SIAM - TU Berlin€¦ · according to the classification developed in SIAM project: 3.1. Detection Technologies These technologies are used to detect explosives, toxic gases, radiological

09/07/2012 Page 1 of 37

M a s s i m o M i g l i o r i n i

F a b r i z i o C a l a n d r i

Work package 4

Case Study Report on freedom

Infringements

SIAM Security Impact Assessment

Measures

D4.5

Case study Report on Freedom Infringements

Project number

261826

Call (part) identifier

FP7-Security-2010-1

Funding scheme

Collaborative Project

09/07/2012 Page 2 of 37

Content

INTRODUCTION & EXECUTIVE SUMMARY .................................................................. 4

1. PURPOSES AND METHODS ................................................................................. 6

2. PARTICIPANTS ................................................................................................... 7

3. FOCUS-GROUP REPORT ..................................................................................... 8

3.1. DETECTION TECHNOLOGIES (Object And Material Assessment (Screening)) . 8

3.1.1. TECHNOLOGIES OVERVIEW .................................................................... 8

3.1.2. BODY SCANNER .................................................................................. 10

3.1.3. EXPLOSIVE TRACE DETECTION ............................................................ 12

3.1.4. DETECTION DOG ................................................................................ 13

3.2. SURVEILLANCE TECHNOLOGIES (Event Assessment, People Assessment &

Situations Assessment) ....................................................................................... 14

3.2.1. TECHNOLOGIES OVERVIEW .................................................................. 14

3.2.2. HD-VIDEO RECORDING SYSTEM .......................................................... 16

3.2.3. POLICE OBSERVATION DEVICES ........................................................... 18

3.2.4. UNMANNED AERIAL VEHICLES ............................................................. 19

3.3. IDENTIFICATION TECHNOLOGIES ............................................................... 21


3.3.2. RFID ................................................................................................... 23

3.3.3. KEYPADS & INTERACTIVE ELECTRONIC SECURITY LOCKS ..................... 24

3.3.4. BIOMETRICS ........................................................................................ 25

3.4. INFORMATION PROCESSING & COMMUNICATION TECHNOLOGIES

(Communication Technologies & Process Control) .............................................. 27


09/07/2012 Page 3 of 37

3.4.2. INTEGRATED CONTROL ROOMS .......................................................... 29

3.4.1. HIGH-TECH DISMANTLING LABS ......................................................... 30

3.4.1. RADIO NETWORK ................................................................................ 31

3.5. INTRUSION PROTECTION AND DEFENCE TECHNOLOGIES (Physical Access &

Enforcement) ...................................................................................................... 32


3.5.1. AUTOMATIC LIGHT VEHICLE SYSTEM WITH PLATFORM SCREENING

DOORS 34

3.5.2. TAIL-GATING PREVENTION ................................................................. 35

3.5.3. GPS/RADIO JAMMERS .......................................................................... 36

3.5.1. CASE STUDY COUNTER INFRINGEMENT MEASURES .............................. 37

09/07/2012 Page 4 of 37

INTRODUCTION & EXECUTIVE SUMMARY

The overall aim of work package 4 is two-fold: 1) to generate knowledge about potential

infringements associated with the technologies; 2) to generate knowledge about measures to

mitigate these infringements. In the context of WP4, SIAM partners held a series of focus-groups to

fulfil these aims.

The following document describes the results of the focus-group done by SITI within Work Package 4

of SIAM Project.

The document is structured in 3 sections:

1. Purposes and Methods: the section gives an overview on focus-group objectives, also detailing the methodology used to gather and elaborate information.

2. Participants: the section gives an overview of the main competences and expertise involved in the focus group.

3. Focus-group Report: the section describes the results of technologies’ analysis performed in the focus group. Gathered information were elaborated and divided into 5 Technologies Typologies, according to the classification developed in SIAM project:

3.1. Detection Technologies These technologies are used to detect explosives, toxic gases, radiological substances, hazardous objects and drugs for the purpose of the protection of the infrastructure and persons as well as the control of goods and border protection. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Event Assessment Technologies, People Assessment Technologies, Situation Awareness Technologies.

3.2. Surveillance Technologies These technologies serve as a tool for locating, tracking or tagging people or goods in order to identify for example unattended luggage, unusual events or unusual behaviour of persons. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Object Assessment Technologies, Material Assessment Technologies

3.3. Identification Technologies These technologies are used either to identify goods (origin, content, place of destination etc.) or to identify individuals (name, address, date of birth etc.).

3.4. Information Processing and Communication Technologies These technologies store or process personal information and/or support communication. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Process Control Technologies, Information and Communication Technologies.

3.5. Intrusion Protection & Defence Technologies These technologies support the physical protection against malicious attacks. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Physical Access Technologies, Enforcement Technologies.

09/07/2012 Page 5 of 37

Each of the mentioned Categories contains 4 sub-sections:

Infringements analysis: a description of potential infringements related to the

technologies.

Questions: a list of possible questions decision-makers should deal with, when trying

to understand which infringements are involved in the technologies.

Counter-Infringements measures: an analysis of possible measures to reduce,

mitigate, or minimize potential technologies infringement.

A Case Study Analysis is reported at the end of the document, providing the list of spotted counter-

infringement measures that are also used in Turin Metro.

