New Zealand Security - Dec 2019-Jan 2020 by Defsec New Zealand

December 2019/January 2020

Protecting the Peace: Public protest and private security Facial Recognition â&#x20AC;&#x201C; Impacts and effects of Privacy Regulations

The State of Security Convergence Video Surveillance: Data analytics gains hampered by privacy concerns

www.defsec.net.nz

SECURITY TECHNOLOGY RELIABILITY

your electromagnetic locking specialist!

Underpinned by 30 year's experience and service with integrity. Standard features include: • Field-selectable 12 & 24 VDC options • 550kg holding force • Slimline styling • Instant release • Stainless steel fitting hardware • Through hardened, polished stainless sex nut • Full protection against transients.

Options include: • Door Position Switch • End-to-end Magnetic Bond Sensor • Header extension angle bracket • Custom full width housings • Z/L brackets for inward opening doors • Frameless glass door brackets • Powder coated or anodised colours • Stainless indoor, outdoor and gate locks

GUARANTEE

Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK mail@loktronic.co.nz www.loktronic.co.nz

GUARANTEE

*Standard terms & conditions of sale apply.

21066/1/18

For expert advice and assistance with your security locking needs, trust in Loktronic, call us on 0800 367 565

CONTENTS ISSN Print 1175-2149 ISSN Online 2537-8937

From the Editor............................................................................................................................................................................................................................6 Releasing the potential of VMS .............................................................................................................................................................................................8 Hikvision Deep Learning: Securing ATMs 24/7...............................................................................................................................................................10 Lockdown logistics: Incident management and access control...............................................................................................................................12 The State of Security Convergence....................................................................................................................................................................................14 Protecting the Peace: Public protest and private security..........................................................................................................................................16 Private security and the privatisation of public space.................................................................................................................................................18 She’ll be right: Security AWOL at Defence event...........................................................................................................................................................22 Dahua showcases recent deployments............................................................................................................................................................................23 Facial Recognition – Impacts and effects of Privacy Regulations............................................................................................................................24 Facilities and Public Spaces conference offers answers to improbable failure...................................................................................................30 On Tour: When international cricket meets international risk..................................................................................................................................34 Video Surveillance: Data analytics gains hampered by privacy concerns............................................................................................................36 NZSA CEO’s November Report.............................................................................................................................................................................................38 Saving Face................................................................................................................................................................................................................................ 40 Converging Event Security....................................................................................................................................................................................................42 Clarification on licensing for electricians......................................................................................................................................................................... 44 Events...........................................................................................................................................................................................................................................45

year 10 guarantee ENJOY a

on Loktronic Indoor Electromagnetic Locks!

Industry Associations

www.security.org.nz

www. asis.org.nz

www.masterlocksmiths.com.au

www.nzipi.org.nz

www.security-institute.org.nz

0800 367 565

20851

*Standard terms & conditions of sale apply.

Showcase.................................................................................................................................................................................................................................... 46

www.loktronic.co.nz

NZSM

www.skills.org.nz

December 2019/January 2020

FROM THE EDITOR Welcome to the December-January issue of NZSM. It’s our final edition for 2019 – and we’re got lots to talk about! As the summer retail peak edges closer, retailers around the country are gearing up for big sales – and looking to prevent big losses. Many are looking at facial recognitionenabled video surveillance solutions to identify shoppers – from known offenders to VIP customers – but there’s a lot of uncertainty around the legal and reputational aspects of capturing and storing such sensitive personal data. In this issue of NZSM we focus on the issues surrounding facial recognition and privacy. David Horsburgh CPP PSP PCI, Managing Director at Security Risk Management, who presented to a sold-out ASIS Auckland Breakfast Meeting in November, writes in an in-depth feature article that facial recognition use by private companies potentially breaches NZ privacy principles. While new camera biometric smarts present opportunities for New Zealand’s retailers, writes Joanna Mathers in a related piece, it pays to understand the implications. In another article that considers the US setting, Megan Gates writes that the fast and loose adoption of facial recognition technology has potentially negative impacts for marginalised people, such as minority groups, already at risk of discrimination. Also in the US, we look at the results of a recent ASIS Foundation study, which cites the biggest barrier to the convergence of security functions in organisations as differences in culture and skillset between physical and cybersecurity. Conversely, the biggest driver for convergence is the alignment of security strategy with corporate goals. On the topic of convergence, in an article originally published in Security Management Magazine, Claire Meyer notes that the 2019 Unisys Security Index identifies increasingly risk-averse consumer perspectives on physical and digital security at public events. Among the big public events over the coming summer are international cricket fixtures. With the cricket season upon us, Chris Kumeroa, Managing Director of Global Risk Consulting, draws from years of security experience in Pakistan and the Middle East to risk assess the potential for a New Zealand Cricket return to tours of Pakistan. Closer to home, NZSA CEO Gary Morrison writes about a recent Wellington event he attended along with a string of senior diplomats and government guests. For an invitee list heavy on top brass, the gathering was disconcertingly light on security. With months of crippling public protests in Hong Kong and some recent smaller scale demonstrations in Wellington and Ihumatao, there’s plenty of protest action around, and private security guards are often on the front line. Joanna Mathers explores the unique challenges faced by security providers caught up in protest action. In Part Two of my wrap up of August’s Safe and Secure Facilities and Public Spaces conference, I look at the various strategies presented by conference speakers aimed at protecting public places against ‘improbable’ security threats. There’s all this and a whole lot more in this issue of NZSM, including more features and updates from the NZSA and our sponsors. Without our sponsors NZSM just wouldn’t happen, and I would like to take this opportunity to thank them for their support and to recognise their valuable service in contributing to an informed New Zealand security industry.

NZSM New Zealand Security Magazine

Nick Dynon Chief Editor Nick has written for NZSM since 2013. He writes on all things security, but is particularly fascinated with the fault lines between security and privacy, and between individual, enterprise and national security. Prior to NZSM he clocked up over 20 years experience in various border security and military roles.

Stay safe over the festive season, and all the best for a great start to 2020! Nick Dynon Auckland facebook.com/defsecmedia linkedin.com/company/ defsec-media-limited twitter.com/DefsecNZ

Upcoming Issue February /March 20 Banking, Insurance and Finance, Loss prevention, industry training

NZSM

Disclaimer: The information contained in this publication is given in good faith and has been derived from sources believed to be reliable and accurate. However, neither the publishers nor any person involved in the preparation of this publication accept any form of liability whatsoever for its contents including advertisements, editorials, opinions, advice or information or for any consequences from its use. Copyright: No article or part thereof may be reproduced without prior consent of the publisher.

Contact Details: Nick Dynon, Chief Editor Phone: + 64 (0) 22 366 3691 Email: nick@defsec.net.nz Craig Flint, Publisher Phone: + 64 7 868 2703 Email: craig@defsec.net.nz Postal and delivery address: 27 West Crescent, Te Puru 3575, Thames, RD5, New Zealand

December 2019/January 2020

security security

The Complete Security Solution The Complete Security Solution Expand your offerings to cover intrusion from DSC, video from exacq and access from Expand yourcontrol offerings to kantech cover in one singlefrom solution. intrusion DSC, video from exacq and access control from kantech in one single solution.

INTRUSION VIDEO INTRUSION VIDEO

ACCESS ACCESS

For a total solution from a single trusted source Visit: tycosecurityproducts.com Call:solution +61 0499688921 +61 499 688 921 For a total from a single trusted source Email: bts-emea-tycosales@jci.com bill.sakellariou@jci.com Visit: tycosecurityproducts.com Call: + 64 (0) 27 272 1798 Email: chris.whiting@jci.com

The all-in-one integrated solution provides the best of video surveillance, intrusion detection and access control all from one single, trusted partner. You can deliver a full solution to yourall-in-one customersintegrated with ease solution and business owners and security The provides the best of video personnel canintrusion managedetection all aspects of access on-premises surveillance, and controlphysical all from security from a single interface kantech one single, trusted partner. You -can deliveroraexacq. full solution to your customers with ease and business owners and security personnel can manage all aspects of on-premises physical security from a single interface - kantech or exacq.

FEATURE

Releasing the potential of VMS Compatible with 3,704 camera models and a large number of access control systems, pointof-sale (POS) systems, and retail and video analytics, Tyco’s exacqVision VMS is one of the industry’s most flexible solutions. The importance of incremental improvements End-user operational requirements change, businesses expand, and new threats emerge. It is crucial that Video Management Software (VMS), which is more often than not placed at the heart of an integrated electronic security solution, is regularly updated. With such a wide choice of featurerich VMS solutions to choose from, it is easy to be mesmerised by manufacturers claiming their platform is the best in terms of functionality and user friendliness. However, high on the list of considerations when selecting a VMS should be whether or not its manufacture has benefitted from improvements informed by changing market demands. An upgrade of the Tyco exacqVision VMS is released every quarter. The incremental improvements incorporated within each release generate new revenue opportunities for system integrators and ensure end-user expectations are fulfilled by the delivery of additional practical advantages. V19.09, the latest upgrade of exacqVision, is a perfect example of this.

Subscription Agreement (SSA). This new feature saves significant time by enabling administrators to perform transfers immediately and without having to go through a purchasing process. The Live Camera page within exacqVision now offers keyword filtering on any defined camera attribute, enabling fast filtering across thousands of cameras. Using metadata to define camera attributes permits rapid camera filtering and allows users to create dynamic live groups, rather than relying solely on the camera name. Filtering results quickly makes it easy for users to view all cameras in the same building or on a specific street, in cases where producing fast results matters most. For installers integrating Illustra cameras, Illustra’s built-in profiles can now be selected from exacqVision, offering pre-built camera configurations for a wide range of scene types. Exposure

profiles provide a way to automatically adjust camera settings according to how the camera is used, optimising streams for the type of scene. Streamlining this configuration process delivers convenience and reduces installation time. New integrations with third-party technology partners in Tyco’s Connected Partner Program include license plate recognition from Vaxtor, retail analytics and cloud-based forecasting from Percolata, and alarm verification from I-View Now. 19.12: flexibility for enterprise administrators Exacq’s VMS 19.12, due for release this December, will allow camera licenses to be bulk purchased and unused licenses stored within Enterprise Manager to deploy as needed. Additionally, camera license SSAs will not age on Enterprise Manager.

v19.09: Optimised task performance Whether your role is installing exacqVision, monitoring live video, or administrating enterprise deployments, the latest software update from Exacq provides streamlined features to accomplish exacqVision tasks. Administrators using Enterprise Manager can now transfer license’s camera channels between NVRs easily and at no charge with a current Software

NZSM

December 2019/January 2020

Exacq Mobile features an improvement to the way users interact with specific cameras, offering a more mobile-friendly user experience and improved performance when viewing multiple camera streams. Exacq’s ONVIF camera integration will also support the ability to talk and listen through IP cameras equipped with audio I/O. Most developers of VMS rightfully claim their software is open platform, allowing interaction with other types of security and building management systems, and cameras from different manufacturers. Some, such as Exacq, have gone to enormous efforts to ensure installers and system integrators can, without extensive training, fully capitalise on the open capabilities of their VMS, whilst minimising installation, configuration and commissioning time and cost. Camera Integrations The Exacq development team have been hard at work and their efforts have resulted in 399 additional camera models able to be integrated with exacqVision. At the time of this article’s publication, there are a total of 3,704 supported cameras and these include virtually every camera model and type currently being installed in Australia and New Zealand. These include older generation IP network cameras, as well as the very latest open platform, ultra-high definition and thermal imaging models. By proactively integrating cameras from over 60 manufacturers, Exacq has significantly reduced the time it takes to design, implement and commission a VMS solution that needs to handle images captured by a wide variety of cameras.

Calculating Bandwidth The Exacq home page features a ‘Recorder Calculator’, which is a valuable tool that generates approximate storage and bandwidth estimations. System designers can input the specific needs of a project, such as the camera count and the required resolution, frame rates and recording hours into the calculator, which then provides estimates around required network bandwidth and server specifications. Reducing installation time and cost The abovementioned camera integrations and Recorder Calculator might seem obvious tools for a manufacturer to provide, but in Exacq’s case considerable effort has been made to ensure upto-date, real-life practical guidance to minimise system design time and negate the possibility of costly mistakes being made due to incorrect assumptions about bandwidth requirements.

Together with an App that can be used on any smart mobile device or laptop, which makes it easy for engineers to walk test cameras, these tools can help minimise cost by reducing pre-installation and on-site commissioning time. In terms of integrating video surveillance with access control and intruder detection, a major advantage of having the Kantech, DSC and exacq brands within the Tyco portfolio is the ability to achieve deep and true integration between these different security systems. Although each of these product ranges have separate product management and software development teams, they work closely together to ensure full interaction and backward and forward compatibility. Ultra user-friendly One of the particularly user-friendly aspects of Exacq is its graphical user interface (GUI) display. Operators are likely to choose the option of using the Exacq VMS front-end display if video surveillance of a site or building is the main objective, even though it might be part of a larger integrated security solution. The need to be able to react quickly and effectively to any incident or suspicious activity has never been more important. By providing a comprehensive, fully interactive solution that takes full advantage of the latest advances in technology, Exacq VMS equips security personnel with an extremely powerful tool to protect people, property and assets. Exacq VMS is one of the extensive solutions ranges offered by Tyco, the security products division of Johnson Controls

For more information visit www.exacq.com

December 2019/January 2020

NZSM

Hikvision Deep Learning: Securing ATMs 24/7 As the annual spending frenzy accelerates in the lead-up to the festive season, New Zealand’s ATMs will be getting a work out. With thieves focusing their attentions accordingly, Deep Learning provides a security edge.

ATMs have become a cornerstone of day-to-day life for millions, but they can also be vulnerable to attack – often involving ATM users, potentially injuring them and causing trauma. But since ATMs are often situated outside buildings and used at all times of the day and night, securing them is a challenge – and banks are turning to more intelligent solutions. An outdoor vulnerability According to the ATM Industry Association (ATMIA), there are an estimated 3.5 million ATMs in the world serving those in need of cash 24/7, 365 days a year. And there’s where the difficulty in securing them lies. To be effective, most ATMs need to be in public areas and open all hours. This, coupled with the fact that they hold hard cash, makes them an attractive target. Criminals target these machines – or more precisely – the people using them in numerous ways. Distracting customers

at ATMs in an attempt to take their cards or cash from them, or to discover their PIN number for use at a later date, for example. They also try to install false card readers that steal customer’s card details for reuse. So, security precautions for ATMs are an important part of a financial institution’s overall security solution. Deep Learning technology steps in Inside an ATM machine, two covert cameras are inserted, one installed on the user, the other on the ATM panel. Deep Learning technology embedded in the ATM security system can detect “abnormalities” in the scene in front of it and trigger alarms in the security center, referring to existing data patterns. All of these ‘smart’ alarms streamline the security monitoring process, meaning

NZSM

that security personnel can react to real-time scenarios and not waste time on false alarms. The footage can provide evidence for any investigation. The Hikvision DeepinMind NVR is a deep learning ‘engine’ that takes the information from the camera and analyses it using Deep Learning algorithms. This can also ‘manage’ footage, in conjunction with other NVRs and a video management system, which brings this part of a total solution together with all the other elements, providing a powerful toolset for security and business intelligence. Securing assets at the extremities of your security solution is a lot easier with Deep Learning technology. Even ATMs outside your building can be safer, avoiding fraud and protecting your customers 24/7.

