New Zealand Security - August-September 2021

Page 18


Facial Recognition: Pre-deployment considerations Writing for ASIS International’s Security Technology magazine, Reese Huebsch suggests that improper use of facial recognition technology may increase an organisation’s liability or damage its brand. The use of facial recognition technology as a surveillance tool by the public and private sector is becoming more widespread. Organisations can benefit from reductions in investigation costs, improved incident management, and real time situational awareness.

Reese Huebsch is director of program development at Atriade, a security consulting firm. He has an extensive background in physical security operations, management, process, and technologies.



These benefits can mean a reduction in risk to their people, information, and assets. But with the good, comes the bad; potential privacy concerns and the perception by some that facial recognition always delivers a perfect match can lead to the use of erroneous data. Another consequential drawback is the potential of racial bias in algorithms, which may not have been tested with a larger, more diverse population. As with any tool if not developed properly, facial recognition is not likely to be effective. It is critical that users educate themselves and understand the current state of facial recognition as a surveillance tool to ensure its successful deployment and appropriate use. Facial recognition has been used successfully in circumstances where an organisation actively manages access to its space for government, professional, or commercial purposes. Positive results in these areas are driven by effective environmental design, limited obstructions, good camera angles, proper lighting, and controlled checkpoints and

passageways to ensure high-quality surveillance data is collected. Some examples may include airports, arenas, event space, casinos, or a controlled office space. Employees and visitors in these spaces will have a lesser expectation of privacy as they are public in nature and typically have layers of security controls in place. In some cases, people will have gone through a formal verification and enrolment process and provided a credential. During this process, a person’s face may be captured for enrolment purposes. While there are currently no U.S. federal level requirement to notify that surveillance is in place, there may be local or state requirements. These checkpoints and visible controls should set privacy expectations accordingly. Organisations may choose to permit employees or visitors to opt-out or not participate in facial recognition surveillance programs but will need to have a formal process in place to ensure fairness of choice. Successful use cases of facial recognition include identification of banned attendees at events, unauthorised access, and identification of persons in secure areas. While these venues may have a high population of people, they have likely developed good surveillance conditions and usually have numerous other security tools in place to support the operation. Many

August/September 2021