09/07/2012 Page 6 of 37

1. PURPOSES AND METHODS

The primary objective of the focus-group was the analysis of a series of different technologies

belongings to the Typologies defined in SIAM Project (see deliverable D2.3) in order to develop a

catalogue of infringements and counter-infringement measures. These concepts are detailed in the

following:

a) INFRINGEMENTS

Infringements can be understood broadly as the legal, social, or cultural norms that might be

intruded upon by a security measure, while counter-infringement measures refer to technologies,

rules, or procedures that reduce, mitigate, and minimize those intrusions.

Some examples of actions that might cause “infringements” are:

relinquishing personal property

providing sensitive information, for example credit card information

lifting a face covering

submitting to a canine ‘sniff search’

altering planned movements and activities

having information about them stored in a central database

b) COUNTER-INFRINGEMENTS

Counter-infringement measures refer to technologies, rules, or procedures that reduce, mitigate, and minimize potential technologies infringement. A list of Counter-infringements was produced during the focus-group, classifying them according to the concepts of scope, normativity, and intrusiveness. These terms are defined as follows:

Scope refers to the spatial and temporal extent of the influence of a security measure upon a subject. Scope can have both physical and non-physical aspects. Physically, some security measures will be distinct in terms of both time and space. Physical barriers, gates, or fences, for example, are quite distinct on both space and time; they are physically identifiable structures that define borders between zones, and they cease to exert any influence over persons once they have been passed through. On the other hand, the use of surveillance cameras across city centres reflects a much higher degree of scope insofar as it might be difficult to physically remove oneself from the reach of this security. Scope also refers to how information gathered as part of the operation of a security measure is shared with others (‘spatial’ scope) or retained for future use (‘temporal’ scope). The long data is kept or the greater the number of individuals/agencies that have access to this data the greater the scope of the measure.

Normativity describes the degree of compulsion associated with a particular measure/technology, or in other words how much agency an individual might exert over being monitored by a security measure/technology. Higher levels of compulsion to submit to a security measure/technology translates into means higher normativity, while lower levels of compulsion means low normativity.

09/07/2012 Page 7 of 37

Intrusiveness refers to the kind and amount of damage a measure incures for the subject. This includes direct physical contact or even penetration of the body to subjectively perceived infringement of social norms.

Experts involved in the focus group have been questioned on their personal opinion about notable

infringements and counter-infringements for each technology Typology, and questioned again to

comment and review other experts estimations, using an approach similar to a Delphi-study.

2. PARTICIPANTS

Five experts attended the focus-group, representing organizations aimed at protecting civil liberties,

in particular concerning the following issues:

- Human rights and discrimination against violence

- Immigrants’ rights

- Political asylum seekers and foreign prisoners’ rights

- Protection of citizen’s Privacy

- Impacts of aeronautical technologies on civil environment, with focus on Unmanned Aerial

Vehicles

09/07/2012 Page 8 of 37

3. FOCUS-GROUP REPORT

3.1. DETECTION TECHNOLOGIES (Object And Material Assessment (Screening))

Detection are used to detect explosives, toxic gases, radiological substances, hazardous objects and

drugs for the purpose of the protection of the infrastructure and persons as well as the control of

goods and border protection. Technologies of this category are for example: body scanners,

explosive detectors, etc. As previously mentioned, in order to update the analysis to the recent

Typology classification used in SIAM Database, the following typologies have been included in the

analysis: Event Assessment Technologies, People Assessment Technologies, Situation Awareness

Technologies.

3.1.1. TECHNOLOGIES OVERVIEW

Three technologies have been discussed in details during the focus-group:

Body scanners

Explosive trace detection

Detection dogs

A detailed description of these technologies is reported in the following:

Image (example)

Body scanners

Functionalities Spot hazardous objects and materials hidden on a person`s body Criteria to assess technology performance can be: quality of detection mechanism, image resolution, ability to differentiate between hazardous and non-hazardous objects, ability to penetrate clothing, false alarm rate, health hazard from radiation

Threats Smuggle of hazardous objects and materials into airplanes / security-relevant areas, terrorist attacks

Processes Passenger Controls at the landside/airside border

Security Sensitive Areas Terminal

Users Security personnel, police

09/07/2012 Page 9 of 37

Explosive trace detection

Functionalities Detection of traces of explosives as an indication that an object or person has come into contact with explosive materials or might be used to transport such materials Criteria to assess technology performance can be: ability of scanners to differentiate between explosives and harmless materials, accuracy of scan, false alarm rate

Threats Smuggle of explosive materials, terrorist attacks

Processes Security checks, cargo checks

Security Sensitive Areas Airports, train stations, bus terminals


Image (example)

Image (example)

Detection dogs

Functionalities Spot hazardous or illegal objects and materials on persons, vehicles and in cargo / luggage Criteria to assess technology performance can be: olfactory sense of dogs, training methods.

Threats Smuggle of hazardous or illegal objects and materials, terrorist attacks, human trafficking

Processes Patrols, security checks, cargo checks

Security Sensitive Areas Airports, train stations, police checkpoints


09/07/2012 Page 10 of 37

3.1.2. BODY SCANNER

INFRIGEMENT ANALYSIS

The following potential infringements were highlighted during the focus-group:

- The awareness to being showed naked to a security operator generates personal

embarrassment. This affect even more some eastern cultures, where women cannot publicly

show their face: body scanner might represent for these cultures a violation of women rights.