December 2019/January 2020

HIKVISIONâ&#x20AC;&#x2122;S NEW EASYIP NETWORK CAMERAS

New Appearance, Better Performance Up to 8 MP resolution Down to 0.008 lux low-light performance

Distributed by

www.hikvision.com.au www.atlasgentech.co.nz orders@atlasgentech.co.nz

www.nfs.co.nz sales@nfs.co.nz

Hikvision New Zealand Hotline +61 1300 557 450 sales.nz@hikvision.com

INDUSTRY

Lockdown logistics: Incident management and access control Access control systems can do a whole lot more than preventing access to a site by some and facilitating it for others. Phil Murphy, Sales Manager for the South Island at Gallagher, talks about managing lockdowns with an access control system. We can’t turn our schools into prisons; that’s not who we are as a nation - but we have a real duty of care to ensure that the safety of children while at school is treated as a priority. Caregivers should feel reassured that adequate measures are in place to protect their children and the staff on a site.

The recent Lockdown in Schools report from KPMG uncovered a litany of issues triggered by dealing with school shootings. Lack of communication was cited as one of the major reasons that lockdowns failed. The other was the failure to implement any actual lock down procedure or system. A lack of training and policies are key factors for poor performance during lockdown - something which we can’t

afford to compromise on. Only 60 percent of the schools featured in the report had used Ministry of Education guidance to create their own policies on how to manage a lockdown. More than 40 percent of senior staff in schools and early learning services hadn’t been trained in, or practiced, managing a lockdown. Being able to respond rapidly to a situation and having the right tools and systems in place to do this can mean the difference between life and death. The Ministry has produced a Planning and Preparing for Emergencies and Traumatic Incidents guide that details several points to consider when creating a lockdown policy. In this article, I hope to provide an understanding of how an access control system plays a vital part in such an event.

Planning and preparing for emergencies and traumatic incidents PRACTICAL INFORMATION AND GUIDANCE FOR SCHOOLS DECEMBER 2016

Phil Murphy, Gallagher’s Sales Manager for the South Island

NZSM

www.education.govt.nz

Prior to an evacuation, consider what might assist emergency services at the time of an emergency. Measures might include providing a master key or information on how to gain access, detailed floor plans of the site (which show entrances, windows, roof hatches and ventilation systems), and the estimated number of staff, children and young people on site and their likely location. An access control system can hold information on who is on site and indicate where they are. An access system allows you to configure safe zones within a complex – ones that cannot be easily accessed by any unauthorised persons. This information can be printed out quickly when required – or viewed remotely with secure access privilege or presented on a mobile device. A card reader at muster points (or a fully mobile reader) can also ensure anyone who has evacuated the building can badge in and a report can be printed quickly and easily. A site lockdown can be as simple as pressing a button on a desk or on your mobile device. There can be multiple options here from whole-site to part-site lockdown. Signalling a lockdown is of paramount importance and needs to be carefully thought out. In some cases, it may not be appropriate to sound an audible alarm. If an audible alarm is used, consider whether the signal can be heard clearly from all locations in the school, including non-classroom situations such as the gymnasium or swimming pool. If the signal cannot be heard by some classes, for example those on outside playing fields, then alternative ways and options to communicate with staff may be required.

December 2019/January 2020

Focus your energy on the things that matter. The fuel card that helps you run things your way Receive 12 to 16 cents per litre (including GST) discount off the pump price for all diesel and petrol purchased at a discounted Mobilcard acceptor site. Exclusions apply. For further details or to receive an application: Matthew John, Mobilcard Commercial Business Manager Phone: 027 839 3817 Email: matthew.o.john@exxonmobil.com

Terms and conditions apply. Not valid for c/c purchases. It is a commercial offer for NZSA members only.

Broadcast notifications direct to mobile phones enable you to communicate simply and quickly with multiple people and in multiple groups – for instance, different notifications for parents and teachers. In lockdown situations where children, students, and employees could be in danger, preconfigured broadcast notifications and recipient lists allow security personnel to send critical instructions to multiple recipients in one quick and simple step. Broadcast notifications can also be automatically triggered by alarms and events. The displays on readers can tell anyone trying

to enter a building that the site is in lock down – preventing further unwary people from entering. Using mobile access control readers not only allows access but can also the assist with the operation of lighting, air conditioning systems, and any electronic emergency equipment you may have, such as window shutters. When there are visitors on site, such as contractors, a robust process for managing them is required. A good visitor/contractor management system will enable you to know exactly who is on the grounds and where during an emergency. A mobile reader can also help

when challenging anyone who is on site to confirm if they are authorised or not. Broadcast notifications received via the Gallagher Mobile Connect App, for example, provide a trusted source of legitimate information amongst increasing amounts of text message (SMS) and email spam. As a secure communication channel, the app also protects against the threat of hoax or malicious text messages designed to disrupt operations or, in a worst-case scenario, harm people. Access control systems protect schools from threats through the power of the 4Ds: • Deter - put them off • Detect - know they are there • Delay - restrict their movement • Dispatch - alert emergency services swiftly. A free starter kit license with integrated contractor/visitor manager software is available to any school that does not have a Gallagher system and that wants to use broadcast notifications and manage visitors to site. To find out how you can obtain this, or if you would like to find out more about access control in a lockdown situation, contact us at sales.nz@security.gallagher.com.

December 2019/January 2020

NZSM

The State of Security Convergence An ASIS Foundation study cites the biggest barrier to the convergence of security functions in organisations as differences in culture and skillset between physical and cybersecurity. And the biggest driver?: aligning security strategy with corporate goals. A 2019 ASIS Foundation study has investigated the extent to which organisations in the US, Europe, and India have converged their physical security, cybersecurity, and business continuity management (BCM) functions. Titled “The State of Security Convergence in the United States, Europe, and India”,

According to its executive summary, the survey of more than 1,000 senior physical security, cybersecurity, disaster management, and business continuity professionals found that despite “years of predictions about the inevitability of security convergence, just 24 percent of respondents have converged their physical and cybersecurity functions.” “When business continuity is included, a total of 52 percent have converged two or all of the three functions. Of the 48 percent who have not converged at all, 70 percent have no current plans to converge.” Interestingly, two-thirds of respondents reported that their physical security, cybersecurity, and/or business continuity functions are working closely together either through convergence, partial integration, or collaboration. Data and follow-up interviews show that companies are organising their security and BCM functions in a variety of different ways depending upon business needs. The results indicated that a range of convergence models – from partial through to complete convergence – can be effective. But one size doesn’t fit all. The report defines convergence as “getting security/risk management functions to work together seamlessly, closing the gaps and vulnerabilities that exist in the space between functions.” “Fully converged functions are generally unified and interconnected, reporting to one security leader,” it states. “They often have shared practices and processes, as well as shared responsibility for security strategy. Converged functions work together to provide an integrated enterprise defence.” Strong leadership Regardless of how security functions are organised, “strong leadership and a clear security strategy” were cited by respondents as important factors for effective security. Most organisations surveyed (67 percent of converged and 57 percent of non-converged) report having an enterpriselevel security leader. Of those, 79 percent agree that having an enterprise security leader “enhances the effectiveness of corporate security.”

NZSM

According to the report, the most successful security operations share the following characteristics: • Physical security, cybersecurity, and BCM functions are aligned around one security strategy. • The functions maintain open communication and share information with one another. • Security has a voice in the C-suite and senior leaders provide strong leadership and engagement for the functions. BCM leads converged charge BCM was reported as being converged with either cyber or physical security in 47 percent of the organisations surveyed, compared to just 24 percent having achieved converged physical and cybersecurity functions. An overwhelming majority of business continuity managers were of the opinion that convergence strengthened the BCM function. Convergence produces benefits 96 percent of those organisations that had converged two or more functions reported positive results from convergence,

December 2019/January 2020

with 72 percent reporting that convergence strengthened their overall security. Overall, 78 percent of those surveyed believed that convergence would strengthen their overall security function. It’s not about the money Only seven percent of converged respondents saw “reduction in security costs” as a primary benefit of convergence. 20 percent of non-converged respondents cited “potential cost savings” as a reason to look at converging. Non-converged organisations are more likely to have increasing security budgets than converged organisations, whether physical or cyber. 58 percent of non-converged organisations reported increasing cybersecurity budgets as opposed to 49 percent for converged organisations. 28 percent of non-converged organisations reported increasing physical security budgets compared to 24 percent for converged organisations. Bucking this pattern, 26 percent of converged organisations are seeing budget increases compared to 19 percent of nonconverged. Aligning security strategy with corporate goals The number one reason for converging (38 percent) among those who had not yet converged was “better alignment of security/risk management strategy with corporate goals.” This was also considered the key benefit by 40 percent of alreadyconverged respondents. Hurdle to convergence The biggest barrier to convergence (36 percent) was reported as differences in culture and skillset between physical and cybersecurity. “Turf and silo operating tradition” followed at 24 percent, and the “belief that cyber security requires its own operation” came in at 21 percent). 22 percent of respondents reported no challenges to convergence. The talent challenge The report cites a vice president at a US technology company as explaining, “there is no single skill set for all. The industry has not evolved where we can now have a single security practitioner who can do physical security, digital transformation, and product management. Until the industry evolves towards that, we will operate with three independent roles.” Convergence needs to be customised Convergence takes many forms depending on the industry sector and organisation. In some sectors, physical security and fire protection are heavily converged, while in others not so much. In some sectors, cyber is managed centrally while physical is managed locally. In other sectors, the dichotomy between centralised and decentralised is either absent or less pronounced. In the case of many airports and hospitals, states the report’s executive summary, “cybersecurity is run as a shared service across the enterprise while physical security is run by staff at each location. For those industries, cybersecurity is centralised while physical security is decentralised.” For more details, visit www.asis.org, and read the report “The State of Security Convergence in the United States, Europe, and India”.

December 2019/January 2020

The 2 Wire Intercom System From Bticino The easiest system available The 2 wire intercom system is the best technology available when time saving and ease of installation are crucial. With the simple non polarised 2 wire bus it is possible to install all kinds of simple and complex systems from single dwellings to large apartment and age care complexes.

Classe 300X13E

The new Classe 300 Wi-Fi monitor allows you to transform every home into a connected home. Receive calls, open the gate and activate the camera remotely day or night, at home or away from home.

Digital Call Entrance Panel Introducing the Linea 300 vandal-resistant entry panel with heavy stainless steel front cover. Can be flush or surface mounted. Call up to 4000 residents from multiple entry points.

Door Entry App: designed for the end user

DOOR ENTRY is the free APP for Android and iOS smartphones and tablets. Configuring the App needs just a few steps and, thanks to the BTicino Cloud, the connection is totally automated and managed with the maximum level of security. No port forwarding or router configuration required.

Matt Isaac M: 021 666 502 • P: 0800 34 88 88 E: info@incnz.co.nz • W: www.intercom.co.nz Auckland, New Zealand

NZSM

INDUSTRY

Protecting the Peace: Public protest and private security We are fortunate to live in a liberal democracy where people are free to engage in protest. But protest is often confrontational, and private security guards are often on the front line, writes Joanna Mathers. From civil unrest in Hong Kong, to the Ihumātao action in Auckland, protests are ramping up around the globe. While the right to protest is enshrined within our political system, when it spills over into private property, problems can arise. The Hong Kong protests have seen security guards arrested for allegedly preventing police from chasing protestors

NZSM

into a mall. And most recently, they’ve been at the forefront of angry shouting mobs, as more than 100 demonstrators attempted to enter a shopping complex in the east of the city. Closer to home, security guards on Waiheke Island were called “heavy handed” when they were involved in removing protestors from private property in 2012. The incident centred around 13 guards, who along with police, stopped locals protesting against the

barging of two prefabricated units over an esplanade reserve. Eight people were detained by police, and according to claims, guards carried protestors away from the site. If not handled correctly, protest situations can escalate quickly and publically. It’s vital, therefore, that security companies have plans in place before such action arises, so they know how to protect their clients and avoid harm to people or property.

December 2019/January 2020

Public protest in New Zealand’s recent history has been peaceful on the whole. But with movements such as Extinction Rebellion gaining momentum overseas, it seems likely that acts of civil disobedience may increase in our country. Preparedness is the key to mitigating the dangers of such actions, and there are strategies that can be put in place that will safeguard client’s property and the security guards at the coalface. Gary Morrison, CEO of New Zealand Security Association, explains that there needs to be a multi-layered approach to dealing with security issues around protest action, which puts the needs of the client at the centre. “When formulating a strategy around what to do in the case of protest, there first needs to be a discussion between the customer and the security firm to ensure the customer’s needs are met.” With this as a basis for action, security firms can develop plans for dealing with such eventualities. Morrison says that conflict resolution training is part of the basic training for security guards, but as the mandatory training is brief this is unlikely to be sifficient for dealing with real-life conflict caused by protests. Many security firms have their own in-house training that may deal more specifically with public protest.

December 2019/January 2020

In New Zealand, all governmental departments have mandated protective security requirements (PSR) that are based on a risk assessment approach. Security firms who work within such departments need to adhere to these requirements. They are also a useful template for other organisations wanting to take a “best practice” approach. Of the 20 mandatory requirements, some specifically relate to heightened risk situations. The requirements around increased risk levels involve the development of plans, and preparations to implement these plans when there is a threat to people, information and assets. It also spells out physical security mandatory requirements around the protection of people, information and assets, and necessitates the analysis of security risks, threats and vulnerabilities. When a security firm takes on a new customer, there should be a risk assessment that addresses any specific issues of concern. They client may have areas of particular sensitivity that makes them more vulnerable to protest action, so this needs to be factored into any assessment and the staff trained accordingly. Options for emergency situations such as public protests can be discussed in these early stages. These measures

may include establishing when to go into lockdown, determining property lines over which protestors can’t tread, establishing a relationship with local police chiefs, and having ‘trial runs’ of procedures to ensure preparedness for the real event. As an aside, part of the mandatory requirements for government organisations includes preparing for the continuation of work in the case of danger. Placing a building in lockdown due to dangerous conditions outside will have a financial flow-on, but if the organisation has put the appropriate measures in place, these should mitigate any effects of a lock-down. The establishment of protocols can underpin any actions that need to be taken in the event of a protest. It needs to also make clear what actions security guards can legally take, and what oversteps the line. “Security guards are legally able to defend themselves, but they don’t have any more rights than anyone else when it comes to the use of physical force,” explains Morrison. Making sure that all staff know their legal boundaries can help avoid issues such as those which arose during the Waiheke protest. Public protest situations can be volatile. While there is usually some warning ahead of time that they will be occurring, this is not always the case. It’s best to have plans around worst case scenarios and establish strategies for descaling tension. Given the correct training, security guards should know the actions that need to be taken when trouble starts to flare up. Morrison says that, in the first instance, front-line security staff need to go up the chain of command to let either their employers or the clients know of the issues. “The client is the best point of contact if they are on site; if not the security firm management should be contacted.” Management should be aware of the protocols around protest, and be able to put in place the strategies developed in the planning stages. If there is any imminent danger to people or property, police will need to be alerted and take action. Good education around the “cans” and “can nots” of the scope within which guards can act does a lot to prevent such issues. As with any security situation, sound assessment of risks and proper planning can help prevent the worst outcomes.

