09/07/2012 Page 1 of 37
M a s s i m o M i g l i o r i n i
F a b r i z i o C a l a n d r i
Work package 4
Case Study Report on freedom
Infringements
SIAM Security Impact Assessment
Measures
D4.5
Case study Report on Freedom Infringements
Project number
261826
Call (part) identifier
FP7-Security-2010-1
Funding scheme
Collaborative Project
09/07/2012 Page 2 of 37
Content
INTRODUCTION & EXECUTIVE SUMMARY .................................................................. 4
1. PURPOSES AND METHODS ................................................................................. 6
2. PARTICIPANTS ................................................................................................... 7
3. FOCUS-GROUP REPORT ..................................................................................... 8
3.1. DETECTION TECHNOLOGIES (Object And Material Assessment (Screening)) . 8
3.1.1. TECHNOLOGIES OVERVIEW .................................................................... 8
3.1.2. BODY SCANNER .................................................................................. 10
3.1.3. EXPLOSIVE TRACE DETECTION ............................................................ 12
3.1.4. DETECTION DOG ................................................................................ 13
3.2. SURVEILLANCE TECHNOLOGIES (Event Assessment, People Assessment &
Situations Assessment) ....................................................................................... 14
3.2.1. TECHNOLOGIES OVERVIEW .................................................................. 14
3.2.2. HD-VIDEO RECORDING SYSTEM .......................................................... 16
3.2.3. POLICE OBSERVATION DEVICES ........................................................... 18
3.2.4. UNMANNED AERIAL VEHICLES ............................................................. 19
3.3. IDENTIFICATION TECHNOLOGIES ............................................................... 21
3.3.1. TECHNOLOGIES OVERVIEW .................................................................. 21
3.3.2. RFID ................................................................................................... 23
3.3.3. KEYPADS & INTERACTIVE ELECTRONIC SECURITY LOCKS ..................... 24
3.3.4. BIOMETRICS ........................................................................................ 25
3.4. INFORMATION PROCESSING & COMMUNICATION TECHNOLOGIES
(Communication Technologies & Process Control) .............................................. 27
3.4.1. TECHNOLOGIES OVERVIEW .................................................................. 27
09/07/2012 Page 3 of 37
3.4.2. INTEGRATED CONTROL ROOMS .......................................................... 29
3.4.1. HIGH-TECH DISMANTLING LABS ......................................................... 30
3.4.1. RADIO NETWORK ................................................................................ 31
3.5. INTRUSION PROTECTION AND DEFENCE TECHNOLOGIES (Physical Access &
Enforcement) ...................................................................................................... 32
3.5.1. TECHNOLOGIES OVERVIEW .................................................................. 32
3.5.1. AUTOMATIC LIGHT VEHICLE SYSTEM WITH PLATFORM SCREENING
DOORS 34
3.5.2. TAIL-GATING PREVENTION ................................................................. 35
3.5.3. GPS/RADIO JAMMERS .......................................................................... 36
3.5.1. CASE STUDY COUNTER INFRINGEMENT MEASURES .............................. 37
09/07/2012 Page 4 of 37
INTRODUCTION & EXECUTIVE SUMMARY
The overall aim of work package 4 is two-fold: 1) to generate knowledge about potential
infringements associated with the technologies; 2) to generate knowledge about measures to
mitigate these infringements. In the context of WP4, SIAM partners held a series of focus-groups to
fulfil these aims.
The following document describes the results of the focus-group done by SITI within Work Package 4
of SIAM Project.
The document is structured in 3 sections:
1. Purposes and Methods: the section gives an overview on focus-group objectives, also detailing the methodology used to gather and elaborate information.
2. Participants: the section gives an overview of the main competences and expertise involved in the focus group.
3. Focus-group Report: the section describes the results of technologies’ analysis performed in the focus group. Gathered information were elaborated and divided into 5 Technologies Typologies, according to the classification developed in SIAM project:
3.1. Detection Technologies These technologies are used to detect explosives, toxic gases, radiological substances, hazardous objects and drugs for the purpose of the protection of the infrastructure and persons as well as the control of goods and border protection. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Event Assessment Technologies, People Assessment Technologies, Situation Awareness Technologies.
3.2. Surveillance Technologies These technologies serve as a tool for locating, tracking or tagging people or goods in order to identify for example unattended luggage, unusual events or unusual behaviour of persons. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Object Assessment Technologies, Material Assessment Technologies
3.3. Identification Technologies These technologies are used either to identify goods (origin, content, place of destination etc.) or to identify individuals (name, address, date of birth etc.).
3.4. Information Processing and Communication Technologies These technologies store or process personal information and/or support communication. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Process Control Technologies, Information and Communication Technologies.
3.5. Intrusion Protection & Defence Technologies These technologies support the physical protection against malicious attacks. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Physical Access Technologies, Enforcement Technologies.
09/07/2012 Page 5 of 37
Each of the mentioned Categories contains 4 sub-sections:
Infringements analysis: a description of potential infringements related to the
technologies.
Questions: a list of possible questions decision-makers should deal with, when trying
to understand which infringements are involved in the technologies.
Counter-Infringements measures: an analysis of possible measures to reduce,
mitigate, or minimize potential technologies infringement.
