Every year, just like in other industries, security professionals gather at trade fairs to present their services and products to potential clients. Last Autumn and for the second consecutive year, the annual International Security Expo in London was collocated with the International Cyber Expo: this was no coincidence. Indeed, the two domains are now intrinsically connected. ICoCA was also present there to promote adhesion to the International Code of Conduct for Private Security Providers. This was the opportunity to meet security professionals and interview them on the impact of technologies on the private security industry. This blog post, which is part of a series on technologies and their impact on security, focuses on the changing landscape of the private security industry and tech and the new developments that have come about.
Over the years Technology and private security companies have become progressively intertwined. While our perception of private security may remain associated with uniformed guards manning a gate or patrolling a perimeter, the private security industry is undergoing a discrete, yet profound revolution. Traditional PSCs (i.e. companies that are “primarily engaged in providing guard and patrol services, such as bodyguard, guard dog, parking security and security guards services” as defined by the US Bureau of Labor Statistics) are not only using technologies such as GPS trackers, CCTV, or drones in their traditional guarding missions but they are now assuming entirely new tasks, such as cybersecurity or AI-based intelligence. Operating remotely and across borders, many security companies now have the capacity to track people and vehicles or monitor incidents using open-source data from cell phones. This changes the sector, its composition, and the work and profile of people working in security. Furthermore, tech companies are now offering a new range of security services, expanding the boundaries of the security sector.
“Clients are now demanding technological security solutions so the market adapts.”
Entering the exhibition hall, visitors have to go through a security check with the traditional guards and dogs but beyond this point technology is everywhere: drones, scanners, facial recognition, radars, cyber security solutions, detection sensors, explosive ordnance disposal robots, control rooms… screens are blinking at every corner, companies run demos of their equipment and there are so many novelties that it is hard to distinguish between expensive gadgets from truly game-changing security devices. Criminals are getting tech-savvy and security companies need to stay ahead of the game. As I walk the alleys of the Expo, salesmen from a Japanese company invite me to sit with other visitors and offer me a cup of coffee. I sip it while watching a video of their latest autonomous hunting drone, built to patrol over strategic sites such as nuclear plants or dams and capture intruding drones with a net, like giant dragonflies.
Athletic sun-tanned middle-aged men, with shaved heads and camouflaged backpacks wander around the aisles of the exhibition hall. One can unmistakably identify special forces veterans turned into private security contractors. But the majority of the people you encounter there look like your milder colleagues in the IT Department: analysts, CISOs (Chief Information Security Officers), engineers, or computer scientists.
The transformation is happening very quickly: “Only a few years back the expo was all about fences, barriers, gates, locks, and other anti-intrusion devices!” says one of the conference regulars. “Clients of security are now demanding technological solutions so the market adapts.”
An Uneven Deployment
Tech is not only allowing PSCs to perform new functions, it also has the potential to change the private security ecosystem beyond recognition. However, it could be misleading to think that the expo mirrors the industry, it does not tell the whole story. Based on our observations during ICoCA’s field missions, it is important to note from the outset that the deployment of new technologies and capabilities is unlikely to be uniform across regions or within countries due to a variety of enabling factors and hurdles. Some countries, such as China, are far ahead of the curve, as homegrown technologies have become widely available for both domestic use and export. In other countries we see several barriers to the adoption of technology: companies are often unwilling or unable to issue items such as tablets or smartphones to security guards as a result of implementation costs, low digital literacy among guards or the unwillingness of clients to pay more for technology-enabled guarding services.
Towards the Replacement of Labour with Technology?
A major incentive PSCs have for using new technologies is their potential to reduce staff costs by reducing the number of personnel required to complete operations. Effectiveness can be improved at the same time: cameras or drones can monitor areas that are hard or expensive to access. Data collected by phones, AI-based video surveillance, or other sensors and processed by artificial intelligence can identify and recognise patterns humans cannot. Technology can also benefit the safety of security officers, exposing them to less risk by enabling risks to be assessed remotely and improving communications on the job. The use of drones for surveillance of large areas or quickly assess the situation after an incident has been reported is a case in point.
Will there be a change in the size, composition, and profile of the workforce due to technology? It is still too early to tell what the longer-term impact of technologies on the workforce will be, but we observe a global concern with the automation of labour across industries. Workers are concerned that increases in technology will make their jobs redundant. It is clear that a number of personnel will be replaced by technology in the private security sector but security managers are quick to tell me that humans are still essential to their work, as talking to the public often makes up a considerable portion of the job.
The increased use of tech may allow for a growing professionalization in the sector and improve the working conditions of guards, shifting their tasks from patrolling in the open to monitoring surveillance systems. This shift could also increase gender diversity in the sector, a male-dominated industry. We often hear that companies are reluctant to recruit female security officers because they could not assign them to the same tasks as men, such as posting them on night shifts in isolated locations for instance. An increased reliance on technologies such as remote surveillance could contribute to change that. Tech could improve working conditions: electronic payments increase transparency, prevent retention of salaries by supervisors, and ensure that remittances are paid to social security by employers. The use of technology may increase the accountability of companies and their staff and contribute to the prevention of violence and /or abuses and the accountability of security officers, through the use of body cameras for instance.
Technology also leads to the “Uberization” of security, which can potentially affect the status of security guards with ambivalent consequences. With new technological capacities, PSCs are increasingly adopting an “on-demand” model, where users can request services when they are needed through a mobile application. The notion of on-demand applies to both the provision of physical guarding services, as well as the payment structure for services. This can increase professionalism but perhaps aggravate already precarious working conditions on the other hand. What is certain is that these developments will have a major impact on the profile, skillsets, and training of guards: what standards should they apply when operating drones, CCTVs, or other surveillance systems?
