Research evidence, technological innovation and scientific standards in policing workstream report

Emerging technologies innovation and standards

Author: Georgina Henley, Head of Justice and Emergency Services, techUK

4.1 Introduction

techUK [21] is a membership organisation launched in 2013 to champion the technology sector and prepare and empower the UK for what comes next, delivering a better future for people, society, the economy and the planet.

It is the UK's leading technology membership organisation, with more than 850 members spread across the UK. It is a network that enables its members to learn from each other and grow in a way which contributes to the country both socially and economically. By working collaboratively with government and others, it provides expert guidance and insight for its members and stakeholders about how to prepare for the future, anticipate change and realise the positive potential of technology in a fast-moving world.

techUK's role on the IAG is to provide a voice for the tech sector, feeding into the report, recommendations and calls for evidence as the group explores Police Scotland's use of emerging technologies [1].

4.2 Evaluation

techUK, as part of its role on the IAG, published its own independent call for evidence requesting members to submit written responses to the following questions:

1. How can the victim be put at the centre of the discussions around technological development? This applies to both data sharing practices/ developments internally as well as external engagement.

2. What do next generation standards look like for data/ digital evidence?

3. What are the standards industry should be aware of? What standards emerge from outside policing?

4. Evidence based decision making in the adoption of tech. How can industry engage academia when developing evidence-based pilots? Research, experience in adoption of technologies.

5. What is your offering to Police Scotland in their adoption of emerging technology (relating to the gathering of digital data and evidence)?

Every force, especially with the impact of COVID-19, is trying to digitally transform services and, through the group, there is an opportunity to help improve and shape policing strategies to improve public safety and equip officers with the digital tools they need to keep the public safe and protect victims.

The following provides a summary of the 16 responses techUK received as part of the call for evidence from its membership.

4.3 Question 1

How can the victim be put at the centre of the discussions around technological development? This applies to both data sharing practices/ developments internally as well as external engagement.

4.3.1 Challenge driven innovation is key

Organisations historically have sought new tools to better manage lengthy and complex processes, reduce risk and accelerate time to market for products or solutions. The technology or solution tends to be the focus rather than the challenge itself. Policing must focus on the challenge first and how technology will solve it.

4.3.2 Technological developments in evidence preservation

Victim Support Schemes and Services could be updated on technological developments in evidence preservation and sharing within policing and the wider CJ System, and how the use of technology aids investigations. This sharing would allow victims who are receiving support from the VSS (Victim Support Service) to better understand how their position is central to the prosecution and what may be asked of them and why, by police, Procurators Fiscal (COPFS) and defence teams.

4.3.3 Speed of access to information

The speed in which officers and investigators can access relevant information on a case is critical to victim care. There are subsidiary benefits of course, such as reducing case load, managing the public purse and being able to make investments in other areas of policing when efficiencies are realised by technology advocate a comprehensive user-centred design (UCD) approach, putting appropriate tools and techniques in place to seamlessly navigate the complex and sensitive user landscapes and understand in depth user / victim needs.

4.3.4 Navigating sensitivities

Speed of access to data for victim care. Putting appropriate tools and techniques in place to seamlessly navigate the complex and sensitive user landscapes and understand in depth the victims needs. For example, Ensuring technology can make it easier for victims to submit evidence from home and withdraw consent easily. Technology also needs to understand some of the issues which may affect why a victim could withdraw from reporting a crime: in some areas victims' mobile devices are removed for analysis for weeks/months which can be traumatic.

4.3.5 Digitising manual and repetitive functions

Cell Site Analysis Suite/Communications Data Automated Normalisation – increase operational efficiency, which ultimately leads to improved victim satisfaction as crimes are solved successfully and at speed.