Such effect might also sensibly affect trans-gender people, leading to misreading their sexual

identity.

- Being showed naked might cause negative feelings not only to scanned people, but also to

other people. For instance, a husband knowing his wife is being watched could not agree, as

well as a father for his daughter.

- The use of a Body Scanner might also threaten the privacy of personal body art, like in case

of "hidden" tattoos or piercings that after being checked would be revealed.

- Body Scanner might also generate embarrassment by exposing body imperfections, like scars

or deformities.

- Body Scanner might also cause fear, if people think it could threaten their health (due to X-

rays exposure).

especially in case of vulnerable categories (children, old people, etc.)

- In case of false positive Body Scanner might cause embarrassment and disturb people that

are singled out without a given cause. This aspect might be also related to other detection

technologies such as metal detector, but the feeling it generates is quite different since with

metal detector people might think “the alarm is ringing for my belt, or my shoes, etc.”. With

body scanners people are “naked”, so in case of false positive an higher amount of anxiety

would be generated (“what might ever be the problem, if they are seeing me naked?”).

- If body scanner “walls” are too near, they could cause anxiety in claustrophobic people.

- If excessively slow, body scanning process might annoy travellers.

QUESTIONS

With concern to identified infringements, the following questions were produced to be used in SIAM

Database:

- How can we reduce the potential for Body scanners to generate embarrassment on scanned people?

- How can we reduce the potential for Body scanners to generate embarrassment on scanned people parents (husbands, fathers, etc.)?

- How can we reduce the potential for Body scanners to threaten the privacy of personal body art?

- How can we reduce the potential for Body scanners to generate embarrassment by exposing body imperfections?

- How can we reduce the potential for Body scanners to make people feeling their health is

threatened?

- How can we reduce the potential for Body scanners to make travellers losing time?

- How can we reduce the potential for Body scanners to single out people without a given

cause?

- How can we reduce the potential for Body scanners to cause anxiety in claustrophobic

people?

09/07/2012 Page 11 of 37

COUNTER INFRIGMENT MEASURES

A list of Counter-infringement measures was produced during the focus-group, classifying them

according to the concepts of scope, normativity, and intrusiveness. The following measures were

proposed by experts:

Scope

- Data should instantly be cancelled, or preferably not even be recorded.

- No link should be done between people images and identity data.

- Research and effort should be performed to reduce body scanner response time.

- It would be better to have only one single check-points embracing all detection measures.

Normativity

- People should be able to choose between body scanners and other measures, such as pat-

down search.

Intrusiveness

- There should be only one operator watching body scanners monitor.

- People should not be able to physically see the operator.

- People should be allowed to choose the gender of the operator.

- The monitors could show people through thermography spectrum, instead of naked figures.

- The monitors should be rigorously hidden to other people view.

- People should be scanned alone, better if in an isolated room.

- Some music or videos could help to reduce people anxiety.

- Human operator could be substitute by algorithms able to recognize weapon or suspicious

objects.

- Restrictions might be introduced concerning the age limit of scanned people, thus preserving

children or old people.

- Body scanner walls might be more distanced for claustrophobic people.

- People should be controlled all, without excluding anyone (and thus creating discrimination

feelings for scanned people).

- A demonstrative video informing people about what is going on and what are the benefit for

their security could also help for the same purpose.

09/07/2012 Page 12 of 37

3.1.3. EXPLOSIVE TRACE DETECTION



- This technology might bother people, due to physical contact (even if much less than pat-

down techniques). This effect might increase depending on different cultures, personal

feeling or life-style and traumatic past experiences (violence on women for instance).

- Some people could feel their privacy infringed when (or if) security operators ask them to

raise the edge of their trousers, to better scan shoes/socks.

QUESTIONS

With concern to identified infringements, the following questions were produced to be used in SIAM Database:

- How can we reduce the potential for Explosive trace detectors to require physical contact

with scanned people?

- How can we reduce the potential for Explosive trace detectors to require scanned people to

perform physical actions?





Scope:

- Data coming from false positives might be maintained, in order to avoid as much as possible

other false positives (for example a warning generated by a person working in an armoury).

- It would be better to have only one single check-points embracing all detection measures.

Normativity:

- Instead of current explosive detectors, it would be better to use a sort of machine to draw

powder from people to be analysed, in order to avoid touching people.

Intrusiveness:

- People should be able to choose the gender of the security operator which will check them.

- All people should be controlled in the same way (in order not to generate discrimination

feelings for scanned people).

- A demonstrative video informing people about what is going on and what are the benefit for

their security could also help for the same purpose.

09/07/2012 Page 13 of 37

3.1.4. DETECTION DOG



- People might fear dogs, or be bothered by them (allergies, personal attitude, fear etc.).

These effects are increased when the dog is allowed to sniff them by a short distance.

QUESTIONS


- How can we reduce the potential for Detection dog to bother to sensible people?





DETECTION DOGS

Normativity:

- Dogs might be substituted or partially substituted by electronic devices: people should be

able to choose between these two security measures.

- People should be able to choose between two or three different dogs (in terms of size, race,

etc.).

Intrusiveness:

- Dogs should be used more on luggage’s than on people.

- Dogs should be kept at a minimum distance from people.

- Dogs should always be tied to a security operator.