A Case Study Analysis is reported at the end of the document, providing the list of spotted counter-
infringement measures that are also used in Turin Metro.
09/07/2012 Page 6 of 37
1. PURPOSES AND METHODS
The primary objective of the focus-group was the analysis of a series of different technologies
belongings to the Typologies defined in SIAM Project (see deliverable D2.3) in order to develop a
catalogue of infringements and counter-infringement measures. These concepts are detailed in the
following:
a) INFRINGEMENTS
Infringements can be understood broadly as the legal, social, or cultural norms that might be
intruded upon by a security measure, while counter-infringement measures refer to technologies,
rules, or procedures that reduce, mitigate, and minimize those intrusions.
Some examples of actions that might cause “infringements” are:
relinquishing personal property
providing sensitive information, for example credit card information
lifting a face covering
submitting to a canine ‘sniff search’
altering planned movements and activities
having information about them stored in a central database
b) COUNTER-INFRINGEMENTS
Counter-infringement measures refer to technologies, rules, or procedures that reduce, mitigate, and minimize potential technologies infringement. A list of Counter-infringements was produced during the focus-group, classifying them according to the concepts of scope, normativity, and intrusiveness. These terms are defined as follows:
Scope refers to the spatial and temporal extent of the influence of a security measure upon a subject. Scope can have both physical and non-physical aspects. Physically, some security measures will be distinct in terms of both time and space. Physical barriers, gates, or fences, for example, are quite distinct on both space and time; they are physically identifiable structures that define borders between zones, and they cease to exert any influence over persons once they have been passed through. On the other hand, the use of surveillance cameras across city centres reflects a much higher degree of scope insofar as it might be difficult to physically remove oneself from the reach of this security. Scope also refers to how information gathered as part of the operation of a security measure is shared with others (‘spatial’ scope) or retained for future use (‘temporal’ scope). The long data is kept or the greater the number of individuals/agencies that have access to this data the greater the scope of the measure.
Normativity describes the degree of compulsion associated with a particular measure/technology, or in other words how much agency an individual might exert over being monitored by a security measure/technology. Higher levels of compulsion to submit to a security measure/technology translates into means higher normativity, while lower levels of compulsion means low normativity.
09/07/2012 Page 7 of 37
Intrusiveness refers to the kind and amount of damage a measure incures for the subject. This includes direct physical contact or even penetration of the body to subjectively perceived infringement of social norms.
Experts involved in the focus group have been questioned on their personal opinion about notable
infringements and counter-infringements for each technology Typology, and questioned again to
comment and review other experts estimations, using an approach similar to a Delphi-study.
2. PARTICIPANTS
Five experts attended the focus-group, representing organizations aimed at protecting civil liberties,
in particular concerning the following issues:
- Human rights and discrimination against violence
- Immigrants’ rights
- Political asylum seekers and foreign prisoners’ rights
- Protection of citizen’s Privacy
- Impacts of aeronautical technologies on civil environment, with focus on Unmanned Aerial
Vehicles
09/07/2012 Page 8 of 37
3. FOCUS-GROUP REPORT
3.1. DETECTION TECHNOLOGIES (Object And Material Assessment (Screening))
Detection are used to detect explosives, toxic gases, radiological substances, hazardous objects and
drugs for the purpose of the protection of the infrastructure and persons as well as the control of
goods and border protection. Technologies of this category are for example: body scanners,
explosive detectors, etc. As previously mentioned, in order to update the analysis to the recent
Typology classification used in SIAM Database, the following typologies have been included in the
analysis: Event Assessment Technologies, People Assessment Technologies, Situation Awareness
Technologies.
3.1.1. TECHNOLOGIES OVERVIEW
Three technologies have been discussed in details during the focus-group:
Body scanners
Explosive trace detection
Detection dogs
A detailed description of these technologies is reported in the following:
Image (example)
Body scanners
Functionalities Spot hazardous objects and materials hidden on a person`s body Criteria to assess technology performance can be: quality of detection mechanism, image resolution, ability to differentiate between hazardous and non-hazardous objects, ability to penetrate clothing, false alarm rate, health hazard from radiation
Threats Smuggle of hazardous objects and materials into airplanes / security-relevant areas, terrorist attacks
Processes Passenger Controls at the landside/airside border
Security Sensitive Areas Terminal
Users Security personnel, police
09/07/2012 Page 9 of 37
Explosive trace detection
Functionalities Detection of traces of explosives as an indication that an object or person has come into contact with explosive materials or might be used to transport such materials Criteria to assess technology performance can be: ability of scanners to differentiate between explosives and harmless materials, accuracy of scan, false alarm rate
Threats Smuggle of explosive materials, terrorist attacks
Processes Security checks, cargo checks
Security Sensitive Areas Airports, train stations, bus terminals
Users Security personnel, police
Image (example)
Image (example)
Detection dogs
Functionalities Spot hazardous or illegal objects and materials on persons, vehicles and in cargo / luggage Criteria to assess technology performance can be: olfactory sense of dogs, training methods.
Threats Smuggle of hazardous or illegal objects and materials, terrorist attacks, human trafficking
Processes Patrols, security checks, cargo checks
Security Sensitive Areas Airports, train stations, police checkpoints
Users Security personnel, police
09/07/2012 Page 10 of 37
3.1.2. BODY SCANNER
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- The awareness to being showed naked to a security operator generates personal
embarrassment. This affect even more some eastern cultures, where women cannot publicly
show their face: body scanner might represent for these cultures a violation of women rights.
