Real Words or Buzzwords?: Presence Technologies

Sept. 8, 2020
The proliferation of IoT sensors and devices, plus the current impacts of the COVID-19 pandemic, have elevated the capabilities and the importance of presence technologies

Editor’s note: This is the 52nd article in the “Real Words or Buzzwords?” series about how real words can become empty words and stifle technology progress.

About a year and a half ago I wrote about Presence Control, because technologies were emerging for presence control and I provided two definitions and three technology examples. I also wrote about the four privacy perils that presence control brings. Now more presence-related technologies are emerging, some relating to the COVID-19 situation, and as technology has greatly advanced – so have the privacy perils.

In that previous article, I wrote, “As technology advances, we must continually be on the alert not to restrict ourselves to legacy thinking and concepts regarding the design and management of built-environment security, safety and productivity. Built environment refers to human-made surroundings that provide the setting for human activity, ranging in scale from buildings to transportation systems to parks. We must also be alert to new terminology that better defines or describes emerging technologies and how we can apply them – or we’ll miss out on new security capabilities simply because we’ve given them legacy labels.” It’s still very true.

“Presence control” is one such term. It describes what is already being done in smart buildings and elsewhere but has been given ho-hum labels like “integration,” “trigger” and “activation,” which describe how it is accomplished but not what it actually is. It is the concept that is most important, because it opens the door to new thinking and, as is the case with this term, can inspire us to extend the capabilities of systems and devices we already have in place.

I’m now adding to the initial two definitions of presence control to give us a list of the current uses of presence technologies.

Presence Technology Uses

  1. Controlling or directing where individuals and groups should go or be at any given moment within a built environment.
  2. Using the presence of individuals or groups to control the elements or behavior of a built environment.
  3. Sensing and monitoring presence factors, such as social distancing and occupancy levels, for health, safety, security or environmental control reasons.
  4. Realtime remote presence monitoring of people, animals, vehicles and so on for a wide variety of situational awareness and situation management reasons.
  5. Establishing a passive or active remote presence, such as drone surveillance, telemedicine or robotic surgery, where actual presence isn’t feasible, but some presence-related capabilities are desired or needed.

Technology Advancements 

Advances in ground-based and satellite communications, data processing and cloud technologies are bringing massive-scale real-time capabilities to presence technologies, enabling levels of situational awareness and real and near-real time control that haven’t been possible before. These include wearable and other mobile technologies.

Again, thanks to go the Ticto folks (pronounced “tic-too”), now part of RightCrowd, for introducing the term “presence control” for built environments, relating to their visual security wearables that are used to monitor, control and provide visual status of who is authorized be present within a facility or managed open area. This contrasts with traditional access control, which only controls who can open a door or gate.

Digicon is a manufacturer of the dFlow line of optical turnstiles (dFlow) that facilitate the rapid flow of people through their innovative pedestrian gate design, dViator, which, for example, routes authorized people straight ahead or to the left or right, while routing unauthorized people in a different direction to a receptionist, security desk or back out to the entrance side of the turnstile or gate area. The traffic flow is not stopped due to the presence of an unauthorized individual. People are simply sent in different directions based on their status. (See the videos at the dFlow link.)

The dViator system can send messages to a display monitor (or other types of electronic displays) that provide specific instructions based on individual or group status such as being unauthorized, having an expired credential, being a contractor whose company’s insurance has expired, or other qualifications. For example, an unknown person might be displayed one set of instructions, while personnel with an expired credential may be told to obtain a visitor’s pass and given directions to the badging office. A contractor whose company’s insurance certificate has expired may be directed to a security office or other service desk so that appropriate arrangements can be made to regain access.

Due to COVID-19, this and other approaches to personnel flow control are now having one-second pre-entry temperature screening applied, an area of emerging technology that will require this article to be updated within a few months.

Contract Tracing with Privacy

I was recently introduced to a new contract tracing solution, AlertTrace,  that was specifically designed with data privacy in mind and is deployable within hours, thanks in part to the system being cloud-based. The system can also be deployed fully on-premises where that is an organizational preference or requirement. Importantly, the product is not based on smartphone apps, but on small purpose-built wearable devices. That eliminates a whole host of deployment rollout and user concerns. It can be deployed completely consistent with the guidelines in the ACLU whitepaper titled, "Government Safeguards for Tech-Assisted Contact Tracing."

