Algorithmic Security Vision: Diagrams of Computer Vision Politics
January 2026
Abstract
More than ever before, security systems are using machine learning algorithms to process images and video feeds, in applications as diverse as facial recognition at the border, movement recognition in urban security settings, or emotion recognition in judicial proceedings. What is at stake in the technical and political transformations brought about by these sociotechnical developments? This article charts the development of a novel set of practices which we term ‘algorithmic security vision’ using diagramming-interviews as an exploratory method. Based on encounters with activists, computer scientists and security professionals, it identifies five interrelated shifts in security politics: the transition from a ‘photographic’ to a ‘cinematic vision’ in security; the emergence of synthetic data; the prominence of error—not as a defect, but as a central characteristic of algorithmic systems; the displacement of responsibility through reconfigurations of the human-in-the-loop; and finally, the fragmentation of accountability through the use of institutionalised benchmarks. Neither issue can be easily disentangled from the other; the study of algorithmic security vision thus unveils a rhizome of interrelated processes. As a diagram of research, algorithmic security vision invites security studies to go beyond a singular understanding of algorithmic politics and to think instead in terms of trajectories and pathways through situated algorithmic practices.
This is an interactive version of the paper published under same title in Environment and Planning D: Society and Space (2025): 10.1177/02637758251406481.
Introduction1
In an increasing number of cities and at international borders, algorithms process streams of images produced by surveillance cameras. For decades, computer vision has been used to analyse security imagery using basic computation to, for example, send an alert when movement is detected in the frame, or when a perimeter is breached, based on the number of pixels changing colour. More recently, the increase in computing power and advances in (deep) machine learning is rapidly reshaping the capabilities of such security devices. They no longer simply quantify vast amounts of image sensor data but identify patterns within it to produce assessments and prompt interventions to a previously inconceivable degree. Pilot projects and off-the-shelf products are intended to distinguish individuals in a crowd, extract information from hours of video footage, gauge emotional states, identify potential weapons, discern normal from anomalous behaviour, and predict intentions that may pose a security threat. Security practices are substantially reconfigured through the use of machine learning-based computer vision, or what we call algorithmic security vision.
Algorithmic security vision represents a convergence of security practices and what Rebecca Uliasz calls algorithmic vision: the processing of images by machine learning techniques to produce a kind of ‘vision’ that makes realities actionable (Uliasz, 2020). It does not promise to eradicate human sense-making but rather allows a reconsideration of how human and nonhuman perception are interwoven with sociotechnical routines. Algorithmic security vision thus draws together actors, institutions, technologies, infrastructures, legislations, and sociotechnical imaginaries (see Bucher, 2018: 3). How does algorithmic security vision work—how does it draw together these entities—and what are the social and political implications of its use? While starting from specific technical developments, we are less concerned with the sole technical features of the systems than with their relation to the societal and political projects that are embedded in the technical choices made in their construction. This article therefore sets out to map out sociotechnical practices in which ‘algorithmic vision’ and ‘security’ practices feed into each other and explores how their entanglement reframes what it means to see, sense, surveil, and ultimately exert power.
To grasp the specificities of algorithmic security vision, we turn to professionals who work with those technologies. While we inevitably come to these conversations with preconceived notions and assumptions, we want to refrain from using pre-established, sedentary categories with which to map out these heterogeneous assemblages. Rather, we want to explore how the boundaries of algorithmic systems are drawn and negotiated, and how entities solidify and stabilize as they circulate between sites of development and deployment . To that effect, we introduce an inductive approach and methodological device: a time-based diagramming tool with which we combine interviews with a real-time drawing of diagrams. This setup allows us to engage with the contours and traces of algorithmic security vision and their coming together through an open-ended, associative and processual approach. Our interviews start with the simple question: can you draw the relation between computer vision and security for us?