- Dogs should always wear a muzzle.

- Dogs should be trained not to scare people.

09/07/2012 Page 14 of 37

3.2. SURVEILLANCE TECHNOLOGIES (Event Assessment, People Assessment &

Situations Assessment)

Surveillance Technologies serve as a tool for locating, tracking or tagging people or goods in order to identify for example unattended luggage, unusual events or unusual behaviour of persons. Technologies of this category are for example: HD-video recording systems, UAV (unmanned aerial vehicles), etc. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Object Assessment Technologies, Material Assessment Technologies


Three technologies have been discussed during the focus-group:

HD-Video Recording Systems

Police observation devices

Unmanned Aerial Vehicles

A detailed description of each technologies is reported in the following:

HD-Video Recording Systems

Functionalities Record; enable future software usage like automatic detection of individuals or objects Criteria to assess technology performance can be: image quality, reliability, interoperability

Threats All kind of potentially dangerous situations

Processes Surveillance of all areas of the airport, Passenger Controls at the landside/airside border, Immigration, high-risk gates, future extension

Security Sensitive Areas Public, Terminal, Ramp, Baggage

Users Airport operator, police, fire department

Image (example)

09/07/2012 Page 15 of 37

Police observation devices

Functionalities Surveillance, deterrence Criteria to assess technology performance can be: locations in which can be installed, ability to transfer collected data to a control station via live feed, resilience against vandalism

Threats Terrorist attacks, “ordinary crime”

Processes Surveillance of remote areas

Security Sensitive Areas Remote bus stops or train stations

Users Police

Image (example)

Unmanned Aerial Vehicles

Functionalities Patrol / surveillance, reconnaissance, other functionalities depending on the type of sensors that are built into the vehicle Criteria to assess technology performance can be: ability to transfer collected data to a control station via live feed, operation time, capable of autonomous orientation

Threats Dependent on area of use and built-in sensors: theft, espionage, terrorist attacks, unauthorized intrusion, vandalism

Processes Surveillance of large areas from the sky

Security Sensitive Areas Possibly airport perimeter if no interference with flight traffic is guaranteed

Users Security personnel, police, military

Image (example)

09/07/2012 Page 16 of 37

3.2.2. HD-VIDEO RECORDING SYSTEM



- CCTV cameras might be used to focus disproportionately upon ethnic minorities, thereby

raising issues of ethnic discrimination.

- CCTV cameras can make people feel bother, since they are observed in a public place, even if

they are doing something completely different by the reason they are observed for (like

eating, walking to exit, etc.).

- CCTV cameras might lead to focus disproportionately on people with unusual dresses or

body art (tattoos, piercing).

- CCTV could "see" beyond the designated area. Cameras could detect what is happening even

in areas not related to security area. For example, they could see what is happening in a

nearby house.

- CCTV could foster discriminations, leading security operators to point out suspicious people

to local security agents using their physical defects, such weight (ex: “ The fat blond woman

just left her luggage alone, stop her”), or their racial somatic traits.

- CCTV could be used to track people, for instance crossing CCTV video-records with

identification technologies data such for example RFID, thus infringing their privacy.

- CCTV data could be used to understand travellers opinions or uses, and used for marketing

purposes.

A relevant issue raised during the interviews concerns the effectiveness of security measures such as

CCTV: they are “mostly useful to identify crime actions after they have been committed, more than

acting as a preventive measure”. This should change the perspective of security decision-makers,

giving them the awareness that "observing everyone and everything is not going to preserve mass

transport systems by criminal actions".

QUESTIONS


- How can we reduce the potential for CCTV cameras to discriminate against ethnic minorities?

- How can we reduce the potential for CCTV to "see" outside the security areas?

- How can we reduce the potential for CCTV cameras to discriminate against unusual dresses

or body art?

- How can we reduce the potential for CCTV cameras to observe people that are not doing

criminal/suspicious actions?

- How can we reduce the potential for CCTV cameras to track people movements?

- How can we reduce the potential for CCTV cameras to collect information for commercial

purposes?

09/07/2012 Page 17 of 37





Scope:

- Regulations should be introduced to limit image storing time and image sharing.

- Video records should be cancelled within a short period of time, and not crossed with other

technologies data such for example RDIF or other identification devices.

- Software could be used on CCTV records to darken the eventual areas not concerned. This

should clearly be reversible in case of emergency.

Normativity :

- Require signage notifying persons of the operation of cameras.

Intrusiveness:

- Adequate measures should be taken to inform people of the presence and especially on the

purposes of surveillance technologies, emphasizing their role and benefits in improving

travellers security. This could include a list of criminal actions CCTV is supposed to prevent or

inhibit.

- Privacy-enhancing algorithms might be used to blur faces or invert the video’s colour

spectrum; to perform an adequate training to operators, stressing the importance of

impartiality when taking security decisions.

- Measures could be adopted in order to inhibit possible discrimination by security operators,

such as:

o to make operators aware of their personal attitude, for example through

psychological tests to spot and show them their eventual personal prejudices;

o to enforce operators to use information gathered by surveillance systems only for

security purposes (and not for marketing ones, for instance);

o to submit, where possible, the spotting of suspicious behaviours to at least 2

operators;

o to change operators more often, in order to increase their "lucidity" and reduce the

possibilities of wrong interpretations.

