Chapter 2: Models of Security & Technology

There are four models of security-and-technology that we can look at in this module.

2.1 Model 1: Security Influences Technology

Security, the lack of, or the need for, could influence the creation of new technology or the improvements on current technology. One of the examples we can think of in this regard is with regard to the case of graffiti on an MRT train in Singapore in 2010. In this case, Oliver Fricker and Dane Alexander Lloyd, had broken into the MRT train depot at Tanah Merah. On two train carriages nearest to the fence, Fricker spray-painted the word "McKoy" on the left while Lloyd spray-painted the word "Banos" next to it; Lloyd took photographs of the vandalised carriages before both left through the hole in the fence.

SMRT Corporation reported the incident to police only on 19 May, two days after the breach, because staff thought the brightly coloured graffiti was an advertisement. It was seen by many commuters and even recorded by a public transportation enthusiast and posted on YouTube; this may have alerted the authorities. SMRT said the graffiti caused about SGD 11,000 (USD 7,900) worth of damage to the two train carriages.

Oliver Fricker, on 25 June 2010, was sentenced to five months' jail and three strokes of the cane under the Vandalism Act and Protected Areas and Protected Places Act. On appeal, the jail sentence was increased to seven months.

Judge See Kee Oon said of Fricker's actions "he was fully conscious of the criminal nature of the act and must be prepared to face the consequences", and agreed with the Public Prosecutor that the defendant had committed a very serious offence that "alarmed the general public" and "shaken their confidence in the security of protected places".

The breach at Changi train depot was Singapore’s biggest security lapse since notorious terrorist Mas Selamat's dramatic escape two years ago; he was re-captured only a year later in Johor Bahru. The train system, other high-traffic public areas and foreign embassies are all considered potential terrorist targets by Islamic extremists in Southeast Asia.

The Changi depot case caused an outcry from the public in the media and on the internet, most of it not towards the vandals but directed at the authorities for the lax security of public transportation and protected installations in general. Some of the major concerns were:

  1. how easily high-security premises were penetrated simply by cutting a hole in the fence that went unnoticed for days;
  2. consequences if the intruders had been terrorists instead of merely vandals;
  3. whether security measures and enforcement in other sensitive, protected facilities were similarly slack;
  4. random checks by journalists on other depots, bus interchanges and power plants also exposed some shortcomings;
  5. Perception of security and complacency that had set in over the years.

Immediately after the incident, SMRT increased the number of security personnel and patrols, installed more cameras, added razor wires to perimeter fences, and engaged a security consultant to conduct a comprehensive audit of its systems.

Another public transport operator, SBS Transit, also beefed up its security presence and announced plans to replace wired fencing with mesh fencing around its train depots. Other measures would include removal of shrubs and hedges along perimeter fencing and placement of concertina wires.

On 11 June 2010, the Public Transport Security Committee (PTSC) announced a "comprehensive" security review of the public transport network over the next six months. PTSC, chaired by LTA, is a multi-agency committee formed in 2004 to ensure that security reviews, recommendations and improvements are made to enhance public transport security.

On 27 June 2010, LTA said it was assessing whether to impose penalties on SMRT for the security breach. For the security lapse at the Changi depot in May 2010, SMRT was fined $50,000.

In 2011, the Land Transport Authority (LTA) subsequently fined SMRT $200,000 under the Rapid Transit Systems (RTS) Act for lapses relating to the security breach at the Bishan MRT depot on 17 August 2011. In this instance, “SMRT had failed to exercise the due diligence and vigilance expected of a public transport operator, by failing to regularly inspect, continuously maintain and repair its operating facilities.” In this instance, it had both “failed to effectively guard against unauthorised intrusions” and “also failed to detect, in a timely manner, the security breach.”

2.2 Model 2: Technology Influences Security

Technology, the lack of, or the need for, could influence the creation of new forms of security or the improvements on current security. Schenier notes, “As systems get more complicated due to technology, more attacks become possible.” The ability for more sophisticated systems to present more sophisticated threats in turn has raised the bar for challenges that have surfaced.

Adept use of technology could negatively affect the levels of security of a state. Pertinent to discussion today is the reliance on technology and the interconnectivity that has been unyielding in the means through which society can be impacted when technology influences security.

