No privacy policy or data handling statements visible in provided content.
Terms of Service
—
No terms of service visible in provided content.
Accessibility
+0.05
Article 2 Article 26
Semantic HTML structure and responsive design patterns visible suggest baseline accessibility considerations. However, no alt text or ARIA attributes confirmed in provided markup.
Mission
—
No explicit mission statement or values declaration visible in provided content.
Editorial Code
—
No editorial standards, corrections policy, or transparency mechanisms visible.
Ownership
—
No ownership, authorship, or organizational affiliation disclosed in provided content.
Access Model
+0.08
Article 19 Article 27
Content appears to be freely accessible without paywall or registration barrier. Newsletter signup present but not mandatory for access.
Ad/Tracking
-0.05
Article 12
Carbon ads integration detected in CSS. No explicit consent mechanism or tracking disclosure visible in provided markup.
I’ve been to many very large office buildings with turnstile systems, and I have never seen any kind of line, even during the busiest hours. Yes, they are security theater to a large extent, but they do legitimately help to make the elevators run a lot more efficiently.
There is nothing here that really tells us the turnstile was security theatre? Or the various key card swipes.
There are many ways to skin a cat; and there are many ways to ensure authenticated / trusted access. If you have site wide security gates, it means you know everyone on site / on a given floor conforms to a given minimal security or trust level, so now you can conduct operations in that area with more freedom. This makes the risk assessments for other actions so much simpler. e.g. Now when the apprentice IT tech leaves the SLT's laptop trolley in the corridor it doesn't trigger a reflash of all of the machines. Or when a key individual misplaces their keyfob (e.g. in the kitchen) it doesn't trigger a lockdown of core systems, because they had it on the way in and its reasonable to trust that nobody stole it.
Obviously the implementation was botched in this case - but "feel secure" and "security theatre" are right as often as they are wrong.
I worked at a company that had effectively no physical security during work hours until the second time someone came in during lunch and stole an armload of laptops.
Then we got card readers and a staffed front desk, and discovered our snack budget was too high because people from other companies on other floors were coming to ours for snacks too.
I never felt the office was insecure, except in retrospect once it was actually secure.
Turnstiles have a genuine security benefit compared to door and elevator security: convincing people not to let their coworkers in the door or up the elevator is difficult because the actual request (“close the door behind you, this blocking the friendly person trying to go through, so their scan their card”) is genuinely obnoxious. But a turnstile really does fundamentally let one person through, even if it’s easy to bypass.
Lift (elevator) sidenote: there are fancy well designed ones where the turnstile communicates what floor you need to go to to the lift, and a "destination dispatch" system assigns/batches groups of passengers with similar/same destinations to the same lift car to improve efficiency.
As others have mentioned, it comes down to the threat model, but sometimes the threat model itself is uncomfortable to talk about.
It’s sad to think about, but in my recollection a lot of intra-building badge readers went up in response to the 2018 active shooter situation at the YouTube HQ[1]. In cases like this, the threat model is “confine a hostile person to a specific part of the building once they’ve gotten in while law enforcement arrives,” less than preventing someone from coat tailing their way into the building at all.
This text is another reminder about the fact that as organizations grow, they become more and more dysfunctional. They function despite that, because the economies of scale are apparently still larger than the loss of functionality due to the increased size.
Humans' most important achievement is the ability to create structures larger than the Dunbar number. But this is not achieved for free.
(And this is another reason why I strive to work at startups more than at huge corporations.)
Many years ago I was doing due diligence on a point of sale hardware company, I had to head up to an acquisition they had done. People bitched and moaned about the level of physical security added, and when I asked them why they were so upset, they told me to go to the loading dock in the back.
The loading dock was kept completely open "because it's hot and we don't have A/C back here!".
Amazon is pretty serious about physical access security. Even back in 2002, you had to scan your badge while a security guard watches, to check if you are the same person as the badge picture.
The same guard also checked if your dog was registered (I think my dog got a badge with his picture, although I think that was just for fun, and not functional)
And no easy ability to enter through side doors - you couldn't open a side door with your badge. At the time, you could still lurk outside a side door until someone else opens the door to exit. Eventually (11 years later) they locked all the side doors because they noticed people doing this sort of thing.
More recently, I think you have to scan your badge to leave so they can even track how long you're in the building, and know when you're supposed to work on site but you were there only long enough to have a coffee and then went home to continue working from home. This last part is second-hand knowledge since I haven't work there in a long time.
This is the opposite of security theater. It was an apparently an implementation of security with issues but restricting physical access, both for people and vehicles, is absolutely a real improvement to security.
Funny. We had a security guard that had memorized all the faces of the employees. If he knew you he'd buzz you through. If he didn't know you you'd have to be vouched for by someone that he did know or by showing your credentials. By day #3 he'd know you, and he also somehow knew when you were no longer with the company.
There never was a line and there were 1400 people in those buildings.
I never realized how incredibly that guy's contribution was but this story made it perfectly clear.
Also, I don't actually buy the story as related here. It would seem to me that within minutes of that queue building up the turnstiles + card system would be disabled because something clearly was not working.
I'm not really sure what the point of this article is. Yes, obviously, you need to implement systems that are secure and performant so that you don't get a backed-up line of people waiting an hour just to get into the office in the morning. But that's a notably flawed rollout; millions of employees go into badge-in-required offices every day without issue. And it's kind of hard to imagine running a large office while lacking such basic physical security as "keep unauthorized people out of the building". Having electronic badges and readers is table stakes.
Author here. I posted this on Sunday for a light read, but I guess it got traction today.