Such effect might also sensibly affect trans-gender people, leading to misreading their sexual
identity.
- Being showed naked might cause negative feelings not only to scanned people, but also to
other people. For instance, a husband knowing his wife is being watched could not agree, as
well as a father for his daughter.
- The use of a Body Scanner might also threaten the privacy of personal body art, like in case
of "hidden" tattoos or piercings that after being checked would be revealed.
- Body Scanner might also generate embarrassment by exposing body imperfections, like scars
or deformities.
- Body Scanner might also cause fear, if people think it could threaten their health (due to X-
rays exposure).
especially in case of vulnerable categories (children, old people, etc.)
- In case of false positive Body Scanner might cause embarrassment and disturb people that
are singled out without a given cause. This aspect might be also related to other detection
technologies such as metal detector, but the feeling it generates is quite different since with
metal detector people might think “the alarm is ringing for my belt, or my shoes, etc.”. With
body scanners people are “naked”, so in case of false positive an higher amount of anxiety
would be generated (“what might ever be the problem, if they are seeing me naked?”).
- If body scanner “walls” are too near, they could cause anxiety in claustrophobic people.
- If excessively slow, body scanning process might annoy travellers.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM
Database:
- How can we reduce the potential for Body scanners to generate embarrassment on scanned people?
- How can we reduce the potential for Body scanners to generate embarrassment on scanned people parents (husbands, fathers, etc.)?
- How can we reduce the potential for Body scanners to threaten the privacy of personal body art?
- How can we reduce the potential for Body scanners to generate embarrassment by exposing body imperfections?
- How can we reduce the potential for Body scanners to make people feeling their health is
threatened?
- How can we reduce the potential for Body scanners to make travellers losing time?
- How can we reduce the potential for Body scanners to single out people without a given
cause?
- How can we reduce the potential for Body scanners to cause anxiety in claustrophobic
people?
09/07/2012 Page 11 of 37
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Scope
- Data should instantly be cancelled, or preferably not even be recorded.
- No link should be done between people images and identity data.
- Research and effort should be performed to reduce body scanner response time.
- It would be better to have only one single check-points embracing all detection measures.
Normativity
- People should be able to choose between body scanners and other measures, such as pat-
down search.
Intrusiveness
- There should be only one operator watching body scanners monitor.
- People should not be able to physically see the operator.
- People should be allowed to choose the gender of the operator.
- The monitors could show people through thermography spectrum, instead of naked figures.
- The monitors should be rigorously hidden to other people view.
- People should be scanned alone, better if in an isolated room.
- Some music or videos could help to reduce people anxiety.
- Human operator could be substitute by algorithms able to recognize weapon or suspicious
objects.
- Restrictions might be introduced concerning the age limit of scanned people, thus preserving
children or old people.
- Body scanner walls might be more distanced for claustrophobic people.
- People should be controlled all, without excluding anyone (and thus creating discrimination
feelings for scanned people).
- A demonstrative video informing people about what is going on and what are the benefit for
their security could also help for the same purpose.
09/07/2012 Page 12 of 37
3.1.3. EXPLOSIVE TRACE DETECTION
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- This technology might bother people, due to physical contact (even if much less than pat-
down techniques). This effect might increase depending on different cultures, personal
feeling or life-style and traumatic past experiences (violence on women for instance).
- Some people could feel their privacy infringed when (or if) security operators ask them to
raise the edge of their trousers, to better scan shoes/socks.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for Explosive trace detectors to require physical contact
with scanned people?
- How can we reduce the potential for Explosive trace detectors to require scanned people to
perform physical actions?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Scope:
- Data coming from false positives might be maintained, in order to avoid as much as possible
other false positives (for example a warning generated by a person working in an armoury).
- It would be better to have only one single check-points embracing all detection measures.
Normativity:
- Instead of current explosive detectors, it would be better to use a sort of machine to draw
powder from people to be analysed, in order to avoid touching people.
Intrusiveness:
- People should be able to choose the gender of the security operator which will check them.
- All people should be controlled in the same way (in order not to generate discrimination
feelings for scanned people).
- A demonstrative video informing people about what is going on and what are the benefit for
their security could also help for the same purpose.
09/07/2012 Page 13 of 37
3.1.4. DETECTION DOG
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- People might fear dogs, or be bothered by them (allergies, personal attitude, fear etc.).
These effects are increased when the dog is allowed to sniff them by a short distance.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for Detection dog to bother to sensible people?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
DETECTION DOGS
Normativity:
- Dogs might be substituted or partially substituted by electronic devices: people should be
able to choose between these two security measures.
- People should be able to choose between two or three different dogs (in terms of size, race,
etc.).
Intrusiveness:
- Dogs should be used more on luggage’s than on people.
- Dogs should be kept at a minimum distance from people.
- Dogs should always be tied to a security operator.
- Dogs should always wear a muzzle.
- Dogs should be trained not to scare people.