In what follows, we begin by contextualising our exploratory theoretical and methodological approach within practices of mapping and diagramming. Then, drawing on our analysis of time-based diagrams, we identify and discuss five interrelated transformations in the security politics of algorithmic vision. First, we show the emergence of moving images, and the transition from what we define as ‘photographic’ to ‘cinematic vision’. Second, we describe and assess the implications of the emergence of synthetic data. Third, we acknowledge the prominence of error – not as a defect, but as a central characteristic of algorithmic systems. Fourth, we outline the reconfigurations of the human-in-the-loop dynamics. Fifth, we address the fragmentation of accountability resulting from the widespread use of benchmarks. Each of these empirical cases generates its own questions. In the conclusion, we reflect on how these come together to form a rhizomatic politics of algorithmic security vision.
Diagramming algorithmic security vision
The proliferation of algorithmic security systems has prompted extensive critical reflection across geography, science and technology studies, and critical security studies. Scholars have interrogated the anticipatory logics of algorithmic governance (Amoore, 2014), the rise of surveillance capitalism (Zuboff, 2019), the politics of operative images (Farocki, 2004), and the emergence of new forms of sensory and infrastructural power (Andrejevic and Burdon, 2015; Isin and Ruppert, 2020). Several authors have explored the use of algorithmic techniques in the treatment of images as security practices (Andersen 2018; Bousquet 2018; Fisher 2018). They show how data, sensors, and algorithms are not neutral tools but are shaped by and constitutive of political logics. Importantly, much of this work recognises the entanglement between sensing infrastructures and algorithmic operations: What is captured, processed, and acted upon is conditioned by sociotechnical assemblages that cut across platforms, environments, and institutions.
However, while this entanglement between the micro and the macro dimensions is often acknowledged, it stays implicit and rarely made visible in tangible, empirical terms. The literature tends to analyse these relations at the macro level—focusing on systems of governance, platform capitalism, or border regimes—or track them at the micro level, analysing sites of implementation or precise algorithmic mechanisms. What is often missing is a means of articulating how these levels interrelate in practice and a way to find out which relations are most important. For instance, how is a local security system embedded in a neighbourhood shaped by and feeding back into broader data infrastructures, policy protocols, and institutional rationalities? What we point out is not a failure of theory, but a methodological challenge—how to capture and trace, with as few assumptions as possible, the specific nature, scale, and type of relationality that binds sensors, vision algorithms, administrative layers, and situated practices.
Diagrammatic mapping, we argue, offers a methodological approach capable of rendering such relations empirically while keeping the enquiry open. Its strength lies in its flexibility: it can capture both the situated micro-politics of specific systems and the macro-dynamics of the infrastructures, protocols, and institutions. It allows researchers and participants alike to foreground unexpected actors, neglected connections, and emergent logics.
We are not the first to critically examine algorithmic practices using diagrams. Computational practices are historically saturated with drawing and diagramming (Soon and Cox, 2021: 214). Kate Crawford and Vladan Joler teased out the many material facets of Amazon’s Echo device in their 2018 piece, the Anatomy of an AI System. Joler and Matteo Pasquinelli mapped out the limits of artificial intelligence on a 2D surface (2020). Perhaps most relevant for our aims is the work of Louise Drulhe, who in her Critical Atlas of Internet (2015) visually explores the politics of the various metaphors of the internet; this work does not fold all entities onto a single ordering logic but allows instead for the multiple competing renditions to co-exist.
As a method, diagramming does however something more. Across various intellectual traditions, including mathematics, logic, semiotics and philosophy, diagramming has been conceptualised not only a tool for representation and clarification, but as a way to enable a distinct ontological and epistemological approach to knowledge production (Stjernfelt 2007). Diagrams enable us to ‘think differently’ about the world. According to Charles Sanders Peirce, diagrams allow indeed a distinct way of reasoning and knowledge discovery. What he conceptualised as ‘skeletal icons’ (Stjernfelt 2011) makes relational relations explicit, contrasting with the limited value of abstract statements without their aid (Peirce 1931-1966). For Peirce, a map, often considered a quintessential diagrammatic form, is a semiotic subtype of the diagram, sharing an identity while potentially incorporating pictorial elements (Gerner 2010). Diagrams can represent relational structures and facilitate deductive reasoning through observation and manipulation. These initial intuitions were formalised by the cognitive science perspective in the work of Jill Larkin and Herbert Simon. Larkin and Simon distinguish ‘sentential’ forms of representation (sequential, argument-based forms of knowledge) to diagrammatic representations (relational, multidirectional, and networked information). They show that contrary to the former type of information, the latter needs to be visualised spatially in the mind before it can be assimilated and understood (for example, an organisation’s reporting organigram, or an electrical circuit). Diagramming on paper or on a screen is thus a way to lighten the mental load on the brain, which would otherwise need to draw the diagram for itself, mentally, to understand complex relations or processes (Larkin and Simon 1987).
