March 3rd, 2022
Good Intentions Never Go Unpunished
Picture courtesy of DeLand, FL Police Department.
This sardonic commentary, like its namesake, comes from the deep, dark, sometimes-paranoid filing cabinet of my mind labeled: Hypothetical. Those who know me, know there is a potential rabbit hole under every step taken. But I bet I have something here for you that you haven’t thought of.
The topic of this blog is a bit of stretch…for now. But please, read on.
As fast as technology changes, this pontificated, plausible, improbability that I am about to lay at your feet is definitely something to consider.
The other day, my colleagues and I were discussing a recent bank robbery in Florida, committed by a person wearing a Sonic The Hedgehog mask. No doubt this was a nod to the upcoming, and undoubtedly Oscar-worthy performance of Jim Carrey to be released in April: Sonic The Hedgehog 2 (no endorsement by or official affiliation with 10-D Security). Like me, I am sure you are all jumping for joy thinking about an 86-minute nap interrupted by kids and grandkids driven to insanity by fizzy sugar water, and covered in salty butter alternatives and all the colors of the Skittles rainbow. My gosh, I am starting to have flashbacks of the fourth trip to Frozen 2. But alas, I digress.
While looking at the comedic criminal in the still image taken from the security camera footage, it dawned on this author to do a little Google Image search for “bank robbery.” Behold there was a great rumble of the earth as lightening shot from the heavens as this author’s mind rushed to the other filing cabinet drawer in my brain located next to the one that spawned this county fair demolition derby of a thought. That filing cabinet is aptly marked: Worry.
Right there in those glorious Google Image search results was a cornucopia of potential NPI being splashed all over news media all over the world at the speed of light. You see, a substantial number of images in the Google image search showed an assailant standing at the teller line, and right in front of them is a monitor, unobscured and without any dithering obfuscation often seen in crime photos. The monitor undoubtedly displaying some element of NPI in most cases. And a few Post-It notes potentially scrawled with login credentials, account numbers, etc.
Here's where the stretch begins…for now. At those distances and due to other factors, like the display resolution and camera resolution, the NPI is likely not legible, unless some NSA-level image enhancements come into play…for now.
So…for now…there’s not much to fret over, right? Well, let me plant a seed of doubt. With the advent of 8K resolutions in displays, and 10k on the way, you can bet it will be an issue as higher resolution display technologies come down in price and become more standardized. And camera technology has already surpassed display resolutions, making it likely that our security camera systems will continue to be enhanced beyond their current capabilities (1080p on average), and even exceeding current display resolutions.
Some experts theorize that resolutions of cameras and displays are progressing to the limit of human eye resolution, which in theory is about 576 megapixels, given the less than 1% of our retina called the Fovea Centralis that’s able to see at that resolution.
The UHD 8k resolution released in 2019 is 33.17 megapixels, which is 36 times better resolution than what the market considered the first truly high-definition resolution of 720p released in 1998. For the last 24 years, we’ve seen the maximum commercially available image display resolution increase by 17.74 megapixels per year. There has also been an exponential curve to that increase since 2007. In the next 24 years, which is well within the time frame of a lot of careers of those reading this writing, we could see human eye resolution cameras, with displays quickly catching up. As you can see this worrisome theory is now sliding into the light of plausibility.
Cameras in market-ready mobile phones and devices are now capable of 50 megapixels, and Samsung has made a 200 megapixels sensor, although no phone manufacturer has taken them up on it yet. And DSLR (digital single-lens reflex) cameras are capable, due to their ability to house larger sensors, of even higher native resolution as technology catches up with them, given the allowable surface area greater than that of what a mobile phone is capable of supporting. Canon is reported working on a 75 megapixel DSLR body. 200 Megapixels is almost 100 times more resolutions than your current average security camera.
Where am I going with this you might ask? Per 2020 FBI bank robbery statistics, about 1,700 of all 77,000 or so bank branches in the U.S. were robbed. That’s a pretty big number really. And in the future, as imaging technology improves to that of human eye resolution, each robbery is a chance for a picture of your core teller application with customer data in front of the masked bank robber to be splashed all over the news, without obfuscation or dithering…all because of good intentions. And camera and display quality is quickly going to make those monitors on your teller line legible in those crime scene photos.
We all know that non-public personal data is sacred to the customer, and it’s only on loan to us. We are privileged to have access to it because it helps grease the gears of commerce. Even when trying to help law enforcement issue a press release about a potentially dangerous criminal, your institution could be harming a customer, and breaking the trust with the community.
Protecting customer NPI and managing risk is about picking at the loose paint, patching it back up, moving onto the next issue, and then revisiting things all over again. This applies not only to the issues themselves, but also to the policies, standards, and procedures meant to mitigate incidents of data and NPI loss. It is, after all, an endless cycle of good intentions, immediately followed by concrete, integral action, and a tested and secure outcome.
Thanks for getting to this point. As you can see the improbable, implausible stretch is quickly becoming reality. If you have any questions about securing your technology, please reach out. We’re here to help.
Authored by: Mike Smith, AWS CCP and Josh Mourning, CCBP
Download Blog
