Tech
Met Police officers accessed controversial facial recognition site 2,000 times
Scotland Yard has banned officers from using a controversial facial recognition search engine after it was accessed thousands of times from Metropolitan Police computers.
PimEyes, which allows users to upload photographs of people and match them with images of the same individuals elsewhere on the internet, has given rise to concern from privacy campaigners that it could be used by stalkers or to carry out surveillance.
MPs have warned that the technology is “invasive and dangerous” and called for it to be banned from open access.
But data released under Freedom of Information (FOI) rules to i and Liberty Investigates show the PimEyes site, which is based in Tbilisi, Georgia, was visited from Metropolitan Police computers 2,337 times in a three-month period since the start of this year.
The Met, along with other UK police forces, already has access to facial recognition software capable of matching images of suspects with official databases. But unlike those tools, PimEyes could be used by an officer or staff member without an official audit trail of searches or safeguards around which images are submitted.
The Met insisted that the 2,337 “hits” recorded on the search engine from its computers did not mean the site was accessed to carry out a facial recognition search and said that officers may have been researching PimEyes in light of recent controversy about the software. Nonetheless, after i put the figures to Scotland Yard, it said it had “strengthened existing safeguards” around the use of facial recognition and blocked all access to the site from its devices.
It is unclear just how many UK forces have accessed PimEyes or conducted searches. A separate request to disclose data relating specifically to facial recognition searches was declined or went unanswered by all 45 territorial police forces and the British Transport Police. Those forces which refused disclosure said that to do so risked revealing police tactics and hindering the prevention of crime. The National Police Chiefs’ Council, the body representing police chiefs, has advised in a memo disclosed under FOI rules that forces should neither confirm nor deny if they use PimEyes, citing concerns about “negative press”.
The search engine, which has been the subject of enquiries by data watchdog the Information Commissioner’s Office (ICO) and had no action taken against it, insists that it is designed to help people protect their privacy by locating online images they may not be aware of and allowing them to take suitable action. It says it has helped thousands of women to combat revenge porn by allowing them to find images and approach websites to demand those pictures be removed from the internet.
But MPs told i and Liberty Investigates that any use of an “unregulated” facial recognition tool by police was a cause for concern.
David Davis, the former Conservative cabinet minister, said: “The police should only ever use tools that have been properly vetted, tested, and approved for use. PimEyes is none of those. The Met is right to restrict access to this search engine. It should never have been allowed in the first place. All other forces should swiftly follow suit.”
In December, 25 MPs and peers wrote to the ICO querying why PimEyes and a similar website were being allowed to continue operating in the UK without additional controls and raising concerns that the technology could be used to “track and harass” women and vulnerable individuals.
PimEyes, which was developed by two Polish students before being bought by its current owners, states that it uses a “reverse image search mechanism” enhanced by “face recognition technology” to allow users to upload photos of faces and locate where images of the same individual appear elsewhere online.
The service excludes results from social media and video platforms — but uses artificial intelligence to map facial proportions and identify where photos of an individual appear in news articles, company websites, blog posts, or any other site on the open internet. It insists it does not hold any images on its servers and also bans the search of children’s faces.
Existing facial recognition tools used by the Metropolitan Police limit searches to watchlists of wanted people and their use is subject to approval by senior officers. But PimEyes offers an ability to search a far wider array of individuals by scanning the biometric details of up to three billion online images.
In a statement, the Scotland Yard downplayed the 2,337 incidences of the PimEyes site being accessed from its computers. A spokesperson said: “There are a number of reasons why an officer might research what PimEyes is, particularly in light of the recent press reporting. A hit on the website does not mean it has been used for a facial recognition search. Dependant on the time spent browsing a website this can generate many 100’s of ‘hits’ when in fact there are very few visitors.
“Since this access has been flagged, we have strengthened existing safeguards and have now blocked access to this site on Met devices.”
Campaign group Big Brother Watch, which has previously complained to the ICO that PimEyes and similar technology risk enabling stalking and surveillance “on a scale previously unimaginable”, said any use by police of the software was “disturbing”.
Jake Hurfurt, head of research and investigations at Big Brother Watch, said: “It is entirely inappropriate for police officers to use PimEyes… Facial recognition technology is dangerously unregulated in Britain and the information commissioner should step in to safeguard the British public from these Orwellian facial recognition tools.”
PimEyes, which offers an additional subscription service allowing users to link to websites containing images, said it has co-operated fully with the UK authorities, including the ICO. It said it was unaware of any official use by the UK police.
Chief executive Giorgi Gobronidze said: “Our engine is designed solely to locate the sources that publish photographs. PimEyes does not possess, nor does it utilise, any technology to identify living individuals.”
A spokeswoman for the ICO said it had concluded its enquiries into PimEyes last year, adding: “Should any further information come to light or if complaints are reported to us, we will review this again.”