Posted by Roger Mallett Posted on 16 October 2023

Watchdog Cries Foul over Scotland Police Biometrics-sharing Pilot Storing Data in US

A Police Scotland biometric evidence-sharing pilot project has been accused of being not just needlessly risky but of being criminal by Scotland’s biometrics commissioner.

In a carefully worded letter to Police Scotland in which Commissioner Brian Plastow praises the law enforcement body’s openness to his regulatory actions regarding the pilot, he says that it doesn’t “ameliorate my specific concerns.”

The pilot at issue is Scotland’s £33 million (US$40 million) Digital Evidence Sharing Capability, or DESC, project that began earlier this year in the city of Dundee. The goal is to remove jurisdictional evidence silos. In the case of DESC, officials are loading police-collected biometric data into the cloud.

Plastow primarily objects to the fact that this data is being sent out of the United Kingdom to be hosted by U.S.-based Axon Public Safety, a police-focused supply and services firm, on Microsoft’s Azure.

Moving the data overseas is illegal (although he prefers to use unlawful) under the Scottish Biometrics Commissioners Act, according to Plastow.

He points out that the United States government has privacy standards that do not always match Scotland’s. And Washington could order DESC contractors to hand over data and not disclose that fact to the Scottish government. Then there is the fact that Microsoft is not immune to breaches.

That means Police Scotland would not control critical data that is a number of degrees remote from its nominal home.

Even within the country, he says, Police Scotland as a matter of course shares biometrics “extensively throughout the entire criminal justice ecosystem.” Not all corners of that world are bound by the regulations and practices under which the police agency operates.

In August, according to Plastow, he asked – his office does not have the force of law — the agency to complete a self-assessment by November 29. One question in that assessment asks for details just the kind of cloud offshoring that police officials have approved for the pilot.

A meeting between the commissioner and the agency has been scheduled, he says, although a date is not noted.

Read More – Watchdog Cries Foul over Scotland Police Biometrics-sharing Pilot Storing Data in US


From our advertisers