If you are a regular reader of SecurityInfoWatch, you are probably aware that security technology has come under increased scrutiny from privacy and civil liberties advocates as of late. While much of the attention has been focused on facial recognition, given its rise in use by law enforcement agencies across the country – leading to a number of municipal ordinances and even a recently proposed federal ban – other solutions have not gone unnoticed.
After weeks of unrest in a multitude of cities following the death of George Floyd, Ring’s video sharing partnerships with police departments have also come under fire from activists, who say that the initiatives contribute to racial bias and potentially harmful encounters with law enforcement.
In the wake of this negative public attention, the Security Industry Association (SIA) last week announced that it has adopted a new Membership Code of Ethics, which requires member organizations to adhere to a set of nine principles in their businesses. These principles include:
- Act with honesty, integrity and transparency, eschewing fraudulent or misleading business practices and avoiding conflicts of interest.
- Provide accurate branding, use and cost information in marketing materials, advertisements and interactions with customers and potential customers.
- Conduct business with appropriate consideration of sustainability and the environmental impact of products and services.
- Oppose prejudice, harassment and abuse in the workplace as well as uses of their solutions that assist or abet prejudice, harassment or abuse.
- Work with law enforcement in an appropriate manner that enhances public safety while respecting the reasonable expectations of privacy held by customers and individuals whose images or information are captured by security devices.
- Protect all sensitive personal information that they acquire in accordance with industry best practices.
- Monitor and mitigate relevant risks as much as reasonably possible, including by securing and hardening networked solutions against cyber threats in accordance with industry best practices.
- Ensure that their products, services and solutions are not designed or manufactured in such a manner as to surreptitiously transmit information to third parties for purposes outside the normal and expected scope of security and business operations.
- Refuse to knowingly design, manufacture, sell or deploy products, services or solutions that have been finally determined by any supranational, national, federal, state or local governmental authority or any self-regulatory entity, whether foreign or domestic, having competent jurisdiction over the applicable member organization to support the infliction of human rights abuses, the restriction of civil liberties, and/or the implementation of other oppressive measures.
As of July 1, all new and renewing SIA members will be required to affirm that they will abide by these principles.
Despite the recent increased scrutiny of security tech, according to Ronald Hawkins, SIA’s Director of Industry Relations, there wasn’t a single impetus that led to creation of the ethics code. “The nature of security technology means that it touches on multiple sensitive areas – privacy, civil liberties, public safety and national security, to name just a few,” Hawkins explains. “Recognizing this, the SIA Board of Directors in 2019 voted to create the Ethics in Security Technology Working Group to provide resources to help SIA members maintain the highest standards of ethical conduct, both in their everyday business practices and when navigating these uniquely challenging issues. The working group then developed the Code of Ethics, along with a strong enforcement mechanism, both of which were unanimously adopted by the board in June.”
“The SIA membership is comprised of companies that are forward thinking, highly ethical, committed to excellence and work hard to provide leading edge security solutions for businesses all over the world. The board at SIA authorized a committee to start looking into an ethics policy over a year ago due to some member company leadership signing the Copenhagen Letter,” says Scott Dunn, Sr. Director of Business Development, Solutions and Services at Axis Communications, who also serves as treasurer and board member at SIA. “It was a personal commitment to do what one could to ensure the ethical use of technology (not just security technology). We felt that perhaps it was time to recognize and formalize the ethical standards we were already expecting and of our membership. Combined with other world events, the SIA board approved the work of the ethics committee and now have added this commitment to the membership by laws.”
The Copenhagen Letter
Last year at its annual MIPS conference in Nashville, VMS firm Milestone Systems announced that it would be including a new “Copenhagen Clause” in its end-user licensing agreements moving forward.
According to Tim Palmquist, VP for the Americas at Milestone Systems, the idea behind the clause was borne out of the aforementioned “Copenhagen Letter,” a document published in 2017 and signed by more than 150 individuals representing companies from around the world, that calls for organizations to consider the impact of technology on humans ahead of what it could potentially do for their business or profits.
“We recognize that our technology has never been more powerful than it is today and with that, we should consider some responsible use positions both because of the power of the technology and some of the conversations we’re having globally in the marketplace,” Palmquist told attendees at the event. “We should answer questions, such as who do we sell to? Who do we partner with? And, what is our technology used for?”
Ethics Enforcement
To ensure that members abide by the code, Hawkins says enforcement investigations and actions against companies may be initiated due to news coverage, government announcements or written complaints submitted to the SIA Executive Committee. Members who come under investigation will be notified in writing and given an opportunity to submit a response, according to Hawkins. The executive committee will then review all of the relevant information and make a recommendation to SIA’s full board of directors who will then make the final decision on penalty, which could range from a written warning to suspension or expulsion from the association.
“SIA takes issues of privacy and civil liberties seriously, as demonstrated by the Code of Ethics, as well as the activities of other groups, such as the association’s Data Privacy Advisory Board,” Hawkins says. “SIA is committed to promoting the responsible and ethical uses of these technologies while opposing abusive applications.”
“As an industry, we should be committed to always do our best to ensure that the technologies we provide for safety and security are used ethically and that we operate our businesses ethically as well,” Dunn adds. “We strive to be a trusted advisor and, in doing so, must maintain high standards of ethics.”
Joel Griffin is the Editor-in-Chief of SecurityInfoWatch.com and a veteran security journalist. You can reach him at [email protected].