‘Security or Surveillance?’: Facewatch and The Conservatives

Norpell Wilberforce examines the Conservatives’ smokescreen of shoplifting to roll out unregulated facial surveillance technology.

The current panic around shoplifting isn’t hard to see. Even in Cambridge, one of England’s wealthiest cities, supermarkets have replaced the skinny lad on the door with a hulking unsmiling security guard. There are some genuine reasons behind the panic. In the last year, theft from stores has risen by 19% across the UK and by 27% in the ten biggest cities. Retailers have lost around £1.3bn this year from shoplifting, though their claims that shoplifting has reached record levels are false – shoplifting rates still remain significantly below the highs of 2018 and 2019. Yet media coverage around shoplifting has exaggerated the picture and often blames stereotypes of poor, indolent, and implicitly coloured, youth.

Right-wing media coverage blames unresponsive police, while handily forgetting that Theresa May slashed police budgets by 18%, forcing shut over 120 police stations in London alone  - given such cuts, no wonder that only 4.4% of shoplifting offences result in charges. Moreover, it attributes shoplifting to stereotypes of poor, indolent, and implicitly coloured, youth. Successive Conservative governments have also caused a cost-of-living crisis in which staples like bread and butter are inflated by 30%. Such coverage should consider whether shoplifting and its low rate of prosecution are themselves driven by chronic Conservative economic mismanagement and budget cuts, rather than the stereotyped youth they blame.

“By being a subject of interest in one shop, you can become a subject of interest in another that you have never even entered in your life.”

The Conservative Party is taking advantage of this panic to roll out unregulated facial recognition technology in a severe undermining of citizens’ data rights, claiming it is the best way to protect supermarkets and shoppers. More ominous than the security guard is the mounted camera above him scanning shoppers' faces as they enter, and this is the real threat that we should be worried about. From a conservative perspective, it would seem intuitive that the thing to do is deploy more officers on standby around shopping centres, urge retailers to hire more security staff, and prosecute shoplifting more aggressively. However, Conservative Party orthodoxy strongly resists upsetting the party’s far-right bloc and corporate alliances with the taxation this involves. Instead, their solution is to outsource policing to facial recognition companies – most notably, Facewatch.

Founded in 2010, Facewatch describes itself as a “cloud-based facial recognition security system”. Its modus operandi is to use scanned faces to create and store a list of subjects of interest; when a Facewatch camera identifies a subject of interest again, a warning is sent to the shop’s security system. Each shop’s blacklist isn’t confined to just its own customers, however. Facewatch centralises its blacklisted faces that different shops upload and shares them with surrounding businesses using Facewatch. In London, it shares them with businesses within an 8-mile radius. This flagrantly violates the concept of due suspicion under which law enforcers must have reasonable grounds to suspect you are about to commit a crime. By being a subject of interest in one shop, you can become a subject of interest in another that you have never even entered in your life.

The specific deal with the police is that they can plug-in to Facewatch’s database and run Facewatch’s database against their own watchlists. Given that Facewatch is already operating in hundreds of stores across the country, this would be a radical extension of police surveillance powers. Algorithms such as those used by Facewatch perpetuate racial profiling in both the programs they use and the databases they draw from. Professor Maja Pantic, a senior AI scientist at Imperial College warns that the algorithm’s modelling of faces by light-dark contrast is poorly-suited to processing black or brown people in imperfect conditions, and the pre-existing over-representation of ethnic minorities in Facewatch’s subject of interest database will exacerbate this.

However, what worries me most isn’t the implications of Facewatch technology itself, as oppressive as they are. The far greater danger is the Conservative party’s reckless and self-serving attitude towards the use of advanced technologies. Most damningly, leaked internal emails reveal aggressive lobbying of the Information Commissioner’s Office (ICO) by the Home Office about the ICO’s review into Facewatch. The Home Office warned the ICO that Chris Philps, Police Minister, would “write to your commissioner” if ICO’s review of Facewatch wasn’t positive. The Home Office then suggested that it should be able to “head off” Philps’ letter if the ICO did “something imminently in Facewatch’s favour”. This is all the more damning considering that it came just two days after a closed-door meeting between Philps and Facewatch’s founder, Simon Gordon.