While these approaches highlight key dimensions of diagramming as cognitive and epistemic practice, they may at times assume that the diagram is in a passive relation to the mental image—a representation of what needs to be understood or communicated. The work of Deleuze, however, points out that the diagram is also a device that ‘does not reproduce the visible but constructs the conditions of visibility itself’ (Deleuze 1988, 34). For Deleuze, diagrams, such as the figure of the ‘rhizome’, are indeed ‘abstract machines’ that map forces, intensities, and becomings, functioning within a plane of immanence that precedes and destabilises conventional signification (Deleuze and Guattari 1980). Unlike Peirce, for whom the map is a subtype of the diagram, Deleuze suggests that a ‘cartographic ontology’ (Gerner 2010, 100) precedes the diagram category itself. The diagram, in this view, is a ‘map of virtualities, superimposed onto a real map, whose distances [parcours] it transforms’ (Deleuze 1994, cited in Gerner 2010, 55, 100). Diagrams thus actively coproduce knowledge of the sociotechnical practices they are to represent.
Drawing on these contributions, we identify three key affordances of diagramming that make it particularly suited for analysing algorithmic security: (1) relational thinking; (2) manipulation of abstract relations; and (3) generative open-endedness (Table 1).
| Affordance | Enabling characteristic | Description |
|---|---|---|
| 1. Relational thinking | Spatialisation | Diagramming translates thought into spatial form, allowing elements to be perceived simultaneously in complex relational networks rather than in a series of linear sequences. The diagrams’ ‘speculative geometries’ (Soon and Cox, 2021: 221) foreground multiplicity, proximity, contrast, or absence—qualities that help bring implicit hierarchies, associations, or gaps to the surface. |
| 2. Manipulation of abstractions | Graphical inscription | Hand-drawn diagrams, with their ‘sketchy’ graphical form are neither definitive nor exhaustive renderings but facilitate manipulation and revision. Elements can be added, reconnected, or reformulated in response to new insights, enabling what Crilly et al. (2006) call ‘graphic ideation’: an iterative process in which the interviewee continuously tests their visual expression of ideas (Crilly et al., 2006; McKim, 1980), bringing an extra layer of critical reflection (Bravington and King, 2019: 508; Hurley and Novick, 2006). |
| 3. Generative open-endedness | Multiple layering of meaning | Diagrams operate on multiple semantic levels, combining denotation and connotation, allowing for interpretive ambiguity. This makes them, as O’Sullivan (2016: 13) notes, ‘protocols for a possible practice’—open-ended, exploratory, and generative. It is precisely the uncertain status of what appears on paper — being both an ephemeral idea a definitive communication — that sparks the conversation (Bagnoli, 2009; Crilly et al., 2006). |
In our approach, we thus mobilise these three characteristics of diagramming—spatial thinking, graphical manipulability and multiple layering of meaning—as tools for both data collection and elicitation, emphasising not only the final output—a static image—but also the thought processes embedded in its production.
Methodology
For this article, we conducted eleven unstructured interviews with twelve professionals in computer vision in the field of security. The participants were purposively recruited based on their direct experience of and involvement in at least one of the following activities: (1) the design and development of computer vision algorithms and models; (2) the practical deployment, operational integration, and routine management of these systems in real-world security contexts; or (3) active critique, resistance, or contestation at a policy level of the implementations of computer vision technologies in contexts of (in)security.
