Surveillance

 

 

https://sm.asisonline.org/Pages/The-Virtual-Lineup.aspxThe Virtual LineupGP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-02-01T05:00:00Zhttps://adminsm.asisonline.org/pages/lilly-chapa.aspx, Lilly Chapa<p>​U.S. State and federal agencies are amassing databases of American citizens’ fingerprints and images. The programs were largely under the public radar until a governmental watchdog organization conducted an audit on them. The so-called “virtual lineups” include two FBI programs that use facial recognition technology to search a database containing 64 million images and fingerprints.</p><p>In May 2016, the U.S. Government Accountability Office (GAO) released Face Recognition Technology: FBI Should Better Ensure Privacy and Accuracy, a report on the FBI programs. Since 1999, the FBI has been using the Integrated Automated Fingerprint Identification System (IAFIS), which digitized the fingerprints of arrestees. In 2010, a $1.2 billion project began that would replace IAFIS with Next Generation Identification (NGI), a program that would include both fingerprint data and facial recognition technology using the Interstate Photo System (IPS). The FBI began a pilot version of the NGI-IPS program in 2011, and it became fully operational in April 2015. </p><p>The NGI-IPS draws most of its photos from some 18,000 federal, state, and local law enforcement entities, and consists of two categories: criminal and civil identities. More than 80 percent of the photos are criminal—obtained during an arrest—while the rest are civil and include photos from driver’s licenses, security clearances, and other photo-based civil applications. The FBI, which is the only agency able to directly access the NGI-IPS, can use facial recognition technology to support active criminal investigations by searching the database and finding potential matches to the image of a suspected criminal. </p><p>Diana Maurer, the director of justice and law enforcement issues on the homeland security and justice team at GAO, explains to Security Management that the FBI can conduct a search for an active investigation based on images from a variety of sources—camera footage of a bank robber, for example. Officials input the image to the NGI-IPS, and the facial recognition software will return as many as 50 possible matches. The results are investigative leads, the report notes, and cannot be used to charge an individual with a crime. A year ago, the FBI began to allow seven states—Arkansas, Florida, Maine, Maryland, Michigan, New Mexico, and Texas—to submit photos to be run through the NGI-IPS. The FBI is working with eight additional states to grant them access, and another 24 states have expressed interest in using the database.</p><p>“The fingerprints and images are all one package of information,” Maurer says. “If you’ve been arrested, you can assume that you’re in, at a minimum, the fingerprint database. You may or may not be in the facial recognition database, because different states have different levels of cooperation with the FBI on the facial images.”</p><p>The FBI has a second, internal investigative tool called Facial Analysis, Comparison, and Evaluation (FACE) Services. The more extensive program runs similar automated searches using NGI-IPS as well as external partners’ face recognition systems that contain primarily civil photos from state and federal government databases, such as driver’s license photos and visa applicant photos. </p><p>“The total number of face photos available in all searchable repositories is over 411 million, and the FBI is interested in adding additional federal and state face recognition systems to their search capabilities,” the GAO report notes.</p><p>Maurer, who authored the GAO report, says researchers found a number of privacy, transparency, and accuracy concerns over the two programs. Under federal privacy laws, agencies must publish a Systems of Records Notice (SORN) or Privacy Impact Assessments (PIAs) in the Federal Register identifying the categories of individuals whose information is being collected. Maurer notes that the information on such regulations is “typically very wonky and very detailed” and is “not something the general public is likely aware of, but it’s certainly something that people who are active in the privacy and transparency worlds are aware of.” </p><p>GAO found that the FBI did not issue timely or accurate SORNs or PIAs for its two facial recognition programs. In 2008, the FBI published a PIA of its plans for NGI-IPS but didn’t update the assessment after the program underwent significant changes during the pilot phase—including the significant addition of facial recognition services. Additionally, the FBI did not release a PIA for FACE Services until May 2015—three years after the program began. </p><p>“We were very concerned that the Department of Justice didn’t issue the required SORN or PIA until after FBI started using the facial recognition technology for real world work,” Maurer notes. </p><p>Maurer says the U.S. Department of Justice (DOJ)—which oversees the FBI—disagreed with the GAO’s concerns over the notifications. Officials say the programs didn’t need PIAs until they became fully operational, but the GAO report noted that the FBI conducted more than 20,000 investigative searches during the three-year pilot phase of the NGI-IPS program. </p><p>“The DOJ felt the earlier version of the PIA was sufficient, but we said it didn’t mention facial recognition technology at all,” Maurer notes. </p><p>Similarly, the DOJ did not publish a SORN that addressed the collection of citizens’ photos for facial recognition capabilities until GAO completed its review. Even though the facial recognition component of NGI-IPS has been in use since 2011, the DOJ said the existing version of the SORN—the 1999 version that addressed only legacy fingerprint collection activities—was sufficient. </p><p>“Throughout this period, the agency collected and maintained personal information for these capabilities without the required explanation of what information it is collecting or how it is used,” the GAO report states.