09/07/2012 Page 14 of 37
3.2. SURVEILLANCE TECHNOLOGIES (Event Assessment, People Assessment &
Situations Assessment)
Surveillance Technologies serve as a tool for locating, tracking or tagging people or goods in order to identify for example unattended luggage, unusual events or unusual behaviour of persons. Technologies of this category are for example: HD-video recording systems, UAV (unmanned aerial vehicles), etc. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Object Assessment Technologies, Material Assessment Technologies
3.2.1. TECHNOLOGIES OVERVIEW
Three technologies have been discussed during the focus-group:
HD-Video Recording Systems
Police observation devices
Unmanned Aerial Vehicles
A detailed description of each technologies is reported in the following:
HD-Video Recording Systems
Functionalities Record; enable future software usage like automatic detection of individuals or objects Criteria to assess technology performance can be: image quality, reliability, interoperability
Threats All kind of potentially dangerous situations
Processes Surveillance of all areas of the airport, Passenger Controls at the landside/airside border, Immigration, high-risk gates, future extension
Security Sensitive Areas Public, Terminal, Ramp, Baggage
Users Airport operator, police, fire department
Image (example)
09/07/2012 Page 15 of 37
Police observation devices
Functionalities Surveillance, deterrence Criteria to assess technology performance can be: locations in which can be installed, ability to transfer collected data to a control station via live feed, resilience against vandalism
Threats Terrorist attacks, “ordinary crime”
Processes Surveillance of remote areas
Security Sensitive Areas Remote bus stops or train stations
Users Police
Image (example)
Unmanned Aerial Vehicles
Functionalities Patrol / surveillance, reconnaissance, other functionalities depending on the type of sensors that are built into the vehicle Criteria to assess technology performance can be: ability to transfer collected data to a control station via live feed, operation time, capable of autonomous orientation
Threats Dependent on area of use and built-in sensors: theft, espionage, terrorist attacks, unauthorized intrusion, vandalism
Processes Surveillance of large areas from the sky
Security Sensitive Areas Possibly airport perimeter if no interference with flight traffic is guaranteed
Users Security personnel, police, military
Image (example)
09/07/2012 Page 16 of 37
3.2.2. HD-VIDEO RECORDING SYSTEM
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- CCTV cameras might be used to focus disproportionately upon ethnic minorities, thereby
raising issues of ethnic discrimination.
- CCTV cameras can make people feel bother, since they are observed in a public place, even if
they are doing something completely different by the reason they are observed for (like
eating, walking to exit, etc.).
- CCTV cameras might lead to focus disproportionately on people with unusual dresses or
body art (tattoos, piercing).
- CCTV could "see" beyond the designated area. Cameras could detect what is happening even
in areas not related to security area. For example, they could see what is happening in a
nearby house.
- CCTV could foster discriminations, leading security operators to point out suspicious people
to local security agents using their physical defects, such weight (ex: “ The fat blond woman
just left her luggage alone, stop her”), or their racial somatic traits.
- CCTV could be used to track people, for instance crossing CCTV video-records with
identification technologies data such for example RFID, thus infringing their privacy.
- CCTV data could be used to understand travellers opinions or uses, and used for marketing
purposes.
A relevant issue raised during the interviews concerns the effectiveness of security measures such as
CCTV: they are “mostly useful to identify crime actions after they have been committed, more than
acting as a preventive measure”. This should change the perspective of security decision-makers,
giving them the awareness that "observing everyone and everything is not going to preserve mass
transport systems by criminal actions".
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for CCTV cameras to discriminate against ethnic minorities?
- How can we reduce the potential for CCTV to "see" outside the security areas?
- How can we reduce the potential for CCTV cameras to discriminate against unusual dresses
or body art?
- How can we reduce the potential for CCTV cameras to observe people that are not doing
criminal/suspicious actions?
- How can we reduce the potential for CCTV cameras to track people movements?
- How can we reduce the potential for CCTV cameras to collect information for commercial
purposes?
09/07/2012 Page 17 of 37
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Scope:
- Regulations should be introduced to limit image storing time and image sharing.
- Video records should be cancelled within a short period of time, and not crossed with other
technologies data such for example RDIF or other identification devices.
- Software could be used on CCTV records to darken the eventual areas not concerned. This
should clearly be reversible in case of emergency.
Normativity :
- Require signage notifying persons of the operation of cameras.
Intrusiveness:
- Adequate measures should be taken to inform people of the presence and especially on the
purposes of surveillance technologies, emphasizing their role and benefits in improving
travellers security. This could include a list of criminal actions CCTV is supposed to prevent or
inhibit.
- Privacy-enhancing algorithms might be used to blur faces or invert the video’s colour
spectrum; to perform an adequate training to operators, stressing the importance of
impartiality when taking security decisions.
- Measures could be adopted in order to inhibit possible discrimination by security operators,
such as:
o to make operators aware of their personal attitude, for example through
psychological tests to spot and show them their eventual personal prejudices;
o to enforce operators to use information gathered by surveillance systems only for
security purposes (and not for marketing ones, for instance);
o to submit, where possible, the spotting of suspicious behaviours to at least 2
operators;
o to change operators more often, in order to increase their "lucidity" and reduce the
possibilities of wrong interpretations.
