The world's most expensive hospital project ever, the New Children's Hospital in Ireland, has chosen an all-Hikvision surveillance system including specialized facial recognition cameras, IPVM has found.
Never let the truth get in the way of a good IPVM story….
The truth of what? I made a mistake saying Belfast was in Ireland, instead of Northern Ireland. It's a mistake, which was corrected, but it's immaterial to the 'story' here that has made a half dozen newspapers across Ireland and the UK.
I have couple hospitals using face rec. Hospitals are very vulnerable and so are the employees, patients, and visitors. Hospitals are using face rec to be aware of people who have caused problems in the past. This includes robberies, fights, etc.
The NCH is a typical project for Ireland; way over budget creating many Millionaires in the supply chain and with politicians sitting on their hands watching it all happen. As they have gone over budget in the most ridiculous way corners are now being cut. I know that various proposals were submitted for CCTV which were based on reputable non Chinese brands but in the end it was all down to saving as much money as possible. At the time the specification for the CCTV system was released Hikvision didn't even have the products that could match the requirements, but when money becomes the key factor those requirements were easily forgotten about.
As with all large projects and when consultants are involved with the large M&E firm the products and specifications being recommended are usually because the consultant has some ties/ relationships with a particular distributor/ manufacturer. In the case of the NCH, the rumors would suggest a HIK distributor being connected with the security consultant.
It appears to me from the original comment that Hikvision was not included in the original specification. Sounds like it may have been value engineered into the project by a 'connected' distributor or integrator (Stanley). Either way it would be interesting to find out who shoe horned them into this project.
Agree, this is how it goes. An uneducated consultant being educated by an uneducated distributer being educated by a sales person from a company that doesnt give a s**t! Likely a copy and paste A&E specification job as usual.
The specification wasn't at fault here, although it went out the window with the baby and the bath water fairly quickly. Money spoke in the end, not the interest of the NCH or anybody else for that matter. The specification asked for features which a Hikvision only solution could not produce at the time and I highly doubt if it would be able to do it now, a year down the line.
HIK, Dahua etc. don't exactly fail on features, they fail on other aspects that aren't directly obvious on a spec. sheet usually...
Well on the CMS / VMS side, HikCentral is fairly new and limited compared to 20-year-old VMSes providers like Milestone and Genetec. I have not examined the details of the Hospital spec but that is potentially a risk, more so than cameras.
There is a core business principle of fitness for purpose at minimum cost. OJEU tenders are generally awarded on a commercial bias, so the tax payers euro is better focussed at point of health service delivery than an more expensive camera that does exactly the same job. Whilst there is a clear argument against the use of Hikvision on the grounds of domestic Chinese policies, virtually everyone you speak to says the same thing "This is all part of Trumps trade war and is just a bargaining chip". the US may have a different take on it - but at this article is EU based, its only fair to give an EU perspective.
I agree with you that if the cameras do the same thing at a lower price then there is no issue and maybe thats the case. The VMS doesnt do the same thing though, no way. For any large system installed into a project that is likely to be expanded and reconfigured through its lifecycle (assuming 10 years before a significant refit) you have to have an open platform VMS. What happens in 18 months when they add 20 more cameras? Can they add Bosch or Axis or anything else for that matter? What if a camera is released to market next year with some new technology or feature that they think they need, can they add it?
That's a fair comment. But we'd really need to drill into what is expected of the VMS. Certainly IVMS is not great, and early centrals were not much better - but I know its been significantly improved. There is an argument also against the like of Genetic - in that they may pull the plug on integration with your preferred camera manufacturer, giving further strength for an end to end solution. the hospital security environment varies massively from systems only used for parking revenue generation, to a fully configured 24/7 manned control room hosting fully integrated EACS/IDS/CCTV/Intercom etc....
So it really is horses for courses - or put better - fitness for purpose.
