I have been accused before of condemning, or belittling the ACPO Policy, and words like “vitriolic” have been used to describe my column. Oddly enough it has not been the ACPO people complaining, it has always been a third party.
It’s funny how people select what they want to see and disregard the rest. As my grandmother used to say, “You only need a brain the size of a peanut to bang a loud drum”. So with complete disregard for those who rubbish other peoples’ ideas without having the brains to offer suitable alternatives, I will once again comment on the ACPO Policy … or, to be more accurate, a small part of DD243 … because I believe something needs to be said.
Shunt locks: the pros and cons
The latest version of DD243 proposes (among other things) to allow the un-setting of alarm systems by the use of a shunt lock. I can see where the writers are coming from: most of the customer related false alarm problems occur during the setting or un-setting of the systems so it is a problem that needs to be tackled objectively. Most alarm engineers find it totally amazing how many ways a simple un-setting job can be fouled up by the unthinking end user.
A typical end user scenario: they unlock the door, walk in and then realise that they have forgotten the code so they dash out again and lock the door before the time runs out, thinking they are safe. They then sit in the car and wait for the boss to turn up – followed by a battery of cops’ cars and, in one case, an armed SWAT team.
One woman used to set off the alarm every morning without fail, and it was always the passive in the office that activated. The passive was changed more than once. It was then moved to a different corner so that it couldn’t see through the door if it had been left open. Then it was replaced by a quad passive and still the problem went on and and eventually it was solved by putting the office detector on the exit route. The lady in question was prepared to swear in court that she went straight to the panel and put the code in, she even demonstrated how to unset the system in front of the boss and the puzzled engineer, and did it faultlessly with all the confidence in the world.
The mystery was solved some months later when the engineer arrived early to do the routine maintenance. The lady turned up, said hello to the engineer as she got out of her car lugging a handbag the size of a dustbin. She unlocked the door, nipped in smartly and dropped her handbag under her desk in the office before turning off the alarm in reception. She had done that from day one without realising she was doing it. It was an unthinking habit that got the alarm taken off police response and put the company’s insurance at risk whilst they were blaming the alarm company. In this case the simple action of un-setting the alarm by the use of a shunt lock would have prevented the problem.
How safe is this option?
But, and it’s a very big but, are we compromising the customer’s security for the sake of lowering the false alarm rate?
ACPO, on behalf of the industry are obviously looking for systems of un-setting that are so simple and foolproof that they could be successfully completed by a trained monkey with a hangover. The shunt lock principle is very popular in Germany where it has been acceptable for some time; but, for my part, I have some strong reservations.
The new proposals are included in the revised DD243 scheduled for publication in January/February 2002. Those proposals are:
All these systems are designed to reduce the number of false alarms on un-setting … but how safe are they?
Option 1: Un-setting the system by unlocking the door should almost eliminate false alarms, but we are then back to the problems of “What if I lose my keys?”
I know you could say that the same applies if you lose your keys anyway. In that case anyone finding them could let themselves in and have free access to all you own. The argument is that you should take better care of your keys, more so in this case where it automatically wipes out the intruder alarm. However, there are other points to consider.
For a start, what kind of lock do we use? ACPO, quite rightly, have decided that the technical aspects of the issue are not within their remit. The obvious answer is to insist on a BS3621 lock with a shunt switch built in, but these are expensive little beasties and, with a long wire attached, they are sometimes difficult to fit.
Then, of course, not everyone will play the game; there are those among us that will cut every corner. I have in the past fitted a micro switch onto a much cheaper three-lever domestic lock (for internal use within an office complex) but there will be nothing written into DD243 that says you cannot use the cheapo lock to unset the system … and that could spell disaster for the customer.
The problem with a cheaper lock is that it is relatively easy to pick. In fact, most cheaper locks can be picked using a simple bent wire. More specifically, all the cheaper keys are numbered and copies can be bought by quoting that number in the local hardware shop. Not very secure is it? We must avoid using these locks at all costs.
Unacceptable locks
Between the cheap and the BS3621 there is an intermediate standard of locks that are “Insurance Approved”. These are usually a slightly cheaper breed of five lever lock, quite adequate for normal usage but, to my mind, definitely not acceptable to unset an alarm.
I’ll clarify that sweeping statement: the main difference between “Insurance Approved” and British Standard locks is something called an anti-drill plate. This is a hardened steel plate glued to each side of the BS lock to deter or prevent drilling holes in the lock. Why drill the lock?
This is where, for obvious reasons, I am going to be vague, but certain techniques are well known within the locksmiths trade and by some specialist burglars.
Quite obviously, in this case, drilling open the lock will disarm the system and, mores the point, there is no alarm raised and no time limits whilst the thieves are working on the outside of the door. It doesn’t bear thinking about. (Perhaps the answer to this is a vibration detector on the door to detect drilling.)
Option 2: Using a shunt lock to remove the confirmation has many of the same pitfalls: It leaves the property vulnerable to attack by the professionals. The only difference being that the alarm will still activate but without police response. Who knows, it may even lead to an attack on the key holder when they turn up.
Option 3: Using the door contact to disable the confirmation is a non-starter in my book. This leaves the way open to the brute force ram raiders or door kickers. At the end of the day this is self defeating. Kick the door in and the police won’t turn up. I think I can safely predict that the insurance people won’t like it.
Option 4: Using the infrared or radio transmitter is a better proposition for the simple reason that we take the un-setting device away with us and it cannot be tampered with during our absence. But then we are back to the lost key principle and, don’t forget, we have been doing this for years now with our cars … and what do we do? We put the key and the shooter on the same key ring. This habit is so prevalent that most modern cars now have the transmitter built into the key. I presume that with the transmitter system there will be some means, either audible or visual, to confirm that the system has set or unset. That means anyone finding a set of keys has the opportunity of wandering round the local area firing off the transmitter until the related system very obligingly reveals itself.
Anyway, doesn’t BS 4737 say that the control equipment should be within the protected area, and the control equipment is verified as “the point at which the system is set or unset”, or some other similar form of words?
I understand the new BS EN 50131 will make provision for setting and un-setting from outside the protected area and that it is common practice on the continent. In the light of that I won’t argue, but I don’t have to like it.
Option 5: The final option of un-setting in conjunction with an ARC is undoubtedly the best method but it could turn out to be a good theory that doesn’t work in practice. First, it will be more expensive because it involves the ARC. Second, if we get vast numbers of people wanting to unset vast numbers of systems at the same time every day we are going to have a telephone log-jam that will last till teatime.
System is self defeating
I can predict accurately what will happen, after about ten minutes of getting nowhere on the phone people are going to get fed up and say “bugger it, I’m going in”, and so destroying what should be the safest way of un-setting. The actual practicality of this system is self-defeating to say the least taking the vast number of systems out there into the equation.
As I’ve said before, we need a system where no one is given the keys to a property until they have been trained by the alarm company on setting and un-setting the system and, more to the point, that person has proved they know and understand the system by actually doing the setting and un-setting (under supervision) a number of times. The instruction of key holders in setting and un-setting should only be done by a person who has been trained to instruct others, and once again has proved his (or her) skills by performance and assessment.
Manufacturers’ training essential
Engineers should not be allowed to commission a system until they have received training from the manufacturer of that equipment, this is particularly important nowadays when systems are getting very complex and complicated.
The chances of accidentally setting up the system wrongly with false alarms built in are increasing by the day.
ACPO, quite rightly, is hell bent on getting those false alarm figures down, but, (as with the problems with push to set buttons), should we put the customer’s systems at risk by allowing a system of un-setting that is possibly vulnerable to attack?