The wearable devices are about the size of a stack of five U.S. quarter coins and can be clipped onto clothing, ID badge or worn around the wrist. The system uses end-to-end encryption and anonymizes its data to prevent the ability to identify users from the raw data alone. It doesn’t track employee whereabouts, only the distance between one device and another. It’s like an unmarked employee ID badge that knows when it’s near other ID badges. The data belongs to the customer organization, and data handling can be performed consistent with the organization’s existing data security practices. The system can perform automatic firmware updates of the wearables, an important product security feature required for manageability at scale for high device count deployments.

Human Factors Detection

It is now possible with reasonably priced low-power radar sensors, the size of a two or three hockey stacked up, to monitor body motion, breathing and heartbeat in a work or home area for detection of falls, sleep apnea episodes, and other situations. This type technology can be used to reduce lone worker risk, for example. The technology can monitor balloon-shaped zones up to about 32 ft. from the sensor, the size of the zone depending upon the sensor model. The technology allows for overlapping zones and has very high accuracy. It’s also capable of zone occupancy counting, passageway traffic counting and room entry/exit counting. This article will be updated soon to mention at least one such technology.

Privacy Perils

There are important privacy concerns that need serious consideration when implementing any product or system feature that uses presence technologies:

  • Information oversharing
  • Cyber tracks
  • Cyber snooping
  • Consent
  • Data stewardship
  • Data governance

Information oversharing occurs when more information is shared than is needed for the specific purpose of the feature or function. For example, listing the full contact information of all meeting participants, when all that’s needed is the individual’s name – because the individuals are already known (or will be) to the other meeting participants.

Cyber tracks are the bits of information left behind that others can see later, after time period when the information is needed has passed. This is information lifecycle management in miniature: where is the information going? How long must it stay there? How will it be permanently deleted?

Cyber snooping is what it sounds like, people looking around for bits of personal information that they have no business knowing. Information oversharing and cyber tracks are what make cyber snooping possible.

Consent is especially important given the arrival of GDPR and other privacy regulations. Consent must be an element of any personal information collection and distribution. Before you use personal information that is available to use, you should be aware of the conditions that govern the use of that information, including the specific elements of utilization that the individual consented to when providing that information. For example, if a security or other system interfaces with an Active Directory database, was consent given to use that information for the purpose that is now being considered? This warrants close attention due to the personal and corporate legal issues and related penalties that are involved.

Data Stewardship

The overall concept of stewardship is the performance of responsible planning and management of resources. Data stewardship is the management and oversight of an organization’s data assets to help provide business users with high-quality data that is easily accessible in a consistent manner. Data stewardship ensures the integrity, usability, and security of the organization’s data.

Data stewardship involves hands-on roles that are typically performed by individuals referred to as data stewards, usually not a full-time role but simply an assigned responsibility. Usually there are multiple data stewards who are individuals that have operational roles in deploying and using the technologies involved in the data generation, storage and usage. Data stewards’ collective efforts improve the utilization and accuracy of data and information in a way that drives business performance and mitigates organizational risk.

Data Governance

Data stewardship is part of the organization’s data governance program. Data governance assures the availability, visibility (knowing what data is available where, and ensuring that business functions for whom the data has value are aware of it and can obtain appropriate access to it), usability, integrity and security of the data employed in an enterprise.

Data governance is a strategic function that does not directly deal with data, but sees that the people, policies and processes are in place and functioning as they should be to manage the data assets. Data stewardship is tactical in that each data steward’s focus is on a particular set of data being used by or generated by a particular business function.

The definitions above are based on those in a whitepaper I wrote for the Security Industry Association titled, "Big Data and Privacy for Physical Security," which you can read online or download.

Technology Trends

Note that future updates to this article will include emerging technology satellite video applications.

Emerging technologies are providing new capabilities that enhance security and safety, enhance business operations, and also improve the built environment experience. As with all trends relating to information technology the two IT megatrends apply: technology capabilities go up, as technology costs go down. These trends are a factor in the increasing use of presence technologies, which should always be brought under the umbrella of the customer organization’s data governance practices.

About the Author:

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.

About the Author

Ray Bernard, PSP, CHS-III

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (www.go-rbcs.com), a firm that provides security consulting services for public and private facilities. He has been a frequent contributor to Security Business, SecurityInfoWatch and STE magazine for decades. He is the author of the Elsevier book Security Technology Convergence Insights, available on Amazon. Mr. Bernard is an active member of the ASIS member councils for Physical Security and IT Security, and is a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).

Follow him on LinkedIn: www.linkedin.com/in/raybernard

Follow him on Twitter: @RayBernardRBCS.