UK Ministry of Justice GPS Tagging Trial

A couple of days ago, NOMS (the National Offender Management Service) and the Ministry of Justice put out a toolkit for a pilot GPS tagging programme, or as they call it, an Electronic Monitoring Global Positioning System.

According to the toolkit documentation, tags can be be used as a condition of bail:

The Bail Act 1976 is the legislation governing court-imposed bail. This allows the use of electronic monitoring but only to ensure compliance with another bail condition (e.g. curfew, geographical exclusion): s6ZAB. To note there is no power to impose Electronic Monitoring as a stand-alone bail condition but only to monitor another pre-existing bail condition. … Where the court does impose electronic monitoring of a pre-existing bail condition then a person must be made responsible for the monitoring. That person can only be someone named by the Secretary of State in secondary legislation. (s.3AC).

If you’re looking for key phrases throughout bits of legislation relating to court orders that can be used to justify tagging as a condition, “electronic monitoring requirement” looks to be a good one. I assume there is also a corresponding “electronic monitoring equipment” phrase defined somewhere, in which case it would be good to know how tightly that is defined or how broadly it can be interpreted…

More generally, the toolkit states that:

“Electronic monitoring” is a generic term, which encompasses different technologies, it is generally used to support punitive requirements, however in principle EM can also be seen as a preventative measure if, for example, an exclusion zone prevents the offender from approaching a specific person or location. It is important to note that EM with location monitoring should only be proposed where it provides a particular identifiable value in protecting the public or specific victims, or in deterring the offender from crime.

The system looks like it provides a range of geo-fencing services, going by some of the instructions given to offenders wearing the tag, who must:

  • stay at their approved address (usually their home) during your curfew;
  • not enter any exclusion zones included in the order, bail or licence conditions;
  • not leave any inclusion zones included in the order, bail or licence conditions.

This is backed up by case study examples:

annex_a_-_case_studies_pdf

I’m not sure if an exclusion zone can be dynamic? For example, two offenders, both wearing tags, not allowed to be with 50m of each other – can one be the centre of an exclusion zone defined for another? (Also, I’m not sure what the resolution of the devices is?)

According to the toolkit, an inclusion or exclusion zone:

… must be unambiguous. Ideally it should be marked on a map so that the monitoring centre can clearly see what the judge or magistrate intended. If the monitoring centre cannot interpret an exclusion or inclusion zone they may request clarification if the requirement is unclear. … [O]ther conditions that might be supported by a GPS tag, such as attendance at work or at a programme. Again, the purpose must be clear, and where applicable timings should be included. 

That said, the pilot seems to be a bit hacky…

GPS tags used for the pilot cannot easily monitor a curfew without a manual workaround so for the purposes of the pilot we have excluded GPS tagging alongside an electronically monitored curfew.

Oh good…

Also, how do they track location when the offender is indoors or otherwise out of line of site of the GPS satellites? (Does it use cell tower triangulation as an assist?) How do the devices report back to the control centre (via the mobile phone network?)? According to the product documentation for the tag that appears to be being used in the pilot:

The 3M Electronic Monitoring units store rules in the device, allowing autonomous tracking and monitoring capability without dependence on wireless signal availability. Offenders are immediately alerted in the event of a rule violation. These alerts notify the offender that corrective action is required and serve to help modify the offender’s behavior.

So maybe there are two alerts – one local on the offender, and one when the device phones home. Presumably, an alert is raised if the tag doesn’t phone home within a specified period? But what if that’s because the offender doesn’t fully appreciate the USP of the The Faraday Cage Cafe where they go for coffee and doughnuts?

The toolkit document further suggests that the pilot is not appropriate for:

  • Offenders of no fixed abode – electronic monitoring is reliant on a fixed supply to charge.
  • Offenders with serious identified mental health or learning disabilities – there may be particular difficulties with an offender’s ability to understand the device i.e. need to charge, purpose behind GPS), which could make GPS unsuitable.
  • Subjects under 18 years of age
  • Anyone subject to an electronically monitored curfew should not be given a condition monitored through a GPS tag.

Wider concerns are also touched upon in in the toolkit document. For example, when making a recommendation to enter an offender into the pilot:

Authors [of pre-sentence reports] must take account of the balance between a right to a private family life and public protection. Application of the requirement should be proportionate to the risks identified and clearly evidenced to ensure that there is no unintentional bias impacting the proposal and subsequently impacting the individual’s liberty.