- Measures to ensure an adequate data use, such as:

o to define a check list of "behaviours" that are considered "suspicious", in order to

reduce personal judgements.

o to restrict access to data for security operators, also informing them on the

regulations and risks concerned to an improper use.

09/07/2012 Page 18 of 37

3.2.3. POLICE OBSERVATION DEVICES

It is worth saying that all infringements, questions and counter-infringement measures spotted for

CCTV are valid for Police Observation Devices as well. Anyway, further issues have been identified

and reported in the following.


This technology bring the same issues of CCTV, with the addition of a further issue due to these

devices might also include microphones: when a person is talking he might use irony, saying sarcastic

sentences like "I am gonna kill you guys" or "This place is so ugly that someone should destroy it".

Microphones and automatic word analysis will spot these sentences as an on-going criminal action

so people will avoid to say them. In other word the possibility to freedom speak and to "be

themselves" is infringed. This effect is even higher if there is no a warning sign of the presence of a

Police Observation Device.

QUESTIONS


- How can we reduce the potential for Police Observation devices to infringe the possibility to

speak without self-censoring?





Scope:

- The device could be activated only in case of warnings and/or emergency situations.

Intrusiveness:

- Devices could be able to recognize people voice tone (such as irony) should be integrated.

- A policeman should patrol nearby the devices, in order to verify whether the detected threat

is real or not.

- A sort of red light should be equipped on the devices, to warn people that the device is

registering (like a red LED similar to cars alarm systems).

- Communication actions should be performed towards citizens, explaining what are the

devices and which benefits might bring for people security. A series of signs should be also

installed to make people aware to be in a observed area.

- A database of “recognized criminal” voice tones should be created, in order to focus

microphones use and avoid to register ordinary people talking.

09/07/2012 Page 19 of 37

3.2.4. UNMANNED AERIAL VEHICLES

It is worth saying that all infringements, questions and counter-infringement measures spotted for

CCTV and Police Observation Devices are valid for Unmanned Aerial Vehicles as well. Anyway, further

issues have been identified and reported in the following.


This technology bring the same issues of CCTV and Police Observation devices, in the addiction of

further infringements:

- People observed by a UAV might feel fear, or have the sensation that an emergency situation

is going on, or that military authority is looking for them. All these feelings generate anxiety

on people. These effects can also increase for people that come from war-affected Countries.

- People might see UAVs insecure and unreliable because there isn't any human pilot on

board. In airports area in particular, people might fear UAVs collisions with aircrafts.

- UAVs are often related by mass media communication to military actions, this might also

bring people to be afraid that UAVs are armed.

QUESTIONS


- How can we reduce the potential for UAV to generate negative feelings (fear, anxiety,

insecurity, etc.) on people?





Scope:

- In order analog CCTV to obscure the operator views the UAV areas outside the security zone.

Reactivate them only in emergency conditions (for example, to follow a car on the run after

having completed an kidnapped).

Normativity:

- UAVs should be prevented to "follow" people.

Intrusiveness:

- The non-military role of UAVs should be more often discussed by media. There are UAVs for

fire prevention, Coast Guard and for reconnaissance in the event of environmental disasters

(earthquakes, floods, etc.). It is fundamental to make people know what civil UAVs are, how

they are equipped and which strategic advantages they bring for the sake of security.

Also, it should be remarked that behind UAVs there is always an operator in the GCS (Ground

Control Station), in order to make people not feeling UAV are autonomous uncontrolled

guardians.

09/07/2012 Page 20 of 37

- UAVs should patrol at a high quote, in order not to be directly perceived by people (that

anyway must be made aware of their presence bay signs, etc.)

- It should be avoided to use more than a UAV in the same area, in order to not create a global

feeling of military emergency.

- UAVs should be prevented to flying near aircrafts zone, in order to avoid people fearing

possible collision with aircrafts.

- UAV appearance could be cared, in order to make them seem less “military”.

09/07/2012 Page 21 of 37

3.3. IDENTIFICATION TECHNOLOGIES

Identification Technologies are used either to identify goods (origin, content, place of destination

etc.) or to identify individuals (name, address, date of birth etc.). Technologies of this category are

for example: biometrics (fingerprint recognition), DNA analyser, etc.



RFID

Keypads & Interactive electronic security locks

Biometrics combined with ID cards


RFID

Functionalities RFID is expected to: - give passengers a unique identifier - track passengers for several purposes

The criteria to assess its efficacy can be: reliability of the technology; resilience against cyber attack

Threats ID theft Illegal migration

Processes RFID-chips in either passports, ID cards or public transportation cards are screened when passengers go through security and/or ID/passport checks

Security Sensitive Areas ID/passport checks Customs Immigration services


Image (example)

Keypads & Interactive electronic security locks

Functionalities Access control, grant access only after entering a certain code Criteria to assess technology performance can be: protection from tampering

Threats Persons gaining access to restricted areas without permission, unauthorized intrusion

Processes Security checks, any point of entrance to a restricted area

Security Sensitive Areas Restricted areas at airports / train stations / bus terminals (e.g. areas with access for employees only)

Users Security personnel, police, other private parties

Image (example)

09/07/2012 Page 22 of 37

Biometrics

Functionalities Access control, identification / verification; any measurable/collectable, unique, universal and permanent feature can be used Criteria to assess technology performance can be: minimization of false negatives / positives, throughput rate, social acceptance, possible combination with other identification methods (e.g. ID cards)



Security Sensitive Areas Airports, customs, immigration


Image (example)

09/07/2012 Page 23 of 37

3.3.2. RFID



- This technology might lead to a significant infringement to people privacy if used to track

people movements (e.g. registering the time people pass RFID reader). "RFID could have

sense in a working place, or whichever other place where you are required to come at a

specified hour, but not in a transport systems such metros where there is not any

compulsion on my personal travel plans".