</p><p>It wasn’t until May 2016—after the DOJ received the GAO draft report—that an updated SORN was published, Maurer notes. “So they did it very late in the game, and the bottom line for both programs is the same: they did not issue the SORNs until after both of those systems were being used for real world investigations,” Maurer explains. </p><p>In the United States, there are no federally mandated repercussions for skirting privacy laws, Maurer says. “The penalty that they will continue to pay is public transparency and scrutiny. The public has very legitimate questions about DOJ and FBI’s commitment to protecting the privacy of people in their use of facial recognition technology.”</p><p>Another concern the GAO identified is the lack of oversight or audits for using facial recognition services in active investigations. The FBI has not completed an audit on the effectiveness of the NGI-IPS because it says the program has not been fully operational long enough. As with the PIA and SORN disagreements, the FBI says the NGI-IPS has only been fully operational since it completed pilot testing in April 2015, while the GAO notes that parts of the system have been used in investigations since the pilot program began in 2011. </p><p>The FBI faces a different problem when it comes to auditing its FACE Services databases. Since FACE Services uses up to 18 different databases, the FBI does not have the primary authority or obligation to audit the external databases—the responsibility lies with the owners of the databases, DOJ officials stated. “We understand the FBI may not have authority to audit the maintenance or operation of databases owned and managed by other agencies,” the report notes. “However, the FBI does have a responsibility to oversee the use of the information by its employees.” </p><p>Audits and operational testing on the face recognition technology are all the more important because the FBI has conducted limited assessments on the accuracy of the searches, Maurer notes. FBI requires the NGI-IPS to return a correct match of an existing person at least 85 percent of the time, which was met during initial testing. However, Maurer points out that this detection rate was based on a list of 50 photos returned by the system, when sometimes investigators may request fewer results. Additionally, the FBI’s testing database contained 926,000 photos, while NGI-IPS contains about 30 million photos.</p><p>“Although the FBI has tested the detection rate for a candidate list of 50 photos, NGI-IPS users are able to request smaller candidate lists—specifically between two and 50 photos,” the report states. “FBI officials stated that they do not know, and have not tested, the detection rate for other candidate list sizes.” </p><p>Maurer notes that the GAO recommendation to conduct more extensive operational tests for accuracy in real-world situations was the only recommendation the FBI agreed with fully. “It’s a start,” she says. </p><p>The FBI also has not tested the false positive rate—how often NGI-IPS searches erroneously match a person to the database. Because the results are not intended to serve as positive identifications, just investigative leads, the false positive rates are not relevant, FBI officials stated.</p><p>“There was one thing they seemed to miss,” Maurer says. “The FBI kept saying, ‘if it’s a false positive, what’s the harm? We’re just investigating someone, they’re cleared right away.’ From our perspective, the FBI shows up at your home or place of business, thinks you’re a terrorist or a bank robber, that could have a really significant impact on people’s lives, and that’s why it’s important to make sure this is accurate.”</p><p>The GAO report notes that the collection of Americans’ biometric information combined with facial recognition technology will continue to grow both at the federal investigative level as well as in state and local police departments.</p><p>“Even though we definitely had some concerns about the accuracy of these systems and the protections they have in place to ensure the privacy of the individuals who are included in these searches, we do recognize that this is an important tool for law enforcement in helping solve cases,” Maurer says. “We just want to make sure it’s done in a way that protects people’s privacy, and that these searches are done accurately.”</p><p>This type of technology isn’t just limited to law enforcement, according to Bloomberg’s Hello World video series. A new Russian app, FindFace, by NTechLab allows its users to photograph anyone they come across and learn their identity. Like the FBI databases, the app uses facial recognition technology to search a popular Russian social network and other public sources with a 70 percent accuracy rate—the creators of the app boast a database with 1 billion photographs. Moscow officials are currently working with FindFace to integrate the city’s 150,000 surveillance cameras into the existing database to help solve criminal investigations. But privacy advocates are raising concerns about other ways the technology could be used. For example, a user could learn the identity of a stranger on the street and later contact that person. And retailers and advertisers have already expressed interest in using FindFace to target shoppers with ads or sales based on their interests. </p><p>  Whether it’s a complete shutdown to Internet access or careful monitoring of potentially dangerous content, countries and companies around the world are taking advantage of the possibilities—and power—inherent in controlling what citizens see online. As criminals and extremists move their activities from land and sea to technology, governments must figure out how to counter digital warfare while simultaneously respecting and protecting citizens’ basic human right to Internet access.​ ​</p>

Surveillance

 

 

https://sm.asisonline.org/Pages/The-Virtual-Lineup.aspx2017-02-01T05:00:00ZThe Virtual Lineup
https://sm.asisonline.org/Pages/Surveillance-is-Instrumental.aspx2017-02-01T05:00:00ZSurveillance is Instrumental
https://sm.asisonline.org/Pages/Wildlife-Trafficking.aspx2017-01-01T05:00:00ZWildlife Trafficking
https://sm.asisonline.org/Pages/Speedy-Surveillance.aspx2016-11-01T04:00:00ZSpeedy Surveillance
https://sm.asisonline.org/Pages/Reducción-de-la-Violencia-en-América-Latina.aspx2016-10-11T04:00:00ZReducción de la Violencia en América Latina
https://sm.asisonline.org/Pages/Guarding-A-Floating-Treasure.aspx2016-09-01T04:00:00ZGuarding A Floating Treasure
https://sm.asisonline.org/Pages/Scholastic-Surveillance.aspx2016-08-01T04:00:00ZScholastic Surveillance
https://sm.asisonline.org/Pages/A-Casino-Makes-a-Sure-Bet.aspx2016-06-01T04:00:00ZA Casino Makes a Sure Bet
https://sm.asisonline.org/Pages/In-the-Public-Interest.aspx2016-05-01T04:00:00ZIn the Public Interest