Given practical constraints such as the specialised nature of this field and the limited pool of experts, we utilised convenience and snowball sampling techniques to recruit interviewees, primarily guided by participant availability, ease of access, and strategic relevance to the research question. Our selected interviewees should not be understood as statistically representative of a broader population or as ‘illustrative representatives’ of the field (Mol and Law, 2002, pp. 16 –17). Rather, through purposive sampling, interviewees were deliberately chosen to ensure variation across cultural and institutional affiliations, professional roles, and types of engagement with algorithmic practices.
The interviews were conducted in English in the Netherlands (6), Hungary (3), Germany (1) and Poland (1) by Ruben van de Ven and Ildikó Plájás, and subsequently by Clemens Baier. We employed a predominantly unstructured interviewing approach, initiating each conversation with two guiding prompts aimed at eliciting initial reflections. We began by asking the interviewees if they use diagrams in their daily practice. We then posed the prompt: ‘When we speak of ‘security vision’, we speak of the use of computer vision in a security context. Can you explain, from your perspective, what these concepts mean and how they come together?’ Initial interviews revealed emergent thematic patterns, prompting the adaptation and refinement of subsequent interview questions to explicitly address these recurring themes.
At the practical level, we presented our interviewees with a large, A3-sized, digital tablet, and asked them to draw a diagram while answering our questions. Ruben van de Ven programmed an interface that could record conversation in drawing and audio. The participants could not delete or change their drawings, so their hesitations and corrections were preserved.2 Breaks appear in the conversation as the interviewees need to think about how to draw (Bravington and King, 2019: 509). Sometimes, the participants seemed uncomfortable about their ability to draw figuratively (see also Copeland et al., 2012). These moments allowed us to clarify that our interest is not so much in the figurative as much as in the relations they drew. Some of the participants therefore opted to diagram with words, rather than figures.
Some of the diagrams that were drawn during the conversation show similarity with the kind of figures the practitioners work with in their own practices. Diagramming is indeed a key method in the field of technology, most notably in the conceptualisation and design of computational practices (Mackenzie, 2017). This can primarily be seen in the use of flow diagrams (Soon and Cox, 2021: 221), that represent different states or stages of computational processing as data ‘travels’ through a system. In our conversations, this style of drawing is particularly visible with those who develop or manage systems for algorithmic security vision. One interviewee explicitly mentioned he was reproducing his slideshow presentation in drawing as he went to explain some of the key concerns of his project. Many of the figures that appear in drawing thus do not exist purely for the conversation, but resemble or reproduce, both in form and content, the figures used by the practitioners in their daily practices. However, as the interviewees draw them on the tablet, they invite reflections that provided crucial insights. For example, one interviewee, a legal scholar and activist, drew a face-database, after which he reconsidered the visual representation: face-databases do not necessarily contain images of faces, but facial features in numeric form. While he initially drew on a common cultural representation of face recognition and surveillance, his technical expertise made him go against such a way of visualising these technologies (van de Ven and Plájás, 2022). Thus, the interviewees tweak the images by drawing new relations, adding layers of explanation, and, as the conversation progresses they refer back to what they drew before, ‘hyperlinking’ the conversation back to earlier concerns.
In the phase of data analysis, the software we developed allows the diagrams to be annotated, creating short video clips, facilitating comparisons among the conversations. All participants except two provided explicit consent for identification by name3. The multimodal tool was created and used to explore the possibilities offered by diagrams to elicit the main three affordances described earlier : (1) relational thinking; (2) graphical manipulation of abstraction; and (3) generative open-endedness in discussing the heterogeneous relations that constitute algorithmic security vision (see van de Ven and Plájás, 2022 for a more detailed account of the methodology and its affordances). Integrating temporal and dynamic aspects of diagrammatic practices was particularly significant for capturing not merely static visual representations, but also the performative processes through which these relational features emerge and are enacted. It is thus important to note that while the PDF version of this article contains only static image representations of the diagrams, the multimodal version allows accessing the full audio-visual excerpts of the diagrams4. Our analysis refers to the audio-visual material.
Diagrams of algorithmic security vision
In what follows, we traverse these diagrams and highlight five features of camera-based algorithmic security practices that help us to rethink some central notions of the literature on algorithmic security (Diagram 1).