Based on the comments I see here, I think the focus is going on the turnstiles just as it did when I worked there. While the cookie credentials are pushed aside. I think that's the security theater. We are worried about supposed active shooters, different physical threats while a backdoor to the company is left wide open. The turnstiles are not useless, they give an active record of who is in the building, and stop unauthorized people. But they also give so much comfort that we neglect the other types of threats.
Whenever I see this in practice I always think a determined killer would clearly know not to attack the “secure” building. Rather, attack the densely-packed line of people waiting to swipe their badges.
Unnervingly, this usually occurs to me when I’m waiting patiently in the densely packed line of fellow targets.
Bad implementations do not "security theater" make. When I did some work for a large coffee company, they had turnstiles at their building entrances, and I don't remember any lines in the morning. The scan/auth/enter process went about as fast as if there was no turnstile.
I remember when I started at Microsoft decades ago that there were still "old-timers" who were pissy about having to use card keys to enter the building. With that attitude, man, did that ever explain Microsoft application and OS security in the early 2000s.
I'm not going to comment on the security implications of either situation, but is there a companion piece by the facilities team complaining about the amount of paperwork required to install turnstiles only for a software engineer to come along and lock them out of Jira on a whim?
Could have been worse. Anybody remember that story where the keycard readers would randomly work and eventually it was discovered the log file had grown huge and was being appended by reading the whole thing into memory over the network, appending the line, and writing the whole thing back out again, thus creating what the random pattern because I guess it would sometimes time out?
Electronic audit trail makes SOC2 report easier for auditors. You can use paper trail instead, but electronics makes it easier. Few things in the world are required, but some of these compliance things are 'viral' in that if you're a vendor to a guy who needs compliance you need to practice the standards as well.
Besides, visibility is sufficient as a deterrent. Back in India, there'd be a big difference between leaving an old man in a chair in front of the shop and having exactly zero people in front of the shop. There are classes of people you deter with the former who will not be deterred by the latter. The old man is not 'security' - anyone motivated can shut him up without much effort. And yet his presence works.
Score Breakdown
ND
PreamblePreamble
No observable content addressing recognition of dignity, equality, or inherent rights of all members of human family.
ND
Article 1Freedom, Equality, Brotherhood
No observable content addressing freedom and equality in dignity and rights.
+0.10
Article 2Non-Discrimination
Low Practice
Editorial
ND
Structural
+0.05
SETL
ND
Combined
ND
Context Modifier
ND
Domain-level accessibility modifier (+0.05) applied for responsive design and semantic HTML suggesting non-discrimination in access structure, though no explicit anti-discrimination editorial content present in URL.
ND
Article 3Life, Liberty, Security
No observable content addressing right to life, liberty, or security of person.
ND
Article 4No Slavery
No observable content addressing slavery or servitude prohibitions.
ND
Article 5No Torture
No observable content addressing torture or cruel, inhuman, or degrading treatment.
ND
Article 6Legal Personhood
No observable content addressing right to recognition as person before law.
ND
Article 7Equality Before Law
No observable content addressing equality before law and non-discrimination.
ND
Article 8Right to Remedy
No observable content addressing effective remedies for rights violations.
ND
Article 9No Arbitrary Detention
No observable content addressing arbitrary arrest or detention.
ND
Article 10Fair Hearing
No observable content addressing fair and public hearing by independent tribunal.
ND
Article 11Presumption of Innocence
No observable content addressing presumption of innocence or criminal procedure rights.
-0.10
Article 12Privacy
Low Practice
Editorial
ND
Structural
-0.05
SETL
ND
Combined
ND
Context Modifier
ND
Domain-level ad tracking modifier (-0.05) applied for carbon ads integration without visible consent mechanism, affecting Article 12 privacy protections.
ND
Article 13Freedom of Movement
No observable content addressing freedom of movement or residence.
ND
Article 14Asylum
No observable content addressing right to seek asylum.
ND
Article 15Nationality
No observable content addressing nationality rights.
ND
Article 16Marriage & Family
No observable content addressing marriage and family rights.
ND
Article 17Property
No observable content addressing property rights.
ND
Article 18Freedom of Thought
No observable content addressing freedom of conscience, thought, and religion.
+0.16
Article 19Freedom of Expression
Low Practice
Editorial
ND
Structural
+0.08
SETL
ND
Combined
ND
Context Modifier
ND
Domain-level access_model modifier (+0.08) applied for free content access without paywall, supporting freedom of expression and opinion dissemination. Blog content appears freely accessible.
ND
Article 20Assembly & Association
No observable content addressing freedom of peaceful assembly or association.
ND
Article 21Political Participation
No observable content addressing political participation or democratic rights.
ND
Article 22Social Security
No observable content addressing social security or welfare rights.
ND
Article 23Work & Equal Pay
No observable content addressing right to work or employment.
ND
Article 24Rest & Leisure
No observable content addressing rest, leisure, or reasonable working hours.
ND
Article 25Standard of Living
No observable content addressing adequate standard of living or health.
+0.10
Article 26Education
Low Practice
Editorial
ND
Structural
+0.05
SETL
ND
Combined
ND
Context Modifier
ND
Domain-level accessibility modifier (+0.05) applied for baseline accessibility patterns supporting equal access to education and development through web content.
+0.16
Article 27Cultural Participation
Low Practice
Editorial
ND
Structural
+0.08
SETL
ND
Combined
ND
Context Modifier
ND
Domain-level access_model modifier (+0.08) applied. Blog content disseminates knowledge and culture freely, supporting participation in scientific and cultural life.
ND
Article 28Social & International Order
No observable content addressing social and international order necessary for rights realization.
ND
Article 29Duties to Community
No observable content addressing duties to community or limitations on rights.
ND
Article 30No Destruction of Rights
No observable content addressing prevention of rights destruction or abuse.