Privately-owned CCTV cameras vastly outnumber those owned by police. Photo / George Heard
Police will be carrying out an audit into its use of a powerful, privately-owned surveillance network after being caught out inventing a crime to access it.
Police Minister Chris Hipkins has told the Herald: “This week I was assured that an audit of the system would be undertaken. I expect to receive an update next week.”
The Herald revealed this week that detectives accessed the network when searching for vehicles connected to the three women who sparked the Northland lockdown in October and did so by falsely reporting at least one car as stolen.
Police headquarters confirmed doing so engaged the networks’ Automatic Number Plate Recognition software. Once detectives got alerts on a sought-after vehicle, they removed the “stolen” designation from the system.
Hipkins said he had been told by police that the case was one in which officers took a “wrong option” and “communications have gone out this week to stop it happening again”.
It is understood police could have used its emergency powers to access the system because of a “serious risk to public health existed” but it would have required more administrative work.
The audit move comes after mounting pressure on police over accessing the privately-owned surveillance network through an exploit that involved falsely reporting a car stolen.
Privacy Commissioner Michael Webster told the Herald he had asked police for information about how it audits and monitors access to the systems which link thousands of CCTV cameras.
In doing so, Webster has linked the Herald’s report on the police faking a stolen car alert to game access to the surveillance network with its recent inquiry which exposed weak privacy processes.
It comes as police headquarters reviews it training for the use of the Auror and Safer Cities networks of thousands of cameras in petrol stations, shopping malls, supermarkets and other areas which see large public traffic across privately-owned spaces.
A spokesman for the Privacy Commissioner said number plate information was considered personal information when it was used to identify an individual and was covered by the Privacy Act, the Search and Surveillance Act and other legislation.
The spokesman described the Herald report as showing police “misled” the company holding the information “by stating that the information was required for a purpose that is different to the purpose for which it was ultimately sought”.
“Should this be the case, this collection may have bypassed the privacy protections that (the holder of the information) and police agreed to in allowing police to access the ANPR database at the time.”
The spokesman pointed to its recent inquiry which found the routine police practice of fingerprinting young people and taking and keeping photographs of young people and adults when it was not lawful to do so.
That report said police needed to overhaul privacy practices because of a “general lack of awareness amongst police of their obligations under the Privacy Act”.
In relation to the fake stolen car alert, the commissioner’s spokesman said it “has raised questions in our minds regarding the robustness of police review and audit processes and practice with respect to appropriate use of ANPR platforms”.
The spokesman said those questions related to systems owned by police and those police accessed through third-parties such as Auror and Safer Cities.
The commissioner noted that police had only just updated its policies about automatic number plate recognition systems.
“We have asked Police to confirm to what extent the new policy has been implemented, particularly monitoring and audit of access and use and the provision of training to staff.”
The commissioner said it also sought an assurance from police on the “robustness” of its access to ANPR systems, training of those who used the systems and its monitoring and auditing practices.
Police headquarters said around 6000 staff had the ability to access ANPR systems and carried out around 327,000 checks each year. Police and councils operate a fraction of the thousands of ANPR-capable cameras in the country.
Hipkins has said he wants assurances from police that those with access to the systems understand the rules associated with doing so.
A spokeswoman for Auror also said the company would be checking with police whether its system was being used properly.
The case emerged through Herald inquiries into the October lockdown of Northland after three women were said to have used false information to get travel permits across the Covid-19 border with Auckland in October.
When one of those women tested positive for Covid-19 in Whangarei then disappeared, the whole region was put into lockdown over concerns that they might be spreading the virus.
It emerged the women did not use false information but that the travel documents were approved in error by a staff member at the Ministry of Social Development. It was also found the women were not prostitutes or linked to gangs, as had been suggested at the time, but were pursuing business opportunities in the North.