The Conservative party displays a similar contempt for regulations in its deliberate obstruction of investigations into whether members followed regulations in their use of WhatsApp for official government business. The government guidelines are that ministers must keep formal records of when they use WhatsApp for official business, but many senior ministers have tried to wriggle out of doing so. Many of them claim they use the disappearing messages function to free up storage on their phones, and Boris Johnson and Rishi Sunak have both given weak excuses for failing to hand over critically important WhatsApp messages to the UK Covid-19 Inquiry.

Where the Conservatives are not trying to wriggle out of technology regulations, they are trying to abolish them. The Bill on Data Protection and Digital Information seeks to abolish both the Surveillance Camera Commissioner and its function of encouraging compliance with the Surveillance Camera Code of Practice. The Conservatives’ claim that the functions of the SCC are covered by the ICO and its CCTV code of practice – this is patently untrue. The current Information Commissioner himself stated that the SCC had some functions that “if absorbed by the ICO, would certainly result in them receiving less attention”, and that others “simply do not fit with even a reformed data protection authority”.

Moreover, it is important to note that the ICO’s CCTV code of practice is merely a set of guidelines and is not legally binding. It also concerns data processes and not actual use of surveillance. Thus through abolishing the SSC, the Conservatives are trying to escape legally-binding regulations over the practical implementation of surveillance, and limit regulation to the advisory and data-processing domains. They are also trying to escape police and private accountability; under current non-legally binding regulations, there is also no legal basis under which the public can appeal against the installation of a camera. Most damningly, Pete Fussy of Essex University and William Webster of the University of Sterling, considered the UK’s leading experts on surveillance, independently reviewed the Bill and found it “does not currently provide adequate mechanisms for the governance and oversight of surveillance cameras” in comparison with existing legislative arrangements under the Protection of Freedoms Act 2012.

Facewatch hasn’t even proven itself to be legally inscrutable by the government’s existing standards. In March, the ICO found that Facewatch had breached data protection legislation on eight separate points of the 2018 Data Protection Act, but still ruled that it was permissible under law and that “regulatory action is not required in this case”. It is to the ICO’s discretion whether it fines breaches of the Data Protection Act or merely gives meaningless reprimands like those given to Facewatch. Specific facial recognition legislation is essential in removing the clearly biassed ICO’s unilateral mandate over which breaches are punished, and ensuring that companies like Facewatch are punished for their intransigency.

The commitment of the Conservatives to deregulate facial recognition surveillance is illuminated by comparing it to European policy. The European Parliament has passed the first draft of the AI Act which bans police use of facial recognition systems in public spaces. France and Italy have fined. Clearview AI €20mn for violating various clauses of the EU’s General Data Protection Regulation, in a powerful message that government will swiftly and decisively intervene if private companies infringe upon citizens’ rights. Perhaps this action stems from the fact that Clearview AI’s database contains over 30 billion images scraped from the internet, dwarfing that of Facewatch. Over in England, Clearview AI defeated the ICO in court because Clearview AI’s data was used by foreign law enforcement and thus it did not process data related to the monitoring of people’s behaviour in the UK. If there were separate laws forbidding such collection of civilians’ data, regardless of its final purpose, the UK would have won the case.

The severe threats that facial recognition technology poses to our rights to our data are exacerbated by a government that is intent on slashing policing and public investment, kowtowing to private security corporations, and diluting its cybersecurity laws to save its own politicians’ skins. Meaningful investment into the police and impoverished communities is as remote a possibility as the details of that closed-door meeting between Philps and Facewatch reaching the light of day. Until then, when I go to Sainsbury’s I make sure to flip the camera off for good measure.