A security manager recently described to me how his company now uses drones at a remote mining site to scan the perimeter rather than relying on guards on foot. Facial recognition software is used to identify workers at the gate and incident reports can now be filed through AI-powered systems before being reviewed by humans. The deployment of security technology may be making companies more efficient, perhaps even more effective, but at what cost?
This question was at the core of the conversations during a consultative workshop on the responsible use of technology in security, held in March. As technology takes on a more prominent role in private security, there is some understandable nostalgia for the good old boots on the ground. One school of thought embraces this technological transformation, as a natural evolution of the private security industry, introducing efficiencies and more offerings to clients. On the flip side, others fear the loss of the human touch, such as discretion and a range of other potential costs as tech solutions replace people in keeping us safe.
In pursuit of Goal 4 of ICoCA’s 2024–2030 Strategic Plan, which tackles the human rights implications of new technologies used by private security companies (PSCs), ICoCA’s “Toolkit on Responsible Technology Use by the Private Security Sector”, developed with ICT4Peace Foundation and a consultative workshop in March, lay the groundwork for addressing these complex questions. It’s now time to capture and model good practices throughout ICoCA’s Member and Affiliate companies and beyond.
A Quiet Transformation: Automation with a Human Cost
Across ICoCA’s Membership, the shift is undeniable. In 2022, just over two-thirds of ICoCA Member and Affiliate companies reported offering ICT-based services. By 2024, that number reached 100%. Surveillance and remote monitoring are now standard services for many companies. Cybersecurity services, once niche, are increasingly being offered as part of the package. Yet as these capabilities grow, so do the risks – and our fieldwork suggests many companies are yet to fully grasp the full implications of integrating new technologies into their work.
As PSCs embrace facial recognition, drones, AI surveillance and predictive analytics, a new hybrid operating environment is being tested, one where the consequences are not just technological, but also deeply human. In the rush towards efficiency, as more security companies pivot towards technological solutions, stories like the one from the mine are becoming more common. The use of CCTV is widespread at mining sites, but with powerful cameras with ranges that can extend well beyond a company’s concession, what safeguards are in place to protect the surrounding communities from intrusive surveillance?
Guards themselves are not immune as surveillance tools once used on outsiders, are now turned inward. GPS trackers detail the movements and interactions of individual personnel as the watchmen themselves are now under continual scrutiny from colleagues, clients and their employers. Technology that could empower workers is often deployed also to monitor them while on duty. An unintended consequence, argued by some, is that this shift marginalises the workers thereby creating new risks.
With PSCs using biometric tools to screen people for security threats, without clear oversight or data protection, questions around the reliability of the data, how personal information is stored, with whom it is shared and whether that data may be vulnerable to cyberattacks need asking.
With so much personal and sensitive information passing through private hands – from location data to internal personnel records – it must be asked: who owns this data, who protects it and when is it deleted? Even the right to be forgotten – a key tenet in Europe’s GDPR – is often absent in PSC operations. People are tracked, recorded and stored in digital archives without recourse. For those caught on the wrong side of a facial recognition camera or automated report, there may be no way to clear their name.
As automation expands, traditional security jobs are under threat. Some guards are retrained and up skilled. Others are simply replaced, their jobs deleted. Let’s not forget that security jobs provide livelihoods for the families and communities where companies operate. At one mine recently visited by ICoCA, where security is done well, the security jobs are prized and a mutual respect between private security personnel and the public pervades. This is the foundation on which companies build their social license to operate. Take those jobs away to be replaced by technology platforms and what are you left with?
What Role for the Code?
In this shifting landscape, the International Code of Conduct for Private Security Service Providers remains a vital anchor. While it was not written in an age of drones and data lakes, its principles – respect for human rights, accountability and due diligence – are more relevant than ever.
The Code clearly applies to surveillance and intelligence operations. It covers not only what PSCs do, but how they do it – regardless of whether a person or a machine is pressing the button. But as technologies evolve, so too must the interpretation of the Code and the guidance offered by ICoCA.
A final wrinkle in this story is who we define as a security provider. Increasingly, companies that don’t self-identify as PSCs – software developers, data analytics firms, AI start-ups – are offering services that fall squarely within the scope of the Code. They build surveillance systems, run predictive threat models and manage biometric access control. Yet they operate outside traditional oversight mechanisms.
Under the Code, any company whose business activities include the provision of security services is covered – regardless of how it brands itself. So the question is no longer whether technology companies are part of the private security landscape. They already are. The question is: will we bring them into the conversation, or continue to let them operate in a regulatory grey zone?
A Call for Leadership?
Technology is changing how security is provided. But it does not change what responsible conduct looks like. Respect for human rights, compliance with international humanitarian law and transparent, accountable operations remain essential – perhaps even more so as innovation accelerates. ICoCA is uniquely positioned to lead in this space. The future of private security is being written in code – in software code, in legal codes and in ethical codes. It’s up to all of us to ensure those codes uphold the values we stand for.