https://sm.asisonline.org/Pages/Staying-On-Message.aspx2016-02-25T05:00:00ZStaying On Message
https://sm.asisonline.org/Pages/Q-and-A---Ashly-Helser.aspx2016-01-01T05:00:00ZMall Security
https://sm.asisonline.org/Pages/A-Sweet-Solution.aspx2015-12-21T05:00:00ZA Sweet Solution
https://sm.asisonline.org/Pages/A-Threat-in-the-Crowd.aspx2015-12-07T05:00:00ZFour Indicators Security Professionals Should Look for when Identifying Suicide Bombers
https://sm.asisonline.org/Pages/Remote-Detection.aspx2015-10-05T04:00:00ZRemote Detection
https://sm.asisonline.org/Pages/Book-Review---Digital-Video-Surveillance-and-Security.aspx2015-09-01T04:00:00ZBook Review: Digital Video Surveillance and Security
https://sm.asisonline.org/Pages/Body-Cameras-in-Schools.aspx2015-07-28T04:00:00ZSchools Consider Adopting Body Cameras for Security
https://sm.asisonline.org/Pages/High-Alert.aspx2015-07-14T04:00:00ZHigh Alert
https://sm.asisonline.org/Pages/Surveillance-for-Security-and-Beyond.aspx2015-06-15T04:00:00ZSurveillance for Security and Beyond
https://sm.asisonline.org/Pages/A-Savvy-Storage-Solution.aspx2015-06-01T04:00:00ZA Savvy Storage Solution
https://sm.asisonline.org/Pages/Night-Watch.aspx2015-05-01T04:00:00ZNight Watch

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Surveillance-for-Security-and-Beyond.aspxSurveillance for Security and Beyond<p>​<span style="line-height:1.5em;">In 2015, there are more than 2 billion surveillance cameras worldwide, according to estimates from Seagate Technology. These cameras are watching over people and property in previously unimagined settings. The United Kingdom, an early adopter of public area surveillance, had nearly 6 million cameras in 2013, according to estimates by the British Security Industry Authority–one camera for every 11 citizens. Institutions like schools and hospitals have long relied on surveillance to protect those coming through their doors, and retailers and manufacturers are using traditional surveillance to not only improve security, but to enhance quality control and boost flaging marketing strategies. </span></p><p>Experts testify to the increasing affordability of cameras as a factor in the industry’s growth. They also point to the operational value surveillance systems provide, in addition to the traditional security applications. As an illustration of how surveillance is being used in unique ways, this article looks at how a major transportation authority is using cameras to provide operational benefits. Next is a look at how trends in surveillance in law enforcement, municipal, and education spaces are making surveillance technology indispensable.​</p><h4>Mass Transit</h4><p>The Massachusetts Bay Transportation Authority (MBTA) is the fifth largest transit system in the United States, with an average daily ridership of nearly 1.4 million people. The agency’s transportation modes include bus, light rail, subway, ferry, and paratransit for riders with physical disabilities. </p><p>“The transit environment is one of the most complicated security environments you could have because of the unbelievably high volume of customers, the complexity of trains and track, and…hundreds of staircases and escalators and elevators,” says Randy Clarke, director of security and emergency management at MBTA. “All of these things could be places where a security issue could come up or an emergency response or fire emergency. Slip, trip, and fall–these things happen all day, every day.” </p><p>Clarke tells Security Management that the security arm of the MBTA takes an approach to the divisions it services much like a corporate security program would: “Our job is to support our internal clients, such as the operations control group, transit police, legal department, things of that nature.” Security staff also support the Registry of Motor Vehicles, as well as the state police and highway operations center. </p><p>In 2009 the agency began a capital security project to secure all of its facilities with a video surveillance system. The number of cameras MBTA has is in “the thousands,” says Clarke, and they are all embedded within the agency’s access control system that services its more than 10,000 employees. </p><p>To expand its video surveillance program, early last year MBTA began rolling out a project to equip its buses with an integrated video system that would provide real-time surveillance aboard 225 of its more than 1,100 buses. “If you walk into a store, you see a monitor and know you’re on TV; therefore, you know there’s security in this building,” Clarke says. “We wanted that approach for bus security.” </p><p>The previous solution was burdensome and took time out of daily transit operations because video could not be transferred over a network, notes Clarke. “You’d have to go get the bus, take the bus out of service, pull the hard drive, hope the hard drive actually works, put it in a hard-drive reader, replace it with another one, and there will be impacts to the bus operations because you either have to hold the bus and do this operation out in the street impacting customers, or take the bus out of service.”</p><p>MBTA turned to Canadian firm Genetec for its Omnicast video surveillance solution, which provides a number of features that enhance law enforcement and public safety while increasing operational benefits for the agency. </p><p>Each bus is equipped with two 360-<span style="line-height:1.5em;">degree cameras and four high-definition cameras, all manufactured by Panasonic. Additional equipment, such as an anti­vibration feature, is provided to meet the needs of a rugged transportation mode like a bus, which encounters obstacles such as potholes. A screen installed inside the bus shows all the camera views so passengers can see themselves and others on video, much like in a retail store environment. The video is recorded and stored locally on a network video recorder (NVR) inside each bus. </span></p><p>Whenever a bus pulls back into the depot, the video begins downloading automatically to the central server over Wi-Fi, and the footage is stored for about a month. However, if there is an incident that occurs while the bus is still moving, Clarke says they can immediately download the video over the Verizon LTE network to the central monitoring station. “We’re not going to do that for a 30-minute file or six different camera views, but we can do it for an immediate incident,” he explains.  </p><p>The MBTA has a sworn police force of transit officers who specifically deal with incidents relating to the transportation system. Each squad car has a mobile data terminal that integrates with the bus video surveillance platform, allowing an officer to see in real time what’s occurring on a vehicle via a Wi-Fi connection. In addition to the transit police dispatch center, the MBTA has a separate dispatch for transit operators, and at least one police officer is on duty there at all times. </p><p>City and state law enforcement agencies also benefit from the video surveillance when it comes to tracking down criminal suspects. Clarke notes that immediately after committing a crime, thieves will often use public transportation to flee the scene. Recently, a bank robber jumped on a subway train to evade police. Operators at the central monitoring station were able to match the video surveillance to the suspect’s description, and they instructed the train operator to wait at the next station until law enforcement could arrive and make an arrest. </p><p>Operator assault is another major problem the video surveillance solution is helping to solve. In one case, a patron punched a driver in the face; the driver immediately radioed into transit dispatch. Within a minute the central monitoring station had pulled up video from the bus, Clarke says, and zoomed in on the offender’s face. When officers arrived at the scene, the suspect was walking down the street attempting to escape. He was immediately arrested.</p><p>MBTA has a high level of engagement with the public, Clarke notes, and it uses tools such as social media to communicate with riders. With video surveillance, any tweets sent to MBTA over Twitter are easily corroborated, allowing situations to be resolved more quickly. For example, a patron may send a message that she suspects the bus driver is intoxicated. “We’ll look at the video, see if that video validates what the person is saying; if so, they can send a road supervisor, intercept that bus, and do a fitness for duty check on that employee to make sure that they’re not intoxicated,” he explains. </p><p>He adds that the MBTA has an exhaustive list of policies and procedures when it comes to filming and retaining the video. “We have a really detailed chain of custody for why we do video, how it’s archived, how it’s maintained, how it’s digitally stamped, how it would go to court, how it wouldn’t go to court—all those kinds of things.”</p><p>The agency has added 60 more buses to the Genetec platform since the initial deployment in 2014, and it plans to mi­­grate more of its fleet in the future. Clarke says any company looking to implement a similar video application should be prepared for customer feedback. “You just have to know with eyes wide open going into what you’re doing. When you’re go­ing to open up video on anything like a bus, you need to know that people are going to see it—the expectation level is high.” ​</p><h4>Law Enforcement</h4><p>“Especially in the municipalities, preventing crime is still the primary use for the video surveillance solution,” says Dave Sweeney, COO of Advantech, a company that provides system integration. His organization has completed a number of video surveillance projects for law enforcement, allowing them to take advantage of low-cost cameras to replace the need for human force. “We have a local police leader who says ‘I can’t afford to put an officer on every corner, but I can afford to put a camera on every corner,’” Sweeney notes. </p><p>Other municipalities have established partnerships with local businesses and law enforcement, providing a central monitoring station for camera feeds. While they may not have a dedicated </p><p>officer watching the monitors 24/7, if anything should occur throughout the city, “they have learned to use the tool to help them solve the crime, to dispatch their resources, and to try to find witnesses who may have left the scene to figure out what occurred,” he notes. For example, one such municipality teams up with government agencies. While the city owns about 75 percent of the cameras feeding into its central monitoring station, the other 25 percent come from the local housing authority’s cameras.</p><p>Sweeney says public perception can be a major challenge faced by municipalities when deploying video surveillance. “You always have the skeptical crowd who is leery of ‘Big Brother’ watching them,” he notes. “But if you put the solution in and publicize the benefits of it, ultimately the community will gain trust in it.” </p><p>Scalability is also crucial for muni­ci­­palities and law enforcement, but bu­dget constraints may only allow them to expand their video surveillance infrastructure a handful of cameras at a time. Often, Sweeney notes, money can get pulled away from video surveillance within a municipality’s budget if there’s an emergency such as a snowstorm that takes precedence. </p><p>He says whatever size deployment a city or law enforcement agency begins with, keeping its ultimate goal in mind is key to successful expansion. “The challenge for all parties involved in the beginning phase is making sure they understand the ultimate goal of the system in the future so that they can sign accordingly, and so that everything they put in will allow that growth.” ​</p><h4>Education</h4><p>Experts say schools are increasingly turning to video and audio surveillance to deter threats and also increase the amount of time being spent on education. One use of video surveillance technology in the education environment, for example, is corroborating incidents such as a child being bullied. Louroe Electronics provides an audio component to video cameras that adds an extra layer of monitoring.</p><p>“If a teacher tells the child’s parents, ‘your kid is acting up in class,’ the first thing they’re going to say is ‘not my little angel, she would never do that,’” says Cameron Javdani, director of sales and marketing at the audio company. “But if you can send it home with an audio clip of her picking on another student or some kind of incident that happened, it’s a lot more powerful and you can address the specifics of the situation, rather than this nebulous term of ‘bullying.’”</p><p>A combination of audio and video surveillance within schools can also allow students who are sick and have to miss class the opportunity to catch up on the day’s lessons. “There’s a huge secondary benefit to security equipment being used but serving a use that’s not security,” notes Javdani.  </p><p>Education administrators see video as a way to not only enhance security, but also improve the educational experience, which Sweeney says should be their primary focus. For example, a school being evacuated due to a bomb threat may lose eight hours of classroom time because authorities can’t clear the area where the device is supposedly located. But if video surveillance can help give an all-clear sooner, schools may get hours back in the teaching day.</p><p>The placement of surveillance cameras can also vary depending on the education environment, adds Sweeney, who says that a primary school may want more cameras pointed at doors and playgrounds, while high schools tend to want more cameras overall. “Once you migrate into the middle school and secondary education, that’s where you see the cam­eras really grow full scale into the facility,” he says. “Hallways, stairwells, cafeterias–all the areas where the students are for the most part, [whenever] there’s a very high student-to-adult ratio.”  </p><p>Another notable trend in the education space for video surveillance is shared infrastructure, says Sweeney, who explains he’s seen several schools using the same IT backbone for their video networks. “We’ve seen customers who are okay with sharing infrastructure that have a very well-thought-out, very clear IT policy….to allow the systems to use the same network hardware, but still remain completely isolated from traffic and all the other networking standpoints,” he says. ​</p><h4>Retail</h4><p>Surveillance remains a critical aspect of retail security for deterring and solving thefts, but experts say that stores are turning to surveillance to enhance marketing techniques, such as product placement, says Andrew Elvish, vice president of marketing at Genetec. Elvish notes that a company can use video and heat mapping to show which display cases in a store get the most traffic and visibility. That way, they can justify charging vendors more for shelving their products in those locations. </p><p>Retailers are also monitoring product sales with video management systems (VMS) that are connected to point-of-sale (POS) terminals. If they’re trying to find the video of a certain item being sold, they can click on the line item within their sales report and the VMS will jump to the video at the time and date it was vended. “You can click and go directly to the view of that product being scanned through the POS system,” he notes. “It’s not a super fancy Star Trek analytic, it’s just finding two pieces of data that are very meaningful and more powerful when you put them together.”​</p><h4>Trends</h4><p>The surveillance industry is on track to grow to nearly $49 billion by 2020, according to a January 2015 report from Grand View Research. Research by ASIS International indicates that 62 percent of organizations are increasing their video surveillance budgets in 2015 and 2016, while only 3 percent are decreasing budgets. “It’s getting ubiquitous, almost like a utility, and I think the cost is no longer going to be prohibitive,” says Robert Fuchs, marketing manager of surveillance technology at Plustek USA. In fact, many experts say that so many new manufacturers have entered the market, especially from Asia, and have reduced costs so much, that cameras have been “commoditized.” </p><p>Sweeney notes that the K-12 space will continue to expand on its use of surveillance. “I think the growth of video as a tool in that space is going to be something to keep an eye on,” he says. “You’re going to see a big push for visitor management, some form of a real-time check of visitors, not only of identification but also a formal log electronically of who came in.” </p><p>In the municipal market, Sweeney says having surveillance feeds at all times in law enforcement vehicles is a real possibility. Portability for police is something Plustek USA sees as a growth area. For example, during special events or in high-risk areas, law enforcement can mount a temporary camera. “They can just put a small camera on a pole and have it pointed in a direction. It doesn’t pull very much energy and they can have a couple of pairs of eyes looking at the events, not drawing attention, and take it back down,” Fuchs notes. </p><p>Surveillance technology vendors and integrators point to a number of existing or emerging trends in the industry that are shaping the way solutions are designed and installed. One such trend is unification of systems. “People don’t really want to focus on managing a whole bunch of different software applications when something bad is happening or they’re in a sense of panic,” says Elvish. “We see that in large-scale corporations; we see it in city, municipal, and state; we see it across the board in our end users–the idea of bringing together the core systems is really going to define where we’re going in this industry.” </p><p>VMS devices traditionally link with an organization’s cameras and can provide analytics so end users can easily search for needed footage. But Elvish says that uniting even more systems into the VMS platform is a growing trend. The system may also be tied to things like access control, license plate recognition, and intercoms, as well as sensors such as smoke alarms throughout an organization. With these unified systems, whenever an incident occurs, information is quickly available, and cameras can be pointed at the area of interest so operators can respond appropriately.  </p><p>Elvish recalls an incident that occurred at Schiphol Airport in Amsterdam, Eur­ope’s fifth-busiest airport in terms of passengers. Schiphol deals with a range of security issues every day. After a customer had a heart attack in a terminal, security was able to bring together a number of different tools to improve its response. A unified system “brings together the camera, it brings together the notification over the communication system–even two-way radio for mobile security officers and pushing SMS text messages to those mobile officers–and then to start that process of, okay, did you notify the local police force? Did you notify the ambulance? Did you get this form signed by the ambulance when they left? It seems like such a natural thing but it’s extraordinarily complex,” Elvish explains. </p><p>One popular new technology is the 4K camera, which provides ultra-high definition for video recording, about 4 times more than normal HD. “The trend toward these high megapixel cameras, like 4K cameras, that’s going to