Responsible Security and Public Transparency

When developing and selling technology intended to keep catastrophic events from happening, you have a responsibility to your customers, partners, employees and all the people your customers intend to keep out of harm’s way. 

At Evolv, we have such a responsibility, and we take it very seriously. Our founder Mike Ellenbogen has spent over two decades innovating and developing airport security technology that is still in use today. He and co-founder Anil Chitkara launched Evolv after Anil’s wife narrowly missed the Boston Marathon bombing. 

I, on the other hand, have marketed technology my entire career looking to do good in the world, build an enduring company that will last well beyond my years, and work with people I respect and admire. Along came Evolv. I bought in from the beginning. I admire every single person I work with and the customers we serve. Hearts full, they have the boldness of character to drive our mission, which is to make the world a safer place. Period. And we’re doing it in partnership with the truly incredible security experts that I have met along the way, prospective customers, our esteemed advisors and security partners. Our team is comprised of established industry experts and advisors, including leaders in aviation security, national intelligence, Department of Homeland Security, FBI and TSA, who have dedicated their careers to keeping people safe from harm. 

Of debate in this new world is what information we should share about our technology. What information should the public know about the technology our customers are deploying, and how can we be fully transparent with the security experts piloting our system? As we’ve learned from the TSA, revealing too much information only helps the bad guys. On Christmas day 2009, Umar Farouk Abdulmutallab flew from Brussels to Detroit with a non-metallic IED hidden in his underwear. He knew in advance that there was no detection for non-metallic bombs in most airport security protocols and regimens in use at the time. We know this because upon investigation, this vulnerability was discovered through extensive online research, and multiple scouting missions to probe and test for vulnerabilities at specific facilities using specific screening methods. This is a frightening reality. As AI-based weapons screening technology is new to many venues, we need to develop standards, in conjunction with industry experts and trusted security professionals, on the transparency of sensitive security to the general public. 

After careful review, as a company, we have taken a stance on information sharing starting with the NCS4 report on Evolv. We provide a public and private version. Our team feels strongly that we should disclose sensitive information only to trusted security professionals intending to purchase or sell our system – under NDA.  To ensure we are on the right track, we surveyed our customers. Results were as follows:

• 96% of respondents said the public should not have access to any information that encompasses detection technology performance.
• 100% of respondents said the public should not have access to information about detection technology sensitivity settings and the items that alert–and do not alert–at each sensitivity setting.
• 100% of respondents said the public should not have access to specific recommendations that Evolv provides for configuring and deploying Evolv Express system in their environment.

The open comments section of the survey provided some additional insight into the sentiments behind the numbers, and further solidified our stance:

“The less that is shared with (the public) the better chance we all have at someone not finding a weak point.”

“Any and all data concerning procedural or practical utilization of the security equipment should be scrubbed from public consumption.”

“These systems should (be) transparent only to the point of how the customer needs to walk through the system. All other sensitive points need to be closely held.”

“We keep all our data private and only release it to our team that has a need to know.”

“I believe that Evolv shares appropriately to ensure that there are no misgivings on what the system does and does not do in general terms. With customers, or potential customers, after execution of mutual NDAs, not unlike any other system or product, the expectation is that Evolv is transparent about capabilities and limitations of the system so that the customer is ‘eyes wide open'."

We feel we are moving in the right direction. That said, this isn’t enough. We – the courageous people charged with keeping people safe - need to work together to develop and set standards for security technology meant to keep weapons from entering the places we hold dear. Our public safety responsibility requires a delicate balance of maintaining transparency to the community at large, while keeping sensitive security information out of the hands of adversaries. If you share our mission, please join us in developing best practices and setting standards for sharing security information to the general public.  Please email:  Transparency@EvolvTechnology.com