An ethical approach to physical security in the cloud

By Rodrigue Zbinden, CEO, Morphean and Steven Kenny, Industry Liaison Architecture and Engineering at Axis Communications

As the Internet of Things (IoT) matures, it has become apparent that the cloud offers enormous potential for the physical security sector, making traditional security features more cost effective and available to all. But at a time when video surveillance and the use of customer information and imagery are in question, it’s right and proper that the debate around the ethical use of systems is vigorous and open. What’s most important is that government guidance in the area is continuing to evolve. The EU’s GDPR is a solid piece of legislation, but it’s not exhaustive in its provisions, and regulators are still developing a feel for where its boundaries lie.

Taking action to protect privacy

As an industry, we need to be proactive in this debate and demonstrate that we can behave responsibly to protect personal data. Ensuring cloud platforms are GDPR-compliant requires more thought beyond merely placing signs to let people know they are on film. The ability to be transparent and to acknowledge the rights that the general public hold over their data should be factored in, right from the start.

We can take steps to protect privacy when collecting image data. Business insights are derived from observing patterns in group behaviour, not by identifying individuals in that group, so the storing of an individual’s image is largely unnecessary. Where facial recognition systems are used, pattern matching should be based on irreversible numerical representations of a face: in other words, facial features are encoded and stored as a hash ready to be matched against live data, not actual photographs of faces.

Perhaps the most promising development along these lines has been the creation, in the UK, of the world’s first voluntary set of standards for surveillance cameras. This was announced by the Surveillance Camera Commission (SCC) in June 2019, but was drawn up in collaboration with the industry. Right now, the focus is on cybersecurity and ensuring that devices and data transfer is Secure by Design as default, and that networked cameras are maintained throughout the full life cycle with easy to apply firmware upgrades.

Ethical data collection best practice

These steps help to protect public privacy by reducing the risk of data breaches. It’s likely that similar codes will also be drawn up to govern the use of cameras and video footage too, establishing industry-wide best practices for anonymisation and ethical data collection. Getting this right is fundamental: as the benefits of video-surveillance-as-a-service (VSaaS) become more apparent, and integrators better understand the value that they can offer customers, we will see increased interest and adoption in the area, just as we saw with other business critical functions.

The more widely these systems are adopted, the better the platforms themselves become as the AI and machine learning tools have more data. It’s important not just for vendors to show commitment to ethical principles but to help educate customers about what to look for in partners too. There have been too many abuses of the power of surveillance technology in the past. But done right, security technology can help to create a safer workplace, increased business profits and uphold the rights of citizens to privacy in a digital world.