1. From photographic to cinematic vision
The first finding of our diagrammatic interviews is a noticeable shift in the temporal dimension of the uses of computer vision in security technologies. With the advancements in algorithmic models and computational power, more systems than ever are able to assist security decisions based on video data. This shift from still images to video has implied an exponential growth in data which necessitates advanced infrastructure and analytical techniques capable of handling and interpreting continuous streams of visual information. As Gerwin van der Lugt notes, ‘Most cameras do about 30 frames a second. So if you have for example [in] Amsterdam 300 cameras [with] 30 frames per second for what is it? This is basically the number of frames generated each week. Yes, about 100 million’.
This, in our view, marks a shift from what we could call a ‘photographic’ mode of algorithmic analysis, such as biometric imaging (Pugliese, 2010), facial, iris and fingerprint recognition (Møhl, 2021), and body scanners (Leese, 2015). While the former type of systems works on the premise that it can identify individuals on the basis of unique and immutable features of their body (a fingerprint, an eye iris), the new, ‘cinematic’ systems work instead from the assumption that temporary anomalous states, grounded in suspicious movements or emotions, for instance, are what allows the identification of suspects, regardless of their intrinsic features. In the ‘cinematic’ mode of analysis, suspicion is thus not established only inside a single frame, but across a succession of them. This does not mean that both logics cannot be used simultaneously within an integrated system (for example looking in a crowd at movements of people previously identified through facial recognition), but rather that the ‘cinematic’ mode is a relatively new feature that comes with its own affordances and politics5.
Two diagrams represent this shift particularly well. Diagram 2, by Ádám Remport6, illustrates the photographic mode. It depicts how photo snapshots produced by several surveillance cameras equipped with face recognition technology analysed over a longer period of time, can identify the same person visiting a bar, a church, an NGO. Remport spatialises the functioning of a facial recognition system, which constructs movement through the placing of cameras along the route of an observed individual. Here, the diagram quite literally maps the ways in which a series of static data points (images) can be used to infer and analyse movements and life habits over time and space.
Diagram 3, by Gerwin van der Lugt7, shows how the alternative is ontologically different, through a different graphical spatialisation of the relations between the same entities. The system van der Lugt develops is meant to analyse the behaviour of people by looking specifically at movements and distinguishing different behavioural patterns. This system, as he explains, ‘can just detect things like punching, hitting, kicking, dragging someone or pushing someone and then combine those detections and at some point conclude that there is an ongoing violent incident or aggressive behaviour’.
The drawing on the top of diagram 3 represents the photographic paradigm: when processing video data, the frames (f1, f2, f3) are passed to an object detector (YOLO), which runs independently on each frame, one after the other. In the second diagram, the video frames are no longer processed as individual frames but coalesced into a single data unit of 10 frames (f1–f10) that is passed to the algorithmic model (M). Multiple 10-frame units are then analysed by an additional process that looks at how these groups of frames relate to each other. This allows models to identify and categorise patterns across frames that happen in time, for example a hand gesture. By using the diagrammatic schemata to highlight the distinction between the two systems, the diagrams reveal that it is not a variation of the previous, photographic logic, but a profoundly different one.
This shift has political consequences in how models perform suspicion. The cinematic logic no longer relies on the inscription of supposed ‘indelible’ truths in biological features of individuals (faces, fingerprints, retinas); instead it operates by categorising unfolding movement as suspicion (a suspicious gesture, gait, facial expression), encoded across the frames. The advent of the cinematic dimension thus constructs suspicion as time-based, ephemeral and changing. Suspects no longer need to be categorically present in or absent from a space—it does not matter if they enter the NGO office—but bodies are marked by their movements through space, they can be passing, traversing, entering, or escaping. Thus, while earlier studies on biometric technologies have located the operational logic on identification, verification, authentication, in other words, knowing the individual (Ajana, 2013; Muller, 2010), the cinematic vision finds its operational logic in the mobility of embodied life (see Huysmans, 2022), and its governance through the dynamism of ever-changing ‘real-time’ clusters (Isin and Ruppert 2020).
