New Techniques and Technologies of Surveillance in the Workplace

Simon Davies

Computer Security Research Centre

The London School of Economics

1. Introduction

2. Surveillance and privacy defined

3. The dimensions of privacy

4. The legal right to privacy

5. Overview of surveillance technology

6. Structural issues

7. Violations of territory (private space)

- visual surveillance (CCTV)

- audio bugging

- electronic tagging

8. Intrusions into information and communications privacy

- performance monitoring

- telephone monitoring

- email and internet surveillance

9. Intrusions on bodily (physical) privacy

- Drug testing

- Biometrics and identification

Privacy has become one of the most important human rights issues of the modern age. At a time when computer based technology gives government and private sector organisations the ability to conduct mass surveillance of populations, privacy has become a crucial safeguard for individual rights.

According to opinion polls, concern over privacy violation is now greater than at any time in recent history. Uniformally, populations throughout the world report their distress about encroachment on privacy, prompting an unprecedented number of nations to pass laws which specifically protect the privacy of their citizens.

The basis for this legal activity rests on a growing understanding that privacy is a fundamental right. Privacy is a process which underpins human dignity and other key values such as freedom of association and freedom of speech. These rights are established squarely in international covenents, and protected specifically in the constitutions of many nations.

The increasing sophication of information technology, with its capacity to collect, analyse and disseminate information on individuals, has introduced a sense of urgency to the demand for legislation.

New developments in medical research and care, telecommunications, advanced transportation systems and financial transfers have dramatically increased the level of information generated by each individual. Computers linked together by high speed networks with advanced processing systems can create comprehensive dossiers on any person without the need for a single central computer system.

As the pages of this report make clear, rapid advances in the development of powerful technology, in conjunction with the demand for greater management efficiency, are promoting a seamless web of surveillance throughout the workplace. At the same time, inadequate laws and regulations are failing to check an expanding pattern of abuses.

Employees in nearly all sectors are vulnerable to comprehensive surveillance by managers. Legal protections - particularly those in the UK - are generally lax in such circumstances because surveillance is frequently imposed as a condition of employment. The changing structure and nature of the workplace has facilitated an increasing level of surveillance.

The technology being used to monitor employees is extremely powerful, and extends to every aspect of a workers life. Miniature cameras monitor behaviour. "Smart" ID badges track an employees movement around a building. Telephone Management Systems (TMS) analyse the pattern of telephone use and the destination of calls. Psychological tests general intelligence tests, aptitude tests, performance tests, vocational interest tests, personality tests and honesty tests - many of which are electronically assessed - raise a great many issues of privacy, control and fairness. Surveillance and monitoring have become design components of modern information systems and the modern work environment.

In the UK, employers can tap phones, read email and monitor computer screens. They can bug conversations, analyse computer and keyboard work, peer through CCTV cameras, use tracking technology to monitor personal movements, analyse urine to detect drug use, and demand the disclosure of intimate personal data.

The use of this technology is often justified on the grounds of health and safety, customer relations or legal obligation. The real purpose of most surveillance, however, is for performance monitoring, personnel surveillance, or outright discrimination. Even in workplaces staffed by highly skilled information technology specialists, bosses demand the right to spy on every detail of a worker’s performance. Modern networked systems can interrogate computers to determine which software in being run, how often, and in what manner. A comprehensive audit trail gives managers a profile of each user, and a panorama of how the workers are interacting with their machines.

The software also gives managers total central control over the software on each individual PC. A manager can now remotely modify or suspend programes on any machine, while at the same time reading and analysing email traffic and internet activity.

While employers assert that all surveillance is justified, it is clear that not all uses of monitoring are legitimate. The techniques can be used to harass, discriminate and to create unhealthy dynamics in the workplace. According to a 1993 report of the International Labour Office, the activities of union representatives on the floor were also inhibited by a "chilling effect" on workers who knew their conversations were being monitored.

A 1990 survey of telecommunications workers sponsored in part by the Communications Workers of America revealed that 84 percent of monitored employees complained about high tension as opposed to 67 percent of unmonitored workers. A later study by the US Office of Technology Assessment also found that workplace monitoring "contributes to stress and stress-related illness."

