Norwegian workplaces are now introducing a range of security and emergency preparedness measures which used to be reserved for the armed forces, police and intelligence services. Background checks, surveillance, vulnerability interviews and “security sustainability” assessments are becoming increasingly widespread.
The question is whether the measures are proportionate to the risk and serve their purpose, and what they do to trust-based relationships in working life.
“We see gradual changes to how these things are approached in working life settings and how employees are talked about,” says Tereza Østbø Kuldova.
She is a social anthropologist and the author of several books, working on topics including algorithmic management, surveillance, corruption and crime, and artificial intelligence in policing, the welfare state and working life.
Østbø Kuldova heads the research group “Labour, Democracy and Governance” at the Work Research Institute (AFI) in Oslo.
The AFI researcher is also the project leader for Insider: National Security through Private Sector Regulation? Critical Evaluation of Insider Threat Programs and Security Compliance in Current Geopolitical and Regulatory Context.
This project is financed by the Norwegian Ministry of Defence and will map and analyse the fundamental tensions between national security interests and the profit motives of the private sector.
Several research projects at AFI
Østbø Kuldova and her colleagues are now finishing the project “DigiWork: Digital Prism and the Nordic Model of Workplace Democracy under Pressure”. The project examines how the digitalisation of work impacts the Nordic model for workplace democracy and tripartite cooperation. A book based on the project will be published in December.
And in April this year, another research project was launched, led by AFI researcher Cathrine Egeland. In this, researchers study how various security measures introduced in the higher education sector impact researchers and research institutions.
From pandemic to new security policy reality
Østbø Kuldova points to two events that have changed the premises for security and preparedness in working life: the pandemic and the security situation following Russia’s full-scale invasion of Ukraine.
“The pandemic led to a normalisation of technology that gathers vast amounts of data. Digital control and reporting tools were rapidly introduced, often without the normal process for employee co-determination. There was a crisis. New tools were accepted. The crisis made it hard to argue against them. Many of these tools have remained,” she says.
The war in Ukraine and a more unpredictable security policy climate have amplified this trend. Threat assessments from the authorities talk about espionage, sabotage, influence, disinformation and leaks as real threats. Østbø Kuldova believes it is legitimate to tighten security in critical functions.
“The problems arise when these measures increasingly spread throughout working life, without anyone assessing whether this threat is actually relevant to the organisation in question.
“We see that what happened during the pandemic, also happens now: During times of crises and war, security overrides everything. Security measures are introduced ‘because we have to, because there is a crisis’. It is difficult for employees and union representatives to argue against this and challenge it,” says Østbø Kuldova.
From resource to potential threat
Security clearance and strict security regimes used to be reserved for specific positions and workplaces – in the armed forces, police, the police security service and other organisations subject to the Security Act.
Now, researchers see that more and more organisations that are not covered by the Act, both in the public and private sectors, are drawing inspiration from this when introducing potentially highly intrusive security measures. They develop their own threat assessments and contingency plans or carry out background checks on job applicants.
Østbø Kuldova says this kind of work is often performed by consultancy firms, often staffed with former members of the armed forces, police and public security agencies. They bring with them a notion of “best practice” that does not necessarily fit the wider world of work, she argues.
“Such assessments might be relevant in relation to national security, but when transferred to the entire labour market, such preventative action can quickly turn into control. What is legitimate in the intelligence service is not necessarily appropriate in, let’s say, a grocery store,” points out Østbø Kuldova.
That was also a theme up for debate during the political and societal event Arendalsuka earlier in August. The title was “Working life in the crossfire: Consequences of new security regimes in a time of geopolitical turmoil”.
The researcher also points out that while employees used to be primarily viewed as a resource, we now see a language and mindset putting employees in the risk category.
Rather than building on trust, the systems are designed to identify vulnerabilities – like divorce, economic problems or alcohol misuse – and to assess whether this makes a person a possible “insider threat” or whether they are “fit for security purposes”.
“But a ‘threat’ to what? What does it mean to be ‘fit for security purposes’ or for management to be ‘handling vulnerabilities’ in organisations that are not subject to the Security Act?” asks the researcher.
Freedom of speech and privacy under threat
They also see a change in the way employers recruit. It used to be common to submit an application and a CV, perhaps with some diplomas, certificates and references. Now, it is increasingly common for background checks to include things like a review of social media and “negative media coverage”.
This can cover everything from political engagement or activism to party photos from our youth that an employer might consider problematic.
“What does such a background check actually entail? Does it mean that you can no longer carry out your job professionally and with integrity, while holding different opinions as a private individual?
“We have blurred the roles. The boundary between you as an employee and you as a private person is on the verge of disappearing altogether. What you say or believe in your private life risks being used against you in a work context,” says Østbø Kuldova.
She wonders whether this really is the direction we want the traditionally trust-based Norwegian working life to take.
Østbø Kuldova also highlights problems with the principle of consent:
“Formally speaking, you give your consent to a background check. But in reality, you have no choice. There are hardly any jobs left that do not require it.”
Preparedness and security – two competing logics
The researcher distinguishes between preparedness thinking and threat-driven risk management. The former is about training, cooperation and sharing information in order to be better equipped in times of crisis. The latter focuses on handling or eliminating potential threats, often through control and secrecy.
She argues that we often assume that these two logics are harmonious, but in practice, they are at odds with each other.
“Preparedness is about training, sharing information and building competence to function in a crisis. The security logic is about controlling, restricting and minimising the risk that employees might harm the organisation.
“In preparedness, employees are a resource. In the security logic, they are a potential threat.”
Sidelining tripartite cooperation
A key question here is what happens to the cooperation between the social partners and workplace co-determination when new security routines and technologies are introduced.
Østbø Kuldova believes that trade union representatives are often simply informed, not genuinely involved. Many of the plans and guidelines in use are taken from templates which have not been adapted to Norwegian working life – and there is no reference to social dialogue.
“When ‘security trumps everything’, the threshold for asking questions is very high. But we need a debate about what constitutes a reasonable level of security, and whether the measures are actually suitable for each individual organisation,” Østbø Kuldova argues.
The researcher believes the trade union movement and employee representatives must play a bigger role and be a more active voice in these discussions, both to safeguard trust in working life and to ensure that the measures do not undermine their own stated purpose.
“It is important not to be afraid of questioning security measures, not least to make sure they genuinely serve our security and do not erode democracy, the rule of law and freedom of expression.
“We must find more positive approaches to security that take threats seriously while not undermining what we seek to protect – namely democracy, trust and freedom of expression, including in the workplace,” says Østbø Kuldova.
She warns that a vision zero for security risks may lead to measures which, taken together, undermine both real security and the trust-based culture of working life.
“Each measure may seem reasonable in isolation. But when combined, they can become disproportionate and, at worst, harmful,” she says.
Ultimately, it comes down to how we view people. Are they a resource or a risk?
“Should we face the security challenges of the future by treating employees as a risk that must be controlled? Or as a resource we must invest in and involve?
“In line with the Norwegian model, the trade union movement and employee representatives ought to take on an important balancing role here, precisely for the sake of security, and to protect us from unintended consequences.”