NZSM

Private security and the privatisation of public space What we commonly think of as public space is becoming increasingly privatised. In the private shopping malls in which many of us spend our time, what, asks editor Nicholas Dynon, is the role of the security guard? In the post-9/11 context, the prevalence of terror attacks perpetrated in sporting stadia, shopping malls, city sidewalks, tourist hotspots and places of worship, has led to an increasing focus by security commentators and policy makers on locations where people congregate – ‘crowded places’ and ‘public spaces’ – as the attack venue of choice of terrorists and fixated persons.

These notionally public spaces are often – and increasingly – privately rather than publicly owned. And it’s in these spaces that private security takes a particularly public dimension.

NZSM

On the spot in public spaces In stadium-based terrorist attacks in Paris in 2015 and Manchester in 2017, the interventions of security guards in denying entry to would-be bombers resulted in there being fewer fatalities that might have otherwise been the case. In November 2018, when a deranged individual took to Melbourne’s Bourke Street with a gas cylinder-laden ute, a large knife, and an apparent intent to cause harm, three members of the public were randomly stabbed, including an onduty SECUREcorp security guard. It all happened so fast that the hapless guard had no opportunity to defend himself against the initial blow. Had things been different and he’d had time to observe, report and react, he would have effectively been first

responder. Victoria Police officers arrived at the scene minutes later. The fact is, citizens are far more likely to encounter security personnel and privately installed security surveillance devices than police officers in their day to day activities”. Collectively, private security officers possess a relative ‘surveillance ubiquity’ due to their number, and also due to the fact that they are deployed to the type of both publicly and privately owned ‘public places’ that have become the venues of recent weapons attacks and acts of terror. In the event of an attack, they may be already at the scene, or otherwise positioned closer to it than the nearest police officer. They also cost less than state-provided security and law enforcement.

December 2019/January 2020

While the weapon of choice of attackers has been shown in recent examples to be dependent on availability and opportunity, such as automatic assault rifle in Christchurch, hostile vehicle in Nice, knives in Melbourne and London, and bombs in Paris, London and elsewhere, the one constant in these attacks is the choice of a public space as venue. From a counter-terrorism preparedness perspective, it is these very spaces and their owners and operators that have become the focus of government strategies such as the Australia-New Zealand CounterTerrorism Committee’s Australia’s Strateg y for Protecting Crowded Places from Terrorism. On any given day, private security personnel provide security to any number of malls, office buildings, transport hubs, government offices, defence facilities and critical infrastructure sites. The point is, private security staff could be the ‘eyes and ears’ before any attack and the first response after any securityrelated incident” and they are more likely than their defence and law enforcement colleagues to be ‘on the spot’. Superior personnel numbers and ubiquity in public spaces are characteristics that support the proposition that the private security industry is well-placed to serve as a potential national security enabler. But it’s a complicated picture. It’s complicated In the shopping malls, retail precincts, entertainment and leisure complexes and al fresco café footpaths of contemporary New Zealand, notions of public and

December 2019/January 2020

private space have become increasingly complex. From a public or community security perspective, this presents challenges in terms of the proximity of the state (government agencies and law enforcement) to these sites for the purposes of surveillance and response. The rise of the private security industry in recent decades is in large part the product of the privatisation of (i) publicly provided security services (policing), and (ii) publicly owned space. The proliferation of privately owned public spaces (POPS) has fuelled growth in private security. On the one hand, the state has pushed responsibilities for the surveillance and policing of these spaces onto the private sector, while on the other hand venue owners see commercial and legal compliance benefits in providing for the security of their patrons/visitors. With so-called public spaces and crowded places now of significance to state counter-terror and national security considerations, private security presents as a potential national security enabler that remains as yet largely untapped. The rise of private ‘public spaces’ Heralded as “New Zealand’s first American-styled shopping centre”, Lynnmall opened in West Auckland on 30 October 1963. Since the 1960s, notes Aril Walrond, “there has been a trend toward public life taking place on private property, with recent decades witnessing what has been referred to as ‘spatial privatisation’ or the ‘mass privatisation’ or ‘territorialisation’ of public space, including the privatisation of public space ownership and management.

Shopping malls, entertainment and lifestyle complexes, sporting and leisure centres and transport hubs are described as examples of ‘privately owned public spaces’ (POPS), or ‘augmented’, ‘semi-‘ or ‘pseudo public space’. The expansion of mass private property environments in the UK and elsewhere is identified by several researchers as a key factor in the growth of private security, as property owners have recognised the commercial benefits of employing their own security forces. Researchers note, for example, that shoppers often feel safer [in malls]than on traditional shopping streets due to being sheltered from the weather and protected by private security guards. University of Auckland researchers Alison Greenaway et al., note the increasing privatisation of public space management in Auckland through the use of private security guards “and the ‘cleaning up’ of public spaces”. Publics in the UK, Australia and New Zealand are spending increasing amounts of time in POPS like shopping centres to the extent that these sites have become the subject of legal and philosophical debates over accessibility, surveillance and conditions of entry. Are the rules that govern behaviour in malls, for example, stricter than those on public land? A number of researchers note that designers and managers of POPS foster a sense of ‘ontological security’ among the users of their spaces, using safety and security as a key element in the attraction of patronage and, ultimately, the achievement of commercial success. Private security officers in these locations often enforce rules and behavioural

NZSM

conditions set by premise owners that are more restrictive than one might be subject to in a public space owned by the state. Spatial privatisation is not limited to single buildings, with ‘precincts’ and in some cases multiple city blocks – and the lanes and thoroughfares that crisscross them – in private hands. In many cases, entire city centre schemes are in the hands of a small group of private landlords. This is the case in massive multiblock developments such as London’s Canary Wharf, but also in New Zealand in developments such as downtown Auckland’s privately owned Britomart precinct. Importantly, and as critics of spatial privatisation, such as Jack Shenker writing for The Guardian, note, given that POPS have the look and feel of public land, a pedestrian may not have any awareness of where the public land ends and privately-owned space begins. According to Auckland CBD business association Heart of the City, “We’ve seen a laneway renaissance in downtown Auckland over the last few years, with property owners turning underused ground floors and carparks into vibrant areas for bars, cafes, and most importantly, people.” “One thing that Britomart and the Fort Street area have in common is the blurring between public and private spaces, with privately owned laneways that look like public streets and even have the same style of paving

NZSM

stones carrying through from the street outside.” In shared-street contexts, there is also the dynamic of what has been described as ‘café creep,’ or ‘brasserie bulge’ or ‘trattoria trickle’ – publicly-owned space encroached upon by private shop owners. Occuring on sidewalks, pedestrian laneways and pedestrianised malls, these spaces further complicate the already complex relationship between public and private spaces and the management of the security and safety of these. Conclusion New Zealand’s 20,000-strong private security personnel sector is a potential national security enabler that remains largely untapped. The sector contributes to the security of New Zealanders in the various roles it performs for public and private sector clients, and it does so successfully despite issues around pay, skills and standards. Security guards are more voluminous and ubiquitous than beat police and they effect surveillance and public order functions in most of the places where members of the public congregate. Although numerically strong, the licensed security guard population is, however, generally considered to be low skilled, and their generally low wages reinforce this. Although regulated, barriers to entry and compliance mechanisms reflect a regulatory light touch, and the industry suffers from a generally poor reputation among the public and among government

security and law enforcement partners. In concert, these present barriers limiting the potential of the industry to play a meaningful and formalised role in New Zealand’s national security. The private security industry does not feature in the New Zealand Government’s National Security System, it is absent from national security planning, and there exists not a single institutionalised relationship between the security industry and any of the government agencies one might assume it would have a relationship with. Relative to comparable jurisdictions, public-private cooperation in security in New Zealand is hampered by a continuing assumption by the state of its absolute preponderance in security affairs. Ironically, this assumption is at odds with the government-driven privatisation that has fuelled the industry’s spectacular growth. Exactly how the state might more meaningfully engage with the sector, and how it might harness the surveillance, reporting, incident response and security management roles of the private security industry as a ‘complementary capability’ in the national interest are important questions for the future. They are – or ought to be – inevitable questions, the answers to which have the potential to make New Zealand a safer place. This is an abridged except of an article published in the inaugural issue of the National Security Journal. Part two of this article will be in the February-March 2020 issue of NZSM.

December 2019/January 2020

NZ made

SECURITY TECHNOLOGY RELIABILITY

fire door holding

electromagnets 12 & 24 VDC selectable

rea

unb

le b a k

FDH40S

unbreakable universal mounting • Low power consumption - low operating temperature • One product suits floor and wall mounting • Universal armature - offsets to 55º to suit doors opening past 90º • Wall mount extensions available • 12 & 24 VDC selectable • Push off button with no residual magnetism • Oversize armature for easy alignment • Emergency release button • Electroless nickel plated armature and electromagnet • Stainless fastenings • Full local support and back up

10 YEAR GUARANTEE*

Standard, floor mounted, wall to door distance 114mm

Designed, tested and produced in New Zealand to AS4178 A) Wall mounted,126mm extn. tube (overall 202mm) B) Wall mounted, 156mm extn. tube (overall 232mm) C) Wall mounted, 355mm extn. tube (overall 431mm) B)

TEE

Option A – Surface Mounted

AN GUAR

FDH40S/R

Surface and Recess mounting This device enhances an outstanding range of unbreakable products which conveniently hold open fire doors. When a smoke/fire alarm is activated the magnet instantly releases the door to the closed position to prevent the spread of smoke and fire. These units feature a choice of 3 covers for optimum aesthetic appeal and durability. The installer can utilise one device for surface mounting or for recess mounting. Option B – Recess Mounted

10 YEAR GUARANTEE*

Satin Aluminium

Gloss Black

Gloss White

For expert advice and assistance with your security locking needs, trust in Loktronic, call us on 0800 367 565

GUARANTEE

*Standard terms & conditions of sale apply.

21556/1/18

INDUSTRY

She’ll be right: Security AWOL at Defence event Having attended a recent Wellington event along with senior diplomats and government guests, NZSA CEO Gary Morrison writes that for an invitee list heavy on top brass, the gathering was disconcertingly light on security.

In the NZSA’s May newsletter I opened with commentary on the tragic events that occurred in Christchurch on 15th March and referred specifically that our “she’ll be right” attitude towards security left us vulnerable to some form of attack and that it was only a matter of time before terrorism found its way to New Zealand.

I also commented on the challenge for government, and other parties such as the security industry, to create a more risk aware society where security becomes an important consideration across our every-day lives, but without significantly impeding the social freedoms that New Zealanders enjoy and value. I was recently invited by the office of the Defence Minister, Ron Mark, to attend the launch of the New Zealand Government’s Defence Assessment “Advancing Pacific Partnerships”. The event was held at our national museum, Te Papa, and attended by a number of government ministers, ambassadors and senior ranking officials from New Zealand and Pacific defence agencies. Prior to attending the launch the thought crossed my mind as to the level of security that would need to be extended to such an event. Given the media exposure of the launch, the iconic venue (Te Papa), the political subject topic (defence in the Pacific) and the profile of the attendees, my expectation was for a very visible security presence with a requirement for identity verification and the probability of screening similar to what is the norm at domestic airport check-in.

NZSM

The reality however was very different and left me somewhat exasperated and disappointed at the example being set by lead government agencies and with the feeling that lessons haven’t been learnt. I arrived at the venue a few minutes early and at the same time as two others who were both casually dressed (the dress standard was service dress or suit equivalent). I was carrying a small overnight bag and one of the others carried a large case which I later observed contained electronic filming and recording equipment. The in-house security officer at the entry was engaged in discussion with a tourist and waved us to go inside where we were met at reception and asked if we were attending the launch. On confirming we were, we were given directions to the meeting room on level four. When we arrived at the meeting room the two persons I was with said they were

with the media and were allowed straight into the room – I was asked my name and when they couldn’t find it on the guest list, my details were promptly entered by hand and I was let through. Whilst I am aware that there is extensive camera coverage throughout the Te Papa facility, there was no form of identity check, bags were not searched or screened and attendees were unescorted whilst on site, yet this was an event that even the most basic risk assessment would have identified as being of significant risk. Unfortunately those who we would expect to lead by example, and staff who work for them, are often negligent in their own knowledge of security awareness and it is my concern that it will only be a matter of time before we experience another terrorism-related tragedy. To exacerbate matters, there was no form of health and safety induction or message what-so-ever!

December 2019/January 2020

INDUSTRY

Dahua showcases recent deployments Dahua video surveillance solutions are proving themselves in a range of environments and applications. In this success story from the Isle of Wight, Dahua puts an end to thefts from boats that had disrupted an otherwise picture perfect marina setting.

Theft and fires Yarmouth Harbour on the Isle of Wight consists of a large marina, docks for the Wightlink Ferry terminal, and pontoons and boat moorings upstream. It’s a idyllic environment you’d expect to see adorning postcards or souvenir tea towels. But a number of thefts from boats and boat fires in neighbouring harbours has caused a few ripples the otherwise tranquil surrounds. And with Yarmouth Harbour’s existing video surveillance system becoming outdated and riddled with poor picture quality and cabling issues, a new solution was needed. The Dahua Solution The harbour operators settled on a Dahua Technology video surveillance system with around 40 IP and thermal cameras, including a mix of thermal bullets, IR bullets, Ultra PTZs, IR domes and fisheye cameras. The thermal cameras are especially suited to wide area outdoor video surveillance and are ideal for the large, waterbased environments at the harbour. The cameras feature Vox uncooled thermal sensor technology and high thermal sensitivity at less than 40mK, enabling them to capture more image details and temperature fluctuations. With a built-in fire detection functionality, the cameras provide an extremely sensitive fire detection system.