In Britain and the United States, there are few legal constraints on surveillance, unlike the laws of Austria, Germany, Norway and Sweden (among others), under which employers are obliged to seek agreement with workers on such matters.

The technologies of surveillance being used in the workplace have not evolved in isolation. They have come about because of profound changes in the structure of UK plc, and far reaching mutations in the ethos of management. A rationalistic approach to employment has shaped each employee into an economic unit.

Of equal significance to the subject at hand is the is the fact that surveillance has become a design component in all information technology. It is now viewed as a "value added" element of IT systems. Systems architects are required to design technology which will capture, analyse and present personal information. Telephone and email systems have inbuilt eavesdropping capability. Privacy is now anathema to modern management.

Of all the human rights in the international catelogue, privacy is perhaps the most difficult to define and circumscribe. Definitions of privacy vary widely according to context and environment. In many countries, the concept has been fused with Data Protection, which interprets privacy in terms of personal information. Outside this rather strict context, privacy protection is frequently seen as a way of drawing the line at how far society can intrude into the affairs of a person.

The Preamble to the Australian Privacy Charter says "A free and democratic society requires respect for the autonomy of individuals, and limits on the power of both state and private organisations to intrude on that autonomy... Privacy is a key value which underpins human dignity and other key values such as freedom of association and freedom of speech....Privacy is a basic human right and the reasonable expectation of every person".

The lack of a single definition should not imply that the issue lacks importance. As one writer observed "in one sense, all human rights are aspects of the right to privacy".

Surveillance, on the other hand, has been more clearly defined. In its broadest sense, the term refers to "keeping a close watch on people". David Flaherty describes it as "supervision, observation or oversight of individual behaviour". In the context of workplace surveillance, surveillance can be defined as the "structured observation of an individual's movements and transactions".

Privacy' is a term widely used to refer to an accepted group of related rights. Its antithesis is surveillance. The subject area is very wide, but can be divided into the following 4 facets :

• Information Privacy, which involves the establishment of rules governing the collection and handling of personal data such as credit information and medical records;

• Bodily privacy is concerned with protection of people's physical selves against invasive procedures such as drug testing and cavity searches;

• Privacy of communications, which covers the security and privacy of mail, telephones, email and other forms of communication.

• Territorial privacy, concerns the setting of limits on intrusion into the domestic and other environments such as the workplace or public space;

The history of privacy protection in the United States is reflected in numerous Supreme court decisions, In recent decades the case of Griswald v. Connecticut found a constitutional right to privacy.

The modern privacy benchmark at an international level can be found in the 1948 Universal Declaration of Human Rights, which specifically protected territorial and communications privacy. Article 12 states : "No-one should be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks on his honour or reputation. Everyone has the right to the protection of the law against such interferences or attacks".

Numerous international human rights covenants give specific reference to privacy as a right. The International Covenant on Civil and Political Rights reinforced the UDHR, while the European Declaration of Human Rights expands the concept to "private life".

Interest in the right of privacy experienced a higher profile in the 1960s and 1970s with the advent of information technology (IT). The surveillance potential of powerful IT systems prompted demands for specific rules governing the collection and handling of personal information.

The rules within these two documents form the core of the data protection laws on the statutes of dozens of countries. These rules describe personal information as data which are afforded protection at every step from collection through to storage and dissemination. The right of people to access and amend their data is a primary component of these rules.

The expression of data protection in various declarations and laws varies only by degrees. All require that personal information is :

• obtained fairly and lawfully

• used only for the original specified purpose

• is adequate relevant and not excessive to purpose

• is accurate and up to date, and

• is destroyed after its purpose is completed

These principles are contained in the UK Data Protection Act 1998, which is currently the primary legal instrument for the protection of privacy in this country.