put a massive amount of stress on customers’ IP networks, in a good way,” adds Elvish, who says the quality of the cameras will be a major benefit for companies. He notes that marketplace solutions that accelerate GPU (graphic processing unit) transmission will help end users meet the challenge of higher load on their existing storage capacity. For example, with a GPU, an organization can increase the number of streams it can show on a single monitor with the same graphics capabilities it had before. </p><p>In the municipal space, Sweeney says there will be a push for more mobile video surveillance access for police. “In the municipal piece you’re going to see the growth of video surveillance continue, probably with the objective of trying to get that video out to the edge…</p><p>I think you’re going to see some push and some ability to get video out to those responders in their vehicles,” he says. </p><p>Elvish adds that in terms of storage, companies will be turning more to the cloud than to local devices. “We’re going to see the movement from edge to cloud architecture, and if we thought encryption and security were important from edge to core within your own security network, once you start moving edge to cloud then you really need to lock down that data,” he notes. </p><p>Javdani of Louroe adds that surveillance should be viewed as a preventive tool, not merely a retroactive one. “A lot of people in the industry, and I don’t know why, have this mentality of ‘we want to catch someone in the act,’” he notes. “You don’t want to catch them, you want to deter or prevent the criminal because it’s operationally better, and it saves a lot of headaches.” </p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/The-Virtual-Lineup.aspxThe Virtual Lineup<p>​U.S. State and federal agencies are amassing databases of American citizens’ fingerprints and images. The programs were largely under the public radar until a governmental watchdog organization conducted an audit on them. The so-called “virtual lineups” include two FBI programs that use facial recognition technology to search a database containing 64 million images and fingerprints.</p><p>In May 2016, the U.S. Government Accountability Office (GAO) released Face Recognition Technology: FBI Should Better Ensure Privacy and Accuracy, a report on the FBI programs. Since 1999, the FBI has been using the Integrated Automated Fingerprint Identification System (IAFIS), which digitized the fingerprints of arrestees. In 2010, a $1.2 billion project began that would replace IAFIS with Next Generation Identification (NGI), a program that would include both fingerprint data and facial recognition technology using the Interstate Photo System (IPS). The FBI began a pilot version of the NGI-IPS program in 2011, and it became fully operational in April 2015. </p><p>The NGI-IPS draws most of its photos from some 18,000 federal, state, and local law enforcement entities, and consists of two categories: criminal and civil identities. More than 80 percent of the photos are criminal—obtained during an arrest—while the rest are civil and include photos from driver’s licenses, security clearances, and other photo-based civil applications. The FBI, which is the only agency able to directly access the NGI-IPS, can use facial recognition technology to support active criminal investigations by searching the database and finding potential matches to the image of a suspected criminal. </p><p>Diana Maurer, the director of justice and law enforcement issues on the homeland security and justice team at GAO, explains to Security Management that the FBI can conduct a search for an active investigation based on images from a variety of sources—camera footage of a bank robber, for example. Officials input the image to the NGI-IPS, and the facial recognition software will return as many as 50 possible matches. The results are investigative leads, the report notes, and cannot be used to charge an individual with a crime. A year ago, the FBI began to allow seven states—Arkansas, Florida, Maine, Maryland, Michigan, New Mexico, and Texas—to submit photos to be run through the NGI-IPS. The FBI is working with eight additional states to grant them access, and another 24 states have expressed interest in using the database.</p><p>“The fingerprints and images are all one package of information,” Maurer says. “If you’ve been arrested, you can assume that you’re in, at a minimum, the fingerprint database. You may or may not be in the facial recognition database, because different states have different levels of cooperation with the FBI on the facial images.”</p><p>The FBI has a second, internal investigative tool called Facial Analysis, Comparison, and Evaluation (FACE) Services. The more extensive program runs similar automated searches using NGI-IPS as well as external partners’ face recognition systems that contain primarily civil photos from state and federal government databases, such as driver’s license photos and visa applicant photos. </p><p>“The total number of face photos available in all searchable repositories is over 411 million, and the FBI is interested in adding additional federal and state face recognition systems to their search capabilities,” the GAO report notes.</p><p>Maurer, who authored the GAO report, says researchers found a number of privacy, transparency, and accuracy concerns over the two programs. Under federal privacy laws, agencies must publish a Systems of Records Notice (SORN) or Privacy Impact Assessments (PIAs) in the Federal Register identifying the categories of individuals whose information is being collected. Maurer notes that the information on such regulations is “typically very wonky and very detailed” and is “not something the general public is likely aware of, but it’s certainly something that people who are active in the privacy and transparency worlds are aware of.” </p><p>GAO found that the FBI did not issue timely or accurate SORNs or PIAs for its two facial recognition programs. In 2008, the FBI published a PIA of its plans for NGI-IPS but didn’t update the assessment after the program underwent significant changes during the pilot phase—including the significant addition of facial recognition services. Additionally, the FBI did not release a PIA for FACE Services until May 2015—three years after the program began. </p><p>“We were very concerned that the Department of Justice didn’t issue the required SORN or PIA until after FBI started using