New Actors in Security
The use of new technologies is likely to become a contractual obligation for security companies, with clients demanding the use of modern systems and equipment. Furthermore, it brings new actors into the security market: tech companies have been fast to develop new services and offer them to States for security and defense. In her recent post, Anne Marie Buzatu mentions the war in Ukraine as the most recent illustration of this trend, with companies like SpaceX or Microsoft directly providing the Ukrainian Armed Forces with intelligence or communications technology.
The activities of these companies encompass surveillance and espionage, information and disinformation, and “mercenary spyware” (software that can read information and communications on smartphones and avoids security features such as end-to-end encryption by accessing the data before it is encrypted). While they may not call themselves as PSCs, they are delivering private security services nonetheless. Thus, they do fall under the internationally established definition of PSCS as being companies “whose business activities include the provision of Security Services either on its own behalf or on behalf of another, irrespective of how such Company describes itself” (See section B of the Code).
Tech companies also provide security services to commercial entities. For instance, Facewatch provides cloud-based facial recognition security system to combat shoplifting. The borders between public and private security are often porous, data collected by private actors can be shared with authorities and vice-versa as illustrated by the controversial Project Pegasus (recently the UK’s largest retailers have agreed to fund a new biometric police operation that matches CCTV images of shoplifters with those in the police database).
Some commercial actors are now specializing in security-related activities and services, including anti-terrorism, intelligence-gathering, digital forensics, and protection against cyberattacks. At the expo, I met a former army intelligence officer now working for a company leveraging predictive analytics to advise their clients on the likelihood of disasters or crimes in particular areas. Analyzing data on weather, crime rates, and their locations or traffic can help identify areas that may be of greater risk for security incidents.
The lines are now blurred between tech companies providing security services and traditional PSCs providing guarding services. Tech companies may not even be aware of their specific responsibilities when providing security services. However, the International Code of Conduct for Security Providers applies to both as its scope covers “Private Security Companies and other Private Security Service Providers” (article 1). “Private security services” as defined in the Code includes “intelligence, surveillance and reconnaissance activities”.
“Information and communication technologies: what possible risks could there be?”
If many tech companies may not be aware that they are now part of the private security industry, conversely, most of the security professionals we meet have not started to think about the implications of using tech. Furthermore, many still think that the use of information and communication technologies is innocuous, perhaps as compared to the more “visible” risks for human rights in private security operations, such as violence or sexual abuse. Asking a senior representative of a security trade association about possible risks to Human Rights I get an amused, puzzled face “ICTs? you’ve got to be kidding me, what possible risks could there be???”
The risks are real and many: risks of spying, breaching privacy, discrimination of ethnic, religious, or other groups, repressing the right to freedom of expression, or people’s freedom of peaceful assembly. Tracking people on the move to prevent them from crossing borders can interfere with their right to seek asylum. At worse, surveillance can lead to the arrest, killing, or disappearances of people such as political opponents or journalists. A recent report by the Geneva Center for Security Governance and Privacy International highlights some of the risks that the use of technologies in surveillance may bring.
Another potential risk lies in the possibility of sensitive data collected and stored by private security providers being stolen. Connected surveillance cameras can be hacked for spying or planning an attack, as it was alleged recently in the war in Ukraine. Yet again few private security companies are aware of such risks when collecting data or deploying technologies such as CCTV.
“Before deploying technology, I need to be confident that all our operations are lawful”
The expos don’t attract only private security and tech but also public actors. The Police has a stand – where one can handle the “SWAT” unit gear and weapons – to promote its work and perhaps attract new recruits. Indeed, government agencies seem to be mostly there to attract talent: to stimulate innovations through funding and establish public-private partnerships. Private security entrepreneurs are eager to secure government contracts. But this mutual attraction is tainted with ambiguity. At the same time, public authorities are concerned about the risks of private security actors misusing technologies. Conversely, business actors may also be weary about the reputational risks and liability they may face when working under government contracts in complex environments such as crisis zones overseas but also at home, managing asylum seekers, or juvenile detention centers for instance. The transformation of security raises new questions about transparency, accountability, and the distinction between the civil and military, and the public and private sector.
The manager of an ICoCA member security company I met at the Expo is familiar with the issue; he explains: “Imagine: by using facial recognition cameras, monitoring the cell phones of all visitors in this hall and using AI to interpret the data, we could ensure a much better security service: we could identify would-be terrorists on the basis of their past travels, using geo-localisation, we could identify a threat by identifying changes of patterns of movements within the room… but do we have the right to do so? Before deploying technology, I need to be 100% confident that all our operations are lawful”. In a constantly changing legal environment, private security companies may face massive liability risks in case of misuse of personal data for instance.
It is precisely to answer this call by security actors operating in complex environments that ICoCA decided to make the responsible use of technologies in the provision of security services a priority theme for policy research. As the nature of the private security industry changes, it is critical for the Association to keep pace with the latest developments. With the support of Switzerland, ICoCA and the Geneva-based think tank ICT4Peace are now partnering to create a toolkit on the responsible use of ICTs in private security for security providers. The broader aim of this workstream is to contribute to a review of the current governance mechanisms and norms regulating private security in light of the transformation of the industry and the technological, legal, and political environment in which it operates.
The views and opinions presented in this article belong solely to the author(s) and do not necessarily represent the stance of the International Code of Conduct Association (ICoCA).