In 1994, conscious both of the shortcomings of law, and the many differences in the level of protection in each of its States, the European Parliament passed a Europe-wide directive which will provide citizens with a wider range of protections over abuses of their data. The directive on the "Protection of Individuals with regard to the processing of personal data and on the free movement of such data" sets a benchmark for national law. Each EU State was required to pass complementary legislation by October 1998, and most have done so.

The Directive entrenches a Lowest Common level of privacy which not only reinforces current data protection law, but which extends it to establish a range of new rights.

Several principles of data protection are strengthened under the Directive, namely the right to know where the data originated, the right to have inaccurate data rectified, a right of recourse in the event of unlawful processing and the right to withhold permission to use data in some circumstances (for example, individuals will have the right to opt-out free of charge from being sent direct marketing material, without providing any specific reason).

The Data Protection Directive contains strengthened protections over the use of sensitive personal data relating, for example, to health or finances. In the future, the commercial and government use of such information will generally require "explicit and unambiguous" consent of the data subject.

While it is certainly true that the UK has no general right of privacy, the Data Protection Act provides a basic framework of protection for intrusion into a person's information privacy. More traditional invasions of privacy are afforded limited protection through the law of confidence and laws on harassment and stalking.

The impending incorporation of the European Convention on Human Rights (ECHR) is also likely to have a significant impact on the practice of surveillance in the workplace.

The range of new technologies, and their almost limitless range of functions, is creating a buoyant economy in the surveillance market. Rapid advances in video and audio intercept equipment, identification technologies and intelligence gathering systems have created an unprecedented sweep of opportunities for intrusive employers. Surveillance has become a fixed component of the burgeoning information economy.

While IT companies routinely promote their technologies as a means of achieving social or workplace reform, the human rights community increasingly defines them as a means of social and political control. Surveillance technologies were defined in a 1996 report "Big Brother Incorporated" produced by the watchdog organisation Privacy International " as :

Increasingly, technologies designed for military and police purposes are finding their way onto the open market. Importantly, the time lag between military implementation and their use in the open market is shrinking rapidly.

To some extent, the problem of workplace surveillance is a child of a world-wide mania for corporate re-engineering. Over the past fifteen years, in an effort to maximise profit and efficiency, government and private sector organisations have been re-organised and delayered, abolished departments in favour of profit centres, created short term employment contracts, internal markets, and a provided a mass market for outsourcing. The result is a re-definition of the employee. As companies move to outsource their business, and as workers are put onto short term contracts, the level of surveillance intensifies.

No longer satisfied to protect inefficient areas of their organisation, bosses were encouraged to identify their companies "core competence", and farm out the rest of the business to specialist outside organisations. This process, known as "outsourcing", is an industry that is growing at around thirty per cent a year world wide. In its wake is the formation of a population of "just in time" workers who lack adequate legal protection.

As businesses move to embrace the new management structures, networks of IT form a core part of their operation. These systems, in turn, are designed as technologies of surveillance and control.

These trends were recognised as far back as 1968, when the psychoanalyst Erich Fromm wrote:

Some observers have noted that these institutional and structural changes may make it more inviting for employers to monitor employee job performance electronically since there is less face-to-face monitoring possible in the new work environment.

It is in this context - particularly in the emerging customer service and IT industries - that surveillance technology has become popular.

In her recent paper, Laura Pincus summarises the role of this technology :

CCTV has become the most obvious facet of the emerging surveillance environment. Hundreds of thousands of cameras have been placed into buses, trains, lifts and even phone booths. Many people now expect to be routinely filmed from the moment they leave the front gate. Hidden cameras - once frowned on - are now being installed unhindered in cinemas, police helmets, pubs, red light districts, changing rooms and housing estates. Almost all medium and large businesses use the technology. Once viewed as a blunt tool of surveillance, CCTV in the space of fifteen years is now seen as an integral design component of the urban and the work environment.

Some observers believe this phenomenon is dramatically changing the nature of cities, human interaction, and power relationships. Stephen Graham, a lecturer in Urban Planning at Newcastle University describes visual surveillance as the "fifth utility". He says CCTV is being integrated into the urban environment in much the same way as the electricity supply and the telephone network in the first half of the century.

