Independent review – Independent advisory group on new and emerging technologies in policing: final report

7. Technological innovation and scientific standards

This chapter explores barriers and facilitators to technological innovation and adoption; viewpoints of technology providers on the future horizon for technological innovation and requirements in relation to scientific standards. This includes looking at data driven innovation; the place of the needs of victims and others in technology adoption; data interoperability and standards; and a consideration of what next generation standards for digital evidence management may look like. This chapter is derived from the workstream 2 report (Buchanan et al., 2023).

Barriers and facilitators to innovation:

In this first section a summary is provided of an analysis of the barriers and facilitators to innovation conducted by Matthias Wienroth and Megan O'Neill (see chapter 3 of Buchanan et al., 2023), drawing on research in health and policing domains. They define technological innovation as referring to research, development and deployment of new devices, materials, equipment, but also of procedures and processes, including software, novel services and systems, and analysis approaches. Technological innovations need to be considered as part of wider socio-technical processes (Bijker, 1997). The concept of adoption space provides a lens through which to analyse how and why technologies may not be adopted into practice. The lens describes a dynamic spatial and temporal space, populated by human and non-human actors, where attitudes, practices, interactions and events, along with material features of technology, shape technology perceptions and how it is used (Ulucanlar et al., 2013).

Technological identities (Ulucanlar et al., 2013), or understandings of how a technology might work, are socially constructed and relate to novelty, effectiveness, utility, risks and requirements and shape the desirability, acceptability and adoptability of technologies. As the way that technologies are perceived by stakeholder groups contributes to their adoption or rejection in practice, there is a need to involve diverse stakeholder groups and understand the wider sociotechnical field of a technology in order to identify and approach barriers and facilitators for technological innovation.

MacNeil et al (2018) provide an account of barriers and facilitators of technology innovation in the health care system in Canada and propose six dimensions within which to analyse and address them: development, assessment, implementation, policy context, resources, and partnerships/communication. Critiquing a strong commercial on focus technology procurement and a siloed approach to innovation, they suggest a longer-term focus should be taken to innovation with an emphasis on value (contributions of technological innovations to achieving the goals and priorities of policy, users, and society to address user needs). A range of relevant barriers and facilitators are outlined and may be found on pages 16-17 of Buchanan et al. (2023).

At the development stage there should be an emphasis on being inclusive, meeting user needs, providing seed funding for innovation, raising awareness of needs among developers and providing opportunities for developers to consult with user groups in order for feedback to be incorporated. This is in addition to meeting regulatory requirements such as Data Protection by Design and Default. At the implementation phase there was an acknowledgement that short-term focus may prevent longer term gains; commercially focused competitive models of procurement focusing on cost-containment may disadvantage innovation; and block procurement may disadvantage smaller local developers. Instead, they recommend a move to value-based procurement with a focus on user outcomes over the life cycle of technologies; enhanced collaboration via risk-sharing and value-based pricing; developing metrics that consider societal impacts of technological innovations; enabling universities to be involved and hold IP; developing support materials for procurement and insights into how technology is transferred into practice. The resources dimension again highlights a focus on cost-containment and fee-for-service resource allocation as counterproductive and instead propose a value-based approach, identifying successful programmes to scale up, and tax credits for innovation. The partnerships and communication dimension highlights a range of issues including inconsistent consultation and inclusion of user and public views and needs, lack of signposting, lack of collaboration on understanding value, and lack of communication. They propose forming early partnerships across stakeholders, involving users in testing, forming partnerships to translate research into practice, and developing a collaborative environment with communication tools that enable trust, information sharing and understanding.

