Surveillance Camera Commissioner's IFSEC speech
Surveillance Camera Commissioner Tony Porter's speech at the 2016 International Fire and Security Exhibition and Conference in London.
Good morning and many thanks to IFSEC for asking me to speak at this event.
If you’re thinking ‘who is the surveillance camera commissioner and what does he do?’, well, it’s me and I’ve been in this role for just over 2 years. For those of you who are not familiar with me:
- my role was created under the Protection of Freedoms Act 2012
- I was appointed by the Home Secretary but am independent from government
- I’m entrusted to ensure that surveillance camera systems are used to support and protect communities – not spy on them
- the surveillance camera code of practice contains 12 guiding principles which if followed will mean cameras are only ever used proportionately, transparently and effectively
My role is 3-fold, to:
- encourage compliance with the code
- review the operation of the code
- advise on any amendments to how the code should develop
Relevant authorities (police, police crime commissioners, local authorities and non-regular police forces) must pay due regard to the code. It holds relevant authorities to account having a statutory responsibility to do this. For other organisations adoption of the code is voluntary. However, that is not to say that the list of relevant authorities won’t change. I recently sent a review of the code to ministers which recommended that the list should expand to cover all public sector bodies.
The government wants an incremental approach to CCTV regulation. To reflect that I don’t have any powers of enforcement. In fact, I don’t believe I require them – based on what I’ve seen, many organisations who are required to comply are complying or close to compliance. However, it’s a real risk for local authorities and other organisations to ignore the code and doing so would risk reputational damage through appearing unwilling to engage with the public or follow good practice.
So, maintaining public confidence is an incentive for complying with the code.
There’s no getting away from it: surveillance cameras are everywhere in the UK. A survey by the British Security Industry Association carried out 3 years ago estimated up to 6 million CCTV cameras in the UK. It’s said that in an urban area on a busy day a person could have their image captured by around 300 cameras on 30 different systems!
In the 3 years since the survey we’ve seen body-worn video rolled out by most police forces and by other organisations as well as the use of unmanned arial vehicles – drones – take off and there’s automatic number plate recognition cameras too. So, that 6 million figure can only have gone up – all these camera types fall within the scope of the code.
So, as I just said, surveillance cameras can be used for a variety of reasons:
- to deter crime and anti-social behaviour
- to apprehend suspects
- to protect members of the public
- to capture evidence
On the last of these where crime does happen, what cameras capture can identify suspects and be used in criminal proceedings. Take the riots that spread across the UK in 2011 following the shooting of Mark Duggan in London – they affected the livelihoods of thousands of businesses, took up thousands of police hours and impacted thousands of lives.
In the days, weeks and months that followed these events, images from CCTV were released on a daily basis on TV, in the press and in some areas of London on billboards resulting in numerous arrests and convictions. So, whilst CCTV didn’t prevent the riots it was vital in bringing many of the perpetrators to justice.
So, well thought out and designed CCTV systems can be an excellent weapon in the armoury of any organisation to deter, investigate and resolve crime and anti-social behaviour.
At the same time there are privacy issues to consider. CCTV footage is personal data and with high profile media stories such as Snowden, facial recognition technology and smart TVs that record conversations, concerns about surveillance and surveillance technologies are at an all time high. So it is not a factor that should be overlooked.
Given the nature of my role you may be thinking I am anti-surveillance cameras. That couldn’t be further from the truth. I am anti bad surveillance cameras – cameras that don’t work, aren’t there for a valid reason or are overly intrusive.
I’ve heard stories of cameras put up in the winter that have a great view of what they are there to monitor. By the time the summer arrives, a tree in full bloom is completely obscuring its view. Equally, I’ve had police officers tell me that they turn up at a shop to recover CCTV for a robbery or shoplifting and the system isn’t recording. In fact it never has been and the shop owner has no idea how to use the system that cost him a couple of thousand pounds to have installed.
That’s what I mean by bad surveillance – substandard cameras and systems.
Raising standards
Since I took up this post I have been determined to drive up standards and I have a standards group in place to help me move this forward. However, there are British and international standards some of you may be meeting such as BS 7958, the standard for the management and operation of CCTV, or the 62676 series. To many of those numbers mean nothing and only around 2% of local authorities are meeting any recognised British or international standards – there is a list of relevant standards on my website.
Also, they are not mandatory, no one seems to know which ones to meet, they are expensive and no one complies – 2% as I’ve just said. So, based on that are they worth it? Yes, I think they are but they need to be made more accessible and this is something I’m working closely with British Standards Institution on.
It’s about continuing to make the standards framework simple so people know which ones are relevant, which they can ignore and what’s right for their organisation. I’d suggest if you’re a very small organisation with a few cameras then BS7958 might not be right for you but completing my self-assessment tool and keeping it under review probably is.