The IR bullet cameras feature highly efficient H.265 encoding technology, PoE and IR illumination at up to 50 metres, as well as a wide dynamic range. These deliver vivid images even in the most intense contrast lighting conditions and delivering powerful day/night surveillance in a compact package. At one of the moorings upriver, there is no power supply on some of the isolated pontoons, so wind power and solar energy have been harnessed to power the new cameras. Images are transmitted wirelessly back to a control room at the main harbour office. When the control room is not staffed, Yarmouth Harbour can nominate individuals to receive alerts and images on their tablets and smartphones via the Dahua surveillance app. As well as the harbour itself, the system also covers the adjacent Yarmouth pier, a recently refurbished structure said to be the longest wooden pier in the UK. Automatic peoplecounting technology has been incorporated into the cameras at the pier’s entrance to monitor numbers on the pier as a health and safety measure. Benefits “The new surveillance system has transformed our ability to monitor the harbour for the safety and security of our customers, staff and the visiting public,” said Dave Rice of Yarmouth Harbour Commissioners. “The HD picture quality is superb and you can pick out people’s faces, so there is no comparison with the previous cameras. The system has proved straightforward to use and we are delighted with its performance to date.” “This proved an interesting project to work on, not least because parts of the installation had to be carried out by boat,” said Chris Snell, Managing Director of security installation firm, Central Southern Security. “The Dahua equipment has been a pleasure to work with and will provide Yarmouth Harbour with a great solution for many years to come.”

December 2019/January 2020

NZSM

BIOMETRICS

Facial Recognition – Impacts and effects of Privacy Regulations David Horsburgh CPP PSP PCI, Managing Director at Security Risk Management, presented to a sold-out ASIS Auckland Breakfast Meeting in November. His message: facial recognition use potentially breaches privacy principles. This presentation seeks to consider the legal and ethical impediments to the use of facial recognition technology. Live street surveillance systems have traditionally identified events in real time that require intervention or have been used as a post-event investigation tool. In contrast, live facial recognition technology targets the individual comparing people against a database of faces – a watchlist. This key point of difference is a precipitator to increasing international opposition to the technology. In May 2019, the City of San Francisco became the first US city to ban the use of facial recognition technology by local government agencies. In October 2019, the city of Berkeley followed suit, and it is expected that a number of other cities

David Horsburgh CPP PSP PCI, Managing Director at Security Risk Management

NZSM

in the US will ban the technology. In May 2019 during live facial recognition trials by the UK Metropolitan Police a man was charged with disorderly behaviour as he walked past a police van that was equipped with facial recognition cameras – because he hid his face. In August 2019, a Swedish school was fined 20,000 euros by the Swedish Data Protection Authority for using facial recognition to check pupil attendance at the school. With this project I have developed two hypotheses: • Does the state agency use of facial recognition breach the New Zealand Bill of Rights Act 1990 (NZBoRA) and the Privacy Act 1993?

• Does the private sector use of live facial recognition technology breach the Privacy Act? The research has developed strong support for the argument that facial recognition by state agencies breaches the Bill of Rights Act and Privacy Act, and that private company use is likely to be in breach of Privacy Act principles. Primary sources of my research have been the Independent review of the [UK] Metropolitan Police live facial recognition field trials, which was conducted by a US university; United States press articles that deal with both US and Chinese use of facial recognition; European and UK press articles; Article

December 2019/January 2020

MEM2400LP

World leaders in revolutionary Electric Locking Design and Craftsmanship. Proudly stocked and supported by NZ’s leading authorized distributor…

• Suits low door height or narrow profile frames • High holding force up to 1000kg • Releases with up to 70kg of side pressure; early warning alarm • Supplied with anti-tamper bracket • 12/24 VDC, low power consumption • 4 hour fire rated • Lock Status & Door Status Sensors MEM2400LED-LZ • Features as for MEM2400LP with L/Z Bracket for inward opening doors

FES20M • High security stainless steel strike rated up to 1490kg holding strength • Quick and easy Power to Lock/Power to Open interchange • Mounting kit with adaptor tabs • 12VDC 220mA; 24 VDC 120mA; 36 VDC 80mA • Door, Lock & Frame status monitors • Pre-drilled for extension lips, 25mm & 50mm available

FES 10 and FES 10M • Stainless steel faceplate & keeper rated up to 1300 kg holding strength • FES 10 is IP56 rated • Dual voltage capable; 12VDC 200mA, 24VDC 100mA • Pre-drilled for extension lips, 25mm and 50mm available • FES 10M has door latch monitor

SECURITY TECHNOLOGY RELIABILITY

• ELECTROMAGNETIC LOCKS

VE1260

• STRIKES • DROP BOLTS • ELECTRIC MORTICE LOCKS

FEL990M

• 5 YEAR WARRANTY

• High security, 1000 kg holding force, 35kg pre-load capability • Accepts 12-30 VDC • Door status & Lock status monitors • Square & radius edge models • Pre-taped glass door housing available for radius edge version • Special strike plate caters for up to 12mm door misalignment • • • • • • • •

Multi-functional and field changeable Vestibule or combination Fail Safe/Fail Secure selectable 12/24 VDC Left or Right hand Key override Monitors: Door, Lock, Key & REX 12 pin connector

21136/REV11.17 21336/1/18

Your FSH Electric Locking range includes…

17 of the International Covenant on Civil and Political Rights; and Article 8 of the European Convention on Human Rights. From a New Zealand perspective, I have drawn information from the Privacy Act 1993, Bill of Rights Act 1990, Law Commission reviews of the Privacy Act and Search and Surveillance Act, and a very important case from the New Zealand Supreme Court – Omar Hamed and Others v The Queen. For those who have done a CPP they would be familiar with this definition of security, which comes from Fischer and Green (1998): Security a stable, relatively predictable environment in which an individual or group may pursue its ends without disruption or harm and without fear of disturbance or injury. I argue that the Fischer and Green definition needs to be viewed from a broad perspective. Does [for example] the definition include the protection of human rights including the right to privacy, freedom of expression, association and movement, and freedom from discrimination? Viewpoints on the interpretation of security are influenced by our individual roles within society. While in the police I spent three years on the ‘Mr Asia’ investigation and during that period in 1978 we got new legislation that enabled us to install listening devices inside premises, and I was a great supporter of that. The New Zealand Security Intelligence Service (NZSIS) in the 60s, 70s and 80s in particular focused on trade union officials and peace activists as being threats to our society. I can honestly say that during my service with the Police and NZSIS the privacy rights

NZSM

of others were not high on my priority list, but that I now take a somewhat different view. Security needs to be ‘proportionate’ and I can’t emphasise the importance of that word enough. I will demonstrate that under New Zealand legislation and also under international law to which we are a signatory there is a requirement for security to be proportionate. Security mitigation strategies should be proportionate to the identified threat. I would also say that people need to be treated with dignity and respect and state agencies, especially, need to recognise human rights enshrined in the NZBoRA. Metropolitan Police live facial recognition field trials These trials took place between 2017 and 2019. Six of those field trials between June 2018 and May 2019 were independently university reviewed. The review had the support of the Metropolitan Police. The review personnel undertook an ethnographic research approach using observation and interaction methodologies. They were entitled to attend police briefings and debriefings and to take part in observations in the field. The review questioned the legality of live facial recognition by law enforcement. It found that there was no explicit statute authorising the use of facial recognition technologies. Conversely the Police claimed that they had an implicit authority to use it because they had a statutory function of protecting the public order and the prevention of crime.

The review considered that the interference with human rights, including the right to privacy, must be in accordance with the law, must pursue a legitimate aim, and must be necessary in a democratic society – and this view flows into New Zealand legislation under the NZBoRA. The finding of the review was that the term “in accordance with the law” requires explicit statute. When I refer to Omar Hamed’s case, the term explicit statute becomes of great significant in New Zealand. The review found that implicit legal authority – as claimed by the police – is insufficient and does not meet the legal threshold of “in accordance with the law”. It found that police had failed to establish that live facial recognition was necessary in a democratic society. The human right requirement is intended to ensure that the measures useful for the protection of public order and the prevention of crime do not inappropriately undermine other rights, including those necessary for the effective functioning of a democratic society, such as the right to private life, the right to freedom of expression, and the rights to freedom of assembly and association. In the UK there are further legal impediments to the use of facial recognition. The European Union’s General Data Protection Legislation (GDPR) currently applies in the UK. Whether it will apply after Brexit remains to be seen, but under GDPR the collection of sensitive biometric data that can uniquely identify people without their explicit consent is prohibited.

December 2019/January 2020

The UK also has the Data Protection Impact Assessment, which creates a legal requirement for sensitive data processing. Automated facial recognition involves processing biometric data to uniquely identify an individual and as such it falls into the category of sensitive data processing. UK case law has found that mere observation of people in a public place without further analysis does not give rise to interference with the rights to private life (Perry v The United Kingdom). However, private life considerations arise if instead of mere monitoring, areas of a public scene are recorded and analysed (P.G. and J.H. v The United Kingdom). In Omar Hamed’s case, Justice Sir Peter Blanchard found that you do not have a reasonable expectation, under most circumstances, of privacy in a public place. Chief Justice Dame Sian Elias took a very different view. On 22nd August 2019, the Financial Times reported that the European Commission is planning regulation that will give EU citizens explicit rights over the use of facial recognition technologies as part of the overhaul in the way Europe regulates artificial intelligence. The aim is to limit the indiscriminate use of facial recognition technology by companies and public authorities. New Zealand Perspective In May 2018, a Dunedin man was mistakenly identified as a shoplifter in a New World supermarket, and he was detained by staff. The customer was advised that they had identified him as a known shoplifter – an allegation that was subsequently proven to be incorrect. The Otago Daily Times reported that the store was using facial recognition technologies, although the store claims that the technology was not used in this particular case.

In another case in December 2016, a woman entered a supermarket and examined hams on display just prior to Christmas. She subsequently left the shop without making a purchase. The following day a friend of hers who worked at another supermarket advised her that her photograph had been placed in the supermarket noticeboard and staffroom. She had been identified by the manager when she examined the hams as a suspicious person. He had done a frame grab of the video, and it had not only been put up in the staffroom of that supermarket but had also been put up in the staffroom of a number of other supermarkets in the city. The manager said that this had happened because her behaviour had made him suspicious, but he agreed that there was no evidence to support his suspicion. The use of live facial recognition technology is being used increasingly in retail outlets in New Zealand. Image databases known as ‘watchlists’ are being used by retailers not only to identify people who have been convicted of shoplifting or who have been trespassed from their premises, but also to identify people suspected of being potentially involved in crime. The use of the technology in this way by retail outlets increases the likelihood of Privacy Act breaches. The New Zealand Police report that they use facial recognition technology for post-event investigation and do not have any current plans to use it in a live format. However, there is an increasing rollout of street surveillance systems throughout New Zealand and an increasing number of these are being live streamed to police stations. It is not unrealistic to expect that there will be an increasing desire by the police to use live facial recognition technology in the future.

State agency use of facial recognition technologies has the potential to breach both the NZBoRA and the Privacy Act. New Zealand Bill of Rights Applicable sections of the NZBoRA are Sections 16 (Freedom of Peaceful Assembly), Section 17 (Freedom of Association), Section 18 (Freedom of Movement), Section 19 (Freedom from Discrimination), and most importantly Section 21 (Unreasonable Search and Seizure). Section 21 states that everyone has the right to be secure from unreasonable search or seizure whether of the person, property or correspondence or otherwise. There is an argument that you do not have a reasonable expectation of privacy in a public place. Senior judiciary in this country have differing views as to whether that position is correct. The Law Commission has found that public surveillance is not explicitly addressed by the Search and Surveillance Act. Key points from the Commission’s review of that Act include that public surveillance: • is often used for general screening purposes and this is relevant to a proportionality assessment underlying Section 21. • may impact on the privacy of large numbers of people many of whom may not be suspected of any wrongdoing. • may have a chilling effect on the freedom of expression. The Law Commission further states that the free expression of opinions and exchange of information is one of the fundamental underpinnings of our society. If public surveillance became commonplace it would spell the end of the practical obscurity that many people take for granted when they move about in public. Widespread monitoring of the general population by the state, said the Commission, must be avoided. Omar Hamed and Others v The Queen This case involved the police undertaking a covert operation on Tuhoe land, with Chief Justice Elias writing at length on her interpretation of Section 21 of the NZBoRA and on New Zealand’s obligations under Article 17 of the International Covenant on Civil and Political Rights. According to Article 17, “no one shall be subject to arbitrary or unlawful interference with his privacy, family,

December 2019/January 2020

NZSM

home or correspondence nor to unlawful attacks on his honour or reputation. Everyone has the right to the protection of the law against such interference or attacks.” Elias expressed the view that Section 21 is a constraint on state activity; it protects personal freedom and dignity from unreasonable and arbitrary state intrusion providing for the right to be let alone. Of importance, Elias stated that in principle there is no reason why activity in a public place should by virtue of that circumstance alone be outside the protection of Section 21 of the NZBoRA. She discussed at length the UK decision Regina v Somerset County Council Ex Parte Fewings and Others, in which it is stated that for private reasons the rule is that you may do anything you choose that is not prohibited by the law. So, normal citizens they can do whatever they like as long as there isn’t a law that says you can’t do it. But, says Elias, for public bodies, the rule is opposite and so of another character altogether – that the action taken by state agencies must be justified by positive law. This links back to the review conducted in the UK about assertive law being required for use of facial recognition. Elias went on to say that a police search that is not authorised by law is unlawful and that unlawful police search is itself unreasonable search contrary to Section 21 of the NZBoRA. Importantly, she further stated that intrusive search is not a power to be treated as implicit in general statutory policing powers. She said, “I consider that the police cannot undertake surveillance lawfully in the absence of specific authority of law.” Our further link to the findings of the independent review in the UK is Section 5 of our NZBoRA, which states that the rights and freedoms contained in the Bill of Rights may be subject only to such limits prescribed by law as can be demonstrably justified in a free and democratic society. So, here we’ve got the same terminology that is used in the Covenant on Civil and Political Rights – “justified in a free and democratic society”. In Omar Hamed’s case, Justice Blanchard took a different view to Elias. He stated that with some exceptions filming in a public place is not a breach of Section 21. He did, however, state that if filming involved technological enhancements, such as the use of infrared illumination, that a potential breach may occur.