In the fifth utility vision, cameras will merge with telecommunications networks - particularly the internet. Digital compression techniques and the development of the Internet and broadband cable networks will provide the infrastructure for people and organisations to simply plug in and rent their camera networks, much as we use phones or leased lines today. Micro-cameras, automated tracking, image database and facial recognition techniques will enhance the cost-effectiveness of CCTV.

Architects and urban planners are already factoring visual surveillance into the core design of new towns and buildings. Modern city centres have clean, straight lines to accommodate the line of vision of cameras. The building of the future is not simply something that will respond intelligently to human need, it will also have cameras that will identify faces, understand body movements, and respond to facial expression.

More important still is the fact that these new technologies are within the reach of almost anybody. Cameras measuring 42 mm square and able to see in virtual darkness are freely available on the British market for less than £100. Tens of thousands are sold openly each year. Snooping on workers has always been a popular pastime amongst employers, but now it is an industry in its own right.

There is evidence that cameras are used for the purposes of harassment and discrimination. Following some organising activity by a local union, one US employer installed video cameras to monitor each individual workstation and worker. Although management claimed that the technology was being established solely for safety monitoring, two employees were suspended for leaving their workstations to visit the toilet without permission. According to a 1993 report of the International Labour Office, the activities of union representatives on the floor were also inhibited by a "chilling effect" on workers who knew their conversations were being monitored.

A spate of well publicised cases of similar abuses of visual surveillance has prompted concern in the workplace. A 1991 survey of employees throughout the US revealed that 62 per cent disagreed with the use of video surveillance (including 38 per cent who "strongly disagreed").

The High Street is awash with technologies that can covertly detect conversations It is not illegal to sell or possess bugs in Britain, though it is technically illegal to use them for transmissions without a DTI license. Numerous high street shops openly sell them - Lorraine Electronics, CCS, Spyshop and Counterspy being the biggest retail outlets. As one private investigator told the Daily Telegraph "It's a game anyone can play".

The state-of-the-art in covert audio bug is a remotely operated, multiple room monitoring system called DIAL (Direct Intelligent Access Listening, supplied by Lorraine Electronics) DIAL allows an operator to monitor conversations in several rooms from an unlimited distance without the use of transmitters. Up to four concealed microphones are connected to the telephone line, and these are activated and controlled by making a "coded" telephone call to the building. It is entirely powered by the telephone line and will function maintenance free for several years.

In a 1996 report, the technology watchdog Privacy International estimated that around 200,000 bugs are sold each year in Britain. Most are simple transmitting microphones but an increasing number are capable of tapping computers and telephones, as well as recording and broadcasting visual images.

Bugs come in many shapes and sizes. They range from micro engineered transmitters the size of an office staple, to devices no bigger than a cigarette packet that are capable of transmitting video and sound signals for miles. Most equipment sells for less that three hundred pounds.

Crispin Sturrack of security consultants Cope Whiterock believes a vast industry is silently being created "These things are getting smaller and cheaper by the day. And our job is made harder because they are now almost undetectable and unrecognisable".

Many of the bugs are cleverly camouflaged. They are hidden in everything from umbrella stands to light shades. Sometimes, the infiltrator will hide them in a business or sports trophy where they will stay indefinitely. The latest bugs remain active with their own power supply for around ten years.

A German firm, PK Electronics, recently produced a bug that is almost undetectable. It can be planted on a telephone wire or computer circuit board, and it stays there for years, drawing on the power supply and constantly broadcasting your most intimate details. The price is less than £200.

New products can convert a telephone into a microphone, and then "read" any nearby computer by interpreting the electromagnetic radiation generated from the screen. The captured signal is then sent down the line to be captured by another bug.

Active badges (also known as "electronic tags"), are used to track the movements of workers around a building or a complex. These are usually smart cards which emit a frequency that can be read and identified by receivers located in various parts of a building. Such a card (known as Radio Frequencey ID cards) can be remotely read without the need for the card to make contact physically with any other machine. The movement log is integrated with electronic diaries and the telecommunication system, ensuring that the employee is never out of touch. The devices are becoming popular with IT companies such as Olivetti Research in Cambridge.