Self assessment tool
For those of you who may be unaware my self assessment tool is designed to help organisations see where they are in relation to compliance with the Surveillance Camera Code of Practice. It’s an interactive PDF document that can be downloaded from my site on GOV.UK, saved and completed. It’s easy to use and free to download.
The tool has been developed in partnership with certification bodies – the Security Systems and Alarms Inspection Board and National Security Inspectorate – and tested thoroughly with CCTV managers and operators.
It allows organisations to show how closely they comply with the principles in the code as well has help them identify where they may need to make adjustments. It will help them draw up an action plan to set out what they may need to do or where they are falling short. I would not expect this to be War and Peace! There is a limit to how much text can be typed into the document.
The tool could be a great way to have internal discussions about meeting the principles. But more than that we want organisations to publish their self assessment once completed – publish it on your websites.
This will show communities that your cameras monitor that you are serious about being transparent and open. That you are serious about their privacy. That you are serious about using CCTV responsibly.
Certification
Following on from self-assessment I went one step further and launched a third-party certification scheme at the end of last year.
This scheme is open for any organisation that operates surveillance cameras in a public space and is an audit against the 12 guiding principles in the code. In being certified it visibly indicates compliance with the code and guiding principles.
In turn this will push up standards across the industry – showing the public that CCTV is used transparently, proportionately and effectively.
I said that this was a third party certification scheme and there are 3 UK Accreditation Service (UKAS) accredited bodies who can carry out the certification process:
We are using UKAS accredited certification bodies to ensure that the certification process is completed to a high standard by bodies that have themselves been subject to audit by UKAS.
There are 2 steps to certification. The first step, desktop certification, is aimed at organisations that are working hard to achieve full compliance with the code but are aware that they may need more time to become fully compliant.
This involves completing and submitting the self assessment tool I mentioned earlier to one of the certification bodies together with related evidence, including evidence of your own code of practice and procedures manual and any information sharing agreements with other agencies. Operational requirements and/or privacy impact assessments should also be considered relevant if you have them. These do not need to be sent to the body but should be made available on request.
If you are successful you’ll receive a certificate and will be able to use my certification mark on publicity materials, websites and so on to show you’re certified against the code. This will be valid for 12 months and you can only apply for desktop certification once.
Step 2 is full certification against the code of practice. If you move from step 1 to step 2, certification is valid for 5 years. It is possible to apply for the second step without undergoing the desktop review in which case it is valid for 5 years from the date your audit is successfully completed.
Step 2 involves an auditor from one of the accredited certification bodies visiting your organisation’s control room to audit the system, cameras and procedures working with a checklist against the 12 guiding principles. This should take 1 day to complete.
If you’re considered to be fully compliant with the code, the auditor will produce a report for me recommending full certification. In some cases where schemes might be just falling short you may be asked to make changes or put measures in place to address these issues before you achieve certification.
If you’re recommended for certification, you will be issued with a certificate of compliance and will be able to use my certification mark throughout the period your certificate is valid for. This is subject to an annual review by a certification body and at the end of the 5 year period you will need to re-apply for certification.
Through the introduction of the self assessment tool and certification scheme I’m hoping to see an increase in good surveillance, the bar raised and a steep change in how surveillance camera schemes are used in England and Wales.
Austerity
I know in the current economic climate for many it’s not easy to raise the bar. I’m still acutely aware that austerity measures are hitting local government and many other parts of the public sector hard as well as other organisations. Many councils have had to make very difficult choices about which services to prioritise. Some services have already been reduced and some have been cut all together.
We have seen that the provision of town centre CCTV schemes, and other schemes in fact, have been an area that cash-strapped councils have looked at to make savings. As you may know CCTV is not a statutory requirement for councils, it’s not a service that they must legally offer.
You probably saw this month that Westminster Council have made the decision to decommission their CCTV scheme of 75 cameras as they can not afford an upgrade costing £1.75 million and the annual running costs of £1 million.
They say that CCTV doesn’t deter crime and the Metropolitan Police say that only 2% of crime is solved using footage from CCTV. This, they say, justifies turning off the system. However, if someone else – the Met, the Mayor, the Home Office – steps in with funding they will continue operating CCTV. If no-one does then they say there is adequate privately owned CCTV in the Borough to make do.
I find it slightly odd that Westminster Council are questioning the value of their CCTV system in deterring crime but are quite happy for other organisations to step in and pay for it. If CCTV systems are of limited effect then they should be removed. If they are valuable then the council should engage with the public and explain their continued use.
The borough of Westminster contains iconic buildings and parts of critical national infrastructure – the value of strategically placed surveillance cameras seems self evident. CCTV is a valuable tool in the resolution of crime and helping to bring the perpetrators of crime to justice – you just have to look at the role it played in identifying looters and criminals following the riots in 2011 to see that.