NZSM

So, in the context of a darkened alley at night you cannot see what’s happening, but if you use infrared technology then you breach Section 21 because the darkness would provide for a reasonable expectation of privacy in that alleyway. Bearing in mind that that the Omar Hamed case concluded in 2011, the question therefore arises as to whether the use of facial recognition technology falls within the meaning of Blanchard’s description of technological enhancements and as such breaches Section 21 of the NZBoRA. Watchlists Watchlists are a dataset against which a template captured by facial recognition is compared. The following questions need to be considered in the design of a watchlist: • Do entries on the watchlist only relate to persons convicted of serious crimes? • Is it permitted to put on a watchlist people who have been identified as being able to provide information relevant to an active criminal investigation? • Can watchlist compilations be abused, including against people who are political activists exercising their democratic rights to protest? (Case involving a public protest in the US against police use of force on a minority group where facial recognition was used to identify the people taking part in the protest). • Would the intelligence community have any influence over watchlist compilation? • Would the database be expanded to include driver licences and passport photographs of law-abiding citizens? In a recent public meeting conducted by Victoria University Wellington, a visiting law lecturer from the US stated that over 50 percent of all US adults are now enrolled on facial recognition databases, and that’s normally via their driver’s licence photographs. For example, the Michigan police database contains over 50 million driver’s licence photographs and mugshots. The dangers of a database compilation are highlighted by a case involving the Sensible Sentencing Trust. As reported by the Privacy Commissioner in Case Note 294302, the Sensible Sentencing Trust wrongly labelled a man on its website as being a paedophile. The man had the same first and last names of a convicted paedophile, but his middle name was different.

The Trust published his photograph on its website for a period of two years, and it wasn’t until a customer of the person told him that he was no longer welcome to visit the shop because he was a convicted paedophile that he knew about it. The Privacy Commissioner reported that the innocent person had been implicated in a terrible crime; that his reputation was tarnished, he had suffered emotional harm, and that he had been placed at risk of violence. This case is now before the Human Rights Commission who can impose a penalty of up to $200,000. Privacy Act The Privacy Act has 12 principles. The first principle is that the collection of information must be for a lawful purpose and it must be necessary. I can’t stress the importance of that term enough – ‘necessary’. Widespread surveillance for general screening purposes may be considered unnecessary, especially when the surveillance involves biometric scanning of law-abiding members of the public. Under Principle 2, the collection must be directly from the individual concerned. Public sector agencies have an escape clause for this on the grounds that compliance may interfere with the maintenance of the law. This escape clause is not available to private sector agencies. Private sector claims that compliance would prejudice the purpose of collection, or is not reasonably practicable, are likely to fail on the basis that the technology uses a scattergun approach. Non-compliance on the grounds that the individual concerned is not identifiable will also likely fail. Principle 3 requires the individual to be aware of the collection, the purpose of collection, and the right to access the information. The Office of the Privacy Commissioner has passed a view on Principle 3 in relation to facial recognition, and it says that there should be signage and messages posted that inform customers that facial recognition technology is being used and the reasons why it is being used. Principle 4 states that the collection must not be by unlawful or unfair means or intrude to an unreasonable extent on the personal affairs of the individual concerned. For both public and private agencies this principle is likely to be problematic because facial recognition technologies under most circumstances

December 2019/January 2020

are likely to be considered unfair and to intrude to an unreasonable extent onto the personal affairs of the individual. Principle 8 is also particularly relevant. The information (contained on a watchlist) must be accurate, up to date, complete, relevant and not misleading. Watchlists based on mere suspicion are likely to fail Principle 8 requirements. Trials of facial recognition technology have been shown to be biased and inaccurate with extraordinarily high false positive rates. Limits on use as described in Principle 10 may also be problematic if state agencies intend to use driver’s license images for a purpose other than what the image was originally obtained for Accuracy As stated earlier, the Metropolitan Police conducted six trials between June 2018 and May 2019. The trials generated 42 matches, and the people matched were approached by police officers in the field. Those matches resulted in an 81 percent false positive rate. In 2017 live facial recognition was used at the Cardiff Champions League final. 2,470 people were identified by facial recognition as being criminals. Subsequent research showed that there was a 92 percent false positive rate. In 2017 at the Notting Hill carnival, live facial recognition had a false positive rate of 98 percent. Although not used in the Metropolitan Police Service trials, live facial recognition software can be integrated into police body worn cameras

December 2019/January 2020

and city-wide surveillance camera networks, and that data may be subjected to automated analysis. It is technically feasible to create a database containing a record of each inidividual’s movements around a city. The potential for this kind of use raises serious human rights concerns because the data may involve false positives, and could be used to identify unusual patterns of movement, participation at specific events or meeting with particular people Bias There is significant public interest in the issue of potential bias and discrimination. Concerns include discriminatory practices based on input data and watchlist composition, and bias built into live facial recognition technology on the basis of sex, race and colour. Different algorithms and different applications assert biases in different ways, which requires analysis on an application-by-application basis. Independent tests on 127 commercially available facial recognition algorithms have identified gender bias where there are fewer false positives for men relative to women and racial bias where there is a higher false positive rate for dark-skinned females. An MIT study in the US showed that darker skinned women are misidentified as men 31 percent of the time. There are twice as many false positive rates for blacks as there are for whites. The US Justice Department is using artificial intelligence when somebody is arrested to predict whether they are

likely to reoffend in the next two years, and that analysis is used to determine whether they get bail or they don’t get bail. Studies have shown that the assessment of the potentiality for a criminal to reoffend within two years has a significant bias against African Americans. I’d like to finish with the UK Camera Commissioner’s statement on the use of facial recognition, and regarding video surveillance. The Commissioner stated that overt surveillance is becoming increasingly intrusive on the privacy of citizens, in some cases more so than aspects of covert surveillance because of the evolving capabilities of the technologies. The use of live facial recognition has the potential to impact upon ECHR rights and thereby influence the sense of trust and confidence within communities. The Commissioner said that it should be a fundamental consideration of any relevant authority intending to deploy live facial recognition that a detailed risk assessment process is conducted and documented as to the operational risks, community impact risk, privacy and other human rights risks, and any risks associated with it prior to deployment. Such risks should be considered as part of the decision-making processes associated with the necessity and proportionality of its use. This is an abridged transcription of a presentation delivered by David Horsburgh at the ASIS New Zealand Chapter Auckland Members Breakfast Meeting in November 2019.

NZSM

Facilities and Public Spaces conference offers answers to improbable failure Speakers at Conferenz’s Safe and Secure Facilities and Public Spaces conference in August presented various strategies aimed at protecting public places against ‘improbable’ security threats, writes chief editor Nicholas Dynon. In the previous issue of NZSM, I wrote that the Christchurch mosque attacks had provided security managers with a new set of problems, with employers and customers now asking them: “How do we make our sitting-duck venue, which is easily accessible by large numbers of people on a predictable basis, secure against the extremely unlikely possibility of a terrorist attack? And how do we do it cheaply?” It’s the classic Black Swan problem of how to prepare for – and invest in protecting against – an event as unknowable and unlikely as it is potentially catastrophic.

NZSM

In their presentations, Dean Kidd (Manager Safety and Security at Auckland Live) and Stewart O’Reilly (Manager Behavioural Analysis at SecureFlight Ltd) both made reference to James Reason’s famous Swiss Cheese Model, a model of accident causation used in risk analysis and risk management. In Reason’s model, an organisation’s defences against failure are represented as slices of cheese. The holes in the slices represent weaknesses in individual parts of the system and they vary randomly in size and position across the slices. The system produces failures when a hole in each slice momentarily aligns, permitting (in Reason’s words) “a trajectory of accident opportunity”. At any given time, one might safely assume that the layers of cheese are

enough to defend an organisation against failure. But in the off circumstance that Murphy’s Law wins out and the holes in the slices align, statistically improbable instances of failure can – and do – occur. Such is the nature of a black swan event, and thus Reason’s model is useful in not only conceptualising vulnerabilities to threats but also in identifying defences. It’s also a handy model for me to structure this article around in terms of describing how various speakers at the conference presented their examples of security defences and failures. Cheese slices The slices of cheese in the Swiss Cheese Model can be thought of as layers of security, and in Reason’s four-slice model these layers include the following:

December 2019/January 2020

1. Organisational influences 2. Supervision/management/training 3. Preconditions for unsafe acts 4. Execution, unsafe acts, failure to act Organisational influences In terms of the ‘organisational influences’ I identified three themes raised by speakers at the conference, including (i) guidelines/policies; (ii) procurement/ recruitment; and (iii) standards/securityby-design. These are the holes in the ‘organisational influences’ cheese slice that present weaknesses if not adequately covered. (i) Guidelines/policies Andrew Moss of Optic Security Group gave us insights into the relationship of cyber security to good physical security, and how a logical – and increasingly necessary – extension to the government Protective Security Requirements (PSR) model is that of ‘converged security’, where information security, physical security and personnel security are considered as interdependent rather than distinct domains. Dean Kidd and Lincoln Potter PSP (independent security consultant) focused on the usefulness of Australia-New Zealand Counter Terrorism Committee’s Australia’s Strateg y for Protecting Crowded Places from Terrorism and associated documents, including the Crowded places self- assessment tool, security audit, and supplementary guidelines: Hostile Vehicle Attack; Active Armed Offender; Improvised Explosive Device; Chemical Weapon Attack. Both Dean and Dr Bridgette SullivanTaylor (Senior Lecturer, University of Auckland) stressed the importance of employing a ‘joined-up’ approach to security resilience. To what extent, for example, do your security policies take your neighbours and their security vulnerabilities and capabilities into account? (ii) Procurement/recruitment In terms of ‘procurement and recruitment’, several speakers focused on the importance of a risk-based view of security solutions. Willie Taylor MNZM (Associate Director Security and Emergency Management at AUT), highlighted the importance of assessing what security elements are required based on a facility’s risk profile and physical features. Looking at procurement from an IT and cyber perspective, Steve Bell (Chief Technology Officer at Gallagher)

December 2019/January 2020

observed that “local government tends to have a small budget for IT and may not have investment in good cyber protection and general patching.” Checking that a supplier has an active process of evaluating their products for weaknesses, therefore, becomes critical. “In the rush to get IoT devices to market,” commented Andrew Moss on a related point, “functionality and appearance tend to be prioritised over security.” (iii) Standards/security by design In terms of security by design, Andy Wray (Senior Technical Consultant) reminded delegates that “good security design has multiple layers (defence in depth) often with differing technologies.” These might include detection technologies as diverse as radar; biometrics; ANPR, concealed weapon technology, chemical detection, thermal imaging, and microwave and vibration detection. Looking at security by design from a CPTED perspective, Anton Venter, General Manager Facilities, Engineering and Asset Management at Counties Manukau DHB, stressed the importance of designing the environment to highlight strange behaviour and create time to react, such as in the event of a lockdown. Covering such standards as covered ISO 31000 Risk Management and HB167 2006 Security Risk Management,

Chris Kumeroa (Director, Global Risk Consulting) demonstrated the value of data-driven risk analysis and risk management as the basis for a security solution. Also on standards, David Horsburgh CPP PSP PCI (Director, Security Risk Management) focused on the range of CCTV-related standards, including: Privacy and CCTV – A Guide to the Privacy Act for Businesses, Agencies and Organisations; BS EN 50132 – CCTV Surveillance Systems for Use in Security Applications; CCTV Operational Requirements Manual (UK Home Office Scientific Development Branch); A/NZ Police – Recommendations for CCTV Systems; and Defining Video Quality Requirements (US Department of Homeland Security). Supervision/management/training In terms of the ‘the management and training slice, I identified three themes raised by speakers at the conference, including (i) oversight/performance tracking; (ii) training and awareness; and (iii) culture. (i) Oversight/performance tracking In an excellent presentation focusing on the guarding sector within security, Ben Wooding (General Manager at Red Badge Group), talked about the idea of ‘suppliers as partners’. He made the important point that collaboration starts even before contracts are signed, and stressing the

NZSM

criticality of clear performance measures and KPIs, regular contract management meetings (face-to-face), traffic light systems for monitoring performance, and ongoing communication between suppliers and customers. Approaching the issue of oversight from an incident response management perspective, Dave Greenberg (Emergency Management Consultant) stated that plans go out of date (particularly in terms of contact information) quickly, and that regular checking and updating prevents the wrong information ending up on the plan at crisis time. In other words, says Dave, “Open the damn plan!” Barry Brailey (Principal Security Consultant at Quantum Security Services) and Ellen King (Emergency Response Consultant at Air New Zealand) gave us valuable insights into collaborating with emergency services, incident response, and the importance of “planning, planning, planning” and “people, people, people.” (ii) Training and awareness Bruce Couper (Director, RISQ New Zealand) reminded delegates of the value of providing security awareness training to staff and developing an effective security culture. “Who needs training within the security circles?” asks Dean Kidd. “Everybody.” According to Sir Ken McKenzie (Head of Security, Health and Safety at Auckland War Memorial Museum) there’s a difference between a person who has achieved competency and one who has merely been trained. Competency, he stated, is made up of the following five elements: 1. Skills 2. Knowledge (education, training or professional development) 3. Experience (application of knowledge and skills) 4. Behaviours (approach to safety, motivation, compliance, attitudes, communication, management, leadership or teamwork) 5. Fitness (physical fitness to perform the task/s) Dave Greenberg described the ‘crawl, walk, run’ approach to putting people through their incident response paces: 1. Crawl = talk through the plan with all the players 2. Walk = table-top exercise 3. Run = full scale test of all or part of the plan stress test the plan as much as possible.”

NZSM

But he also pointed out that despite the existence of solid standard operating procedures (SOPs), you can’t train for everything – a black swan event will be unprecedented in one way or another. (iii) Culture In a vivid presentation that detailed the security challenges of a large public institution housing priceless objects and handling massive visitor numbers and the occasional Royal Family member, Sir Ken McKenzie made the point that people operating in crowded places that embrace cultural significance must take cultural security seriously. Cultural security starts with an understanding of and respect for the significance of culture and place, and it encompasses more than just the museum and gallery context. How many stadiums, for example, are home to well-known sporting teams commanding large numbers of diehard supporters who may be prone to ‘passionate’ behaviour that in any other context might be deemed to be aggressive or antisocial? According to Anton Venter, a security safety culture should be embedded at leadership levels, with leaders responsible for branding, promoting, and visibly demonstrating security. Dean Kidd emphasised the importance of creating a ‘challenge culture’, which at its most fundamental level involves the wearing and checking of ID cards. Preconditions for unsafe acts In terms of the ‘preconditions’ slice, I identified three themes raised by speakers at the conference, including (i) neighbourhood; (ii) task saturation/ fatigue; and (iii) the state of systems. (i) Task saturation Security personnel often work excessive hours per week, and with a heightened threat level requiring a higher operational tempo, just how many more hours can a security guard take until he/she becomes ineffective? Dave Greenberg asks the related question “can business-as-usual continue while we deal with an incident” – or does something have to give? (ii) Neighbourhood In his wide-ranging presentation, Dr Paul Buchanan (Director of 36th Parallel Assessments) set the scene with an excellent geopolitical overview focussing on the security implications for New Zealand of great power competition

and contending value systems. Whether we understand it or not, our domestic security context is influenced heavily by international dynamics. As conference chair, I expressed the concern that security has not been a high priority for most New Zealanders because they have, in the past, taken their security largely for granted. This has given rise to a level of complacency that means that people just don’t have the conversations with each other on security matters that they probably should. According to Anton Venter, security “needs staff and community involvement to be a success”. In advocating for the establishment of networks of people responsible for security in neighbouring businesses, Dean Kidd, suggested a ‘precinct’ approach that accords with Dr Bridgette Sullivan-Taylor’s idea of a joined-up approach to security resilience. (iii) State of systems “It has not been traditional in the facilities management arena to expect to get cyber security upgrades for building management, process control and security systems, including Video Management and Access control,” commented Steve Bell. “Any of these systems that has software that is several years old will have cyber security weaknesses that should be mitigated though patches or upgrades.” This is a concern, says Andy Wray, particularly where legacy architecture meets the brave new world of analytics and artificial intelligence. But in the incident response and emergency management context, argues Brad Law (New Zealand Country Manager at RiskLogic) new, smart technologies will ultimately make all the difference, delivering: • Improved communication • Increased accessibility and mobility • Savings in time and effort • Better informed decisions • Empowered and decentralised decision-making • More effective response and recovery With a jam-packed schedule of 26 presentations over the course of two days, the conference covered far more than this article can do justice to. If there is a 2020 instalment of Safe and Security Facilities and Public Spaces, I recommend attending it in order to benefit from the full range of speakers and their insights.