Numerous technologies are avalable which monitor and analyse the performance of IT workers. One of the more recent is the "Computer Keyboard Monitoring System", developed by UK company Vascom. It connects to the computer via the keyboard plug, from which it is powered, and transmits every keystroke to a receiver module, which can be located up to 150 metres away. No wires are required. The receiving module can be connected to a standard printer, which then records all key strokes. Alternatively, an optional LCD display can be used to display all characters as they are typed. Once this information is collected, it can be analysed by standard processing programmes to determine a workers' performance profile.

Another product, "Desktop Surveillance", produced by Tech Assist Inc, is able to provide comprehensive monitoring of all computer activity by an employee. The product, and several like it on the market, costs $ 55.

A company spokesman told the Washington Post a surprising array of companies, organisations and individuals have bought the software since its release earlier this year. Among them are the Federal Bureau of Investigation, local prosecutors and mistrustful spouses, who want to keep a close eye on their mates. Private investigators also have been offering it to clients.

"It's sort of like a truth meter" the spokesman said. "It tells you exactly what's happening", adding that the software can be configured to send the manager a message whenever an employee on a company's internal network is doing something that's against the rules. "It could be any desktop activity at all."

Even highly skilled workers can expect to be routinely put under the microscope. It's likely that any manager who purchases network-operating software is already getting built-in eavesdropping features. Any LAN managed by software such as Microsoft LAN Manager, Dynamics Corp.'s Peak & Spy, Microcom Inc.'s LANlord; Novell Inc.'s NetWare, or Neon Software's NetMinder can be easily converted into a comprehensive workstation surveillance mechanism (A recent ad for Norton Lambert's Close-Up/LAN software package tempted managers to "look in on Sue's computer screen.... Sue doesn't even know you're there!")

Some other packages, such as Win Watch Professional and Norton-Lambert's Close-Up/LAN software, allow network administrators to observe an employee's screen in real time, scan data files and e-mail, analyse keystroke performance, and even overwrite passwords.

PC#Protect is described by its makers as "a versatile tool to monitor the use / abuse of PCs". Once activated it logs all keystrokes (like a keyloggger), including hidden passwords, application names, paths and access times. Via the windows title of all popular browsers it also records the name and address of visited websites.

Companies sometimes market such products as aids for health and safety. One product, the Magnitude Ergonomic Management System, claims to reduce the incidence of repetitive stress injuries by monitoring the number and speed of a user's keystrokes and mouse clicks. Another product, OmniTrak, provides managers with information on employees' work habits to help uncover stress, its maker says.

Product literature, though, states OmniTrak can ''objectively track and notify personnel managers of individual problems that may indicate alcohol and drug addiction or family and personal matters, as it consistently monitors work attendance patterns."

''People with a drug or alcohol problem tend to miss repetitive Mondays or Fridays,'' explained Mike Bonner, president of the firm in Port Huron, Mich.

''Invasion of privacy was never the intent,'' said Michael Zanoni, a spokesman for product maker Magnitude Information Systems Inc. in Branchburg, N.J. ''But in order to mitigate the health risk and improve productivity, you wind up with a product that can act as Big Brother, if that's what you want to do.''

The extent of telephone monitoring in some industries is extremely high. One recent survey by the New York-based American Management Association, found that 67.3 percent of all companies, up from 63.4 percent two years ago, engage in some form of surveillance, including monitoring e-mail, voice-mail messages, and Internet and telephone usage, listening in on telephone conversations, and videotaping employees on the job.

The survey found that for every company that monitors telephone conversations on an as-needed basis, after actions have already placed an employee under suspicion, three companies monitor conversations on a random, routine, or ongoing basis.

The level of sophistication of telephone surveillance systems can be astonishing. Laura Pincus, in her paper, reports that a voice stress analyser, called the Truth Phone promises to analyse voices during telephone calls in order to detect possible deception.

Voice mail systems are also subject to systematic or random monitoring by managers. Most new systems have default pass codes for administrators, and these can open all message boxes.

