Technology and security have been converging for some time now. What’s more, over recent times, both the scope and the speed of this convergence have been rapidly increasing. On the one hand, this opens up some really exciting opportunities. On the other hand, it raises some important privacy considerations. Here is a quick guide to what you need to know.
Physical security and digital security are a partnership
Cybersecurity professionals have long understood that good digital security requires good physical security. The importance of this has grown as the size of devices has shrunk. Smaller, lighter devices are great for hotdesking and working outside the office. They are, however, much more vulnerable both to theft and to tampering.
Over recent years, physical security professionals have been tapping into technology to deliver a more robust service to more people. In the beginning, this largely meant finding ways to implement remote operation. This was a huge step up from having to keep security personnel in specific places just in case they were needed.
More recently, automation has started to play a larger role in security. Sensor-activated devices can not only speed up response times. They can also reduce the need for human patrols. The key word in that sentence, however, is “reduce”. Even the smartest devices still need human oversight.
In fact, there’s a strong case for arguing that the smarter devices get, the more human oversight they need. Basically, the right to (self-)protection has to be balanced with other people’s right to privacy. Striking the right balance often requires human judgement, coupled with an understanding of the law (which can change).
The challenges of implementing smart perimeter controls
Protecting your perimeter has long been one of the most fundamental principles of security. It’s literally been known for thousands of years as evidenced by historic buildings. What’s more, the way that principle is implemented has also stayed largely the same. At the end of the day, modern remote-controlled gates are just a higher-tech version of historic castle gates.
Similarly, modern surveillance devices and human security professionals perform much the same function as the sentries of old. The big difference between them, however, is the quantity of data automated devices can process. This is largely due to the speed at which they can process it.
This in itself raises questions about an individual’s right to privacy. Those questions increase as security changes from passive monitoring to active surveillance. For example, facial-recognition technology has long been used in certain environments such as football matches. Even here it was moderately controversial, but it’s also been recognized that it’s done a lot to improve safety.
Automated Number Plate Recognition and black box technology have both been ramped up over recent years. These also raise privacy concerns given that tracking a vehicle also, effectively tracks the driver. Again, however, there has been broad acceptance that these are both justified by the advantages they offer.
The battle over biometrics
At present, the real security battleground is over biometrics. The front line is arguably the use of facial-recognition technology. If, however, this front-line holds, it could lead to the mainstream adoption of many more forms of biometric identification from scans of body parts to the microchipping of humans.
Human microchipping is already real-world fact rather than science fiction. Swedish company Biohax and UK company BioTeq are both known to offer this technology. There is relatively little hard data about its real-world use. It is, however, known that some people are in favor of the technology as it makes it easy for emergency services to access a person’s key data.
It is also known that some companies have microchipped their workers. At present, this appears to be very much the exception rather than the rule. It is, however, an open question as to why this is. The reason could be that most companies consider it a step too far for most employees. It could also be that they are deterred by cost and/or the law.
In Europe, arguably the biggest deterrent to employers microchipping employees is GDPR. Technically, GDPR would accept employees being voluntarily microchipped. The law does, however, recognize the general imbalance of power between employer and employee.
Issues with AI
Another stumbling block to the widespread adoption of biometrics is the issue of processing the checks at a fast enough speed. For example, tapping a card against a reader is much quicker than having a body part scanned and the scan analyzed.
There may be certain environments where the extra time is justified by the higher security. In general, however, any security gains made by the use of biometrics would probably be offset by the issues caused by the resultant queuing.
At present, the only forms of biometric identification which can be processed really quickly are facial-recognition and microchipping. Facial-recognition, however, is known to have suffered from false-positive identifications, particularly amongst certain ethnic groups. This raises the question of how often it has missed genuine positive identifications.
Microchips can be read both quickly and accurately. They do, however, need to be implanted before they are read. As a minimum, this creates a logistical barrier to their widespread use.
Back to the (technical) drawing board?
It can be easy and tempting to get sucked into the intense details of security technology, privacy and the law. Sometimes in-depth analysis is necessary. Much of the time, however, companies can navigate their way through these complexities simply by acting mindfully and responsibly.
In other words, businesses need to know exactly what they want to achieve and why. They need to be able to demonstrate that their goal is reasonable. They also need to be able to show that the steps used to achieve it are both proportionate and fair.
Businesses should review their security regularly and be prepared to update it to reflect new developments. This could be anything from social changes to legal changes. They should also have a process for people to give feedback on their use of technology and be prepared to act on that feedback where appropriate.
Lucinda Thorpe, Business Development Executive, Newgate