4.3.6 Data interoperability and data sharing

Consider the process touchpoints a victim (or suspect) would interact with during a police investigation, whether to identify a suspect for a crime against individual or property, or to identify the common victims for a single suspect. There is a fundamental need for appropriate Police Scotland personnel to have access to data from many potentially unrelated systems in order to identify a single thread that goes through those systems:

• A platform for data to be shared auditably and seamlessly. The best data repositories are built on a collaborative platform that ensures all business and data stakeholders share the same knowledge.
• Accessible digital entry point to CJ/ victim support, data sharing between police and partner agencies, victim support groups to be consulted re designing digital solutions
• Access to data from different unrelated systems. People Object Location Event (POLE).
• Sharing the experience of victims with technology companies might open their broader thinking on how the products they produce and promote have an impact beyond their technological intent and how it can lead into the cause and tools of crime and damage or injury to others. Improving data quality through force-wide education about how systems such as AI and ML work, and their requirements of data. We need to have next generation level data, and enable this through a bottom up approach rather than a top down requirement for standards. Equally important is the definition of a common data scheme across forces/divisions, and even across blue light and wider public services

4.3.7 Improving network connectivity

No technology should be looked at in isolation.Training. Ensuring the correct training is provided to officers. Police having access to mission-critical software, hardware solutions and training which provides a significant contribution and are designed to improve the investigation process by reducing time, costs and improving judicial outcomes.

An example of appropriate collaboration may be seen in the Scottish Government DESC (Digital Evidence Sharing Capability), where multi-agencies will be able to share data throughout criminal investigations and prosecutions. To put the Victim at the centre of technological development, we must observe and address:

• Accessible digital entry point to criminal justice / victim support;
• Data-linkage within Police Scotland and with partner agencies;
• Seek input from Victim support groups when designing digital solutions.

4.4 Question 2

What do next generation standards look like for data/ digital evidence management?

The UK Government has committed to setting out cross-governmental standards for algorithmic transparency, and are also in the process of defining new standards for data foundations in the UK, stressing poor quality datasets and their negative impacts.

• The European Commission has proposed the Artificial Intelligence Act, that highlights the need for transparency, interpretability and confidentiality of high risk AI systems. In particular, this work stresses the need to understand the capabilities and limitations of AI systems, interpret the system's outputs, as well as being able to override, reverse or simply not use the AI output.
• The USA's National Security Commission has highlighted that for use of AI by federal agencies, AI should "continuously monitor performance", "document sources and origins of data", as well as creating procedures for "human supervision". Whilst not yet enacted legislation, this highlights that these standards are recognised as the hallmarks of accountable AI systems.
• Data sharing. Standards should outline processes that enable data to be shared, without large amounts of administration which will be a factor in discouraging forces from setting up data sharing. Silos can also be broken down across the police force by cataloging data and sharing business concepts, repositories, and models to enhance collaboration.
• Ease of process Standards which can be adapted to be machine readable/ to allow automated validation of data.
• Accuracy and compliance with legislation. The presentation and potential use of data/ digital evidence will need to be available and accessible by both sides, and so the next generation standards will need to show fairness and an audit trail that satisfies the rule of law.
• Common language. No shared interpretation or understanding of what one particular type or source means and the common language to share meaning and interpretation is missing, nationally. Next generation standards ought to seek ways by which the taxonomy and language is common and understood to the same degree across the country.
• Encouraging interoperability and improving data quality. Consistent and uninterrupted integration and information flow among various systems is the key prerequisite for fully connected systems. These will need validations on the ethical grounds as some of this data might be unproven intelligence and may lead to unfair use or dissemination of sensitive information. Data quality needs to be improved through forcewide education about how systems such as AI and ML work, and their requirements of data. We need to have next generation level data, and enable this through a bottom up approach rather than a top down requirement for standards. Equally important is the definition of a common data scheme across forces/divisions, and even across blue light and wider public services.
• Interoperability and integration have to be achieved not just within the force but across partner organisations. It's vital that there is seamless information flow to, from and between the force and the other partner agencies including health, education, social services. in order to reap the real benefits of operational effectiveness.

Current focus on digital evidence is around continuity of evidence and being able to show that data has been extracted without altering it. There is little focus currently on whether the data can be correctly understood by the investigators whose job it is to review the data.

