This is the 37th article in the “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
By Ray Bernard, PSP, CHS-III
Anyone responsible for access control management or smart building experience must understand and apply presence control.
As technology advances, we must continually be on the alert not to restrict ourselves to legacy thinking and concepts regarding the design and management of built-environment security, safety and productivity. Built environment refers to human-made surroundings that provide the setting for human activity, ranging in scale from buildings to transportation systems to parks. We must also be alert to new terminology that better defines or describes emerging technologies and how we can apply them – or we’ll miss out on new security capabilities simply because we’ve given them legacy labels .
“Presence control” is one such term. It describes what is already being done in smart buildings and elsewhere but has been given ho-hum labels like “integration”, “trigger” and “activation”, which describe how it is accomplished but not what it actually is. It is the concept that is most important, because it opens the door to new thinking and, as is the case with this term, can inspire us to extend the capabilities of systems and devices we already have in place.
Presence Control has two definitions, and in them you may recognize some of the things you have already seen and maybe are already doing.
- Controlling or directing where individuals and groups should go or be at any given moment within a built environment.
- Using the presence of individuals or groups to control the elements or behavior of a built environment.
(Note that Presence Control is also the name of a control knob on some Fender guitar amplifiers. That’s of course a completely thing than what we’re talking about in this article.)
Monitoring and Controlling Presence
The term “presence control”, as it relates to built environments, was introduced by Ticto (pronounced “tic-too”), whose visual security wearables are used to monitor, control and provide visual status of who is authorized be present within a facility or managed open area. This contrasts with traditional access control, which only controls who can open a door or gate.
In most situations traditional access control technology requires that a second technology be applied to detect or prevent when an authorized user unlocks a door and an unauthorized individual enters with or without the authorized user’s permission. Presence control, as applied by Ticto, goes beyond that because its badge holders and lapel pins indicate by a continuously changing random sequence of colors who is authorized to be in a specific area (the colors match for all users authorized for the specific area), and who is not (the badge holder or lapel pin flashes red, or is unlit). See Figure 1 below.
Figure 1. Ticto badge holder
Challenge Process Vulnerability
Many organizations have a policy that requires or asks personnel to challenge individuals they see but don’t recognize in an area. Personnel can be uncomfortable with that, especially in cases where such a challenge goes against the culture of the local area, the individual or the business. This is the same cultural element that contributes to unchallenged piggybacking, a long-term access control system vulnerability. Presence control technology changes the challenge process to make it much simpler and easier. It provides a challenge that aligns with the “helpful” cultural element rather than one that goes against the “non-confrontational” and “trust” cultural elements. It also has a preventive effect, as personnel know that their badge will actively give them away if they try to enter an area they are not authorized for.
With Ticto’s visual wearables, personnel don’t have to challenge new faces whose badge holder’s color is in sync with everyone else’s badge. They’re obviously authorized and that can be seen from a distance, relieving potential concerns over unrecognized individuals. When an individual’s badge color is wrong (either flashing red or no color), making the challenge is as simple as pointing to the badge that not in sync color-wise and/or just saying, “Your badge is doesn’t’ work.” The badge becomes the deciding authority, not an individual employee. That’s much easier than confrontationally interrogating someone about who are or why they are in an area.
The Ticto system includes indoor locating functions whereby wearables enable presence control for a zone in an open area or for a room that doesn’t have an access-controlled door.
Flow Control vs. Access Control
Digicon is a manufacturer of the dFlow line of optical turnstiles (dFlow) that facilitate the rapid flow of people through their innovative pedestrian gate design, dViator, which, for example, routes authorized people straight ahead or to the left or right, while routing unauthorized people in a different direction to a receptionist, security desk or back out to the entrance side of the turnstile or gate area. The traffic flow is not stopped due to the presence of an unauthorized individual. People are simply sent in different directions based on their status.
Video 1. Demonstration of the dFlow pedestrian gate.
The dViator system can send messages to a display monitor (or other types of electronic displays) that provide specific instructions based on individual or group status such as being unauthorized, having an expired credential, being a contractor whose company’s insurance has expired, or other qualifications. For example, an unknown person might be displayed one set of instructions, while personnel with an expired credential may be told to obtain a visitor’s pass and given directions to the badging office. An contractor whose company’s insurance certificate has expired may be directed to a security office or other service desk so that appropriate arrangements can be made to regain access.