In the policing domain, Wienroth and O'Neill cite Laufs and Borrion (2021) who provide a practitioner-based analysis of key barriers and facilitators for technological innovation. If innovations have been shown to enhance efficiency and effectiveness in policing practices they are more likely to be adopted. Key barriers include: lack of interoperability with existing systems (within a force and with partner agencies); and lack of social acceptability (public and or practitioners). Practical impacts (e.g. workload, communication, reporting) are noted as significant burdens for technology adoption. Public-private partnerships are raised as an issue given that private developments may be beyond the control of police and can potentially interfere with policing needs. Political and financial commitments (in supporting the ecology to foster innovation in flexible and innovation-open structures with supportive leadership and clear innovation adoption guidelines) are emphasised as facilitators to innovation uptake.

Lessons for technology innovation in policing include the need to focus on the ecology including flexible structures and a strong institutional framework and sustainable innovation practices. Procurement practices and the availability of finance can be a key barrier to research and development for technology innovation. Within a system of block-procurement commercial providers may focus on low-cost technology developments which show quick results which may be to the detriment of a longer-term strategy of innovations and may in fact necessitate extra effort and funding over time to given the stop-start approach. An example is provided of the loss of the Forensic Science Service in 2012, which has led to the English and Welsh forensic DNA market losing its innovative edge. Procurement benefits from an analysis of needs and a longer-term perspective on which aims to pursue and which partnerships to develop.

Change in practice and culture: Leadership, organisational and financial support for development and implementation, training, clear guidelines and rules can facilitate innovation. Evidencing the value of introducing innovations and involving users and stakeholders in decision-making, design, implementation and deployment of new technologies can facilitate their useful uptake into policing practice. Incompatibility of new and old systems, practices, devices etc. can be a significant barrier to innovation in practice. Whilst interoperability is often the ideal, function creep raises concerns e.g. the use of cross-database searches. Organizational structures and cultures play a key role in the adoption of technology into policing. The ways technologies have been developed may prevent certain uses or aspects (e.g. path dependency or lock-ins) so these must be clarified in conversation with diverse stakeholder groups during development and implementation phases.

Social acceptability: Whilst innovation may be easier to implement when existing technologies are taking on new forms or roles, when technological innovations enable enhanced or widened use of existing capabilities the development of further uses of technology and data, of interoperability between different systems and technologies may negatively affect their social acceptability. Therefore, engagement with wider stakeholder groups outside policing and policy is vital, particularly as prejudices and institutional bias can be translated into and proliferated by technological innovation, exacerbating inequality.

Technology providers views on innovation and standards:

Given techUK's involvement in the IAG, in order to represent the technology sector, this section summarises the findings of a call for evidence which went out to their 850 members and received 16 responses. This section is derived from Georgina Henley's input, chapter 4 of the workstream 2 report (Buchanan et al. 2023).

In response to techUK's question about how victims could be put at the centre of discussions around technological development a number of important points were raised.

• Challenge driven innovation is key -policing must focus on the challenges first and then how technology will solve it.
• Updating victim support services on technological developments in evidence preservation and sharing within policing and the wider Criminal Justice System (CJS), and how technology aids investigations, should allow them to support victims to better understand what may be asked of them and why by police, prosecution and defence.
• The speed at which officers and investigators can access relevant information on a case is critical to victim care. A comprehensive user-centred design (UCD) approach is advocated in order to navigate a complex and sensitive user landscape and understand user/victim needs e.g. understand why victims may withdraw, ensure victims can submit evidence from home and withdraw consent easily (however, it is noted that it depends what kind of consent is being referred to as data protection consent is problematic in a policing context).
• Digitising manual and repetitive functions (e.g. Cell Site Analysis Suite Communications Data Automated Normalisation) to increase operational efficiency may lead to successful and quicker resolution and improved victim satisfaction.
• In terms of data interoperability and data sharing there may be a need to access data from many unrelated systems therefore considerations should be given to: anticipated data flows and roles and relationships under data protection law to ensure that data flows are compliant; data repositories on collaborative platforms; accessible digital entry point to CJ/victim support with victim support groups consulted regarding design of digital solutions; access to data from unrelated systems (POLE, People Object Location Event); sharing the experience of victims with technology companies to enhance understanding and risk of harm; improving data quality through training and a bottom-up approach towards next generation level data and defining a common data scheme across forces and wider public service.
• Training is essential, as is collaboration e.g. Scottish Government Digital Evidence Sharing Capability (DESC) (multi-agency data sharing throughout investigations and prosecutions).