- Measures to ensure an adequate data use, such as:
o to define a check list of "behaviours" that are considered "suspicious", in order to
reduce personal judgements.
o to restrict access to data for security operators, also informing them on the
regulations and risks concerned to an improper use.
09/07/2012 Page 18 of 37
3.2.3. POLICE OBSERVATION DEVICES
It is worth saying that all infringements, questions and counter-infringement measures spotted for
CCTV are valid for Police Observation Devices as well. Anyway, further issues have been identified
and reported in the following.
INFRIGEMENT ANALYSIS
This technology bring the same issues of CCTV, with the addition of a further issue due to these
devices might also include microphones: when a person is talking he might use irony, saying sarcastic
sentences like "I am gonna kill you guys" or "This place is so ugly that someone should destroy it".
Microphones and automatic word analysis will spot these sentences as an on-going criminal action
so people will avoid to say them. In other word the possibility to freedom speak and to "be
themselves" is infringed. This effect is even higher if there is no a warning sign of the presence of a
Police Observation Device.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for Police Observation devices to infringe the possibility to
speak without self-censoring?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Scope:
- The device could be activated only in case of warnings and/or emergency situations.
Intrusiveness:
- Devices could be able to recognize people voice tone (such as irony) should be integrated.
- A policeman should patrol nearby the devices, in order to verify whether the detected threat
is real or not.
- A sort of red light should be equipped on the devices, to warn people that the device is
registering (like a red LED similar to cars alarm systems).
- Communication actions should be performed towards citizens, explaining what are the
devices and which benefits might bring for people security. A series of signs should be also
installed to make people aware to be in a observed area.
- A database of “recognized criminal” voice tones should be created, in order to focus
microphones use and avoid to register ordinary people talking.
09/07/2012 Page 19 of 37
3.2.4. UNMANNED AERIAL VEHICLES
It is worth saying that all infringements, questions and counter-infringement measures spotted for
CCTV and Police Observation Devices are valid for Unmanned Aerial Vehicles as well. Anyway, further
issues have been identified and reported in the following.
INFRIGEMENT ANALYSIS
This technology bring the same issues of CCTV and Police Observation devices, in the addiction of
further infringements:
- People observed by a UAV might feel fear, or have the sensation that an emergency situation
is going on, or that military authority is looking for them. All these feelings generate anxiety
on people. These effects can also increase for people that come from war-affected Countries.
- People might see UAVs insecure and unreliable because there isn't any human pilot on
board. In airports area in particular, people might fear UAVs collisions with aircrafts.
- UAVs are often related by mass media communication to military actions, this might also
bring people to be afraid that UAVs are armed.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for UAV to generate negative feelings (fear, anxiety,
insecurity, etc.) on people?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Scope:
- In order analog CCTV to obscure the operator views the UAV areas outside the security zone.
Reactivate them only in emergency conditions (for example, to follow a car on the run after
having completed an kidnapped).
Normativity:
- UAVs should be prevented to "follow" people.
Intrusiveness:
- The non-military role of UAVs should be more often discussed by media. There are UAVs for
fire prevention, Coast Guard and for reconnaissance in the event of environmental disasters
(earthquakes, floods, etc.). It is fundamental to make people know what civil UAVs are, how
they are equipped and which strategic advantages they bring for the sake of security.
Also, it should be remarked that behind UAVs there is always an operator in the GCS (Ground
Control Station), in order to make people not feeling UAV are autonomous uncontrolled
guardians.
09/07/2012 Page 20 of 37
- UAVs should patrol at a high quote, in order not to be directly perceived by people (that
anyway must be made aware of their presence bay signs, etc.)
- It should be avoided to use more than a UAV in the same area, in order to not create a global
feeling of military emergency.
- UAVs should be prevented to flying near aircrafts zone, in order to avoid people fearing
possible collision with aircrafts.
- UAV appearance could be cared, in order to make them seem less “military”.
09/07/2012 Page 21 of 37
3.3. IDENTIFICATION TECHNOLOGIES
Identification Technologies are used either to identify goods (origin, content, place of destination
etc.) or to identify individuals (name, address, date of birth etc.). Technologies of this category are
for example: biometrics (fingerprint recognition), DNA analyser, etc.
3.3.1. TECHNOLOGIES OVERVIEW
Three technologies have been discussed in details during the focus-group:
RFID
Keypads & Interactive electronic security locks
Biometrics combined with ID cards
A detailed description of these technologies is reported in the following:
RFID
Functionalities RFID is expected to: - give passengers a unique identifier - track passengers for several purposes
The criteria to assess its efficacy can be: reliability of the technology; resilience against cyber attack
Threats ID theft Illegal migration
Processes RFID-chips in either passports, ID cards or public transportation cards are screened when passengers go through security and/or ID/passport checks
Security Sensitive Areas ID/passport checks Customs Immigration services
Users Security personnel, police
Image (example)
Keypads & Interactive electronic security locks
Functionalities Access control, grant access only after entering a certain code Criteria to assess technology performance can be: protection from tampering
Threats Persons gaining access to restricted areas without permission, unauthorized intrusion
Processes Security checks, any point of entrance to a restricted area
Security Sensitive Areas Restricted areas at airports / train stations / bus terminals (e.g. areas with access for employees only)
Users Security personnel, police, other private parties
Image (example)
09/07/2012 Page 22 of 37
Biometrics
Functionalities Access control, identification / verification; any measurable/collectable, unique, universal and permanent feature can be used Criteria to assess technology performance can be: minimization of false negatives / positives, throughput rate, social acceptance, possible combination with other identification methods (e.g. ID cards)
Threats Persons gaining access to restricted areas without permission, unauthorized intrusion
Processes Security checks, any point of entrance to a restricted area
Security Sensitive Areas Airports, customs, immigration
Users Security personnel, police
Image (example)
09/07/2012 Page 23 of 37
3.3.2. RFID
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- This technology might lead to a significant infringement to people privacy if used to track
people movements (e.g. registering the time people pass RFID reader). "RFID could have
sense in a working place, or whichever other place where you are required to come at a
specified hour, but not in a transport systems such metros where there is not any
compulsion on my personal travel plans".