December 2019/January 2020

fired up protection LOKTRONIC’s expansive product range has just become even wider with these first class EGRESS and FIRE PROTECTION DEVICES and PROTECTIVE COVERS.

NEW

STI-1130 Ref. 720-102

STI-WRP2-RED-11 IP67 Ref. 720-062R

Surface mount with horn and spacer 255mm H x 179mm W x 135mm D

Also available in White.

STI-RP-WS-11/CN Ref. 720-052W Available in White, Green, Blue & Yellow.

STI-13000-NC Ref. 720-090 Flush mount, no horn 206mm H x 137mm W x 69mm D

STI-RP-GF-11/CN Ref. 720-051G Available in White, Green, Blue & Yellow.

NEW

STI-RP-RS-02/CI

STI-13B10-NW Ref. 720-092 Surface mount, horn and label optional 206mm H x 137mm W x 103mm D

Ref. 720-058 Cover included. Flush Mount Available. • •

STI-1100 Ref. 720-054

•

Flush mount with horn 255mm H x 179mm W x 86mm D

•

• • • • •

STI-6518 Ref. 720-060 Flush mount, no horn 165mm H x 105mm W x 49mm D

STI-13210-NG Ref. 720-093 Surface mount, horn and label optional 206mm H x 137mm W x 103mm D

All STI ‘Stoppers’ are made of tough, UV stabilised polycarbonate. Many can be supplied with or without a 105 dB horn. Other models and sizes available including weather resistant options.

Approved to EN54-11 Current Rating: 3 Amps @ 12-24V DC, 3 Amps @ 125-250V AC Material: Polycarbonate Comes with Clear Cover 2 x SPDT switches Positive activation that mimics the feel of breaking glass. Visible warning flag confirms activation. Simple polycarbonate key to reset operating element - no broken glass. Dimensions: 87mm Length x 87mm Width x 23mm Depth (Flush Mount) & 58mm Depth (Surface Mount)

STI-6255 Ref. 720-042

Mini Theft Stopper discourages inappropriate use of equipment. Sounds a powerful 105 dB warning horn when activated. Tough, ABS construction. Reed switch activation for cabinets and display cases or unique clip activation for freestanding equipment. Does not interfere with use of protected fire fighting equipment. Compact design 85mm H x 85mm W x 25mm D.

STI-6720 Ref. 720-047

Break Glass Stopper. Keys under plexiglas. Protects emergency keys from inappropriate use. Keys remain visible. Fast, easy installation. Simple, inexpensive plexiglas. 3 year guarantee against breakage of the ABS housing within normal use.

NEW

Battery Load Tester Ref. 730-101

Fire Brigade Alarm: (Closed/Open) Ref. 730-231

Anti-Interference Device

ViTECH, strong, lightweight aluminum case, 5, 15 and 30 amp battery load tester for fire and alarm use. Weight: 500gms, Size: 165mm x 90 x 70mm.

ViTECH branded Type X (730-230) and Type Y (illustrated) models with temperature compensated pressure transducers with digital display showing pressures for defect, fire and pump start.

Ref. 730-400 series ViTECH AID for sprinkler valve monitoring; fits all ball valve sizes.

21620/1/18

21620

ViTECH products are designed and produced in New Zealand.

RISK ASSESSMENT

On Tour: When international cricket meets international risk With the cricket season upon us, Chris Kumeroa, Managing Director of Global Risk Consulting, draws from years of security experience in Pakistan and the Middle East to risk assess the potential for a New Zealand Cricket return to Pakistan. When I read back in 2018 that the New Zealand Cricket Council was to carry out “due diligence” as they considered a request from Pakistan to play a Twenty20 game in Lahore, my first reaction was that Pakistan posed significant travel and security challenges. A number of highly experienced security risk management consulting companies have had personnel who have operated in this region for a number of years and seen first-hand the dangers when trying to operate within this environment.

Chris Kumeroa is a director for Global Risk Consulting

NZSM

Pakistan is considered one of the most dangerous countries in the world (11th least peaceful in the 2019 Global Peace Index). In 2009, international sporting tours were stopped after gunmen killed five people on the Sri Lankan team bus. New Zealand Cricket hasn’t played in Pakistan since 2003 because of security concerns, with the UAE becoming home base for the Pakistan team. The internal security issues that plague Pakistan are greatly influenced by its neighbours, Iran, Afghanistan, India and Kashmir, and other geopolitical factors. The Pakistan Context Pakistan has two major allies, both superpowers and economic partners to Pakistan: China and the US. The Americans have invested heavily in Pakistan in recent decades, providing financial support for securing northwestern borders and combating terrorism in FATA/Swat, KPK and Baluchistan. For a number of years, the government had been slightly reluctant to intervene in FATA, KPK and Baluchistan’s (all rated extreme risk) political and security affairs with any form of military presence, although this has since changed. A guerrilla war waged by Baloch nationalists had kept the region – that borders Iran, Afghanistan and Pakistan – unstable and in turmoil for decades. The strong Taliban presence in the tribal areas of KPK has also made that province extremely difficult for the government to manage. Political instability continues to plague Pakistan. There have been a number of military coups since the nation gained independence from Britain

over seventy years ago. The absence of a strong political system and allegations of corruption over many years have given rise to crime and armed conflict, which has increased with international terror groups such as al Qaeda, the Taliban and ISIS (Daesh) more recently. It had been planned that a Silk Road corridor to be established by the Chinese; a six-lane highway from the northern China border to the Gwada port, in southern Baluchistan. The Silk Road would give China direct and easy access to Middle Eastern and African markets. Chinese investment into Pakistan will be substantial and would allow Pakistan to modernise and potentially unlock its rich natural resources, including oil and gas, gold and coal. At the time, Pakistan’s government wanted to bring stability to the region to ensure the Silk Road proceeded, and conducted a sustained military offensive against domestic militants in the west of the country. A number of Taliban commanders were captured or killed by the Pakistan Military, and others were killed by US drone strikes in cross-border operations. The risk assessment identifying security concerns facing the development of the Silk Road are the same issues that face tourists, businesses wishing to establish a base for commercial activity, and international cricket teams considering touring the country. Assessing Security Risks I spent two years in Pakistan as Country Security Risk Manager for one of the world’s largest oil and gas service providers, based in Islamabad. It was a dynamic and complex environment,

December 2019/January 2020

characterised by security risk levels that constantly shifted as a result of political decisions and security incidents. This would invariably affect the “Country Alert State” and, consequentially, our security advice. Pakistan risk levels are assessed as High (-12.2 out of -25) on the basis of a Country Security Risk Assessment System in which quantitative and qualitative data is crossed referenced by senior analysts and experienced global security consultants to ensure the threat and risk levels match trends on the ground. It is important to measure all security elements (including political, terrorism, travel, operational and security risks) within the threat landscape so as to adjust the ratings accordingly. If no adjustments are made as a result of misinterpretation of risks this gives rise to vulnerabilities for an organisation as extremists and criminal elements become adept at spotting weaknesses within a security structure. These can invariably lead to fatalities, injuries and a loss of business at the hands of sophisticated, well-funded, well-organised and sometimes complex attacks. When trying to improve security outcomes, it’s important to meet with the citizens and law enforcement of local communities. If you apply a hearts and mind approach they are a great source of free information, effectively becoming allies to your broader security cause. More often than not this is a usual first step for current and former Special Forces personnel and the Private Security world, but for individuals and companies operating on their own, getting the locals

December 2019/January 2020

on side is an often overlooked practice leading to unfortunate consequences. Getting the lay of the land early and trusting your instincts about the environment and people you deal with (what feels right and comfortable – developing and trusting your sixth sense) is important. Occasionally this means engaging a local (preferably former military or law enforcement officer – referred to you by the state) that understands the environment and is able to interpret it in a way that promotes safe operations. Local support Once you have established the country and area risk levels and ratings, the next step, as it should be in the case of a New Zealand Cricket Team tour, is to establish what additional support is required by the host nation and private security providers to achieve acceptable levels of control that match or exceed the organisational threshold and are in line with a security management plan. This is known as the risk-based approach. Not long ago I stood in an underground bunker, under a safe house controlled by the US military, and listened to the mission breakdown of the hunt for Bin Laden. The US conducted it without Pakistan’s consent or knowledge. This placed significant political pressure on an already frail relationship in which they needed each other to combat the growing influence of the Taliban and ISIS in the region, who were using Pakistan as a base to launch attacks against Coalition forces in Afghanistan. The attack on Bin Laden led to ongoing suspicion by the ISI (Pakistan Secrete Intelligence Service) that

other foreign nations had intelligence personnel operating within its borders. It would be fair to say that all foreigners are now treated with suspicion, which presents new challenges for any security risk management provider. Anyone venturing into Pakistan, such as sporting teams or businesspeople, should bear this in mind. Reliance on government cooperation, whilst seemingly enthusiastically given, might not always be as reliable as an independent body familiar with the local environment. If a cricket match were to go ahead, this should be based on a comprehensive threat and risk assessment of the current political state of Pakistan and past and current shifts in the security operating environment. After establishing minimum security standards, state support for pre-match visits and for the tour itself should be requested. In conclusion A cricket match would be hugely significant for the game internationally and for the country as a whole, but it will come with its inherent challenges on the security front, particularly if extremists were to see it as an opportunity to demonstrate to the West (not just New Zealand) that they can still create havoc. The Taliban have long memories and understand New Zealand’s role with the Coalition in Afghanistan some years ago, and they could use this as an opportunity for payback if a soft target presented itself. We have a saying in security: we as security providers have to be lucky all the time, whereas terrorists or highly sophisticated criminal groups only have to be lucky once.

NZSM

CCTV ANALYTICS

Video Surveillance: Data analytics gains hampered by privacy concerns Traditionally a security device, the CCTV camera is evolving into an analytics-enabled data collection tool. While new camera smarts present opportunities for retailers, writes Joanna Mathers, it pays to understand the implications. Technology has been a great enabler for the security industry and nowhere is this more evident than in the evolution of CCTV. Video surveillance systems have developed far beyond their former uses, and advances in security camera and video management systems now allow for machine vision and analytics-enabled solutions, essentially turning CCTV cameras into data collection devices.

Such devices can provide those in retail with a useful tool in the fight against theft. But there’s a raft of other options for those wanting to turn raw data into useful information that can be used for marketing and other business purposes. From identifying VIP shoppers, and checking queue length, to analysing which areas of their stores are attracting the most interest from shoppers, retailers have a new tool for growing business. Karl Gaines is the director of IQ Security, a firm that specialises in electronic security solutions. He says that analytics-enabled CCTV has been slowly creeping into some of the larger New Zealand retailers over the past few years but is being used primarily as a security measure. There are layers of options that come with cameras that allow businesses to identify offenders and warn others of their activities. Both Pak’n’Save and Bunnings have such systems in place,

NZSM

allowing them to keep a close eye on shoplifters and prevent mass stock loss from repeat offenders. “About 90 percent of offences are committed by 10 percent of offenders,” says Gaines. “These systems store images of offenders on company databases, which can then be shared with other stores so that security staff can keep a look out for thieves who have been active in the area.” Auror is a New Zealand retail crime intelligence platform that is used by fuel company Z. IQ Security has developed third-party software that works alongside Auror to identify the vehicle license plate numbers of those who drive off without paying.

“The license plate is stored in the company database and if a driver of the vehicle that has been registered as a nonpayer tries to get petrol, it will lock the pump,” says Gaines. Facial recognition software is also used at traffic lights around New Zealand. One of the issues around this is that CCTV systems can be prone to cyber security vulnerabilities – essentially allowing outside users to access the footage from their home computers. CCTV camera manufacturers offer different layers of analytical tools that can be purchased as add-ons. Gaines says such add-ons (including marketing analytical tools) haven’t really been

December 2019/January 2020

adopted in the local market. But he explains they are becoming more common overseas. Gaines talks about a Taiwanese retail chain with such marketing analytics in place that allow for a comparison of activity between shops, measuring how many people have walked past the stores on any given day, and identifying key ‘hot spots’ within stores. The data is then analysed, patterns are identified, and issues pinpointed for underperforming stores. IQ Security clients are informed about the “added extras” that are available when purchasing a security system, but Gaines says that these tools add thousands of dollars to the cost of the package, and aren’t really seen as necessary by his clients. He does point to a unique use of CCTV tools at the new Westfield in

December 2019/January 2020

the Auckland suburb of Newmarket, where the carpark exit is locked if people overstay their two hours. “The car’s licence plate is recorded and if they stay over by even a minute, they aren’t able to leave.” Greg Hartford from Retail NZ, like Gaines, isn’t personally aware of any retailers utilising CCTV analytics for marketing purposes currently. “In New Zealand, we seem to be using cameras more as a preventative tool, for example showing pictures of people who have been caught shoplifting. But it may be something we see more of in the future.” It may not be popular in the New Zealand retail sector currently, but the development of facial recognition software, and the tools that enable this, are being closely watched by those who protect our privacy.