In summary, to put the victim at the centre of technological developments there should be accessible digital entry point to CJ/victim support; data-linkage within Police Scotland and with partner agencies; input sought from victim support groups when designing digital solutions.

In relation to what next generation standards look like for data/digital evidence management a number of points were raised:

• With regards to poor quality datasets and their negative impacts the UK Government intends to outline standards for algorithmic transparency and standards for data foundations.
• European Commission's proposed Artificial Intelligence Act highlights the need for transparency, interpretability and confidentiality of high risk (policing) AI systems and stresses the need to understand the capabilities and limitations of AI systems, interprets the system's outputs as well as being to override, reverse or not use the AI output.
• The USA's National Security Commission highlighted that AI performance should be continually monitored, document sources and create procedures for human supervision.
• Data sharing: standards should outline processes that enable data to be shared (without a lot of administration) and cataloguing data and sharing business concept and repositories. Data Sharing Agreements should be in place setting out how data will be shared in compliance with the law (see ICO Statutory Data Sharing Code of Practice).
• Ease of process: standards which can be adapted to be machine readable to allow automated validation of data.
• Accuracy and compliance with legislation: next generation standards in presentation of data /digital evidence need to show fairness (available and accessible to prosecution and defence) and audit trail.
• Common language: next generation standards ought to seek common language to aid understanding across the UK.
• Interoperability: fully connected systems require uninterrupted integration and information flow among various systems. These need validations on ethical grounds (as some data may be unproven intelligence and lead to unfair use). Interoperability and integration within force and across partner organisations for seamless information flow and to enhance operational effectiveness. Clearly all this must be in compliance with data protection law –the fourth data protection principle (Section 38 DPA 2018 places a number of obligations on competent authorities in terms of accuracy, whether data relates to a victim, witness or suspect and a requirement to verify the quality of data before it is transmitted or made available (including providing information so the recipient can assess the degree of accuracy, completeness and reliability of the data).
• Improving data quality: force wide education about AI and ML systems and requirements of data; bottom-up approach to developing standards for next generation level data; definition of common data scheme.
• Digital data is likely to come under more scrutiny (large datasets may need to be obtained in order to extract a small amount data) as it becomes more central to investigations so evidential standards need to be brought up to speed.

In summary, next generation standards for data/digital evidence should be designed to: meet user needs in line with Digital Service Standard and Government Digital Service Standard; enable data interoperability within and between police organisations; conform to published specifications for storage, sharing and security ensuring a common understanding of 'what good looks like', improving the quality and utility of data and ensure compliance with DP Law and the ICO Data Sharing Code of Practice.

In terms of the standards industry should be aware of e.g. from outside policing the following were mentioned:

• ISO27001 looks at how to manage information security (avoiding human error, confidentiality and data integrity); ISO9001 looks at Quality Management standards (end user satisfaction). ISO27037 and ISO27041 regarding digital evidence.
• POLE standards to ensure these four critical aspects of data in policing when enabling interoperability of data and information between systems and forces.
• Pre-Cursor Policy and Legal constraints (audit of what, how when and by whom technology used and what the outcome was) with legal, user guidelines and local policies on use to maintain evidential sanctity.
• Digital Scotland Service Standard and Government Digital Service Standard for creating public services in a user-centred way.
• Gov.UK Data Ethics Framework (guidance on how to use data appropriately and responsibly when planning, implementing and evaluating a new policy or service)
• NHS digital, data and technology standards framework (clear standards for enabling better use of data).
• MAIT (Multi Agency Incident Transfer) standard provides ability for emergency services to securely share electronic incident records in DML reducing CAD information exchange time and allowing accuracy and timeliness of information allowing informed decision making with other agencies.
• Ensuring humans are present in and understand the AI governance chain in order that regulation and ethical considerations are adhered to
• Furthermore, the ICO Data Sharing Code of Practice and the ICO Children's Code may be relevant for services that do not fall in scope.