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for RFID to track people movements?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Scope:
- This measure should be avoided for "frequent" transport systems (such as metro) that
typically do not require high level of identification.
Normativity:
- Avoiding to cross data between CCTV and RFID (this procedures is adopted in Turin Metro),
where possible.
09/07/2012 Page 24 of 37
3.3.3. KEYPADS & INTERACTIVE ELECTRONIC SECURITY LOCKS
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- If the only key to open a lock is something extremely "personal" such fingerprints, people
might fear to be kidnapped, tortured or even mutilated to be constricted to open the lock.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for Interactive electronic security locks to make people
fearing to be kidnapped or tortured to be constricted to open the lock?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Scope:
- A special care should be taken into not disclosing the names of people that can open
interactive locks.
Intrusiveness:
- Sensors could be used to detect the number of people passing through a specific gate. In this
way, if the gate is supposed to be opened and crossed by a single security operator, a
warning would be triggered for the risk operator is being constricted/enforced by criminals.
09/07/2012 Page 25 of 37
3.3.4. BIOMETRICS
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- People might fear by the risk of contamination with DNA analysers.
- People might have a personal reticence against needles.
- People might feel physical violation.
- These technologies (more than other typologies) generate a sort of "constriction" feeling:
when someone is starting a travel, he can do it to taste the sensation of freedom, but all
these strict control systems destroy that sensation.
- In Italian context fingerprints are only taken in case of recognized criminals: using
fingerprints for wider identification purposes might cause embarrassment to Italian people.
- DNA analysis can lead to spot genetic or other kind of illnesses, breaking people privacy on
their health status.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for Biometrics to make people fearing the risk of
contamination with DNA analysers?
- How can we reduce the potential for Biometrics to bother people a personal reticence
against needles?
- How can we reduce the potential for Biometrics to reduce people attitude to travel?
- How can we reduce the potential for Biometrics to make people feel physical violation?
- How can we reduce the potential for Biometrics to make people feel their personal
information threatened?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Scope:
- People should be informed on what data are being collected, why, for how much time, by
whom and for what purposes. This could be done through flyers or demonstrative videos.
- Collected data should not be used for medical statistics or other similar purposes (and this
should be explicitly communicated to travellers).
Normativity:
- Biometrics should be used in a progressive order on the basis of their invasiveness (ex:
fingerprints, facial, eyes, DNA recognition). If possible, people should be able to choose by
their own which biometric technology would be used to identify them.
09/07/2012 Page 26 of 37
Intrusiveness:
- People should be adequately informed that these devices cannot harm.
- Needles should be closed in sealed boxes, and the seal should be directly opened in front of
people.
09/07/2012 Page 27 of 37
3.4. INFORMATION PROCESSING & COMMUNICATION TECHNOLOGIES
(Communication Technologies & Process Control)
Information Processing & Communication Technologies store or process personal information
and/or support communication. Technologies of this category are for example: SCADA systems,
cyber-security devices, etc. In order to update the analysis to the recent Typology classification used
in SIAM Database, the following typologies have been included in the analysis: Process Control
Technologies, Information and Communication Technologies.
3.4.1. TECHNOLOGIES OVERVIEW
Three technologies have been discussed in details during the focus-group:
Integrated command control rooms
High-tech dismantling labs
Radio network
A detailed description of these technologies is reported in the following:
Integrated command control rooms
Functionalities Provide a central junction for incoming data for decision-making and reaction to threat events Criteria to assess technology performance can be: fast data connections, ability to receive input from all relevant sources (e.g. CCTV feeds, radio contact with security personnel, etc.), effective data integration, system reliability, redundancy, increase effectiveness of security measures
Threats Theft, espionage, terrorist attacks, unauthorized intrusion
Processes Perimeter control, dispatch of security personnel, collection of data, surveillance and activation of countermeasures
Security Sensitive Areas Airports, train stations
Users Security personnel, police
Image (example)
High-tech dismantling labs
Functionalities High-tech dismantling labs use different techniques to analyse
samples of materials from shoes and clothes, comparing them
with remote databases. The reason this technology is considered
to belong to Information Processing Typology (and not Detection)
is that here we are not referring to the devices used for detecting
substances but to the ICT infrastructure that lies behind, or in
other words to the high-tech framework used to process the
huge amount of information required to perform analysis and to
obtain real-time responses.
Criteria to assess technology performance can be: response time,
computational algorithms precision.