In March 2018, the Facebook Scandal saw its CEO and founder Zuckerberg announce new steps to rein in the leakage of data to outside developers and third-party apps, while giving users more control over their information through a special toolbar. The scandal surfaced when an investigative journalist did an expose on how data accrual from Facebook through an app created by University of Cambridge Academic Dr Aleksandr Kogan resulted in the creation of psychological profiles of approximately 50 million users by Cambridge Analytica a firm that specialized in data mining, data brokerage, and data analysis. The firm was known to advise the strategic communication for electoral processes and was involved in the President Donald Trump’s 2016 Campaign for Presidency.

The Facebook scandal comes hot on the heels of other elements of technology that can affect the security for instance, through the spread of misinformation.

Another example that can be quoted here is that of individuals who cannot afford or simply do not have the means to access certain technologies and thus compensate their situations by increasing securitisation.

Imagine, for example, a small business or enterprise, while purchasing additional security, would really help in ensuring the safety of the business premises. However, since the small business or enterprise cannot afford such technology, the small business or enterprise would need to use other means to improve its security on a daily basis. In order to secure their work documents, the owners might buy a ring folder and an organiser to file and take note of hardcopy documents. In order to secure contact numbers and e-mails, the small business or enterprise might store them online on their Gmail account and set a stronger password so that no one could hack into these account and access these contacts and e-mails. In order to secure the physical perimeters of the store, the small business or enterprise might get people in the neighbourhood and neighbouring businesses to keep a look out for intruders whilst simultaneously purchasing additional locks.

2.3 Model 3: Security and Technology are Mutually Influential

Security, the lack of, or the need for, could influence the creation of new technology or the improvements on current technology. Conversely, technology, the lack of, or the need for, could also influence the creation of new forms of security or the improvements on current security. In the story of X below, we encounter a professional who is working in the intelligence services but whose problems are common to many others in different industries.

The division that X belongs to in an organisation has just been assigned a new office. In the old office, X used to sit in a corner with his back to the wall. This allowed X to work quietly, while sometimes attending to personal matters and matters concerning X’s part-time job. In the new office, however, X’s assigned seat is in the eye of the hurricane. People walk all around X all the time, and half the office, including one of the bosses who sits directly behind X. This made X very insecure at first. The lack of security influenced X’s consideration and search for the adoption of a new technology. X considered purchasing a screen filter that allows for only straight on viewing, but X was unable to afford such an extravagant purchase on X’s meagre salary. X’s lack of knowledge of such technology matters in turn influenced X’s adoption of an alternative and new security measure. X increased his vigilance by placing two mirrors on both sides of his laptop to catch prying eyes. X screen-captured a PowerPoint slide and assigned it as a “desktop wallpaper” to give the impression that X was working all the time, and X made his browser a third of the total screen size. The story of X however is only one example of a desperate and short-term measure to solve a problem. However, the point being made here is that there is covariance between security and technology.

Another example would be the dependence on security cameras by almost every single industry worldwide. When a given generation of security camera is deemed unworkable, the entire range of cameras used worldwide will have to be changed or the companies involved will have to face the dire consequences of criminal activities.

2.4 Model 4: Security and Technology are Mutually Exclusive

In rational choice theory, there is a distinction made between "random walks" and "path dependency". Path dependency refers to situations, which are influenced by past events. Crime, for example, is path dependent. For criminals, “mistakes” in the past will be remembered and try to be avoided in the next criminal activity. Random plans are situations, which are mutually exclusive from other situations or events, past, present and future. Gambling, for example, is about randomness. Slot machines are not programmed to release the jackpot after a set number of pulls or a set amount of coins in it. If the roulette has been hitting odds for the past 3 rounds, it does not mean that the next round will see an even number. It is still a 50-50 chance. To believe the former would be to believe (erroneously) in a law of averages.

2.5 Work-Place and the Lens of Security Studies

At the heart of understanding is the ability to apply the knowledge gleaned to the work environment. In this instance, knowledge of the unique facets of security and technology and the impact that this in turn will have in the thought processes, understanding and rationales behind the decisions will ensure that individuals will be better placed to decisions on ensuring the safety and security of peoples and assets.

Activity 1.2

Social media company Facebook and Cambridge Analytica were the centre of alleged harvesting and use of personal data. The way in which the data that was harvested could be used including that of election fraud.

Explore the challenges of ensuring data security in the digital age.