the facial recognition technology for real world work,” Maurer notes. </p><p>Maurer says the U.S. Department of Justice (DOJ)—which oversees the FBI—disagreed with the GAO’s concerns over the notifications. Officials say the programs didn’t need PIAs until they became fully operational, but the GAO report noted that the FBI conducted more than 20,000 investigative searches during the three-year pilot phase of the NGI-IPS program. </p><p>“The DOJ felt the earlier version of the PIA was sufficient, but we said it didn’t mention facial recognition technology at all,” Maurer notes. </p><p>Similarly, the DOJ did not publish a SORN that addressed the collection of citizens’ photos for facial recognition capabilities until GAO completed its review. Even though the facial recognition component of NGI-IPS has been in use since 2011, the DOJ said the existing version of the SORN—the 1999 version that addressed only legacy fingerprint collection activities—was sufficient. </p><p>“Throughout this period, the agency collected and maintained personal information for these capabilities without the required explanation of what information it is collecting or how it is used,” the GAO report states.</p><p>It wasn’t until May 2016—after the DOJ received the GAO draft report—that an updated SORN was published, Maurer notes. “So they did it very late in the game, and the bottom line for both programs is the same: they did not issue the SORNs until after both of those systems were being used for real world investigations,” Maurer explains. </p><p>In the United States, there are no federally mandated repercussions for skirting privacy laws, Maurer says. “The penalty that they will continue to pay is public transparency and scrutiny. The public has very legitimate questions about DOJ and FBI’s commitment to protecting the privacy of people in their use of facial recognition technology.”</p><p>Another concern the GAO identified is the lack of oversight or audits for using facial recognition services in active investigations. The FBI has not completed an audit on the effectiveness of the NGI-IPS because it says the program has not been fully operational long enough. As with the PIA and SORN disagreements, the FBI says the NGI-IPS has only been fully operational since it completed pilot testing in April 2015, while the GAO notes that parts of the system have been used in investigations since the pilot program began in 2011. </p><p>The FBI faces a different problem when it comes to auditing its FACE Services databases. Since FACE Services uses up to 18 different databases, the FBI does not have the primary authority or obligation to audit the external databases—the responsibility lies with the owners of the databases, DOJ officials stated. “We understand the FBI may not have authority to audit the maintenance or operation of databases owned and managed by other agencies,” the report notes. “However, the FBI does have a responsibility to oversee the use of the information by its employees.” </p><p>Audits and operational testing on the face recognition technology are all the more important because the FBI has conducted limited assessments on the accuracy of the searches, Maurer notes. FBI requires the NGI-IPS to return a correct match of an existing person at least 85 percent of the time, which was met during initial testing. However, Maurer points out that this detection rate was based on a list of 50 photos returned by the system, when sometimes investigators may request fewer results. Additionally, the FBI’s testing database contained 926,000 photos, while NGI-IPS contains about 30 million photos.</p><p>“Although the FBI has tested the detection rate for a candidate list of 50 photos, NGI-IPS users are able to request smaller candidate lists—specifically between two and 50 photos,” the report states. “FBI officials stated that they do not know, and have not tested, the detection rate for other candidate list sizes.” </p><p>Maurer notes that the GAO recommendation to conduct more extensive operational tests for accuracy in real-world situations was the only recommendation the FBI agreed with fully. “It’s a start,” she says. </p><p>The FBI also has not tested the false positive rate—how often NGI-IPS searches erroneously match a person to the database. Because the results are not intended to serve as positive identifications, just investigative leads, the false positive rates are not relevant, FBI officials stated.</p><p>“There was one thing they seemed to miss,” Maurer says. “The FBI kept saying, ‘if it’s a false positive, what’s the harm? We’re just investigating someone, they’re cleared right away.’ From our perspective, the FBI shows up at your home or place of business, thinks you’re a terrorist or a bank robber, that could have a really significant impact on people’s lives, and that’s why it’s important to make sure this is accurate.”</p><p>The GAO report notes that the collection of Americans’ biometric information combined with facial recognition technology will continue to grow both at the federal investigative level as well as in state and local police departments.</p><p>“Even though we definitely had some concerns about the accuracy of these systems and the protections they have in place to ensure the privacy of the individuals who are included in these searches, we do recognize that this is an important tool for law enforcement in helping solve cases,” Maurer says. “We just want to make sure it’s done in a way that protects people’s privacy, and that these searches are done accurately.”</p><p>This type of technology isn’t just limited to law enforcement, according to Bloomberg’s Hello World video series. A new Russian app, FindFace, by NTechLab allows its users to photograph anyone they come across and learn their identity. Like the FBI databases, the app uses facial recognition technology to search a popular Russian social network and other public sources with a 70 percent accuracy rate—the creators of the app boast a database with 1 billion photographs. Moscow officials are currently working with FindFace to integrate the city’s 150,000 surveillance cameras into the existing database to help solve criminal investigations. But privacy advocates are raising concerns about other ways the technology could be used. For example, a user could learn the identity of a stranger on the street and later contact that person. And retailers and advertisers have already expressed interest in using FindFace to target shoppers with ads or sales based on their interests. </p><p>  Whether it’s a complete shutdown to Internet access or careful monitoring of potentially dangerous content, countries and companies around the world are taking advantage of the possibilities—and power—inherent in controlling what citizens see online. As criminals and extremists move their activities from land and sea to technology, governments must figure out how to counter digital warfare while simultaneously respecting and protecting citizens’ basic human right to Internet access.