The role that local authority owned CCTV plays in operational policing can not be and must not be underestimated – the footage it captures before the police arrive at an incident, the shoplifter that it can follow down Oxford Street or the ram raiders on Bond Street. To say that CCTV that is privately owned by businesses and shop-owners can continue to provide this service is extremely short-sighted. These schemes are not linked, do not feed back to a centralised control room, capture footage on a myriad of platforms and do not have to comply with the code of practice.
That said, local authority funding of CCTV has been in decline for some time since the heady days of central government funding. A recent report by Big Brother Watch has shown a 46.6% decrease on funding spent on the installation, maintaining and monitoring of CCTV by local authorities since 2012 – from around £515 million to approximately £277 million. This reduction in funding has also seen many CCTV managers roles removed or merged with other roles meaning that we’ve also seen a dilution of the knowledge base out there – a brain drain if you will.
Whilst austerity measures have been tough for many – including some of you here today – managing reducing budgets does mean organisations have to look at things through a different lens and presents opportunities that have not been thought of before.
Over the past year I’ve seen some great examples of partnership working to ensure that the CCTV that protects our citizens remains effective, remains proportionate, remains switched on. I’ve visited Cumbria last November where the Police and Crime Commissioner, local councils and police forces have worked together to brigade 5 town centre systems into one scheme with control room at the police headquarters.
It’s not an isolated incident. There is partnership working starting all over the country. From the Dorset Police and Crime Commissioner (PCC) and police force looking if they can establish a pan Dorset CCTV scheme to the PCC in South Wales looking at exactly the same model.
Despite the reduction in spending highlighted in the Big Brother Watch report I am certain we will see new, innovative ways to maintain CCTV provision in our towns and cities.
New and advancing technologies will see probably see further investment by local authorities, police forces, police and crime commissioners, business and so on to deliver new and exciting capabilities. From smart cities to smarter surveillance, the use of video analytics and algorithms to help protect citizens from crime, support the night-time economy and ensure free passage of traffic in our cities and towns.
And I sincerely hope that Westminster Council find a solution to what is a funding problem – not a problem with the CCTV.
What next?
As I have said, millions is being spent on surveillance camera schemes and when that’s by a public authority, that is taxpayers’ money - even if that money is tied up in a partnership funded scheme. When I think about it, no organisation, public sector or not, wants to waste money! If old schemes are being upgraded or replaced, how can organisations make sure that that money is being spent wisely and not wasted? Quite simply by following an operational requirement.
My standards group has been working hard to rework the Home Office Centre for Applied Science and Technology operational requirement. A ‘passport to compliance’ that puts the ownership of systems in the hands of those that own them rather than installers and designers. That reduces technical jargon to enable procurement within organisations the ability to properly hold suppliers to account. A step-by-step guide that takes someone through the thought of perhaps needing a system to actually switching it on and maintaining it.
We are nearly there with a new operational requirement and we hope to be launching it in the next few months. It will be a key plank of my strategy to raise standards.
National surveillance camera strategy
Whilst we are on strategies, you may be aware if you read my blog that I’ve started work on a national surveillance camera strategy. A strategy bringing all aspects of surveillance cameras together, providing an overarching framework for surveillance camera systems, users, manufacturers, installers and designers in England and Wales.
This is not a new idea, this is what the 2007 national CCTV strategy attempted (albeit only for CCTV), it was a thorough and innovative approach but for a number of reasons much of it didn’t move from recommendations into delivery.
One of the key reasons for me starting this work on the strategy is to make sure that the public are reassured that surveillance cameras in public places are there to protect and look after them – rather than look at them – and are operated in a way which is proportionate, effective in meeting a stated purpose as well as being operated in a transparent way.
So, I’ve set up a small working group, made up of industry representatives and experts reporting to my advisory council to develop a new strategy for surveillance cameras. There are 8 strands looking at training, standards and so on. A huge part of this work will be consultation with the people in the industry, police forces, members of the public and so on. I really want to get a broad range of opinions fed into this strategy.
I’ve set the group a challenging task of presenting this to me in 6 months - by autumn 2016. Formal consultation on this work should start in September so please keep on the look out for how you can get involved and have your say.
Conclusion
So, much has happened in the 2 years I’ve been in post:
- I’ve launched self assessment and third party certification
- I’ve carried out a review into the impact and operation of the code – you may have seen the government response
- I’ve embarked on developing a national surveillance camera strategy – bringing all aspects of surveillance cameras together
And there is more to do:
- launch the operational requirement so that it becomes the standard by which every major CCTV systems is installed, operated and maintained to
- work up the review recommendations and develop the strategy to provide an overarching framework for surveillance camera systems, users, manufacturers, installers and designers in England and Wales
I sincerely believe that with this strategy that we are in the foothills of developing a blue-print for how good surveillance should be implemented in England and Wales for the next 20 years and beyond.
Thank you.