In relation to the question on evidence-based decision making and how the tech industry can engage with academia this is covered above in Chapter 3 of this final report.

Innovation and standards:

This section, derived from Bill Buchanan's input, i.e. chapter 5 of the workstream 2 report (Buchanan et al., 2023) covers some of the background around how innovation technology is currently handled and key areas of technological advancement. It highlights that many studies on adoption of technology in policing point to the need for strong leadership from both project leaders and police leaders in the roll-out, the centrality of sufficient training, the involvement with internal stakeholders and in understanding issues moral and ethical issues.

It is worth reflecting on what some of the top innovations (as ranked by police leaders) include: Combined DNA Index System (CODIS), Mobile data terminals (MDT); electronic fingerprint services, computer-aided dispatch, Automated Fingerprint Identification Systems, crime lab testing, next-generation 911, Body-worn video cameras, facial recognition, Facebook for PR, ariel drones /UAVs (Matusiak et al., 2020).

Lessons learned from a number of studies on innovation and the adoption of technology within policing are drawn out and include:

• Buy-in at frontline level and the need for specialised training and staff.
• The perception of the technology has a fundamental role in its adoption.
• Internal stakeholders should be involved in the planning process for a roll-out at an early stage.
• The use of technology in routine police practice depends on flexible and customized support from facilitating services, the motivation and perseverance of project leaders and police leaders, timely decision-making on project development, a clear organizational structure and governance, and overall police organizations need a clear innovation strategy and vision on technology.
• Resource-based view (RBV) may be useful in innovation and strategic planning.
• POLE (Person, Object, Location or Event) Standards are being developed by the Police Digital Service (Furuhaug, 2019) and Depeau (2022) outlines that graph technology could help considerably with the adoption of the POLE data model for crime data for use by police and other government agencies by generating relationships between various nodes. However, as Chair I note the important concerns raised in the earlier section by Wienroth and O'Neill regarding function creep (which should be considered and managed in a DPIA) and considerations on AI and big data innovations covered in Chapter 5.

MAIT standard provides the ability for emergency services to share electronic incident records securely in the form of XML. The improved accuracy and timeliness of information allows informed decision making when dealing with other agencies, freeing up time spent with callers.

The sharing of data by the general public with police needs to be handled with care. For example, the trustworthiness of data shared by the public on high situational severity crimes must be considered (Shore et al., 2022). In terms of crime prediction techniques based on big data hot spot identification models, near-repeat modelling; spatiotemporal analysis methods and risk terrain analysis may be used. However, there is a need to comply with data protection and equalities and human rights laws, as well as ensuring ethical standards and there is a lot of controversy around predictive policing using data and technology.

Furthermore, as Chair I would add that the United Nations Interregional Crime and Justice Research Institute (UNICRI), through its centre for AI and Robotics, and the International Criminal Police Organization (INTERPOL) are developing a Toolkit for Responsible AI Innovation in Law Enforcement. This is intended to fill a gap in the availability of guidance tailored to law enforcement on responsible development, deployment and use of AI and it will be a practical guide for law enforcement agencies worldwide on the use of AI in a trustworthy, lawful and responsible manner.

In conclusion, evolving standards (e.g. MAIT and POLE) could provide a foundation of future innovation. The use of technology in routine police practice depends on: flexible and customized support from facilitating services; the motivation and perseverance of project leaders and police chiefs; clear organizational structure and governance; timely and fitting decision making on project development; and overall the police organization needs a clear innovation strategy and vision on technology.