Next generation standards for data/digital evidence should be designed to:

• – meet user (e.g. victim) needs in line with the Digital Scotland Service Standard and Government Digital Service Standard;
• – encourage and enable data interoperability within and between policing organisations, thereby reducing the cost, risks and complexity currently associated with data sharing and systems integration; and,
• – conform to published specifications for storage, sharing and security, thereby ensuring a common understanding of 'what good looks like' and improving the quality and utility of data.
• Evidential standards are traditionally slow to evolve and changes occur normally in bursts as a result of court rulings or media focus. As digital data becomes more ubiquitous within investigations, it is more likely to come under scrutiny, particularly around the necessity to obtain large datasets in order to extract a small amount of data.
• For potential next generation standards and when considering the lifecycle of a crime, the sheer number of type of data and digital evidence that could be captured, analysed, maintained and presented highlights the complexities that the framework must address. To aid the discussion, we have assumed a simplistic lifecycle model.

4.5 Question 3

What do next generation standards look like for data/ digital evidence management?

Recommendation. Police Scotland consider:

• ISO27001 which looks at how to manage information security, not necessarily data practices but more a focus on security and how to avoid issues with human error, confidentiality and data integrity and ensure your people know how to manage this properly. Additionally ISO9001 looks at Quality Management standards, how customer/end user satisfaction i.e. public contact is handled. This will enable Police Scotland to ensure public contact is handled within regulatory requirements. Regarding digital evidence ISO 27037 and ISO 27041 apply.
• POLE Standards. These will be critical with enabling interoperability of data and information between systems and forces, particularly as they cover 4 of the key aspects of data in policing.
• Pre-cursor Policy and Legal constraints. The use of technology and the audit of what/how, when, by whom and why technology was used and

to what outcome. As well as legal and user guidelines, there will be local nuanced policies on the uses along with maintaining the evidential sanctity of the outputs gained from the tech from a preservation of best evidence point of view.

• The Digital Scotland Service Standard and Government Digital Service Standard for creating public services in a user-centred way.
• The GOV.UK Technology Code of Practice, which provides criteria to help design, build and buy digital solutions.
• The GOV.UK Data Ethics Framework, which provides guidance on how to use data appropriately and responsibly when planning, implementing, and evaluating a new policy or service.
• The NHS digital, data and technology standards framework, which aims to set out useful, usable and clear standards for enabling better use of data within a sector that has comparable complexity and sensitivity to that of policing.
• MAIT standard [22]. MAIT provides the ability for emergency services to securely share electronic incident records in the form of XML (eXtensible Markup Language). The CAD to CAD information exchange time is significantly reduced and allows accuracy and timeliness of information allowing informed decision making when dealing with other agencies. This frees up more time spent with callers and obtaining quality information. This is currently being used in South Wales Police, Gwent Police and South Wales Fire and rescue services and has cut resource deployment by more than three minutes per agency.

Humans and AI approach problems in a very different way, with AI working much quicker than humans can even compute. To ensure that the decisions being made are in line with human standards, complying with regulation and adhering to ethical considerations, humans need to be able to understand the governance chain and be present in it.

4.6 Question 4

Evidence based decision making in the adoption of emerging technology. How can the tech industry engage with academia when developing evidence-based pilots?

Research, experience in adoption of technologies.