QUESTIONS


- How can we reduce the potential for RFID to track people movements?





Scope:

- This measure should be avoided for "frequent" transport systems (such as metro) that

typically do not require high level of identification.

Normativity:

- Avoiding to cross data between CCTV and RFID (this procedures is adopted in Turin Metro),

where possible.

09/07/2012 Page 24 of 37

3.3.3. KEYPADS & INTERACTIVE ELECTRONIC SECURITY LOCKS



- If the only key to open a lock is something extremely "personal" such fingerprints, people

might fear to be kidnapped, tortured or even mutilated to be constricted to open the lock.

QUESTIONS


- How can we reduce the potential for Interactive electronic security locks to make people

fearing to be kidnapped or tortured to be constricted to open the lock?





Scope:

- A special care should be taken into not disclosing the names of people that can open

interactive locks.

Intrusiveness:

- Sensors could be used to detect the number of people passing through a specific gate. In this

way, if the gate is supposed to be opened and crossed by a single security operator, a

warning would be triggered for the risk operator is being constricted/enforced by criminals.

09/07/2012 Page 25 of 37

3.3.4. BIOMETRICS



- People might fear by the risk of contamination with DNA analysers.

- People might have a personal reticence against needles.

- People might feel physical violation.

- These technologies (more than other typologies) generate a sort of "constriction" feeling:

when someone is starting a travel, he can do it to taste the sensation of freedom, but all

these strict control systems destroy that sensation.

- In Italian context fingerprints are only taken in case of recognized criminals: using

fingerprints for wider identification purposes might cause embarrassment to Italian people.

- DNA analysis can lead to spot genetic or other kind of illnesses, breaking people privacy on

their health status.

QUESTIONS


- How can we reduce the potential for Biometrics to make people fearing the risk of

contamination with DNA analysers?

- How can we reduce the potential for Biometrics to bother people a personal reticence

against needles?

- How can we reduce the potential for Biometrics to reduce people attitude to travel?

- How can we reduce the potential for Biometrics to make people feel physical violation?

- How can we reduce the potential for Biometrics to make people feel their personal

information threatened?





Scope:

- People should be informed on what data are being collected, why, for how much time, by

whom and for what purposes. This could be done through flyers or demonstrative videos.

- Collected data should not be used for medical statistics or other similar purposes (and this

should be explicitly communicated to travellers).

Normativity:

- Biometrics should be used in a progressive order on the basis of their invasiveness (ex:

fingerprints, facial, eyes, DNA recognition). If possible, people should be able to choose by

their own which biometric technology would be used to identify them.

09/07/2012 Page 26 of 37

Intrusiveness:

- People should be adequately informed that these devices cannot harm.

- Needles should be closed in sealed boxes, and the seal should be directly opened in front of

people.

09/07/2012 Page 27 of 37

3.4. INFORMATION PROCESSING & COMMUNICATION TECHNOLOGIES

(Communication Technologies & Process Control)

Information Processing & Communication Technologies store or process personal information

and/or support communication. Technologies of this category are for example: SCADA systems,

cyber-security devices, etc. In order to update the analysis to the recent Typology classification used

in SIAM Database, the following typologies have been included in the analysis: Process Control

Technologies, Information and Communication Technologies.



Integrated command control rooms

High-tech dismantling labs

Radio network


Integrated command control rooms

Functionalities Provide a central junction for incoming data for decision-making and reaction to threat events Criteria to assess technology performance can be: fast data connections, ability to receive input from all relevant sources (e.g. CCTV feeds, radio contact with security personnel, etc.), effective data integration, system reliability, redundancy, increase effectiveness of security measures

Threats Theft, espionage, terrorist attacks, unauthorized intrusion

Processes Perimeter control, dispatch of security personnel, collection of data, surveillance and activation of countermeasures

Security Sensitive Areas Airports, train stations


Image (example)

High-tech dismantling labs

Functionalities High-tech dismantling labs use different techniques to analyse

samples of materials from shoes and clothes, comparing them

with remote databases. The reason this technology is considered

to belong to Information Processing Typology (and not Detection)

is that here we are not referring to the devices used for detecting

substances but to the ICT infrastructure that lies behind, or in

other words to the high-tech framework used to process the

huge amount of information required to perform analysis and to

obtain real-time responses.

Criteria to assess technology performance can be: response time,

computational algorithms precision.

09/07/2012 Page 28 of 37

Threats Explosives might be hidden exceptionally well, possibly inside

shoes or between fabrics, and thus the need might arise to use

syringes to take samples from deep inside those objects

Processes In the case of suspicious items, they are transferred to the

dismantling lab where they are checked by expert dismantlers

using syringes and chemical kits (see above item on the list)

Security Sensitive Areas Dismantling lab

Users Dismantling team

Potential Freedom Infringements Privacy and possible harm to the item being checked

Image (example)

Radio network

Functionalities The radios allow communication within a structure (airport or

train station) without using wires.

