for the last few years. Seven new regions are being added. 10 new vans coming in.
Supermarkets are using facial recognition to keep a database of people they deem criminals.
UK tried to make Apple put in a backdoor to its encrypted storage. Apple removed the ability for UK citizens to use that feature.
Online Safety Act forced online services to implement age verification for "adult" content. Many niche forums closed down because they would face large fines and jail time if they didn't comply. Larger businesses offloaded this requirement onto third party companies so now if you want to see "adult" content online you need to share your face or bank details or government ID with a random third party likely from a different country.
None of the major political parties care about digital rights and in fact want MORE surveillance.
This is nothing new. It is all about what is reasonable in the circumstances.
This is because most of the public don't care about those rights either, and are entirely happy with surveillance. You've got nothing to hide right? If you don't the government to know what you're looking at its probably because you're a paedo, or maybe a terrorist. Maybe even both.
Its not the government who need to be convinced on this, it's the general public, and currently there's not really anyone out there explaining how you can't have a backdoor that only the government and good guys will be able to use.
The Met have already lied about the scale of false positives[0] by nearly 1000x, and it's not obvious how much better it will get. With the current tech, this rate will get worse as more faces are being looked for. If it's only looking for (I'm guessing) a thousand high-risk targets now and the rate is 1/40, as more and more faces get searched for this problem gets exponentially worse as the risk of feature collisions rise.
Of course, it'll also disproportionately affect ethnic groups who are more represented in this database too, making life for honest members of those groups more difficult than it already is.
The scale is what makes it different. The lack of accountability for the tech and the false confidence it gives police is what makes it different.
[0]: Met's claim was 1/33,000 false positives, actual 1/40 according to this article from last year https://www.bbc.com/news/technology-69055945
In the eyes of the law you will be innocent but you'll still be treated like a criminal.
The same could accidentally happen for a minor offence too.
West Yorkshire, West Mids, The Met and Great Manchester Police have all made admin "mistakes"[1] where they failed to delete DNA evidence since the Protection of Freedoms Act 2012 came into force.
No one has been sanctioned or fined for those mistakes.
You might not think being on that list matters but during the good ol' days of the 1980s innocent trades union activists were placed on a secret list by the Met's Special Branch and that list passed potential empoyers to bar them from getting jobs.
Again, no one punished for that and if it's happend once it can happen again.
See the Scott Inquiry for details.
1. These scare quotes are because I don't beleive this always happens through incompetence. I'm not saying it's always the case but some of the time the police are just ignoring the rules because the rules have no teeth.
The article does not claim this:
"The Metropolitan Police say that around one in every 33,000 people who walk by its cameras is misidentified.
But the error count is much higher once someone is actually flagged. One in 40 alerts so far this year has been a false positive"
These are 2 different metrics that measure 2 different things and so they are both correct at the same time. But I must say I am not clear what each exactly means.
Match quality below 0.64 is automatically discarded >0.7 is considered reliable enough for an enquiry to be made.
So far ~1,035 arrests since last year resulting in 773 charges or cautions, which is pretty good when you consider that a 'trained' police officer's odds of correctly picking a stop and search candidate are 1 in 9.
In the UK you don't have to provide ID when asked, appropriate checks are made on arrest, and if you lied you get re-arrested for fraud.
The system has proved adept at monitoring sex offenders breaching their licence conditions - one man was caught with a 6-year-old when he was banned from being anywhere near children.
Before anyone waxes lyrical about the surveillance state and the number of CCTV cameras, me and the guy who stabbed me were caught on 40 cameras, and not a single one could ID either of us.
> "In the UK you don't have to provide ID when asked"
Well if you are suspected of a crime they can arrest you if you refuse to identify yourself. I 'suspect' that being flagged by this system counts as such if you match someone who is wanted or similar.
Apple made the change to advanced security in advance of the bill being finalised, now the government has gone in another direction.
All the online safety act does is implement online the law as it stands IRL. British folk have been using the same ID verification systems to validate identity for nightclub admission, passport applications, driving licence applications, benefits claims, state pension claims, disclosure and barring checks, tax filings, mortgage deeds, security clearances, job applications, and court filings since 2016.
All the reaction is just pearl clutching - 5 million checks a day are being performed, the law itself is wildly popular with 70% support amongst adults after implementation.
There are three levels of checks - IAL1 (self-asserted, low confidence), IAL2 (remote or physical proof of identity), and IAL3 (rigorous proof with biometric and physical presence requirements).
IPA 2016 affords police access to your domain history, not content history, provided police can obtain a warrant from a senior High Court Judge. The box which stores the data is at ISP level and is easily circumvented with a VPN, or simply not using your ISP's DNS servers.
IPA 2016 doesn't exempt politicians from surveillance. It includes specific provisions for heightened safeguards when intercepting their communications. The Act establishes a "triple-lock" system for warrants targeting members of a relevant legislature, requiring approval from the Secretary of State, a Judicial Commissioner, and the Prime Minister. This heightened scrutiny is in recognition of the sensitivity involved in surveilling politicians, particularly given the surveillance of Northern Irish politicians and others in the 1950s, 60s, 70s, and 80s.