2. Synthetic data
A second major theme that emerged from our diagram-interviews is the growing significance of synthetic data in reshaping AI training pipelines which raises new ethical concerns. Over the past two decades, much of the critique of algorithmic security systems has centred on the tension between the ‘reality’ they claim to capture and the processes through which those realities are rendered computable. Central to this critique is Haggerty and Ericson’s notion of the ‘data double’ (2000), which highlights the constructed, arbitrary and always imperfect nature of data representations. This process of translation is indeed never neutral; it involves choices about what to include, what to exclude, and how to categorise, fundamentally shaping the reality that the system perceives and acts upon. Once encoded, these data profiles become the basis for social sorting (Gandy 1993, Lyon 2003), where realities are increasingly shaped by data-driven inferences and interventions, potentially leading to new forms of normativity and control (Bigo, Isin and Ruppert 2019). The data used to train self-learning systems—which functions as ‘ground-truth’—is thus never a neutral or ‘raw’ representation of the world (Gitelman, 2013), but rather a product of selective encoding that risks perpetuating societal biases and representational shortcuts (Malevé, 2020).
Our research shows that synthetic data complicates these debates even more, appearing to actors both as a possible remedy and a further destabilising element to the question of representation of reality. In diagram 4, Sergei Miliaev8 describes the process through which an AI model is trained. The cycle begins with data acquisition, signalled by the words ‘data’, followed by ‘annotation’, ‘prototyping’, ‘deployment’, and an arrow back to ‘prototype; to emphasise the feedback-based refinements. The AI models are typically using real-world datasets, explains Miliaev in the interview, to generate inferences which can be acquired through ‘web scraping’, by relying on ‘partner data’, and open-source footage (see the upper left corner of Diagram 4).
Yet sourcing such real-world datasets—as shown in the controversies around large language models (LLMs) and copyright issues (Cyphert 2024)—is a key challenge for the AI industry. Miliaev’s diagram allows us to pinpoint that this issue emerges from the very beginning of the AI training workflow; while hidden behind a sequence of processing steps—indicated by arrows in the diagram—the deployment of algorithmic security vision relies on a range of data sources, all of which raise particular concerns. Acquiring ethically sourced, high-quality data—especially for scenarios that require very specific data, like video—is increasingly difficult due to privacy laws and annotation costs. Moreover, these datasets—when they exist—either contain very little data, are of bad quality, or do not adhere to the requirements of the model.
To circumvent the challenges posed by the availability of reliable, varied and open access data Miliaev adds, thus introduces, another data source in the lower left corner of his diagram: synthetic data. The diagrammatic format allows to easily lay out the structure of relations graphically, evaluate it, and insert a new node (synthetic data) within the existing configuration. Synthetic data, which consists of computer-generated images created via 3D modelling, or by means of generative AI (genAI), can be a useful ‘workaround’, so explains Miliaev. Synthetic data enables the creation of large, labelled datasets tailored to specific scenarios, from suspicious activity to pre-crime behaviours. Crucially, because it is generated rather than captured, synthetic data bypasses some of the most stringent privacy restrictions. Furthermore, manipulated data can, for example, simulate diverse conditions—lighting, actions, faces—that are otherwise hard to capture at scale. Miliaev explicitly cites Microsoft’s work on training facial recognition models entirely on synthetic faces (Bae et al., 2023) as proof of this potential.
The adoption of synthetic data thus forces us to problematise the politics of ‘ground truthing’, i.e. the practice of establishing what the models should consider as ‘true’. One is fidelity: the challenge of ensuring synthetic scenes accurately reflect the variability and messiness of real-world environments. Poorly generated data—lacking realism in lighting, weather, or human behaviour—can lead to models that fail when deployed. Another issue is identity representation. While synthetic datasets allow designers to manipulate ethnicity, gender, age, and other attributes in a hope to de-bias the collection, Miliaev notes the difficulty of modelling long-term identity changes like ageing or behavioural variability. If the parameters used to generate this data are biased, the resulting models will inherit and even amplify social biases, as synthetic data does not escape the representational politics that shape captured data.