09/07/2012 Page 28 of 37
Threats Explosives might be hidden exceptionally well, possibly inside
shoes or between fabrics, and thus the need might arise to use
syringes to take samples from deep inside those objects
Processes In the case of suspicious items, they are transferred to the
dismantling lab where they are checked by expert dismantlers
using syringes and chemical kits (see above item on the list)
Security Sensitive Areas Dismantling lab
Users Dismantling team
Potential Freedom Infringements Privacy and possible harm to the item being checked
Image (example)
Radio network
Functionalities The radios allow communication within a structure (airport or
train station) without using wires.
Criteria to assess technology performance can be: quality of
communication, range, interference from other devices, ability to
transmit even underground or in emergency conditions
Threats emergency communication when wire line, cell phones and other
conventional means of communications might not be sufficient
Processes In an emergency, the radios provide communication towards the
control room allowing you to effectively manage the situation of
danger.
Security Sensitive Areas Airports, train stations
Users Security personnel, police
Image (example)
09/07/2012 Page 29 of 37
3.4.2. INTEGRATED CONTROL ROOMS
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- This systems can generate infringements as far as is connected to monitoring devices like
CCTV, microphones, sensors, etc. The awareness that there is a control room linking personal
data (name, DNA, fingerprint, face, etc.) and sensors data (images, movements, luggage
detection results, etc.) might make people feel their privacy is threaten.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for Integrated control rooms to make people feel their
privacy is threaten?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Data should be used exclusively for security purposes.
Scope:
- Collected data should not crossed with unauthorized data coming from web
- An higher level of automation in dangers recognition (ex: use of more recent sophisticated
software) might avoid operators to deal with travellers personal data.
Intrusiveness:
- Measures could be adopted in order to adequately instruct security operators, such as
o to enforce operators to use information gathered only for security purposes (and not
for marketing ones, for instance);
o to submit, where possible, the spotting of suspicious behaviours to at least 2
operators;
o to change operators more often, in order to increase their "lucidity" and reduce the
possibilities of wrong interpretations.
o to make operators aware of their personal attitude, for example through
psychological tests to spot and show them their eventual personal prejudices;
09/07/2012 Page 30 of 37
3.4.1. HIGH-TECH DISMANTLING LABS
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- Collecting the samples to be analysed might lead to damage people clothes or objects.
Moreover, as for other technologies it is perceived as an excessive security measure to be
applied to all people, threatening the freedom to feel their selves innocent.
- High quality analysis could require people to wait too much time.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for High-tech dismantling labs to damage people clothes or objects?
- How can we reduce the potential for High-tech dismantling labs to make people waiting a lot of time?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Scope:
- Analysis should be performed (where possible) without damaging clothes or asking people to
toggle them.
Normativity:
- The time needed to obtain a response should be decreased (real. Time response would be
ideal).
- People should be informed through videos, flyers or other communication actions on what
the systems are doing and which benefits they grant to improve global security level.
- A sort of companying measures (such as apologies, discounts on flight, etc.) should be
provided to people in case of false positive or excessively high amount of time used for the
analysis.
09/07/2012 Page 31 of 37
3.4.1. RADIO NETWORK
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- If Security Operators radio devices have a healable volume, they could lead to two kind of
infringements: on the one hand a privacy breaking of the people that are being
communicated as suspected; on other hand high volume might disturb travellers.
Furthermore, panic could be spread if people hear about an on-going criminal action.
- Offensive comments might be made by security operators and heard by people (for ex: “Stop
the man next to the big fat woman”).
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for Security Operators radio devices to disturb travers and/or to break their privacy?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Intrusiveness:
- Hearings should be used by security operators to listen to radio devices.
- Communication should be coded, in order not to allow people understand what is happening
- Security operators should be adequately trained to avoid potential infringements.
09/07/2012 Page 32 of 37
3.5. INTRUSION PROTECTION AND DEFENCE TECHNOLOGIES (Physical Access &
Enforcement)
Intrusion Protection & Defence Technologies support the physical protection against malicious attacks. Technologies of this category are for example: armoured glass at terminal ground facility, automated barriers, etc. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Physical Access Technologies, Enforcement Technologies.
3.5.1. TECHNOLOGIES OVERVIEW
Three technologies have been discussed in details during the focus-group:
Automatic Light Vehicle system with Platform Screening Doors
Tail-gating prevention
GPS/radio jammers
A detailed description of these technologies is reported in the following:
Automatic Light Vehicle system with Platform Screening Doors
Functionalities This technology embraces in itself a wide number of technical devices and systems, all finalized to perform an efficient stand-alone management (that is, without the need of the personnel, such as the driver or platform local operators) of trains. These devices can include physical barriers (like automated platform screening doors), enforcement measures, and local control/monitoring systems. Criteria to assess technology performance can be: automation, service reliability, comfort, speed.
