London Met Police live facial recognition system raises privacy, security concerns

The London Metropolitan Police is to begin using live facial recognition (LFR) technology on a standard basis. Privacy groups have raised concerns about the legality of the surveillance software and its impact on privacy.
“As a modern police force, I believe that we have a duty to use new technologies to keep people safe in London. Independent research has shown that the public support us in this regard. Prior to deployment we will be engaging with our partners and communities at a local level,” assistant commissioner Nick Ephgrave said in the Met Police statement on the development.
The LFR will be initially deployed at locations where serious offenders are frequently spotted, said the announcement. “Each deployment will have a bespoke ‘watch list’, made up of images of wanted individuals, predominantly those wanted for serious and violent offences.”
“Equally I have to be sure that we have the right safeguards and transparency in place to ensure that we protect people’s privacy and human rights. I believe our careful and considered deployment of live facial recognition strikes that balance,” assistant commissioner Ephgrave added in the statement.
However, that assurance seems to have failed in alleviating privacy concerns.
Civil and human rights organisation Liberty, which represented activist Ed Bridges in his failed attempt to stop South Wales Police (SWP) from using automatic facial recognition (AFR), called the development a “sinister step” that will push the UK into a “surveillance state”.
“This is a dangerous, oppressive and completely unjustified move by the Met. Facial recognition technology gives the State unprecedented power to track and monitor any one of us, destroying our privacy and our free expression,” said Liberty’s advocacy director Claire Coolier in a statement.
“Rolling out a mass surveillance tool that has been rejected by democracies and embraced by oppressive regimes is a dangerous and sinister step. It pushes us towards a surveillance state in which our freedom to live our lives free from State interference no longer exists.”
Privacy groups say that the Metropolitan Police has been using live facial recognition in public for years with no public or parliamentary debate.
Ed Bridges last year lost his case against South Wales Police over the use of AFR. His crowdfunded appeal was the world’s first legal challenge over police use of facial recognition technology.
The court went with the police’s claim that the AFR apparatus is placed in public not a form of covert surveillance that would contravene Regulation of Investigatory Powers Act 2000, which states that "surveillance is covert if, and only if, it is carried out in a manner that is calculated to ensure that persons who are subject to the surveillance are unaware that it is or may be taking place".
The plan is announced at a time when the European Union is considering a possible five-year ban on the use of facial recognition technology while it figures out how to properly regulate it.
It was reported earlier that parliamentary committees have called for a pause in the use of the technology until a statutory footing is imposed on them, but both the Metropolitan Police and the Information Commissioner's Office maintains that using the technology is lawful.
VPNMentor last year found out that a security tool named Biostar 2, used by the Metropolitan Police among others, allowed access to biometric data including more than a million fingerprints.
“The concerns over the security of biometrics are not altogether unjustified, with fears being raised over hackers gaining access to sensitive data and regulators admitting they need more time to work out how to prevent the technology being abused,” commented Simon Wood, CEO of Ubisecure.
There are several ways for criminals to circumvent facial recognition surveillance, including the use of deepfakes, said Steve Povolny, head of McAfee Advanced Threat Research.
“Enhanced computers can rapidly process numerous biometrics of a face, and mathematically build or classify human features, among many other applications. While the technical benefits are impressive, underlying flaws inherent in all types of models represent a rapidly growing threat,” he explained.

Latest Jobs
-
- Network Security Engineer
- Germany
- €550 a day
-
German- based contract opportunity This is an onsite based position, we would need the Network Security engineer to be able to work on the client site 5 days a week Seeking an experienced Network Security Engineer for a leading technology company. Strong expertise in firewall/IPS solutions, proxy solutions, and certificate management is required. Good hands-on experience in networking and web-related technologies necessary. Strong problem-solving skills and the ability to work under pressure are essential. we are looking for a Network Security Engineer with the following experience: · Expertise in Administration, Management & Troubleshooting of Firewall / IPS solutions / Proxy solutions/Certificate Management Solutions · Good Hands-on Experience on security devices (PaloAlto/ /McAfee Proxy/CISCO ISE/Certificate Management) · Good Hands-on Experience in Networking with skills of switching, routing & wireless Technologies · Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocol · Configuration of NAT / PAT, firewall policies, profiling, objects, AD-Integration, backup – restore · Knowledge of Subnetting TCP/IP Communication, VLSM Configuration of VLAN VTP · Configuration of Routing Protocols e.g. RIPv1 & v2, OSPF, EIGRP, BGP Knowledge of standard and extended ACL 12 month contract
-
- IAM Consultant
- N/A
- Upto £110,000 depending on level of position
-
Identity Access Management (IAM) Consultant Location: Germany We are seeking an experienced IAM consultants in Germany. we are looking for people from consultant through to Architect, The ideal candidate will have previous IAM deployment experience and be fluent in German. Key responsibilities: Design and implement IAM solutions for clients Provide expertise on industry best practices and standards Troubleshoot and resolve IAM-related issues Work closely with clients to understand their business requirements and provide solutions to meet those needs Qualifications: Previous deployment experience with IAM solutions Fluency in German Strong understanding of IAM technologies and principles Excellent communication and project management skills If you are an experienced IAM consultant with a strong track record of delivering successful projects, please apply today.
-
- ForgeRock Consultant
- Spain
- Upto €85000 plus benefits
-
ForgeRock deployment consultant is needed for this expanding IT Services business within Spain, to act as their ForgeRock technical lead, Responsibilities include: High level and low level design, Scoping the techical needs of the project design, configure, develop and test the forgeRock deployment. We are looking for a strong IAM consultant ideally with ForgeRock experience, Must have strong Oauth 2.0, SAML and API experience
-
- IAM Consultant
- France
- Upto €85000 plus benefits
-
An Identity & Access Management Consultant is needed for an expanding IT Security consultancy, based in France. (Remote role with monthly office meet-ups) The Identity & Access Management Consultant will be responsible for the technical design and implementation of Identity & Access Management/IAM products for a wide variety of clients. Deliver bespoke end-to-end consultancy service to our clients, from gathering requirements through to implementation. Work in a close team designing, developing, and implementing first-class IAM solutions. Manage client relationships, working closely with key stakeholders to continually evaluate business requirements and ensure the highest quality solution delivery. If you are interested we are looking for an individual with Previous experience working within the IAM or CIAM field is essential, Strong knowledge with SAML and Oauth and ideally OpenID Previous experience from any of these technologies: One Identity, SailPoint, Saviynt, Ubisecure, Ping Identity, would be advantageous