• Evidence based decision making for policing are verified strategies and well researched policies and practices. It makes policing more rational, increasing their capabilities to prevent crime. Forces are more connected with the community and improve quality of life.
• Police practices should be based on scientific evidence about what works best and hence it's important that for any evidence-based pilot developing, industry must engage academia. Academia are keen to support the development, testing and promotion of innovative practice to help build the evidence base solution and understand what would work best.
• Using a combination of best practice research evidence, industry knowledge and experience (both policing and technology) and the experiences of the victims of crime when making informed decisions on the adoption of emerging technology by Police Scotland.
• Organisations who adopt a collaborative, consortia-based model achieve better results than those that use traditional prime/sub or 'ecosystem' approaches which frequently stifle agility, innovation, and genuine engagement from those experts that have the most to contribute.
• Using a combination of best practice research evidence, industry knowledge and experience (both policing and technology) and the experiences of the victims of crime when making informed decisions on the adoption of emerging technology by Police Scotland". Indeed, this definition would be very analogous to the health sector if we replaced victim of crime with patient. Looking specifically at academia's role in this definition, there are a number of areas where academia can bring fresh insight into the process.
• Police practices should be based on scientific evidence about what works best and hence it's important that for any evidence-based pilot developing, industry must engage academia. Academia are keen to support the development, testing and promotion of innovative practice to help build the evidence base solution and understand what would work best
• Partnerships, mentoring schemes, apprenticeship and test panels/groups which can road test new technologies and share ideas/challenges to ensure that new technologies are approached from an outcomes perspective.
• Example 1. Research, experience in adoption of technologies. In 2020/21 The Scottish Institute for Policing Research (SIPR) conducted an evaluation of the Digitally Enabled Policing Programme (DEPP), the 'Police Scotland Mobile Working Project' (MWP). This project equipped operational officers with a digital mobile policing solution to replace the traditional paper notebook and to provide remote, live access to key policing information systems. This is an excellent example of how academia can assist and support the review of policing projects, whilst remaining independent and transparent.
• Example 2. The Digital First and GDS Service standards emphasise (1) using evidence to quickly demonstrate that there's a good understanding of the problem to be solved before making substantial commitments (2) using research with real users and real data to quickly establish whether a worthwhile solution can be delivered before undertaking significant development and (3) focussing on rapid, iterative prototyping against agreed KPIs to drive effective design.
• Ensure that pilots ascertain the feasibility of the considerations most important to delivering actual operational business value, including policy and compliance, ethics and safety, availability and fitness for purpose of data, and operational readiness
• Undertake pre-work in key areas to help increase pilot success and avoid unnecessary delays and constraints e.g. secure approval for use of cloud platforms for rapid prototyping where needed, ensure suitable (potentially redacted) representative data is ready and can be readily accessed and consumed by those involved
• Take advantage of established relationships with technology partners. For example, explore the technology partnerships at NatureScot.

techUK as part of its call for evidence also requested responders to include their offerings to Police Scotland in their deployment of emerging technologies.

The following member organisations responded to the call for evidence and provided the content covered in Chapter 4:

• Spatial
• Capita
• Chorus Intelligence
• Cloud Gateway
• Cyan Forensics
• ESRI
• Forensics Analytics
• HCL
• Informed Solutions
• Leidos
• MEGA
• Mind Foundry AI
• Motorola Solutions
• Oracle
• Roke
• Spirent

Thank you to the members who contributed. The above is a summary but if you would like to speak with any of the above organisations directly about their input or offerings, please reach out to techUK's Head of Justice and Emergency Services, Georgina Henley.

4.7 Conclusions

techUK, as part of its role on the IAG, published its own independent call for evidence requesting members to submit written responses to four questions, with a fifth question asking for their own offering to Police Scotland.

The responses touch on a number of themes such as data driven innovation, putting the victim at the centre with any new technology adoption, data interoperability and standards and what next generation standards for digital evidence management looks like.

Putting the victim at the centre as new technologies are developed will allow victims who are receiving support from VSS's to better understand how their position is central to the prosecution and what is being asked of them. It will also improve speed of access to relevant information/ data for victim care and ensure those working on the case are able to navigate sensitivities seamlessly. By improving data interoperability, data sharing and standards through, for example, a secure platform we see improved multi-agency working, knowledge sharing and a better understanding of touchpoints a victim would interact with during a police investigation and what support for that victim might looks like for all agencies involved in the case.

Next generation standards must be designed to meet the needs of the user in line with the Digital Scotland Service Standard and Government Digital Service Standard. The standards must enable interoperability within and between forces to reduce cost, risk and complexity and, conform to published specifications for storage, sharing and security to ensure a common understanding of what good looks like.

A number of recommendations for Police Scotland have been flagged when exploring what standards emerge from outside of policing. POLE standards will be critical when enabling interoperability and, with the adoption of emerging technologies ISO27001 which looks at how to manage information security and how to avoid issues with human error has been suggested as this will ensure staff know how to manage the data properly. Further recommendations include – The GOV.UK Technology Code of Practice, GOV.UK Data Ethics framework and the NHS Digital, data and technology standards framework.

For evidence-based decision making, police practices should be based on scientific evidence about what works best with pilots developed with most industry and academia. Using a combination of best practice research evidence, industry knowledge and experience, and the experiences of the victims of crime is key in order to make informed decisions on the adoption of emerging technology.