Broken Windows and Anti-Passback

Does Broken-Windows theory apply to Anti-Passback policy? I would argue emphatically that it does. Since the mid-nineties the “fixing broken windows” theory has been speculated as the primary cause for the precipitous decline in crime in New York City under the direction of Mayor Rudolph Giuliani. While the exact cause of the decline in crime in the nineties is debated in books like Steven Levitt's and Stephen Dubner’s “Freakonomics” and Malcolm Gladwell’s “The Tipping Point: How Little Things can Make a Big Difference”, the “Broken Windows” theory remains doctrine in many security circles.

But how does this apply to Anti-Passback?

First, as any security engineer or consultant will tell you, Anti-Passback is only as good as the policies in place to enforce the rule. If a violation occurs and the violator is simply granted access as a way to ensure he/she can be at their desk or station on time without repercussion, then passback programming fails to meet its objective. However, if procedures are in place to make it punishable or at least inconvenient for the violator, then the goal of the objective is held true.

Many consultants will tell you that US policies are more difficult to enforce because we are just too courteous. We have been raised to be a gentleman or lady and to hold the door for the next person entering a building. It is just not polite to pull the door closed behind you and make the next person use his/her credential to re-open the door. In Europe there are less passback problems (infer your own opinion here). However, this politeness is a gaping hole in corporate (commercial, industrial) security. This is a particular problem in larger corporations where employees may not know the person (violator) following them into a building or a secured area.

By following “broken-windows” theory, instituting a hard-line, zero-tolerance approach to passback violation I believe can send a message to cardholders that passback is necessary for the security of the facility and should not be ignored. By showing notable repercussions and creating an example out of offenders, the remaining cardholders are more likely to ignore their instinct to be courteous and therefore create a safer environment.

I should note that there are obvious devices that can assist with passback problems, such as optical turnstiles, but when talking about an entire facility and a global passback environment, turnstiles may not be feasible at the entrance to every “nested” area, and policy is once again the ultimate enforcer of passback violation.