For over 20 years Colin Bennett has been exploring issues of privacy. His latest book, Security Games: Surveillance and Control at Mega Events (www.security-games.com), looks at how unique combinations of public-private arrangements, technology and institutional motivation have led to government security practices. The professor with the Department of Political Science at the University of Victoria, who presented recently to the Privacy, Access and Security Congress in Ottawa, spoke with editors Toby Fyfe and Chris Thatcher about the rise of the security-industrial complex in the context of the Olympic Games.

Are you the Eisenhower of today? Are you saying that governments need to be careful about the influence and the power of the security-industrial complex?

I didn’t invent that term, “security-industrial complex,” but since 9/11 in particular, the community of people who are concerned with this thing called “security” has increased dramatically all over the world. It’s become more transnational, and the knowledge transfer has become more rapid, more efficient. And within that community are a set of assumptions about risk, about what security does and should mean, and which are very difficult to challenge from the outside, especially during a big event like an Olympic Games. It’s very easy to say there’s all kinds of economic motivations going on here; there clearly are. And there are important security challenges we need to take measures against. But it is also a political force in advanced industrial states and beyond, and a very powerful mechanism through which to think about security and technology.

Governments are increasingly turning to the private sector to help them accomplish their goals. Did the model work for security at the in London Games?

It depends what you mean by “work.” The temptation is to think that if nothing bad happens, then the measures that have been put in place and paid for have worked – without proper risk assessment of whether the same thing could have been achieved with lower levels of surveillance, less intrusion, and less cost. The risk assessment tools we have, even though they may look sophisticated from the inside, are very poor at assessing effectiveness. You’re always trying to protect against the unforeseen. And the difficulty of making objective judgments about what works and what doesn’t, the vagueness of all of this, tends to produce a general assumption that we need more: we need the body scanners in the airport, just in case; we need the secure perimeter fences around the Olympic Park, just in case; we need the facial recognition, just in case. And the number of things that are regarded as security problems has proliferated as a result of the moral panic generated about this very broad phenomenon known as “terrorism.”

Have governments, and therefore citizens, become so baffled by the increased security requirements they think are necessary that privacy is becoming less important in their thinking?

You have to have a lot of sympathy for governments. They know that if they are told about a potential risk, and nothing is done about it, then the consequences if something happens are absolutely catastrophic – from a political point of view, from an economic point of view, and so on – because security has become such a politicized issue.

Concerning privacy, we shouldn’t see this as a dichotomy. There is plenty of evidence that you can develop appropriate security measures without compromising privacy, but it’s expensive. That’s the problem. A few years ago, there was a challenge to the Toronto Transit Commission for its use of video surveillance cameras in the subway. And the privacy commissioner in Ontario, Ann Cavoukian, said it was justified: under the law, it could be seen as an appropriate capture of personal information, given the risks. But she then went on to say, there are ways that you can capture those images in encrypted form and if there’s an incident, and if the police need to see the identity of that person at that particular time and place, then the encrypted images can be decrypted with proper judicial authorization. The technology is there. It’s rarely been deployed, however. There are ways to achieve the security goals of law enforcement and our security interests, but at the same time protect the privacy of innocent people. The problem, however, is they tend to be expensive, time-consuming, and in times of fiscal restraint, difficult to recommend.

It might not be a trade-off between security and privacy, but that’s how it seems to many people.

It is the way it’s seen. And in many cases, you do have to think about trade-offs. But there are ways to ensure that people are secure when they get on an airplane without necessarily capturing vast quantities of personal data. The assumption is that the more you know about people, the more you can find the bad guys. I’m not sure that’s true.  Then, of course, you get into tricky questions about behaviour profiling, and so on, to try and determine the kind of people who are likely to be a danger, and you subject them to more surveillance. I’m not suggesting that there are easy answers here. But the false dichotomies that we see – do you want to have a terrorist incident, or do you want to have a secure Olympic Games – tend to dominate our public discourse on these issues, and that affects the public debate and the political decision making.

Back to your risk assessment point: governments are usually fairly good at risk assessment. You’re saying they’ve got it wrong on these types of mega-events?

I’m not saying they’ve got it wrong. But if you’re asking the question, was the money well spent or could we have achieved the same level of security with less, then that raises the question about what you are trying to secure against. As I pointed out, the number of things that get regarded as security problems and for which security professionals are said to be responsible for, increases.

I went to the Olympic Park in London during the Paralympic Games. You couldn’t take in liquids, so crowds of people were coming from the subway with their coffee, with their Cokes, and pouring them out on the lawn because they didn’t want to drink them. So law enforcement and military personnel were essentially employed to tell people not to pour their coffee on the grass. Now, is this really good use of trained military personnel? Another example: There was a minibus service from the main subway station to the security perimeter, about 500 yards, taking elderly and handicapped people, and it was subjected to full military-type surveillance every time it went inside the Olympic ring of steel – checking dashboards, mirrors under the vehicle, dog sniffing, the works. Is this a jobs program or is it really done as a result of serious risk assessment? I think to a large extent it’s the former.

What are the inter-agency, inter-governmental legacy aspects of these events. Do the relationships endure?

I think institutional cooperation is one of the less-recognized legacies of these events. And to be fair, that’s probably one of the positive things that occurs. Of course, one doesn’t know exactly the level of information sharing that goes on between these agencies. What we saw in Vancouver, for example, is a recognition that whatever inter-agency cooperation was occurring between federal-provincial, city-provincial, city-federal, and all three with the United States, sort of worked. Whether we got value for money is another question, but it worked. There was no major incident. So if Vancouver or another Canadian city has to do this kind of thing again, you can draw on those lessons. And that’s my point about the larger security industrial complex, that it is a community sharing its knowledge. These are not discrete events. Securing big event sites is a process.

Does the perception of the threat become greater with each event?

I think it’s a very powerful assumption. But I don’t know that it’s true. A terrorist event anywhere in Britain, and not at an Olympic site, would have created an extraordinary disruption. It’s not a linear progression, but it seems to be the trend. And you see plenty of examples where local cities say, right, we’re getting an Olympic Games, we can get a new subway system out of this, but that subway system’s got to be secure, so we’re going to have to put some video cameras up, and so on. Those powerful motivations occur. And that’s part of the legacy.