Graydon Hayes from the office of the Privacy Commissioner says that the technology has the potential to be very intrusive, and is not always reliable “which can present some tricky privacy challenges”. He explains that there is nothing stopping retailers from using facial recognition software for marketing or analytical purposes, but they will need to adhere to the principles of the Privacy Act if they decide to move in this direction. “If they do start using it, the principles state that they will need to have a lawful purpose for collecting facial recognition data, and will generally have to let people know they are collecting it, how, and what they plan to do with the information.” Even if such use of such data is deemed to be lawful, the business must ensure that its collection and use is not unreasonably intrusive. “Facial scans and other biometrics are particularly sensitive pieces of personal information, so a business would have to justify why a less invasive method of collecting information could not be used instead.” Another area of concern around facial recognition technology is the possibility of misidentifying people, especially when attempting to identify the perpetrator of a crime. For businesses to use CCTV technology for such a purpose, they must ensure they use up-to-date and accurate personal information. “This realistically may not be possible with new and untested technology. Regardless, the technology will sometimes make mistakes, so there must be adequate controls in place to minimise the risk of harm to anyone misidentified.” There is also the potential for misuse of facial recognition data if a security breach occurs. Hayes says that businesses have obligations under the Privacy Act around retention, use and disclosure of personal information. “Depending on the facial recognition system being used, it is not always immediately clear how they would fulfil these obligations,” he says. Given the potential for issues around privacy, and the high cost of CCTV analytical tools, it’s possible that New Zealand ‘s retail sector will continue to shy away from this technology for the near future. Such surveillance has privacy implications, and any attempts to expand its use is likely to be met with some resistance. Watch this space.

NZSM

INDUSTRY

NZSA CEOâ&#x20AC;&#x2122;s November Report In this update, NZSA CEO Gary Morrison talks International Security Officer Day, NZSA AGM, and Annual Report highlights, including industry licensing and training, MSD Skills for Industry initiative and a new Industry Guideline. International Security Officer Day International Security Officer Day developed from a concept originally launched in Singapore in 2014 and has now grown to be widely accepted around the world as an opportunity to recognise those who are in the front line of the provision of security services, and go about their roles quietly, effectively and with minimal recognition. International Security Officer Day is recognised on the 24th July (24/7) each year and acknowledges that for 24 hours, 7 days a week, security officers are at work and ensuring it is secure for us all to be free from fear and interference. The NZSA is very supportive of this initiative and will work with the New Zealand Security Magazine, our members and other stakeholders (including customers) to promote the day and increase society awareness of the great work performed by our Security Officers. We will provide more information on this over the coming months.

NZSM

NZSA AGM The NZSA AGM was held on 26 September in conjunction with the Facilities Integrate exhibition at the ASB Showgrounds. At the meeting we farewelled James Sutherland from the Board following nine years of service and welcomed the re-appointment of David Proud of VIP Security and the election of Caroline Halton of Cityguard. It was pleasing to see unanimous support for changes put forward to the NZSA Rules and the adoption of the Annual Report. The rule changes will enable future restructuring of the Board and the potential to appoint an independent Chairperson and Board members should it be deemed appropriate. The annual Report provides an update on the financial performance of the association and a chance to comment on achievements over the last twelve months. My report within the Annual Report follows:

Gary Morrison, New Zealand Security Association CEO

December 2019/January 2020

Highlights from the Annual Report 2019 Industry Licensing Significant achievements this year include confirmation that Monitoring Operators must be licensed under the Property Guard category (now recognised as either Security Officers or Monitoring Officers) and clarification that registered electricians must hold a security licence in the Security Consultant category when either selling security systems or providing security advice to customers. We have also worked closely with our licensing authority (PSPLA) and the DIA Complaint Investigation and Prosecution Unit to take a hard line on unlicensed operators and applaud the recent prosecution of a serial unlicensed security operator. Industry Training There has been considerable work from Skills, the NZSA and industry work groups over the last twenty-four months in ensuring that industry qualifications are current, relevant and “fit for purpose” for trainees, employers and customers of the industry. The current Nat ional Cert if icate in Security Level 2 (for guarding and patrol ser vices) will be withdrawn at the end of this year and replaced by a New Zealand Cert if icate in Security Level 3. The qual if icat ion has been approved by NZQA and training materials are currently in development by training providers and Sk ills. The Level 4 is currently in development and will be available in 2020.

The National Certificate in Electronic Security (for security technicians) has now been replaced with the New Zealand Certificate in Electronic Security with the Level 3 being delivered and the Level 4 recently approved by NZQA and with materials in development. Once available, the qualification will be available as an apprenticeship programme. This year has also seen the development of a new qualification for Monitoring Operators based around the New Zealand Certificate in Contact Centres but contextualised for a monitoring centre environment. Whilst the development of all three qualifications has been somewhat slower than hoped, there has still been significant progress and this is also mirrored in industry training outcomes where we have moved from 3% of the industry holding an NZQA qualification in 2016 to the current position of 15% of workers in the industry having a NZQA qualification. MSD Skills for Industry initiative In June 2018 the NZSA launched a pilot Skills for Industry contract in partnership with MSD, targeted at placing 90 candidates from benefit programmes into fulltime employment with NZSA members over a nine-month term. The pilot was the first industryled programme in New Zealand and the outcomes exceeded all expectations, successfully achieving the target placement numbers and being widely applauded by participating NZSA members and industry stakeholders. Following the success of the pilot contract, the NZSA has entered into a new annual contract with MSD based on 150 placements annually. This not only provides NZSA members with much needed employee resource but also provides support funding to our members to assist with the training needs and pastural care requirements of the new employees. It is also pleasing to see the NZSA Work Broker programme being held up as the benchmark for other industry sectors looking at entering into similar programmes. Industry Guideline I’m pleased to advise that this document has now been prepared in draft and is undergoing an industry review prior to being circulated to the Unions and WorkSafe for consultation and input.

December 2019/January 2020

This document was originally promoted in the 2015 Coroners Report into the death of Security Officer Charanpreet Dhaliwal in 2011 where MBIE and WorkSafe were tasked with developing an Approved Code of Practice or Security Best Practice Guideline. Unfortunately, these agencies cited other priorities as taking precedence and it has required the NZSA with assistance from both Etu and NZCTU, to take ownership for preparation of the draft document. Once approved by WorkSafe, the Guideline will be recognised as evidence of best practice and will be recognised as the “standard” for all companies operating in the guarding and security patrol sectors. Looking forward Whilst it is pleasing to report on such positive developments, there is also the reality that as an industry, we do have challenges ahead and areas on which we need to improve. The recent announcement of vocational education reforms signal the managed disestablishment of ITOs and the introduction of a new model where training providers become responsible for arranging and supporting all vocational education (whether on-job or off-job) and Workforce Development Councils become responsible for moderating assessments. The NZSA has over recent years developed an excellent relationship with our ITO, Skills, and we do hold major concerns with regards to the lack of detail and uncertainty around the new model, particularly where we have new qualifications in development. We are also aware that changes in Government procurement (and specifically targeting security services) are due for implementation later this year and whilst we have been working closely with MBIE, the final detail has yet to be released. Similarly, the introduction of Fair Pay Agreements has been signalled as a possibility for next year, with guard and patrol service providers identified as a priority industry sector. As mentioned earlier, the good news is that we are now well placed to manage these challenges for the benefit of our members and to look at other positive means in which we can demonstrate membership value. I am very confident that the NZSA is recognised as the industry peak body and has the credibility with all stakeholders to be the true voice for the industry going forward.

NZSM

BIOMETRICS

Saving Face The fast and loose adoption of facial recognition technology, writes Megan Gates in Security Technology, has potentially negative impacts for marginalised people, such as minority groups, already at risk of discrimination. It was a social media explosion of sorts. Suddenly, thousands of people were uploading to Facebook, Twitter, and Instagram selfies of what they would look like in 10, 20, or 30 years.

They had created the images using FaceApp, a popular smartphone application that allows users to upload photos and select various filters to make themselves appear younger or older. But, most users did not realise that by uploading their likeness to FaceApp, they were also giving the company the right to use that image for commercial purposes and to improve its facial recognition features through artificial intelligence programs. After users became increasingly aware about how FaceApp could use their photos, they also raised concerns about whether the Russian-based company was

NZSM

sharing data it collected with the Russian government—and what ability they had to stop it. “Given the popularity of FaceApp and these national security and privacy concerns, I ask that the FBI assess whether the personal data uploaded by millions of Americans onto FaceApp may be finding its way into the hands of the Russian government, or entities with ties to the Russian government,” wrote U.S. Senate Minority Leader Chuck Schumer (D-NY) in a letter to FBI Director Christopher Wray and Federal Trade Commission Chairman Joseph Simons. “Furthermore, I ask that the FTC consider whether there are adequate safeguards in place to prevent the privacy of Americans using this application, including government personnel and military service members, from being compromised.”

FaceApp has denied that it shares any user data with the Russian government. But the incident is the latest in a broad conversation about technology, accuracy, and expectations of user privacy related to facial recognition technology. In 2017, the U.S. House of Representatives Oversight Committee found that 18 U.S. states have memorandums of understanding with the FBI that allows them to share databases with the Bureau—effectively resulting in more than half of American adults being part of a facial recognition database. The U.S. Government Accountability Office (GAO) recommended in 2016 that the FBI make changes to its facial recognition database to improve data security and ensure privacy, accuracy, and transparency of the data that is included. As of April 2019, the FBI had not implemented those recommendations fully. “Facial recognition is a fascinating technology with a huge potential to affect a number of different applications. But right now, it is virtually unregulated,” said Oversight Committee Chairman Elijah Cummings (D-MD) in a hearing on the technology in May 2019. Under Cummings’ direction, the committee has held several hearings on facial recognition technology, and its subcommittees are conducting deeper dives to provide recommendations on how to make use of the technology more accurate, while protecting Americans’ right to privacy and equal protection under the law. “Facial recognition technology misidentifies women and minorities at a much higher rate than white males, increasing the risks of racial and gender bias,” Cummings said.

December 2019/January 2020

Joy Buolamwini, founder of the Algorithmic Justice League, was invited to testify at one of the Oversight Committee’s hearings. She explained that facial recognition technology is being rapidly adopted, but not always in a responsible way. And that can have negative impacts for marginalised people—such as minority populations already at risk for discrimination. “Facial analysis technology that can somewhat accurately determine demographic or phenotypic attributes like skin type can be used to profile individuals, leaving certain groups more vulnerable for unjustified stops,” Buolamwini said in her testimony. “An Intercept investigation reported that IBM used secret surveillance footage from NYPD and equipped the law enforcement agency with tools to search for people in video by hair colour, skin tone, and facial hair. Such capabilities raise concerns about the automation of racial profiling by police in the United States.” These concerns have led some municipalities, such as San Francisco, to outright ban the use of facial recognition technology for the time being. The city was the first in the United States to prohibit use of the technology by city agencies, and the ban carries additional

weight because it places limits on a region recognized for its role in advancing technology. “In the absence of responsible federal limits on mass surveillance, cities have a duty to act,” wrote Aaron Peskin, San Francisco city supervisor and sponsor of the ban, in a tweet. “Face recognition technology disproportionately harms women & communities of colour, and exposes us all to a dystopia of Orwellian proportion.” Shortly after San Francisco’s ban went through, Oakland, California, passed a similar measure. And as of Security Technology’s press time, Somerville, Massachusetts, was also considering a ban. Some security technology manufacturers are heeding these warnings about the development of facial recognition technology. In 2018, Axon—which owns and manufacturers Taser—created the Axon AI and Policing Technology Ethics Board to provide the company advice about the development of AI products and services. The board released its first report earlier this year, which found that facial recognition technology is not reliable enough yet to justify its use on bodyworn cameras.

“At the least, face recognition technology should not be deployed until the technology performs with far greater accuracy and performs equally well across races, ethnicities, genders, and other identity groups,” the board said. “Whether face recognition on body-worn cameras can ever be ethically justifiable is an issue the board has begun to discuss, and will take up again if and when these prerequisites are met.” The board also said that jurisdictions should not adopt facial recognition technology without “open, transparent, democratic processes, with adequate opportunity for genuinely representative public analysis, input, and objection.” Based on these findings, Axon CEO and founder Rick Smith said in a statement that the company would not move forward—as of now—on commercialising face matching products on its body cameras. “We do believe face matching technology deserves further research to better understand and solve for the key issues identified in the report, including evaluating ways to de-bias algorithms as the board recommends,” Smith explained. “Our AI team will continue to evaluate the state of face recognition technologies and will keep the board informed about our research.”

December 2019/January 2020

NZSM

Converging Event Security Writing for Security Management Magazine, Claire Meyer notes that the 2019 Unisys Security Index identifies increasingly risk-averse consumer perspectives on physical and digital security at public events. Recent active assailant attacks on cultural festivals, entertainment districts, and event venues are causing Americans to secondguess attending large-scale public events, and terrorist incidents and mass attacks are driving concerns globally as well. However, physical threats are not the only risks consumers face at events.

More than one in five Americans say they have cancelled plans or considered cancelling plans to attend a large-scale public event due to concerns about physical attacks, according to the 2019 Unisys Security Index. A large majority (83 percent) of Americans are concerned about a criminal attack at large-scale events such as concerts or sporting events; 50 percent reported being “extremely” or “very concerned” about physical attacks. Worldwide, 57 percent of survey respondents report being seriously concerned that a criminal attack may affect attendees. Consumers in the Philippines, Malaysia, and Colombia had the highest concerns (86 percent to 74 percent), while consumers in New Zealand, The Netherlands, and Germany had the lowest concerns (35 percent to 39 percent) about attacks at large-scale events. Security awareness climbs swiftly after large-scale attacks. Following the attack on two mosques in Christchurch, the percentage of New Zealand survey respondents who said they are seriously concerned about terrorism rose from 29 percent to 51 percent. Unisys conducted additional research

NZSM

on this topic, diving into more detail in seven countries (Australia, Brazil, Germany, Mexico, Philippines, the United Kingdom, and the United States). The Index found that 39 percent of respondents in those countries said they would think twice about attending a large-scale event, and one-quarter have changed their plans to attend. “We’re trying to balance safety and security measures with the experience of the fans; we certainly don’t want to do anything to deter that experience,” says Daniel Ward, assistant director of curriculum for the National Center for Spectator Sports Safety and Security (NCS4) at the University of Southern Mississippi. “It’s very easy for someone to stay home and watch an event on their 4K television, so the competition is stiff now. We aren’t going to be able to bring people in if we aren’t making them feel safe and secure and making sure that they are having a good experience.” Venues are also proactively reaching out for resources and training from the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and its nationwide network of Protective Security Advisors (PSAs), who work with schools, faith-based organizations, and event venues to improve security capabilities through vulnerability assessments, technical assistance, and facilitating training and exercises, says Brian Harrell, CPP, assistant director for infrastructure security at CISA. Recent attacks on crowded places and soft targets have driven increased interest in these services and resources, he adds. Event security professionals— especially for smaller events or those

without permanent venues—should strive to improve their cross-organization information sharing, says James DeMeo, CEO of Unified Sports and Entertainment Security Consulting LLC. “The threat continuum is everevolving and ongoing, in terms of physical security and the integration of technologies,” DeMeo says. “The sharing of information is paramount among key leaders entrusted with duty of care protecting those spaces.” “Effective communications between law enforcement, venue directors, and security personnel is essential in guarding fans,” he adds. Smaller venues or events might lack the resources that national organizations or associations have, but they can reach out to local fusion centers for information sharing, DHS resources, or educational tools. Beyond concerns for their physical safety, however, event attendees are also leery of data security when out at concerts, fireworks displays, or sporting events. When asked about data safety at large-scale events, 57 percent of global respondents said they are seriously concerned about having their personal data stolen when using public Wi-Fi at large events. Concerns are highest in Latin America, where 69 percent of respondents fear for their personal data when on public Wi-Fi at events. While convergence of physical and cyber risks has been a frequent refrain for security practitioners, the 2019 Security Index was the first time Unisys heard similar perspectives from a broad consumer base, says Tom Patterson, chief trust officer for Unisys. Consumers had nearly equal levels of concern regarding cyber and physical or kinetic risks—and

December 2019/January 2020

their potential interconnectivity—at events. “To see cyber and kinetic events coming together in consumers’ minds was truly telling and something that we—as an industry—need to address,” Patterson says. For U.S. survey respondents, 81 percent reported at least some level of concern about theft of their personal data when using public Wi-Fi, and 78 percent were concerned about theft of credit card data via public Wi-Fi. Globally, 26 percent of attendees who still plan to attend large-scale events will take extra precautions to secure mobile devices and wallets. However, only 15 percent say they are keeping alert for suspicious or threatening behaviour. Patterson advises event attendees keep devices patched and updated before attending events and using virtual private networks (VPNs) or cellular data to reduce Wi-Fi risks. This requires some pre-event preparation, he adds, so venues and event security professionals will need to reach out and advise customers about virtual and physical safety beforehand— without scaring them.