Part III of the Regulation of Investigatory Powers Act 2000 (in force 1 October 2007), and Schedule 7 of the Terrorism Act 2000 provides powers over encryption keys/passwords etc. Section 49, RIPA can be used to force decryption, Section 51 to supply keys or passwords. These are identical to powers the police have IRL over safes, deposit boxes etcetera, and the penalty for non-compliance is identical.
You cannot use encryption or passwords to evade legal searches with a scope determined by a court on the basis of evidence of probable cause shown to the court by the entity requesting the search. A warrant from the High Court is required for each use.
Notable cases:-
- Blue chip hacking scandal - corrupt private investigators were illegally obtaining private information on behalf of blue chip companies.
- Phone hacking scandal - corrupt private investigators were illegally hacking voice mail on behalf of newspapers.
- Founder of an ISP using his position to illegally intercept communications and use them for blackmail.
If the police have probable cause to suspect you've committed an actual crime, then you have to ID yourself, you are entitled to know what crime you are suspected of. Yes, facial recognition does count, but it has to be a high confidence match >0.7, verified by a police officer personally, after the match is made, and verified again on arrest.
If you are suspected of Anti-Social Behaviour then you have to ID (Section 50 of the Police Reform Act)
If you are arrested, then you have to provide your name and address (Police and Criminal Evidence Act 2000).
If you are driving, you have to ID (Section 164 of the Road Traffic Act).
Providing false information or documents is a separate criminal offence.
Essentially, police can't just rock up, demand ID, and ask questions without a compelling reason.
> If the police have probable cause to suspect you've committed an actual crime, then you have to ID yourself, you are entitled to know what crime you are suspected of
It's always been my impression that this kind of ambiguous phrasing combined with the power imbalance gives the public absolutely no protection whatsoever. Let's say you don't want to provide ID: the copper could come up with some vague excuse for why they stopped you / want your ID. Good luck arguing with that
In which case, their sergeant will tear them a new one, right after the custody sergeant has finished tearing their own hole because the careers of both of those people rely on supervising their coppers and supervising their arrests. If the custody sergeant has to release someone because the copper can't account for themselves, that is a very serious matter. The sergeant's can smell a bad arrest a mile away.
The copper has to stand up in a court of law, having sworn an oath, and testify on the reasonable suspicion or probable cause they had. If they are even suspected of lying, that's a gross misconduct in a public office investigation.
Assuming they weren't fired over that, any promotion hopes are gone, any possibility of involvement in major cases or crime squads, hope of a firearms ticket, advanced driving, or even overtime are gone. Their fellow officers will never trust them to make an arrest again.
It's not consequence free, I'm not saying it doesn't happen, or that some officers rely on you not knowing your rights, but it is a serious matter.
On arrest, you're required to provide your name and address, not proof. For the absolute majority of UK adults, it takes exactly 2 minutes to verify that data against public records - passport, driving licence, council tax, voter registration.
Lying in that situation is a separate criminal offence all of its own.
>satisfy some shit algorithm that misidentified you as some known threat
Matches with a confidence rating of <0.64 are automatically deleted >0.7 is considered reliable enough to present to a human operator, and before any action is taken a serving police officer must verify the match, and upon arrest verify the match against the human.
>What if your child falls victim to a false identification
The age of criminal responsibility is 10, and absent any personal identification parental identification is the standard everywhere.
>15-year-old Child Q
The good old slippery slope fallacy. Both the officers who strip searched that child were fired for gross misconduct. North of 50,000 children are arrested each year and this happened once.
>Do you really want more unnecessary interactions with the police for yourself or those you care about when your "suspicious behaviour" was having an algorithm judge that your face looked like someone else's?
Thing is 12 months on, 1035 arrests, over 700 charges, and that hasn't happened because the point of testing the scheme thoroughly was to stop that from happening.
What proof do you have that it doesn't work.
No, they are not.
> Our research indicates that over 100,000 online services are likely to be in scope of the Online Safety Act – from the largest social media platforms to the smallest community forum. We know that new regulation can create uncertainty – particularly for small organisations that may be run on a part time or voluntary basis.
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c...
Ah right, just a couple of forms how bad can it possi...
> Step 1: identify the 17 kinds of priority illegal content that need to be separately assessed
lol.
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c...
If you happen to be running the UK panty wetters forum from your own server, then you have a problem, but grandma Jessie's knitting circle is explicitly not in scope.
YOUR link goes on to say
>the more onerous requirements will fall upon the largest services with the highest reach and/or those services that are particularly high risk.
Even if your forum falls in scope, you're only required to do a risk assessment, if at that stage you are likely to have a lot of underage users, then there might be an issue.
However, if you're not an adult site, you only need to comply by providing the lowest level of self certified check. Handily, most of the big forum software providers have already implemented this and offer a free service integration.
Storm meet teacup.
If you're a site with lots of child users, or if your site holds pornography.
I do love it when people lie and then try to get sassy when called out.
> Even if your forum falls in scope, you're only required to do a risk assessment, if at that stage you are likely to have a lot of underage users, then there might be an issue.
I also like it when people who accuse others of not reading prove themselves incapable of reading - as pointed out below, what I linked is required regardless of the assumed age of your userbase.
Regarding age verification, the OSA is explicit states that if you ban all such content in your T&Cs you do NOT need to have age verification.
[1] https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c...
You won't mind getting rid of it, then.