The use of email is particularly conducive to surveillance. Numerous programmes on the market are able to search for keywords that might indicate private or malicious traffic. However in recent months far more sophisticated software packages have come onto the market.

The "Ascentor" package, launched in June 1999 by the Business Systems Group (UK) searches in context, rather than keyword. The software analyses a companies entire email traffic phrase by phrase, and draws conclusions about whether a message is legitimate company business. It can be instructed to search for "damaging" emails relating to fraud, deception or espionage.

Employers can monitor e-mail by randomly reviewing e-mail transmissions, by specifically reviewing transmissions of certain employees, or by selecting key terms to flag e-mail. In the latter instance, an employer may choose to flag the words "angry" or "revenge" to identify all e-mail expressing potential hostility among employees. (Consider, however, the employer that chooses to flag the word "resume," meaning curriculum vita, but instead catches all individuals who use the word--without accent--to mean "begin again.")

Companies claim that this monitoring technology is necessary not just to protect the security of the organisation, but also to ensure that any message sent out through the company server (usually identifying the company because of the email address) complies with quality standards. In an ideal world, this monitoring should follow the conventional format i.e. identical to the quality check that has applied to correspondence sent out on company letterhead. However, the speed and efficiency of email means that digital communication involves a vast intersection with personal correspondence. It also has features more in common with an internal memo, for which there has always been less monitoring and management.

The monitoring of website visits has also created some distress in the workplace. The programmes listed above are capable of systematically logging all internet activity, and managers can analyse these to determine "inappropriate" activity. At first sight, such surveillance has elements in common with traditional surveillance for hard copy pornography, but there are significant dangers to workers in the realm of electronic surveillance. The use of Spam mail to advertise X rated sites results in workers entering sites that appear to be quite benign. It is only after they visit the site that the nature of the page is recognised.

The possibility of accidental website visits was highlighted even in the research for this report. A search for the phrase "drug test" on the Alta Vista search engine displayed - alongside legitimate "hits" - the site "Nude Young Horny Girls". The surveillance technology does not, however, distinguish between an innocent mistake and an intentional visit.

A similar danger exists with email monitoring. Any message sent by or to an employee is centrally logged on the company server. A malicious email sent to an employee cannot simply be deleted. It remains on the system, threatening the relationship of trust between employee and management.

In research for an article on email monitoring, companies contacted by The Daily Telegraph confirmed that employee monitoring is widespread. Barclay's confirmed that it monitors and record phone conversations. "In our telephone banking service every call would be recorded" said a spokeswoman. "We also monitor intranet and internet activity".

According to a 1998 report from the London School of Economics, these technologies now represent "the new industrial tyranny".

Professor David Metcalf and Sue Fernie from the LSE's Centre for Economic Performance studied the emerging Call Centre industry, which employs 200,000 people in Britain, and concluded that "the tyranny of the assembly line is but a Sunday School picnic compared to the control that management can exercise in computer telephony".

The extent of drug testing in the UK workplace has not been clearly quantified, though it has been broadly accepted that the number of companies using these tests has risen proportionately with the decreasing costs of the tests. Dozens of companies now sell kits that can determine drug traces in all major categories. Employees in the US and Britain have claimed that these kits - available from as little as three pounds - are being used covertly to monitor employees urine.

Drug testing is intrusive. It is often the case that an observer is present to ensure there is no specimen tampering. Even indirect observation can be degrading; typically, workers must remove their outer garments and urinate in a bathroom in which the water supply has been turned off.

Drug testing kits are freely available on the market, and are on sale through the internet. DRUGCHECK 5TM, for example, is a urinalysis drug test that detects the five most commonly tested drugs within SAMHSA cutoff levels. Specifically, it detects: amphetamines, marijuana, cocaine, opiates and methamphetamines. The test - involving a coated paper strip - can be conducted without the need for a laboratory. The results are available within five minutes.