Criteria to assess technology performance can be: quality of

communication, range, interference from other devices, ability to

transmit even underground or in emergency conditions

Threats emergency communication when wire line, cell phones and other

conventional means of communications might not be sufficient

Processes In an emergency, the radios provide communication towards the

control room allowing you to effectively manage the situation of

danger.

Security Sensitive Areas Airports, train stations


Image (example)

http://www.google.it/imgres?um=1&hl=it&gbv=2&biw=853&bih=549&tbm=isch&tbnid=BRG00m5m8nos3M:&imgrefurl=http://irfu.cea.fr/Sacm/en/Phocea/Vie_des_labos/Ast/ast_visu.php?id_ast=845&docid=GdAKly79U_xvRM&imgurl=http://irfu.cea.fr/Images/astImg/845_1.jpg&w=1856&h=1374&ei=3PWDT6_7GMGKswbzhui6Bg&zoom=1&iact=hc&vpx=326&vpy=160&dur=485&hovh=193&hovw=261&tx=181&ty=98&sig=118149007019633096396&page=2&tbnh=160&tbnw=221&start=15&ndsp=9&ved=1t:429,r:1,s:15,i:119

09/07/2012 Page 29 of 37

3.4.2. INTEGRATED CONTROL ROOMS



- This systems can generate infringements as far as is connected to monitoring devices like

CCTV, microphones, sensors, etc. The awareness that there is a control room linking personal

data (name, DNA, fingerprint, face, etc.) and sensors data (images, movements, luggage

detection results, etc.) might make people feel their privacy is threaten.

QUESTIONS


- How can we reduce the potential for Integrated control rooms to make people feel their

privacy is threaten?





Data should be used exclusively for security purposes.

Scope:

- Collected data should not crossed with unauthorized data coming from web

- An higher level of automation in dangers recognition (ex: use of more recent sophisticated

software) might avoid operators to deal with travellers personal data.

Intrusiveness:

- Measures could be adopted in order to adequately instruct security operators, such as

o to enforce operators to use information gathered only for security purposes (and not

for marketing ones, for instance);

o to submit, where possible, the spotting of suspicious behaviours to at least 2

operators;

o to change operators more often, in order to increase their "lucidity" and reduce the

possibilities of wrong interpretations.

o to make operators aware of their personal attitude, for example through

psychological tests to spot and show them their eventual personal prejudices;

09/07/2012 Page 30 of 37

3.4.1. HIGH-TECH DISMANTLING LABS



- Collecting the samples to be analysed might lead to damage people clothes or objects.

Moreover, as for other technologies it is perceived as an excessive security measure to be

applied to all people, threatening the freedom to feel their selves innocent.

- High quality analysis could require people to wait too much time.

QUESTIONS


- How can we reduce the potential for High-tech dismantling labs to damage people clothes or objects?

- How can we reduce the potential for High-tech dismantling labs to make people waiting a lot of time?





Scope:

- Analysis should be performed (where possible) without damaging clothes or asking people to

toggle them.

Normativity:

- The time needed to obtain a response should be decreased (real. Time response would be

ideal).

- People should be informed through videos, flyers or other communication actions on what

the systems are doing and which benefits they grant to improve global security level.

- A sort of companying measures (such as apologies, discounts on flight, etc.) should be

provided to people in case of false positive or excessively high amount of time used for the

analysis.

09/07/2012 Page 31 of 37

3.4.1. RADIO NETWORK



- If Security Operators radio devices have a healable volume, they could lead to two kind of

infringements: on the one hand a privacy breaking of the people that are being

communicated as suspected; on other hand high volume might disturb travellers.

Furthermore, panic could be spread if people hear about an on-going criminal action.

- Offensive comments might be made by security operators and heard by people (for ex: “Stop

the man next to the big fat woman”).

QUESTIONS


- How can we reduce the potential for Security Operators radio devices to disturb travers and/or to break their privacy?





Intrusiveness:

- Hearings should be used by security operators to listen to radio devices.

- Communication should be coded, in order not to allow people understand what is happening

- Security operators should be adequately trained to avoid potential infringements.

09/07/2012 Page 32 of 37

3.5. INTRUSION PROTECTION AND DEFENCE TECHNOLOGIES (Physical Access &

Enforcement)

Intrusion Protection & Defence Technologies support the physical protection against malicious attacks. Technologies of this category are for example: armoured glass at terminal ground facility, automated barriers, etc. In order to update the analysis to the recent Typology classification used in SIAM Database, the following typologies have been included in the analysis: Physical Access Technologies, Enforcement Technologies.



Automatic Light Vehicle system with Platform Screening Doors

Tail-gating prevention

GPS/radio jammers


Automatic Light Vehicle system with Platform Screening Doors

Functionalities This technology embraces in itself a wide number of technical devices and systems, all finalized to perform an efficient stand-alone management (that is, without the need of the personnel, such as the driver or platform local operators) of trains. These devices can include physical barriers (like automated platform screening doors), enforcement measures, and local control/monitoring systems. Criteria to assess technology performance can be: automation, service reliability, comfort, speed.