The device itself is a rather clunky wearable, as shown in the GPS Tagging Handbook

ankletag

(By the by, I wonder if that tattoo is personally identifying…?)

I’m guessing this product was developed for the US, by the plug on the charger?

tagcharger

Looking at the 3M product page, this seems to be their One Piece GPS Tracking System; they also have a  Two Piece GPS Tracking System.

A guidance leaflet suggests the data may be used in various ways…

Relevant information gathered will be used to monitor your compliance with your licence conditions. If you fail to meet any of the conditions you may be recalled to prison custody. Where justified, the information gathered, including your location data, may be shared with Criminal Justice Agencies, including the Police for other purposes such as the prevention and detection of crime.

fair processing notice covers this in legalese:

In the event you have been fitted with a GPS tag as part of the Ministry of Justice’s pilot scheme and in order to give effect to a Court order or condition on your prison licence, your whereabouts will be captured by the system 24 hours a day for the duration of the Order or licence condition. Your personal data, including your location data may be shared with other organisations for example (but not limited to) contractors, probation providers and the Police to give effect to the Order/licence, manage your compliance and enforce the requirements or conditions imposed.

Where it is justified, necessary and proportionate to do so, your data, may be shared with others including Criminal Justice agencies (e.g. the Police), for purposes such as (but not limited to) crime prevention, detection, investigation or to facilitate an arrest. Your data may also be shared with other government departments where necessary, such as in the case of legal proceedings.

When undertaking all of these tasks the Ministry of Justice will comply with the provisions of the Data Protection Act 1998. This will include:
– keeping the personal data up to date;
– storing and destroying them securely;
– protecting personal data from loss, misuse, unauthorised access and disclosure;
– ensuring that appropriate technical measures are in place to protect the personal data processed in line with Her Majesty’s Government standards;

All data captured during this pilot shall be retained securely by the Ministry of Justice for a period of at least six years from the end of the analysis of the pilot. Data that has been shared with stakeholders will be held by them in accordance with their data retention policies which must accord with the Data Protection Act 1998.

You have the right to request your personal data (including certain details about them) processed as part of the pilot by contacting the pilot monitoring team (details are at the end of this notice).

Please note that a payment of £10 will be required if you wish to obtain a copy of your data. Each request will be considered carefully in line with the Data Protection Act 1998. Some data may be covered by an exemption within the Act or other legislation which may prevent it being disclosed to you.

The toolkit documentation sets up the scene for the (desired) chilling effect that the tag is presumably expected to exert on a wearing offender, I wonder why consumer tagging devices (phones, fitbits, wearables, etc) aren’t also subject to the same chilling effect?

The pilots will seek to test how the use of a GPS tag might impact upon the behaviour of offenders and decision makers in the Criminal Justice System and how it might help to improve rehabilitative outcomes. They may also allow us to see what other benefits GPS tagging may bring and identify any potential barriers to wider implementation.

Location monitoring is live and alerts to the monitoring centre in the event of a potential breach are immediate. The monitoring centre will look into the circumstances and where a breach is confirmed the responsible officer will be notified of a breach.

High risk cases can be flagged on the monitoring system and prioritised for an emergency response. This may act as a deterrent against non-compliance for some offenders. An assessment should be made in relevant cases whether this form of monitoring is likely to deter in the particular case.

The monitoring centre will respond immediately to a breach. When a breach occurs it is flagged on the system. The monitoring centre staff will open up the record and investigate the breach. They are able to look at data 30 minutes before the breach and data post breach.

Here, then, are are a couple of reasons why we need to keep tabs on things like the Investigatory Powers Bill on the one hand, and the data collected by service operators who have access to geolocation information on the other: firstly, to try to make sense of the extent to which information collected by those services can be accessed using a a warrant; secondly, the extent to which the data could be used by comparing it to how data specifically collected for the purpose of regulating behaviour (using things like tags) can be used.

The document that perhaps requires the closest reading is the Code of Practice – Electronic Monitoring Data, which opens with a description of where the pilot will run:

annex_j_-_code_of_practice_pdf

To a certain extent, the pilot seems to be a fishing expedition:

4. The pilot will test a range of factors including:

  • how GPS tagging might impact on the behaviour of offenders released from prison on licence, suspects on bail and offenders sentenced by the Courts;
  • how Courts, probation staff, Parole Board members, and prison governors respond when given the option of imposing a location monitoring requirement as part of a Court Order or condition as part of a prison licence;
  • what other benefits GPS tagging might confer; and
  • how GPS might best be implemented in practice, and the challenges of operating GPS tagging.