“Most people at a large event will see security right at the beginning when they get there—they’ll go through a metal detector perhaps or have their purse or backpacks checked,” Patterson says. “They’re aware of the security there, but they’re not really aware of the layer after layer after layer of security that goes into these large events.” He recommends peeling back the layers enough to give attendees a glimpse of the effort that goes into event security, which can help improve attendees’ trust in the organization. One key to improving event attendees’ attentiveness is ensuring they have a way to report suspicious behavior, says Ward. “‘See Something, Say Something’ is a great campaign, a great program, but in many cases, we forget to give them the capability to say something,” he explains. “A lot of venues have used signage in prominent locations so fans can see where to text something to, or on video boards before an event or during breaks so fans know if they see suspicious behavior or an issue they need to bring up to the venue to text it to this number. We’re giving [them] more tools and resources.

“We do understand that when people come to events, it’s to let their hair down and not to be overly cautious,” he adds. “So we want them to be able to say something to us, but we’ve also increased our capacity to notice things through technology.” DeMeo recommends emphasizing attendee security education and awareness through campaigns and promotional materials, noting that “an educated fan is a safe fan.” Venues are combining printed posters, graphics on digital screens, public service announcement videos, and social media messages on top of more traditional posters or season ticket holder emails to connect attendees, employees, vendors, and contracted security personnel with security information, Harrell says. However, it’s essential to share not just how to contact security personnel but why. “It’s always more impactful when individuals recognize why it’s important for them to report suspicious activity,” he says. “Messages should try to motivate individuals to report suspicious activity— to protect themselves, their family and friends, their community, and the activities that they enjoy participating in, including attending large events.”

December 2019/January 2020

NZSM

INDUSTRY

Clarification on licensing for electricians The Registrar for the Private Security Personnel Licensing Authority (PSPLA) has provided a guideline document for electricians, providing clarification on an issue long considered a licensing sore point. As a result of an exemption at Section 22 of the Private Security Personnel and Private Investigators Act 2010, it has long – and somewhat controversially been interpreted that registered electricians installing security systems do not need to hold a security license or CoA.

The new guidance confirms that EWRB-registered electricians carrying out the work of a security technician only are not likely to need a security license/ CoA, but those selling and advising on security devices are likely to need a security consultant license/CoA. In addition, the guidance confirms that because companies are not registered with the EWRB, those companies that carry out the work of security technicians or security consultants must also hold a company licence with the PSPLA even if their directors and employees are registered electricians. According to New Zealand Security Association CEO Gary Morrison, “this has been a contentious area for a long time and we applaud the Registrar for documenting what is considered best practice.” A full extract from the guideline document follows: Guidelines for electricians in relation to registering with the Private Security Personnel Licensing Authority The The Private Security Personnel and Private Investigators Act 2010 requires all security technicians and security consultants to hold either a licence or certificate of approval with the Private

NZSM

Security Personnel Licensing Authority. A security consultant is someone who sells or advises on security devices as defined in s 7 of the Act. Security technician is defined in s 6 of the Act and includes installing and repairing burglar alarms, warning devices, locking devices, safes and strongrooms. Section 22 (d) of the Act provides an exemption from needing to hold a licence or certificate of approval for carrying on an “occupation or business in accordance with a practicing certificate, licence, permit or other authority, granted or issued under any other enactment”. This exemption is unlikely to apply to registered electricians who carry out the work of security consultants because selling and advising on security devices is not listed in the type of work covered in the various electrical registration classes. Therefore, electricians who carry out the work of security consultants are required to hold a licence or certificate with the PSPLA even if they are registered with the EWRB.

Individuals registered with the EWRB may fit within the exemption in s 22 of the PSPPI Act if they carry out the work of security technicians only. Therefore, they may not need to be registered under both regimes. However, that exemption is unlikely to apply to companies as companies are not registered with the EWRB unless they have the status of an employer company. Therefore, companies that carry out the work of security technicians or security consultants must also hold a company licence with the Private Security Personnel Licensing Authority even if their directors and employees are registered electricians. Given the above guidelines the Private Security Personnel Licensing Authority considers it is best practice for all electricians who carry out the work of security technicians and security consultants to also hold a licence or certificate of approval with the Private Security Personnel Licensing Authority unless that work is only a minor or incidental part of their work.

December 2019/January 2020

EVENTS

SUBSCRIBE Readers of NZ Security include those working directly and indirectly in the domestic and commercial security industry. From business owners and managers right through to suppliers, installers and front line staff. Among our readers are IT security experts, surveillance professionals and loss prevention staff. Our readers take their job seriously and make an active choice to be kept informed and up to date with the industry. For only $75.00 plus GST you can ensure that you receive a 1 year subscription (6 issues) by filling out the form below and posting to: New Zealand Security Magazine 27 West Cresent, Te Puru, 3575 RD5, Thames, New Zealand or email your contact and postal details to: craig@defsec.net.nz Mr Mrs Ms________________________ Surname_________________________ Title_____________________________ Company________________________

ISC2: A Merry Cyber Xmas Quiz When: 2 December 2019 Where: Auckland Details: www.isc2chapter-auckland.org. nz/events/ Security Sector Network Discussion When: 10 December 2019 Where: Auckland Details: nxdynon@hotmail.com World Border Security Congress When: 31 March 31 â&#x20AC;&#x201C; 02 April 2020 Where: Athens, Greece Details: www.world-border-congress.com National Security Conference When: 15-16 April 2010 Where: Massey University, Auckland Details: www.massey.ac.nz

Asia Pacific Security & Innovation Summit When: 15-17 April 2019 Where: Copthorne Hotel, Queenstown Details: www.apsisummit.com/page/apsisummit-2020/ Security Exhibition & Conference When: 22-24 July 2020 Where: Melbourne Convention and Exhibition Centre Details: www.securityexpo.com.au New Zealand Security Industry Awards When: 21 August 2020 Where: Christchurch Town Hall Details: www.security.org.nz CIVSEC 2020 When: 1-3 September 2020 Where: Brisbane Convention Centre Details: www.civsec.com.au

Postal Address____________________ ________________________________ ________________________________ Telephone________________________ Email____________________________ Date_____________________________ Signed___________________________

NZSM New Zealand Security Magazine

December 2019/January 2020

NZSM

Power supply cabinets • Mounts for our 5 most popular models of power supplies; 6 key-hole anchor points for easier mounting • Lift off hinged doors for added convenience • Louvre ventilation on doors

total reed switch

• Roller ball reed switch provides anti-tamper to front and rear of cabinet

solutions from Flair

• 6 x 25mm knockouts, 2 each sides and bottom • Medium cabinet holds 5 x 7 A/h batteries

Choose from Closed Circuit or SPDT. Listed options will suit Standard doors, Steel doors, Roller doors

• Large cabinet holds 14 x 7 A/h batteries • Cam lock for security • Front lip to retain batteries and for additional strength

• Lip return on door for greater rigidity ic Prod ron uc

in N Z •

•D

e s i gned

and Pr od ted

Designed, tested and produced in New Zealand.

• Heavy gauge 1.2mm steel

• Durable powder coated white finish

for power supplies

Specials available to order.

With 30 models in stock, make Loktronic your go-to supplier. Fully monitored Powerbox brand security PSUs in 12 VDC from 3.5 A to 20 A and 24 VDC units from 5 A to 12 A. We have Meanwell DIN rail PSUs in 12 & 24 VDC from 20 - 100 watts, with optional battery charging. Inline, Plug packs and DC/DC converters round out this great range.

Flair reeds from Loktronic: an unbeatable combination.

Power supplies from Loktronic – a Powerful Deal.

• Surface mount • Press fit • Self adhesive tape or screw mounting • Flying leads or screw terminals • Standard and wide gap • Stubbies • Mini flange • Sub miniatures • Pull aparts • Clamp ons • Overhead doors with offsets

• Removable shelf and removable back plate to facilitate easy bench mounting of equipment

Loktronic

ISO 9001:2015

REGISTERED COMPANY

20238_PSC

Certificate No. NZ1043

Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK www.loktronic.co.nz

Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK www.loktronic.co.nz 20237.FL.2018

ALLIANCE Wholesale

ICTS e &cSecurity ICT & u r i t y – –ffrom r o m Entry E n t r ytotEnterprise o Enterprise

Wireless IP Surveillance

Certificate No. NZ1043

Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK www.loktronic.co.nz 20757_BP.2018

CCTV – Alarms – Access – Intercoms

Customized CCTV Kits Kits Dahua Customized

0800 AWL NZL

Open Platform VMS

• Cost effective high performance wireless access points for outdoor use • Stockists of AirMax, AirFiber, AirVision, UniFI & mFi series products • ITPLUS are a Ubiquiti certified and trained partner

• We supply fully customized supply fully customized • We complete CCTV kits in form of complete CCTV kits in form of Hybrid, Tribrid, IP Hybrid, Tribrid, IP, , CVI etc CVI etc • Complete kits are a great way of • Complete kits are a great way of reducing costs and getting the reducing costs and getting the whole package from one place whole package from one place • Receive FREE support* FREE support* including including remote connection • Receive remote connection assistance assistance

• Award winning best open platform VMS • Advanced Built-in Video Analytics • Micromodule crashproof software architecture • Includes powerful features such as Modern GUI, Video Archive, Green Stream, Time Compressor, Interactive 3D Map, Autozoom etc.

Distributed by

Ph: 09 950 4940 l E: info@itplus.co.nz www.itplus.co.nz

Loktronic

Power

distribution module

key switches Two functions are available Momentary or maintained contact (specify when ordering) Switch rated at 6A @ 28 VDC Supplied random keyed Re-key or master key at any locksmith Front or rear fixing

Loktronic

for gate locks

For the widest range range of applications, see our IP67 rated Loktronic and Loktrenz electromagnetic locks with optional brackets to make fitting a breeze.

Applications Access control, air-conditioning, lifts, lighting etc

•D

in N Z •

ic Prod ron uc

Designed, tested and produced in New Zealand.

Key switch supplied loose Mounting bracket Escutcheon Mounted on PDL plate with alloy cover

Comprises • DPDT 12 or 24 VDC Fire Drop Relay • 6, 8 or 10 fused terminals with LED • 2 Red Terminals • 2 Black Terminals • Assembled on DIN Rail • All Terminals Labelled

New options with this versatile product

We have strikes by FSH and eff-eff, Rim locks by CISA, plus specialty roller door locks.

e s i gned

Outdoor and Gate Locks from Loktronic - a smart choice.

This 6, 8 or 10 way Power Distribution Module will drop power to a group of doors when signaled by a fire alarm and has individual fused power supply to each lock. LED lights when fuse fails. Red and black terminals distribute from PSU or battery to load.

and Pr od ted

ISO 9001:2015

REGISTERED COMPANY

ISO 9001:2015

REGISTERED COMPANY

Certificate No. NZ1043

Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK www.loktronic.co.nz 20756_BP.2018

REGISTERED COMPANY

Certificate No. NZ1043

Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK www.loktronic.co.nz 21636.KS.2018

L • 8A Triton Drive, Albany, Auckland • sales@AWLNZ.com

Certificate No. NZ1043

Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK www.loktronic.co.nz 20239.2018

ALLIANCE Wholesale

I C T & S e c u r iwww.AWLNZ.com ty – from Entry to Enterprise

Everyone keeps an eye on this spot

If you have a product that you want the industry to notice, then this is the spot for you. For more information contact: Craig on 07 868 2703 or email craig@defsec.net.nz

From

, a cleverly designed,

Motorised Hook Lock to simplify electric locking of sliding doors. Available now from Loktronic. HL1260 • Up to 650 kg holding strength for the toughest jobs • Motor driven hook captures roller on strike plate • Recessed or surface mounting for easy fitting to most door types • Fail Safe/Fail Secure field changeable for simplicity • Accepts 12-30 VDC • Door Position Switch • Hook Position Switch • Tested to 400,000 cycles for durability • 5 year warranty for peace of mind

Also from FSH, the expertly designed

VE Lock

sets

new standards of reliability. VE1260 • 1,000 kg holding strength… ideal where high security is needed • Release with up to 35 kg pre-load makes for easy unlocking • Field changeable between Fail Safe and Fail Secure • Accepts 12-30 VDC • Door and Lock status monitoring for total status reporting • Radiused and square edged models suit new installs and upgrades • Can be installed horizontally, vertically and into surface mounted housings • Pre-taped housings make for simple installation onto frameless glass • Special wide V strike plate allows for up 12 mm door offset

NZSM

December 2019/January 2020

16078. REV 11.17

These fine products from world leaders in electric locking design, FSH, are proudly stocked and supported by NZ’s leading authorized distributor,

New Zealand Security - Dec 2019-Jan 2020

Articles inside

Editor's Note

Clarification on licensing for electricians

Converging Event Security

Saving Face

On Tour: When international cricket meets international risk

Facilities and Public Spaces conference offers answers to improbable failure

Facial Recognition – Impacts and effects of Privacy Regulations

Dahua showcases recent deployments

She’ll be right: Security AWOL at Defence event

Private Security and the Privatisation of Public Space

Protecting the Peace: Public protest and private security

The State of Security Convergence

Lockdown logistics: Incident management and access control

Hikvision Deep Learning: Securing ATMs 24/7

Releasing the potential of VMS