I would have to say though, based on my experience of the UK Hospitals, the reality is that although facial recognition may have been sold and 'bigged-up', the reality of the situation is that it is unlikely to be deployed. The Mk 1 eyeball is better that an AI I've used and is invariably what the security personnel use.
The facts are simple. The whole hospital project is massively over budget (nearly double the original Euro 983m) and frankly, pragmatism takes precedent over any moral objections to a country of origin for a consumable piece of equipment.
On a technical point, Hik are usually at the cutting edge (often bleeding edge!) of technology release - so the chance of Bosch bringing anything out that would beat Hik are not high (although the price tag would be). as I say - as an end to end solution on a project where the costs are out of control - this seems an entirely logical decision and will be based upon a performance specification and value engineering - like 90% of open tenders in the EU.
Unfortunately the 'cutting edge' technology has been going hand in hand with many issues varying from Cyber Security and hacking as well as the Chinese State controlled stake in Hikvision. Then of course there is the political side of things with the human rights disaster that is Xinjiang and Hikvision's contribution there. Not something you want to get involved in as the Irish Government.
And if the 'cutting edge' technology is no longer ONVIF compliant what good is it in 5 years time. Sure Genetec can pull the pin on an integration but they normally do it for a very good reason.
Value engineering is a big issue and normally boils down to matching the camera count at the lowest possible price making huge sacrifices when it comes to functionality and often leaves end users with systems that are not fit for purpose, that's my experience. Scaling down on CCTV to save costs on a project that has gone more than a Billion Euro over budget is ridiculous. This is all about main contractors maximizing their margins, the budgetary damage on the NCH is already done. Cutting the back side out of the CCTV will make no difference...
Let's not forget the cyber security issues which came along well before the problems in Xinjiang were highlighted. Issues that were denied by Hikvision for a very long time until it was that clear that they were lying they had to start admitting to them. They even had to hire crisis writers and other PR people trying to manage the fall out. On top of that the fact that the brand was expelled from ONVIF surely should be taken in to consideration as well. A camera might be cheaper to buy now and be may be deemed to 'do the same thing' compared to a more expensive version but what is the cost of long term ownership to the NCH. Buy cheap buy twice sounds anecdotal but most professionals in our industry know there's a truth in this as well. Total cost of ownership over time as well as usability should way very heavy in the decision making on any system over 1000 cameras.
There will be several more twists and turns in this project as it keeps going further over budget. Some have mentioned the total project costs to go close to 3 Billion Euro, yes 3 Billion Euro for a Children's Hospital. This for an Island nation with a population of 4.5 Million, absolutely ridiculous. Another one of these projects where the government took their eye off the ball and let incompetency run riot. This is the same government that recently ordered a printer worth 1 Million that had to be sent back as it did not fit in to the building it was meant to go in. Many Contractors are already standing to make millions out of their share and try to further increase their margins by cutting corners including CCTV.
The CCTV tender process is now beyond a joke and has fallen victim to the famous race to the bottom, a race of which we know will have no winners.
A very substantial CCTV system comprising of, going by the time scale, non ONVIF compliant equipment if it all goes ahead.
This for me shows the state of the market in Europe in general. You have a 'high end' building of national significance with an end to end low rent CCTV solution. 5 years ago a project of this size and significance would be something like Bosch or Axis cameras connected to a Milestone or Genetec VMS type solution (mid - high end cameras and enterprise VMS). I'd assume this system is in the 500 - 1000 camera count connected to embedded NVR's. I wonder what network the cameras and NVR's are connected to probably an enterprise solution like Cisco (managed by the It dept and noting to do with the security dept) or have they kept the cheapest hardware we can find mentality throughout? Do China make cheapest price medical equipment?
For me the facial recegnition is a non event, childrens hospitals are sensative and if you have a solution that can attempt to detect faces from a known blacklist for example then that is no bad thing (I know GDPR rules dont agree with my opinion!).