In most organizations, the majority if not all the access denied events are not attempts at criminal intrusion, but stem from a wide variety of other situations. From the security and facility management perspectives, a more nuanced management of directing people based on their situation fits the concept of employee and partner service, whereas simply denying access leaves them on their own having to determine what to do next.
In smart buildings, luminous carpets can display visitor-specific messages with arrows that point the way to go. If a restroom is out of service, luminous carpet arrows can point to an alternate restroom. If a meeting room assignment has changed, invitees can be directed to the newly assigned room. There is an array of technologies that fall into the category of presence control, all of which deserve design thinking that considers opportunities for managing who goes where based on security, safety, service and convenience management factors. The operational value of such displays can be enhanced using presence control.
Video 2. Luminous carpet demonstration.
Video 3. Luminous carpet water soak demonstration.
Controlling the Environment Based on Presence
Smart facilities are already controlling their built environment based on presence, for example, automatically configuring a desktop phone to an individual who has stepped into an office, while adjusting the lighting and temperature controls according to the individual’s known preferences. Conference room temperature controls are adjusted based on occupancy, to provide an appropriate level of air conditioning and turning it off when the room is unoccupied. When a presentation projector is turned on, ceiling lighting is automatically adjusted for the best viewing conditions.
Electronic signage is currently an underused technology whose time has come thanks to the affordability of consumer-grade display technology and the ubiquity of facility networking. The use of signage with the dFlow gate to provide individual- or group-specific instructions implements both definitions of presence control, controlling where people can be, and controlling the environment based on who is present.
The lobby of the Herbalife headquarters in Torrance, CA (shown in Figure 2 below) is an example of using electronic signage and visual displays to provide visitor-specific messages. Smart buildings and museums utilize such displays and change their content automatically using presence control. Retail locations have already begun using such technologies to customize product displays for individual shoppers.
Figure 2. the Herbalife corporate headquarters lobby.
No sooner was this article released than I got a message from cybersecurity advocate Rodney Thayer who asked me, “Presence Control: What about Privacy?!!!” I actually had started writing a section on privacy and then, because there was so much to say, I decided to save it for an article of its own. However, I can certainly add now that there are at least four important privacy aspects that need serious consideration when implementing any product or system feature that uses personal or group attributes including Presence Control:
- Information oversharing
- Cyber tracks
- Cyber snooping
Information oversharing occurs when more information is shared than is needed for the specific purpose of the feature or function. For example, listing the full contact information of all meeting participants, when all that’s needed is the individual’s name – because the individuals are already known (or will be) to the other meeting participants.
Cyber tracks are the bits of information left behind that others can see later, after time period when the information is needed has passed. This is information lifecycle management in miniature: where is the information going? How long must it stay there? How will it be permanently deleted?
Cyber snooping is what it sounds like, people looking around for bits of personal information that they have no business knowing. Information oversharing and cyber tracks are what make cyber snooping possible.
Consent is especially important given the arrival of GDPR and other privacy regulations. Consent must be an element of any personal information collection and distribution. Before you use personal information that is available to use, you should be aware of the conditions that govern the use of that information, including the specific elements of utilization that the individual consented to when providing that information. For example, if a security or other system interfaces with an Active Directory database, was consent given to use that information for the purpose that is now being considered? This warrants close attention due to the personal and corporate legal issues and related penalties that are involved.
I’ll update this article again when with a link to the larger article on privacy issues, when that is published.
Presence Control is not New
Although the “presence control” label is new, the concept of presence control is not. Kmart’s famous “Blue Light Special” is an application intended to enhance the shopping experience. Now, modern mobile technology allows retail organizations to use presence control via smartphone apps to send customized coupons to shoppers based on the display the shoppers are standing in front of, and in other ways enhance the shopping experience.
Emerging technologies are providing new capabilities that enhance both security and business operations, as well as improve the built environment experience. The use of presence control will continue to grow as an important part of that picture.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.
© 2018 RBCS. All Rights Reserved.