The tests are not infallible. A report by the Ontario Information and Privacy Commissioners Office says up to 40 per cent of tests are inaccurate. Sometimes drug tests fail to distinguish between legal and illegal substances. Depronil, a prescription drug used to treat Parkinson's disease, has shown up as an amphetamine on standard drug tests. Over-the-counter antiinflammatory drugs like Ibuprofen have shown up positive on the marijuana test. Even the poppy seeds found in baked goods can produce a positive result for heroin.

Biometrics is the process of collecting, processing and storing details of a person’s unique physical characteristics. The science can, in theory, perfectly identify an individual. The most popular forms of biometric identity used by employers are retina scans, hand geometry, thumb scans, finger prints, voice recognition, and digitised (electronically stored) photographs. The technology has excited the interest of governments and companies because unlike other forms of ID (cards, papers etc) it intimately knows the target human. Companies in the UK are now using the technology, despite concerns that it is intrusive and threatening.

The most common form of biometry, fingerprinting, has found its way into law enforcement, banking, retailing, defence, welfare and immigration throughout much of the world.

Police forces in all developed countries established ink-based fingerprint systems as long ago as the 1880s. Then, over the past decade, came the Automated Fingerprint Identification System (AFIS) which greatly speeded up the matching process. AFIS converts the arches, loops and whorls of a print into a series of numbers called a "template". This template can be cross matched within the national fingerprint database within seconds. AFIS is extremely accurate. Most laboratory tests commissioned by the manufacturers are showing an accuracy of 99.9 per cent.

The technology is being trialled in British schools. The Harmondsworth Primary School in Middlesex has installed a Fingerscan device at its front entrance. Fingerprinting is also being used to access the internet. Mytec Technologies has developed a system that uses fingerprints to gain access to networks and to individual PCs. The same fingerprint can be used to retrieve personal files and to link databases remotely.

The development of hand geometry, involving a scan of the shape and characteristics of the entire hand, has been a useful approach in situations where there is public sensitivity to fingerprinting. Hand Geometry is already employed in over 7,000 locations in the US and Europe, including airports, day care centres, nuclear research establishments, computer facilities, sperm banks, hospitals and in high security government buildings.

The iris (the colourful donut surrounding the pupil) is rich in features that uniquely identify each individual. Collagenous fibers, crypts, coronas, striations, freckles, rifts, pits and around 100 other arcane features create an ID which is four times more complex than a fingerprint. This is by far the most accurate form of identification.

The Iriscan system, for example, uses a low intensity beam of light to conduct a scan of the eye, and, according to tests conducted by the US Defense Nuclear Agency, is almost infallible. Iris recognition does suffer from the shortcoming that many people feel very sensitive and protective of their eyes, and find such technology disquieting. Research is currently underway to scan the eye at a range of up to three metres. The technology is being trialled in ATMs in the UK.

Voice recognition (VR) works by isolating certain characteristics that produce speech, rather than recognising the tone of the voice itself. Thus, the system cannot be fooled merely by mimicking someone's voice.

Voice recognition is seen as a solution to a great many problems of fraud. A VR system built into a cellular phone may reduce the risk of fraululent use. In the US, which loses a billion dollars a year through cellular phone misuse, fraud investigator Authentix is currently evaluating a range of VR packages. Banks are also anxious to install VR systems in ATMs

Computerised Facial Recognition (CFR) systems can convert any face into a sequence of numbers. The technology is now being used for a range of applications from airport security (San Antonio Airport, Texas), to bank vault access (Sparkasse Bank Dresden). Banks in Germany and the US are trialling an Automatic Teller Machine (ATM) that contains CFR. The London Borough of Newham has installed the AFR software into its city camera system.

The technology uses three dimensional imaging technology and neural networks which mimic the functions of the human brain. The process cannot easily be fooled by a change of facial hair, expression, or hairstyle. According to the manufacturers, this type of machine will have the capacity to scan a database of a million faces, in something less than a minute. Images from any closed circuit camera can be linked into the system, as long as those images are processed and transmitted in digital form.

Retailers have invested in the development of the technology for the detection of possible shoplifters, but the system can also be used to identify and track staff.