Threats The main expectations from this technology are the possibility to:

prevent accidental falls off the platform onto the lower track area, suicide

attempts and homicides by pushing;

improve security by restricting access to the tracks and tunnels;

prevent or reduce wind felt by the passengers caused by the “Piston

effect” (air compression and decompression caused by trains movement)

which could in some circumstances make people fall over;

reduce the risk of accidents, especially from service trains passing

through the station at high speeds;

Processes Automatically carries passengers along the trajectory of Underground

Security Sensitive Areas

Internal area

Users Security personnel

Image

(example)

09/07/2012 Page 33 of 37

Tail-gating prevention

Functionalities Enhancement of other access control measures by ensuring that authorized persons are not accompanied by unauthorized persons while passing a checkpoint to gain access to a restricted area Criteria to assess technology performance can be: interaction with authentication measures



Security Sensitive Areas Mostly airports


Image (example)

GPS/radio jammers

Functionalities Jamming GPS navigation Criteria to assess technology performance can be: no interference with regular traffic, capacity

Threats Use of an airplane as a weapon

Processes Defence of a facility from terrorists using an airplane as a weapon

Security Sensitive Areas Airports as a whole

Users Security personnel, police, military

Image (example)

09/07/2012 Page 34 of 37

3.5.1. AUTOMATIC LIGHT VEHICLE SYSTEM WITH PLATFORM SCREENING DOORS



- This technology can cause people feel fear or insecurity, since "there is no other person (the

driver, for instance) you could ask for help, in case of aggression or similar actions. Even if

you know you are being observed by security operators, you cannot receive immediate help,

and even a few seconds can make the difference."

- There are two relevant aspects linked to the “security perception” coming from VAL systems.

The first is related to people visual sensitivity: "an automated security system is often semi-

hidden so you cannot perceive it as a really strong security measure, while a policeman is

there, you can feel his presence. This make you feel more secure."

The second issue is related to the perceived purpose of automated security measures in VAL,

like cameras or sensors: "a camera is there to observe people, even me like I were the

criminal, while a policeman is clearly there to protect me".

- People could fear Platform Screen Doors as it might not work correctly and imprisoning

people inside the train, with no driver you could ask for help.

- In case of emergency situations, panic can be generated if doors do not rapidly open.

QUESTIONS


- How can we reduce the potential for VAL systems to make people feeling fear or insecurity?

- How can we reduce the potential for Platform Screen Doors to make people feeling fear for

the risk to be imprisoned?





Intrusiveness:

- A series of devices should be installed to allow people easily communicate with outside the

trains.

- Strong Lights as well as large spaces should be present to create a more comfortable

environment for people.

- Emergency devices should be present on trains and on platforms, to:

o stop the trains

o open the doors

- Security operators should patrol near automated systems, or at least be rapidly available.

- Adequate information and communication procedures/tools should be adopted to show

people what to do during emergency situations, in order not to spread panic.

09/07/2012 Page 35 of 37

3.5.2. TAIL-GATING PREVENTION



- People may fear to be injured in case the technology would not work correctly.

- Disabled people may be discriminated, not being able to deal with normal tailgating devices.

QUESTIONS


- How can we reduce the potential for Tail-gating prevention systems to make people feeling

fear for the risk to be injured?

- How can we reduce the potential for Tail-gating prevention systems to discriminate disabled

people?





Normativity:

- A human operator should be always present near tailgating systems, allowing people to ask

for help or information.

Intrusiveness:

- A sort of companying measures (such as apologies, discounts on flight, etc.) should be

provided to people in case of malfunctions with eventual harm.

- A special tailgating prevention system could be designed for disabled people (larger, with

higher passing time, etc.)

09/07/2012 Page 36 of 37

3.5.3. GPS/RADIO JAMMERS



- These technologies threaten the freedom to communicate with other people and to get

information from the network, generating a sort of "anxious isolation".

- The sensation of impotency can be felt as well, being in the hands of someone that can act

for institutional reasons and/or to protect as many people as possible, but not necessarily to

protect you as an individual.

- When activated, the jammer block radio communications / GPS also hitting innocent people

and security officers haven't a decoder.

- Often the first way to understand what is happening during a potential terrorist attack is the

communication with local people: “in most cases a Communication Jammer might create

even more vulnerabilities”.

QUESTIONS


- How can we reduce the potential for GPS radio/jammers to make people unable to

communicate with other people or to get information from the network?





Intrusiveness:

- This measure should be used only in emergency situation, and with some procedures (Vocal

communication, signs, videos, etc.) to make people aware of what is going on.

- Jammers could act only on specific Radio Frequencies, identified as dangerous.

09/07/2012 Page 37 of 37

4. CASE STUDY COUNTER INFRINGEMENT MEASURES

An analysis was done to spot which identified counter-infringement measures are also used in Turin

metro case studies. The first concerns RFID and CCTV: data are not crossed in order not to track

people movements a thus risk to break their privacy. The second concerns radio: hearings and other

sound mitigations devices are used to avoid people hearing security communication. The last two

concern VAL where many devices are installed on trains and station to allow people easily

communicate with security operators, and stations are built on a wide-perspective philosophy:

“people feels more secured when they can see things from far, for this reason stations are full of

strong lights and large halls.

Documents

SIAM - TU Berlin€¦ · according to the classification developed in SIAM project: 3.1. Detection Technologies These technologies are used to detect explosives, toxic gases, radiological