​ ​</p>GP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/The-Road-to-Resilience.aspxThe Road to Resilience<p>Of course, 100RC had neither the resources nor staff to partner with 10,000 cities. But organization leaders argued that its 100 member cities could be models for institutionalizing resilience—that is, embedding resilience thinking into all the decisions city leaders make on a day-to-day basis, so that resilience is mainstreamed into the city government's policies and practices. Other cities could then adapt the model to fit their own parameters, and institutionalized resilience would spread throughout the world. </p><p>Toward this aim, 100RC recently released a report that discusses three case studies of institutionalizing resilience in New Orleans, Louisiana; Melbourne, Australia; and Semarang, Indonesia. </p><p>For all cities that 100RC works with, the organization provides funding to hire a new executive, the chief resilience officer (CRO). The group also advocates that member cities take the "10% Resilience Pledge," under which 10 percent of the city's annual budget goes toward resilience-building goals and projects. So far, nearly 30 member cities have taken the pledge, which has focused more than $5 billion toward resilience projects.</p><p>Of the three case study cities, New Orleans may be most known as a jurisdiction that has had to recover from repeated recent disasters, including Hurricanes Katrina and Isaac and the Deepwater Horizon oil spill. Given these experiences, New Orleans was one of the first cities to release a holistic resilience strategy, which connected resilience practices to almost all sectors of the city, including equity, energy, education, and emergency planning.</p><p>The strategy, Resilient New Orleans, has three underlying goals: strengthen the city's infrastructure, embrace the changing environment instead of resisting it, and create equal opportunities for all residents. </p><p>To better implement the strategy, New Orleans CRO Jeff Hebert was promoted to the level of first deputy mayor, and departments were joined to unite resilience planning with key sectors like water management, energy, transportation, coastal protection, and climate change.</p><p>Once this reconfiguration was complete, the city took several actions. It created the Gentilly Resilience District, which is aimed at reducing flood risk, slowing land subsidence, and encouraging neighborhood revitalization. The resilience district combines various approaches to water and land management to move forward on projects that will make the area more resilient. The city will also train some underemployed residents to work on the projects. </p><p>In addition, New Orleans leaders are developing and implementing new resilience design standards for public works and infrastructure, so that efforts to improve management of storm water and multi-modal transit systems will be included as standard design components.</p><p>Melbourne has its own challenges. Situated on the boundary of a hot inland area and a cool Southern Ocean, it can be subject to severe weather, such as gales, thunderstorms and hail, and large temperature drops. Governmentally, it is a "city of cities" made up of 32 local councils from around the region, so critical issues such as transportation, energy, and water systems are managed by various bodies, complicating decision making.</p><p>City leaders created the Resilient Melbourne Delivery Office, which will be hosted by the City of Melbourne for five years, jointly funded by both local and state governments. The office—an interdisciplinary team of at least 12 people, led by the CRO Toby Kent—is responsible for overseeing the delivery of the resilience strategy.</p><p>The strategy has four main goals: empower communities to take active responsibility for their own well-being; create sustainable infrastructure that will also promote social cohesion; provide diverse local employment opportunities to support an adaptable workforce; and ensure support for strong natural assets.</p><p>For Semarang, a coastal city in an archipelago, water is the main focus of sustainability. Factors like a rise in sea levels and coastal erosion have increased the negative impact of floods.</p><p>These impacts can challenge the city in many ways. Thus, for its resilience strategy, Semarang leaders focused on building capacities, including more economic opportunity, disaster risk management, integrated mobility, and sustainable water strategies.</p><p>In Indonesia, like many other Asian countries, the national government sets the goals and parameters for much of the development that takes place at the local level. Thus, Semarang leaders worked with members of the Indonesian Parliament to educate them on the city's existing resilience strategy, and to integrate the city's findings and insights into Indonesia's National Development Plan.</p><p>These coordination efforts bore fruit in the establishment of projects like a bus rapid transit system, which had strong support from the national government. The system has already been implemented in several main corridors and will be expanded. It is expected to offer insight and experience in cross-boundary resilience-related travel.</p><p>As 100RC cities look to institutionalize resiliency, the organization is also helping members improve their emergency management programs. The group is partnering with the Intermedix Corporation, which will help some member cities assess their current emergency management programs, and develop a blueprint for addressing gaps in the program and meeting resiliency goals.</p><p>"As new and complex problems and challenges arise, it's becoming more and more important for cities to look outside of their own organizations for the expertise and solutions required to meet and overcome these challenges," says Michael Berkowitz, president of 100RC. ​​</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465