Police have not assessed the privacy impacts of the visual arm of their powerful new search technology.
This year, police have rolled out much faster and more extensive text and visual searching systems, new ways of linking information, and new mapping technology.
Police said they had carried out a privacy impact assessment (PIA) of SearchX, which scours the text in their three main data pools, but not for the visual image search system.
“No PIA has been conducted of the visual intelligence app,” police said in a statement.
“It was determined that as it is not new technology, and utilises existing information, no PIA was required.”
They said SearchX was not new technology, just “improves and extends” existing products. However, previous statements highlighted that the systems were new to the New Zealand police.
RNZ discovered through a request under the Official Information Act that SearchX had been developed as part of a $200 million safety programme for frontline police, in the face of recent gun violence.
The documents that were disclosed repeatedly refer to the urgent need for police to get new capabilities, visual analytics and develop “a new fit-for-purpose connector to the intelligence holdings”.
There were “two new products in the NZP application portfolio that may in the future have a visual intelligence analytics role. Specifically, Esri’s ArcGIS Enterprise Server and BLANK”, a business case said.
Esri ArcGIS is a mapping tool. It was central to Los Angeles Police Department’s controversial experiment from 2011 to 2020 with “predictive policing” that mines data to target crime hotspots.
New Zealand police said they do use geospatial mapping.
“We have access to ArcGIS to map hotspots and to analyse crime and events.
“On occasions when this is done, it is all based on information we pull from NIA [National Intelligence Application] or from Open-Source maps. It is not new technology; it is a core platform used by numerous agencies.
“We are able to provide visual representation of the crime that’s occurred in an area, but it is not predictive.”
Police said SearchX also was not a predictive policing tool.
RNZ’s official information request revealed IBM reviewed police information and communications technology (ICT) two years ago and found security was “suboptimal”, critical processes did not have the service to operate effectively, and there was confusion over ownership of data and who was responsible for data quality.
IBM rated eight out of 15 police ICT categories as red – “best practices do not exist with the organisation” or had just been started; six were orange – partially existed; and one was green.
Police said that was their most recent technology review.
“There was not a subsequent review of all 2021 recommendations after the fact, but rather a balanced approach was taken to prioritise risk and assurance activities against business benefits for inclusion in the Police Long Term Investment Plan.”
Since then, the police have created an Enterprise Architecture Practice where there was none, and a new ICT operating model.
They took “a number of security-related measures to safeguard our data holdings and processes”, and this work is continuing.