Threats The main expectations from this technology are the possibility to:
prevent accidental falls off the platform onto the lower track area, suicide
attempts and homicides by pushing;
improve security by restricting access to the tracks and tunnels;
prevent or reduce wind felt by the passengers caused by the “Piston
effect” (air compression and decompression caused by trains movement)
which could in some circumstances make people fall over;
reduce the risk of accidents, especially from service trains passing
through the station at high speeds;
Processes Automatically carries passengers along the trajectory of Underground
Security Sensitive Areas
Internal area
Users Security personnel
Image
(example)
09/07/2012 Page 33 of 37
Tail-gating prevention
Functionalities Enhancement of other access control measures by ensuring that authorized persons are not accompanied by unauthorized persons while passing a checkpoint to gain access to a restricted area Criteria to assess technology performance can be: interaction with authentication measures
Threats Persons gaining access to restricted areas without permission, unauthorized intrusion
Processes Security checks, any point of entrance to a restricted area
Security Sensitive Areas Mostly airports
Users Security personnel, police
Image (example)
GPS/radio jammers
Functionalities Jamming GPS navigation Criteria to assess technology performance can be: no interference with regular traffic, capacity
Threats Use of an airplane as a weapon
Processes Defence of a facility from terrorists using an airplane as a weapon
Security Sensitive Areas Airports as a whole
Users Security personnel, police, military
Image (example)
09/07/2012 Page 34 of 37
3.5.1. AUTOMATIC LIGHT VEHICLE SYSTEM WITH PLATFORM SCREENING DOORS
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- This technology can cause people feel fear or insecurity, since "there is no other person (the
driver, for instance) you could ask for help, in case of aggression or similar actions. Even if
you know you are being observed by security operators, you cannot receive immediate help,
and even a few seconds can make the difference."
- There are two relevant aspects linked to the “security perception” coming from VAL systems.
The first is related to people visual sensitivity: "an automated security system is often semi-
hidden so you cannot perceive it as a really strong security measure, while a policeman is
there, you can feel his presence. This make you feel more secure."
The second issue is related to the perceived purpose of automated security measures in VAL,
like cameras or sensors: "a camera is there to observe people, even me like I were the
criminal, while a policeman is clearly there to protect me".
- People could fear Platform Screen Doors as it might not work correctly and imprisoning
people inside the train, with no driver you could ask for help.
- In case of emergency situations, panic can be generated if doors do not rapidly open.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for VAL systems to make people feeling fear or insecurity?
- How can we reduce the potential for Platform Screen Doors to make people feeling fear for
the risk to be imprisoned?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Intrusiveness:
- A series of devices should be installed to allow people easily communicate with outside the
trains.
- Strong Lights as well as large spaces should be present to create a more comfortable
environment for people.
- Emergency devices should be present on trains and on platforms, to:
o stop the trains
o open the doors
- Security operators should patrol near automated systems, or at least be rapidly available.
- Adequate information and communication procedures/tools should be adopted to show
people what to do during emergency situations, in order not to spread panic.
09/07/2012 Page 35 of 37
3.5.2. TAIL-GATING PREVENTION
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- People may fear to be injured in case the technology would not work correctly.
- Disabled people may be discriminated, not being able to deal with normal tailgating devices.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for Tail-gating prevention systems to make people feeling
fear for the risk to be injured?
- How can we reduce the potential for Tail-gating prevention systems to discriminate disabled
people?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Normativity:
- A human operator should be always present near tailgating systems, allowing people to ask
for help or information.
Intrusiveness:
- A sort of companying measures (such as apologies, discounts on flight, etc.) should be
provided to people in case of malfunctions with eventual harm.
- A special tailgating prevention system could be designed for disabled people (larger, with
higher passing time, etc.)
09/07/2012 Page 36 of 37
3.5.3. GPS/RADIO JAMMERS
INFRIGEMENT ANALYSIS
The following potential infringements were highlighted during the focus-group:
- These technologies threaten the freedom to communicate with other people and to get
information from the network, generating a sort of "anxious isolation".
- The sensation of impotency can be felt as well, being in the hands of someone that can act
for institutional reasons and/or to protect as many people as possible, but not necessarily to
protect you as an individual.
- When activated, the jammer block radio communications / GPS also hitting innocent people
and security officers haven't a decoder.
- Often the first way to understand what is happening during a potential terrorist attack is the
communication with local people: “in most cases a Communication Jammer might create
even more vulnerabilities”.
QUESTIONS
With concern to identified infringements, the following questions were produced to be used in SIAM Database:
- How can we reduce the potential for GPS radio/jammers to make people unable to
communicate with other people or to get information from the network?
COUNTER INFRIGMENT MEASURES
A list of Counter-infringement measures was produced during the focus-group, classifying them
according to the concepts of scope, normativity, and intrusiveness. The following measures were
proposed by experts:
Intrusiveness:
- This measure should be used only in emergency situation, and with some procedures (Vocal
communication, signs, videos, etc.) to make people aware of what is going on.
- Jammers could act only on specific Radio Frequencies, identified as dangerous.
09/07/2012 Page 37 of 37
4. CASE STUDY COUNTER INFRINGEMENT MEASURES
An analysis was done to spot which identified counter-infringement measures are also used in Turin
metro case studies. The first concerns RFID and CCTV: data are not crossed in order not to track
people movements a thus risk to break their privacy. The second concerns radio: hearings and other
sound mitigations devices are used to avoid people hearing security communication. The last two
concern VAL where many devices are installed on trains and station to allow people easily
communicate with security operators, and stations are built on a wide-perspective philosophy:
“people feels more secured when they can see things from far, for this reason stations are full of
strong lights and large halls.
Top Related