Note the last two…

11. For the purposes of the pilot the data that will be gathered and processed will be that which is required to:

  • identify and tag suspects and offenders who fall within scope for the pilot and who have been made the subject of an electronic monitoring requirement by way of either a Court Order or prison licence;
  • monitor compliance with and enforce the requirements of such orders;
  • minimise the risk to staff involved in the tagging process e.g. any threatening or violent behaviour by the subject or others at the premises;
  • where justified and only in accordance with legislative provisions, the data captured may be shared with Criminal Justice Agencies and other Government Departments to assist with criminal enquiries or to seek advice/representation. The circumstances in which such data will be shared are set out in the body of this document;
  • assist in the evaluation of the pilot and to inform future policy formation and implementation.

The code seems a bit weaselly to me (my emphasis):

12. Personal and sensitive personal data will be collected and, where required and as permitted by legislation, shared for the purposes of meeting the requirements set out above. The electronic monitoring technical solution will capture the subject’s location 24 hours a day. In some cases (e.g. where location monitoring is only imposed to monitor an exclusion/inclusion zone) some of the location data captured at times of compliance will be extraneous to the purposes of monitoring the terms of the order. The technology available for the pilot does not allow for the monitoring of an exclusion zone in another way that would prevent this data being captured. This will be explained to the subject as part of a Fair Processing Notice (see paragraph 35). However, monitoring staff will only monitor the subject’s compliance with the requirements of the order and will not access the extraneous data unless there is a lawful reason to do so. So, if the order imposes an exclusion zone, the subject’s whereabouts will be monitored if they approach and breach that zone. It will not be actively monitored at other times (see paragraphs 35-47 for further details of how data will be shared).

So they haven’t taken the opportunity to design a certain amount of privacy in that does not collect the extraneous data. (The toolkit mentioned being able to look at data in the period before a breach, so if extraneous information was location data outside an exclusion zone, and the wearer breached by entering the exclusion zone, does the location data outside that area become “traneous”? To what extent are safeguards in place to prevent access to data unless “there is a lawful reason to do so”? NB This is covered in the Code of Practice – see below.

I wonder to what extent the data from several subjects can be merged? For example, are there screens that show the co-location of two people wearing tags?

Regarding datasharing, the Code seems to try to lock it down, but then opens it up again? For example:

Private prisons will provide notifications of an electronic monitoring requirement of those individuals released from their custody on a prison licence. They will not need access to the monitoring data. However, should the subject be recalled and end up back in their custody, information regarding the reasons for the recall will be shared with them via another source (NOMS Public Protection Casework Section). Once electronic monitoring data has been passed to a private prison they will become Data Controllers of the information in their possession.

Why would they need the monitoring data and how extensive will that data be? Data will also be shared outside the police in other ways:

22. The Data Processors of electronic monitoring information will be:

  • The third party contractor appointed to provide the tags and monitoring system;
  • The third party contractor employed to evaluate the outcomes of the pilot; and
  • The Bail Accommodation and Support Services (BASS) contractor [eg as described in this Commons Library Research Briefing: The Bail Accommodation and Support Service], as it is required to encourage compliance of individuals held in their premises with the provisions of relevant orders and report any breaches or concerns to the appropriate body.

I’m not sure who the respective third party contractors are?

The data collected includes personal data and sensitive personal data, as defined by the Data Protection Act, and as such subject to it – though maybe with wriggle room:

31. Furthermore, section 29 of the DPA, provides an exemption from a sub set of the DPA requirements in processing of personal data, if it is for prevention or detection of crime purposes. This is not a blanket exemption and so whether this exemption applies or not, will be considered on a case by case basis. In any event, a Schedule 2 condition and for sensitive personal data, a Schedule 3 condition, will still need to be satisfied.

32. Moreover the processing of personal and sensitive personal information engages Article 8 of the European Convention of Human Rights (i.e. the right to respect for private and family life). However, Article 8 is not an absolute right and public authorities are permitted to interfere with it if it is in accordance with the law, necessary in a democratic society for a legitimate aim and proportionate to do so. Therefore, any proposals for data sharing must be both justifiable and proportionate with the appropriate safeguards in place to ensure that personal data is not arbitrarily disclosed.

