Frictionless Security and The Threat of Unintended Consequences
In the first of this two-part series, we take a look at one of the current security ‘buzzwords’ and consider the appropriateness of its use and the impact it could have.
Before we look at the subject of frictionless security, I want to pin my colours very firmly to the mast. I have spent my career designing, installing and advising on the use of technology in the security arena. As a Security Consultant, I have always embraced new product development and incorporated innovation where it benefits the end client. I write this as someone who loves technology and the opportunities it offers but also as someone who is predisposed to consider consequences and challenge convention.
Frictionless security and, in particular, frictionless access control are terms that have entered common parlance in recent years, at least within professional security circles. What does ‘frictionless’ mean in the context of security though? What benefits could ‘frictionless’ security provide and, is it even desirable? In this article, I will consider the concept of frictionless security and offer some insights and views about this interesting development.
What is frictionless
Let’s start with the term ‘frictionless’. The dictionary tells us that it’s about ‘enabling something to happen very easily without anything to make it slower or more difficult’. Frictionless implies smooth or unimpeded. Is that a realistic aspiration for a physical security measure? Possibly. Or are we using the wrong term setting us on a path that we should consider very carefully before taking?
Let’s look at the use of this relatively new term ‘frictionless’ in a little more depth. When it comes to innovation, security as an industry tends to follow as opposed to lead and is quick, at times, to latch on to fast-moving trends or buzzwords that crossover from other industries or life in general (If I had a pound for every product I’ve seen claiming to have harnessed Artificial Intelligence (AI) or blockchain I’d be a rich man). The difficulty this can create is that many of us start to use words or terms that are disconnected from their origins, using them in the wrong context or for the wrong reason. That can cause confusion or a lack of clarity. Sometimes this is accidental and sometimes it’s a cynical attempt to elevate or associate products with more established or respected concepts. ‘Frictionless’, in my view, is one of those terms.
At a superficial level ‘frictionless’, in a security context, has come to imply ‘simple to use’, ‘enhanced user experience’ and possibly ‘slicker’ or ‘more contemporary’. Once the Coronavirus pandemic has been suppressed, I anticipate it will quickly be associated with ‘hands-free’ and ‘contactless’, terms that better describe the user interface in my view. We can probably all agree that most of those outcomes are desirable. Physical security measures should usually be aligned with the environment within which they are deployed and enhance, or at least be aligned with, a user’s expectations.
During our quest for improvement and innovation however, we should always be mindful of the concept popularized by the prominent 20th Century Sociologist and Criminologist, Robert Merton. Merton codified the idea of unintended consequences and sometimes the impact of such unexpected outcomes are not always immediately evident.
I would suggest that ‘friction’, in relation to physical security, isn’t necessarily a problem that needs a solution. When considered through the lens of an Architect or Interior Designer, removing hard security barriers and opening up space for freedom of movement and visual exploration could be very attractive. The Security Designer considering the same environment, on the other hand, will be thinking about security layers, zoning, segregation of authorised and unauthorised personnel, identity management, possibly the use of physical measures to provide protective security and generally the need for surveillance that can be achieved in many different ways.
This is not to say that security design needs to be at odds with building designers and those seeking to create beautiful and functional environments. On the contrary, I would suggest that one of the security industry's biggest successes has been its ability to find compromise and innovative ways of achieving its physical security objectives using techniques that have been accepted fairly readily by building designers who are aware of the need for security.
If we allow the concept of frictionless security to continue on its current path, unabated by sound security design principals, there will be unintended consequences. There is already a strong privacy’ lobby that has significantly impacted physical security design globally. The evocative and polarising concept of ‘big brother’ surveillance has undoubtedly influenced law and policymakers’ thinking around the world and if we’re not careful the security industry will unconsciously feed further into public concern regarding areas of privacy and the right to anonymity.
Just because technology enables us to use ‘Facial Recognition’ algorithms to unlock access-controlled doors or identify individuals who may be on some form of watch list without any physical intervention, doesn’t mean that we should do so. The concerns and objections of the society of which we are all a part require consideration and understanding. We have to bring public opinion with us when it comes to the use of such technology and we have to think about the unintended consequences.
In our security consultancy business, we have already seen significant growth in interest regarding the use of so-called ‘frictionless’ security products. There is a perception that virtual layers of security can replace physical layers and by doing this, our entry processes, general movement, and security authorisation, for example, can be made easier and smoother or, in other words, frictionless. If the physical security industry continues to perpetuate these beliefs and perceptions without considering the eventual impact they could have, it may become more difficult to deliver physical and protective security in the future.
In most cases, physical security measures are applied with the broad consent of the majority of people who are affected by them, much in the same way that policing in the UK is enabled by the consent of the population. If we do not guard against the removal of physical security measures in favour of softer, less protective mechanisms we will be complicit in undermining the knowledge and understanding that has been developed over many years and, to a large extent, has served us well. That is not to say that technology is the cause (or indeed) the problem itself. The difficulty comes with the application of technology by those without the understanding, experience or foresight to consider all of the consequences, intended and unintended.
Using technology appropriately
Technology will continue to change how physical and protective security is provided. It has the power to enhance security in many ways and to provide solutions to previously unresolvable conundrums. Using technology in the right way, and for the right reasons, will ensure that it reinforces and aligns with those hard-learned security principals as opposed to undermining them. That really will be a technological development worth celebrating.
CornerStone GRG Ltd
8 City Road
London, EC1Y 2AA
tel: 020 3405 4956
The contents of this document are provided on an “as is” basis. No representation or warranty (either express or implied) is made as to the completeness, accuracy or reliability of the contents of this document. Advice given and recommendations made do not constitute an assurance against risk or a warranty of future results by CornerStone GRG Ltd.
Intellectual Property and Copyright
This document includes registered and unregistered trademarks. Any trademarks displayed are the trademarks of their respective owners. Your use of this document does not constitute or create a license or any other right to use the name and/or trademark and/or label. This document is subject to copyright owned by CornerStone GRG Ltd. You agree not to copy, communicate to the public, adapt, distribute, transfer, sell, modify or publish any contents of this document without the express prior written consent of CornerStone GRG Ltd.