What is important for me is how the information/data is managed by the facial system. Who has access to the system? What is the process for requesting data by third parties or the Police? What is the data retention policy? Are the servers secure and installed in a secure envoirnment? What is the process for an employee or contractor to access that secure area? Is there remote access to the network\servers? Who has remote access? is it secure?
Storing sensative data is something that the IT industry has done for years. Mostly very sucessfully at the top end such as banks and governments (not prefect I know). When sensative data is managed by incompetent designers and operators bad things can happen, there have been many exampels over the years.
I have yet to meet a security consultant or mainstream security integrator that has even the slightest clue how to manage and protect sensative data like that generated by facial recegnition systems. End users buy a system like this because their consultancy team tells them to, the consultancy teams are being 'educated' by the manufacturers and in my expierence most of them are way behind the curve.
In allot of cases our industry has become a lowest price war with blatent disreguard for standards or practices that have existed in the IT space for years. This is maybe okay in a shopping mall or a hotel but its happening in hospitals and government\military projects now also.
It appears Hikvision may not have been in the original specification as was mentioned above. Therefore it was probably VE'd into the project by others. GC, Integrator (Stanley), and/or connected distributor are probably the culprits.
Most notably, Ireland's main civil liberties organization, the Irish Council for Civil Liberties (ICCL), issued a strong statement against the use of face rec at the NCH:
The New Children’s Hospital contracting face surveillance technology for children accessing medical care would be incredibly invasive. Children are afforded enhanced personal data protections under the law. Deploying this tech in this manner would run afoul of those protections. It’s expensive, inaccurate, discriminatory, and in this situation, likely unlawful. [emphasis added]
The ICCL also called out Hikvision's human rights track record:
To protect everyone’s rights, including children’s, the state should not install these face surveillance systems in hospitals in the first instance, and certainly not in cooperation with private surveillance companies with controversial rights track records. A data protection impact assessment would demonstrate the risks. Has the New Children’s Hospital conducted one?
Ireland's data regulator, the DPC, also reacted to this news, telling the Irish Examiner that a DPIA is "likely to be mandatory" for such a case:
We would also advise that conducting a Data Protection Impact Assessment is likely to be mandatory in these cases, given that the processing would possibly involve new technologies, children’s data, and special category data as defined in Article 9 of the GDPR as well as large scale processing in a publicly accessible area.
It is all coming together now. As Face Recognition was never part of the specification, probably for a good reason, it must have been thrown in to the mix by someone as 'a good idea' without giving the legalities much thought and probably proof that those who were making the decisions were not up to speed with what's legal and what isn't in Ireland.
Controversial facial recognition technology is being installed in the new national children’s hospital in order to prevent babies being snatched, local politicians in Dublin has been told....
Eilísh Hardiman said the hospital’s CCTV system has a built-in capacity to control access by way of facial recognition technology, but that no decision had yet been made to use such technology.
This is both factually wrong and difficult to accomplish.
One, the Hikvision equipment they bought for facial recognition is not for access control but for alarming on watchlists. Hikvision has other products designed for facial recognition access control (i.e., each person presents their face to be allowed in) but this is not the correct product for that.
Moreover, this will only even theoretically attempt to alert on babies been snatched if the person doing the snatching is already on the watchlist.
Justifying this with 'baby snatching' has strong emotional appeal but the reality is that what they bought and what they are trying to do here is not going stop baby-snatching.
John there are too many people involved in this project who lack all knowledge about what's technically possible and what not when it comes to AI and they simply go by what they were told/sold. No kit has been bought or ordered yet if my info is correct and I for one highly doubt that this will actually happen anytime soon.
There are elections coming up in Ireland on February 8th and I think we might see some changes after that. There is already some significant push back from politicians and as we know various other groups and organizations.
Update: although not directly related, the Dublin City Council has confirmed that it has replaced four Hikvision cameras on a soccer pitch with "conventional CCTV cameras" after local media raised privacy concerns about the system, chiefly the fact that it was connected to Hikvision DeepInMind NVR (which is capable of face rec.)