I’m not sure if Chinese Walls also apply to separate concerns:

The Police will have routine access to the following data for the specified reasons;

In their capacity as the Monitoring Team

i) All data captured as part of the pilot, to discharge its function as the monitoring body for the pilot project.
ii) All data on a single electronic monitoring requirement order imposed as part of a community order or suspended sentence order, and HDC cases, to meet the obligations bestowed upon them as part of this pilot for such orders (see paragraphs 23-26 above).

In their capacity as the Police

iii) Data on Court ordered bail subjects, as they act as the Responsible Officers in such cases.
iv) Data necessary to assist with managing compliance of other subjects such as MAPPA cases and prolific offenders;
v) Any data necessary to assist in the apprehension of subjects who have breached their Court Order / prison licence and are required to be returned to Court or to prison custody.

On the matter of the extraneous data:

33. The system will capture some extraneous location data as mentioned in paragraph 12 above. Those that are tagged will be informed that the tag will capture their whereabouts 24 hours a day as part of the Fair Processing Notice that will be provided to them on induction. Relevant stakeholders will only be provided with location data that is relevant to monitoring compliance with the conditions of the order. Access to the extraneous data will be restricted as set out in paragraph 43 below.

41. Relevant location tracking data i.e. the location data gathered for the purposes of monitoring compliance with Court Order /licence conditions, will be provided to relevant stakeholders via secure email. Where location tracking is in place solely to monitor exclusion/inclusion zones, the data that will be provided to stakeholders by the monitoring team will usually be restricted to the duration of the non-compliance and 30 minutes either side of it. Allowing a window of 30 minute either side of the non-compliance is considered to be relevant data which is necessary for stakeholders to contextualise any breach and for risk assessment purposes.

And as far as wider sharing goes:

43. During the course of the pilot, should public authorities require access to data for other reasons or other data, including access to extraneous location data, they will need to submit an External Agency Request (EAR) to the monitoring team. The request must explain why access to the information is required and failure to provide sufficient and appropriate justification will lead to it being rejected. By way of example, Code of Practice – Electronic Monitoring Data Code of Practice – Electronic Monitoring Data 13 should access to data for the purposes of detection or prevention of a particular crime, the requestor will need to set out the reasons why they believe that the specific suspect(s) are likely to be, or were likely to have been, involved in the criminal behaviour that is under investigation. The monitoring team will handle the more straightforward requests using guidance issued by the MoJ. Any further requests, including those that seek access to the extraneous location data will be escalated to the Ministry of Justice to consider. However, if request is urgent, arrives out of working hours, and the data is needed to manage a significant risk to the public, then, provided the request is justified as set out above, the monitoring team will release the necessary information and the MoJ will conduct a retrospective check.

Presumably, as art of the pilot is to see what other benefits GPS tagging might confer, external requests may well be looked on favourably as part of that?

As far as the operation of the tags goes:

48. Data transferred from GPS tags to the monitoring centre will be via mobile networks and will be encrypted. All data shared with stakeholders will be via secure email.

so the question arises: what about users who are out of signal range? (Are the devices set up for roaming, and capable of phoning home using all mobile operator networks? Or are the tags limited to using a single network?)

It should also be noted that by connecting to the mobile phone network the mobile operators will be able to track the devices in the same way they track mobile phones. If the operator can identify the tag as a tag, offenders’ identities could well be disclosed to the network if they carry a mobile phone around with them all the time that is persistently colocated with the tag device.

As hinted at above, I think this pilot is interesting for several reasons:

  • it is explicitly about using GPS monitoring information to track – and potentially influence the behaviour of the tracked user because they are aware they’re being tracked (panopticon style);
  • there are practical technical issues associated with the technology (GPS, mobile phone network connectivity and tracking);
  • there are issues around data collection and sharing;

More generally, in terms of system design, I see no reason why third party tracking data (collected from other devices, such as mobile phones or beacons) couldn’t be used as a source of location data, which means the pilot gives us an insight into what the police might be able to use this sort data for as part of a 24 hour surveillance regime.

Of course, if you;ve done nothing wrong, there’s no chilling effect to be afraid of…

One comment