Three Threats to the Image of the Industry

They have proposed solutions that focus on restoring privacy as a default assumption for individuals. This upends the notion that people must trade their privacy for security and convenience. As a result, more and more consumers are starting to demand control over their data and protections for their privacy.  As these debates continue, security companies must contrast their use of the technology with the intrusive uses by bad actors. To do this, we must understand these threats from the perspectives of our potential customers.

The Facial Recognition Fight

On one front, there are two key signs of growing opposition to the widespread adoption of facial recognition technology: legislation against the tech based on claims it is racially biased and organizations and individuals who dissent to the technology’s existence due to privacy concerns. 

The main fight for facial recognition on the legislative front right now is centered on reports concerning its accuracy when identifying different demographics of people. According to a National Institute of Standards and Technology (NIST) study completed in December 2019, today’s facial recognition algorithms show widely differing levels of accuracy.  

Some of the algorithms did not perform well, but this does not speak for the accuracy of all algorithms, nor should it rule out the opportunity for companies to continue improving the technology so businesses and consumers can reap its benefits. This comprehensive study from NIST – the author of which points out that the most equitable algorithms also rank among the most accurate – is the central focus of a significant debate in Congress and other agencies over the accuracy of facial recognition technology. 

“Some members of Congress are taking bits of information in this report to cast doubt on facial recognition technology and that is where the real battle for its future use in government and commerce will be held,” says Chris Heaton, vice president of advocacy & public affairs at ESA. 

Other examples of pushback against facial recognition exist in the form of activist organizations, municipal laws banning the technology altogether, and plenty of online articles discussing the ethical implications of implementing such technologies in schools and workplaces. 

In recognition of these concerns, Congress has proposed bipartisan bills that would limit the technology’s use. Legislators continue to debate whether and how they should regulate facial recognition, often referencing the fundamentally opposed natures of individuals’ privacy rights and the public’s need for information. 

As security professionals and law enforcement agencies are aware, unchecked mistrust of this technology risks undermining its legitimate use for security purposes. If consumers begin to exclusively associate facial recognition technology with low-quality algorithms or privacy intrusions, the technology could see limited adoption by the public and lower levels of investment and innovation than it has seen recently. 

Moving forward, it will become more important to educate consumers on how their systems will operate. They will want to know how the technology will handle their sensitive data. Customers might demand proof that facial recognition systems will keep their information confidential.  

Legislation might demand that systems perform with high levels of accuracy and get unbiased results. As regulations form, the burden will fall more on software providers and integrators to ensure the proper use of this technology. 

To ensure the responsible use and narrowly tailored regulation of facial recognition across the country, the industry could promote model legislation at the state level, much like previously drafted alarm ordinances by SIAC. Actively voicing the desire of the industry to use these technologies for the security and safety of residents, businesses, schools and government entities is a crucial step to maintaining a favorable image in the controversial climate surrounding this growing technology. 

Businesses can be the voice of the industry by first implementing appropriate company policies surrounding facial recognition technology. Then they can share their stance through business-to-business communications, customer interactions, marketing materials, press interviews and community involvement. 

The Surveillance Scare 

On another front, some companies seek to make profit by gathering data on people with as many sensors as possible. Scholars often refer to these Big Data companies as “surveillance capitalists,” a group of companies that have changed how personal data about consumers is often used. 

Although most companies do not collect as much data on their customers as these surveillance capitalist institutions, almost every modern company has a database of personal identifying information (PII) about its customers. Unfortunately, the overwhelming success of companies profiting from peoples’ personal data has tempted many others to follow suit and begin selling the personal data of their customers for marketing purposes.  

Such uses of customers’ sensitive information have caused a stir among consumers. So much so, in fact, that legislators are starting to paint privacy and data ownership as a right. Hot on the heels of the EU’s GDPR, California recently passed legislation to limit what companies can do with consumers’ personal information, which prompts us to consider the possibility that similar legislation might come in other states where concern over data misuse is prevalent. 

“The California Consumer Privacy Act is the first of what I am sure will be many states to put consumers in control of how their personal information is used,” says Heaton. 

The threat posed by consumer privacy concerns and the advance of surveillance capitalists into the home is that traditional security companies might seem guilty by association in the eyes of consumers, even though our industry operates in a completely different paradigm from these Big Data companies. Their focus on collecting and profiting from data contrasts with our industry’s traditional manner of doing business: providing security by gathering only the information necessary to keep customers safe. 

As members of our industry are aware, electronic security companies have a very narrowly defined use case for their customers’ data. The task remains to educate customers and alleviate their concerns in the face of misunderstandings due to the broad brushstrokes of public opinion. 

One way to prevent the unsavory association with companies who misuse consumer data is for electronic security companies to differentiate themselves by committing to provide holistic security solutions. Companies can win trust by offering solutions that respect the privacy of the home. They should thoroughly vet all possible “smart home” connections with the security system, and educate consumers of what they might be giving up in exchange for the conveniences offered by virtual assistants and DIY hardware. 

The Cybersecurity Clash 

On the third front, security devices’ increasing complexity makes them a lucrative target for cyberattacks. Frequent incidents in recent months have heightened awareness of the need to secure devices from threats posed by a wide range of bad actors, from basement-dwelling hackers to foreign intelligence operations. 

Due to this growing concern, demand could arise for more holistic security solutions, with people beginning to ask about the security of their data (e.g. “How is the video from my cameras stored? What about the audio? How can I request for it to be deleted? Do people watch it even when there’s no emergency?”). 

Manufacturers and integrators must harden the cybersecurity of their products and services. They must also educate consumers on what precautions they are taking to protect customers’ data. It could strengthen consumer trust for businesses to show how they use data for the sole benefit of their customers. 

Businesses will likely earn more trust from consumers by staying ahead of regulations. Apple has done this with the release of its iPhone 11, touting with its marketing the care it takes with facial data. Any sensitive data on the device is not processed in the cloud and isn’t even accessible by the phone’s filesystem.  

In this same vein, some industry leaders have already begun drafting a self-regulation framework for the electronic security industry. They have done this despite that fact our legitimate use case enjoys exceptions in much of the proposed federal data privacy legislation that exists today. These projects show the intention of the industry to go beyond mere compliance with legislation. Such proactive efforts show a commitment to providing customer-centered, holistic security solutions. 

Conclusions 

By addressing the three potential threats to the industry’s perception outlined above, security companies can increase their odds of staying on customers’ good sides. If teams keep themselves informed, educate their customers and commit to providing holistic security solutions that put privacy first, they might earn more business and increased trust from their current customers. 

Much of the way forward consists of thoroughly vetting products, understanding customers as public opinion oscillates and positioning professional security solutions as cyber-hardened and privacy-oriented.