Best practice concerning scientific standards:

Connon et al. (2023: 99-100) also coverresearch and police practice evidence on scientific standards for emerging technologies, with the literature focusing on AI. Ernst et al. (2021) recommend the development of a vision on technology and innovation and Storm (2017) found that there is a need for technological guidance and a national technology clearing house in the US would assist with avoiding the purchase of technologies with high probability of failure.

Oswald (2019) discusses the importance of scientific validity, drawing on evidence from the West Midlands context to demonstrate the need to consider statistical and scientific validity of the use of proposed technologies. Oswald points out that the development of policing algorithms is often not underpinned by robust empirical evidence regarding scientific validity and claims of predictive accuracy are often misjudged or misinterpreted, which makes it difficult to assess the actual impact of technology in practice. She recommends context-specific evaluation methodologies for statistical algorithms used by police forces which should include guidance on how confidence levels and error rates should be established communicated and evaluated. Also, clear scientific standards written with the police context in mind should be required for a national ethics approach.

Chapter 7 summary and conclusion:

Police organisations need a clear innovation strategy and vision on technology. The effective use of technology often depends on flexible and customized support from facilitating services; the motivation and perseverance of project and police leaders; timely decision-making on project development; and a clear organisational structure and governance. Technology innovation requires sociotechnical change, including cultural change in practice, institutions and oversight. Successful adoption into practice needs to take into consideration user and stakeholder perceptions, existing systems and practices at practitioner, policy and oversight levels and a variety of other elements that may be impacted on and are likely to have to innovate at the same time. Technological innovation should adopt a value-based approach and be a longer-term process. This means that decisions about procurement, replacing systems and changing practices need to focus on outcomes and establishing understanding and the willingness to experiment e.g. in small-scale test-runs. It is noted that where appropriate such experiments could be used, for example, to test different solutions or understand impacts in a controlled space prior to potential wider roll-out. Tests of change should be time bound with clear objectives and a transparent review process and at a minimum would require impact assessments at the outset. Partnerships are important for technological innovation and can strengthen the capacity for socio-technical change, encourage benefits to arise from such change and render innovation more socially acceptable.

As new technologies are developed it is important to put the needs of members of the public, particularly those who come in contact with the police (victims, witnesses and accused as well as complainants) at the centre of an innovation in order that there is a better understanding e.g. of touchpoints during an investigation. Next generation standards should be designed to meet the needs of the user and enable interoperability within and between forces to reduce cost, risk and complexity and conform to published specifications for storage, sharing and security (and allow for compliance with data protection law) and ensure a common understanding of what good looks like. Standards must be designed to meet the needs of the user in line with the Digital Scotland Service Standard and Government Digital Service Standard. The Public Sector Equality Duty provides a framework for ensuring that people are not digitally excluded, and that potential barriers to accessing services are mitigated against. Police should integrate with developing standards including from outside of policing. Various standards should be considered e.g.: POLE standards in enabling interoperability, ISO27001 which looks at how to manage information security and ensuring staff know how to manage data properly, Gov.UK Technology Code of Practice, Gov.UK Data Ethics Framework, and the NHS Digital, data and technology standards framework and the ICO's Children's Code and Data Sharing Code of Practice.

7.1 In order to facilitate successful adoption into practice, policing bodies shouldprepare an implementation plan which assesses and takes into consideration stakeholder perceptions, existing systems and practices at practitioner, policy and oversight levels.

7.2 Technology innovation is a longer-term process. In relation to decisions about procurement, replacing systems or changes to practice, policing bodies should focus on establishing understanding and the willingness to experiment e.g. in small-scale test-runs.

7.3 Organisations in the policing system and their partners should invest in developing stable, longer-term mutual collaboration between industry, academia and public organisations.

7.4 Policing bodies should adopt next generation standards designed to meet the needs of the user and enable interoperabilitywithin and between forces to reduce cost, risk and complexity and conform to published specifications for storage, sharing and security and ensure a common understanding of what good looks like.

7.5 Policing bodies should establish a national technology clearing house to ensure robust scientific standards for AI technologies.