The diagram thus reveals how synthetic data destabilises conventional epistemologies. While conventional data sources for machine learning, such as operational data or web-scaping, have long been considered to provide access to a ‘raw’ or unfiltered truth, years of critique have established that data are never raw; they are constructed, interpreted, and made intelligible through a relational network of institutional, technical, and epistemic filters (e.g. Gitelman 2013). This critique has now been taken up by many who develop algorithmic technologies, presenting itself as a problem in need of a technical solution. To this end, Miliaev annotates synthetic data with a moral assessment—‘fairness’—which is to be obtained by balancing various ‘attributes’ of the faces in the dataset different from what would be found in previously considered raw data. The new flow diagram that emerges no longer consists of merely technical description, but becomes indicative of moral and ethical assessments that lie at the heart of data gathering and processing. In what way, however, is this fairness established? Does the introduction of these debates imbue the diagram with ethical considerations, or is the ethics rendered as a technical concern? The ‘mean images’ of synthetic data—visual renderings of a non-existent, probable median—reproduce normative conceptions of reality, effectively complexifying the claims to indexicality of lens-based images (Steyerl 2023). Instead of referencing empirical events, synthetic datasets rely on speculative associations and probabilistic reasoning, reframing our understanding of evidence, ‘ground truth,’ and credibility in machine learning practices.
3. Managing error: from the sublime to the risky algorithm
The question of the ‘ground truth’ is indissociable from the third central theme emerging from the diagrammatic engagements: the constitutive role of error in algorithmic security systems. While much literature addresses algorithmic prediction through self-learning systems (Azar et al., 2021), most of it has focussed on how these systems produce risky subjects (Amicelle et al., 2015; Amoore and De Goede, 2005; Aradau et al., 2008; Aradau and Blanke, 2018), based on environmental and individual features (Calhoun, 2023). In this critical body of literature, practitioners working with algorithmic technologies are often critiqued for understanding software as ‘sublime’ (e.g. Wilcox, 2017: 3), meaning that they are thought to believe that their systems ‘work’ in what they claim to do.
The diagrams we collected force us to rethink this premise. Models cannot be assessed through a binary criterion—working/not working – they are instead assessed through a series of error metrics. This is not a flaw that actors aim to fix once and for all; it is the asymptotic quest towards a complex mix of lowest error rates that drives the work of algorithmic security vision. Our diagrammatic interviews show both the importance of the error rates, but also the complexity to account for them and explain precisely what they are.
Diagram 5, by CTO Gerwin van der Lugt is particularly enlightening in this regard. As he explains, the most prominent way in which error figures in model development is in its quantified form of the true positive rate (TPR) and false positive rate (FPR). Van der Lugt stresses the significance and definition of these metrics by marking them as the key variables to optimise, on the top right corner of the page (Diagram 5). Van der Lugt initially describes the FPR is the number of false positive classifications (FP) relative to the ‘input’, the number of video frames being analysed. When he continues to explain the TPR, he similarly marks it on the tablet as being equal to the number of true positive classifications (TP) over all inputs. As he goes on however, he realises that this is slightly incorrect. In fact, it should be ‘true incidents’. Looking back at the tablet again, he adjusts the original FPR equation: it should be specified as FP over the number of ‘false inputs’ (and not just all inputs). ‘These are quite tough to define but they are quite important, as these need to be really low’. The diagrams work here as an important support for van der Lugt to manipulate the abstract notions of errors through graphical inscription: by first noting them, then correcting them, the diagramming helps refine the explanation of a key yet complex notion to explain, even for the developer of the system. Moreover, as he corrects his definition, van der Lugt comments not only on the difficulty of these definitions, but also on the importance of having them right, as the these definitions determine the work of his development team, the ways in which his security operators engage with the technology, and how the system is evaluated by his clients.
As he goes on, van der Lugt ponders that algorithmic security vision is inherently prone to error, which affects the implementation of security practices. He illustrates this with Oddity.ai’s violence detection system, questioning whether playful fighting (stoeien) should be classified as violence. He argues for distinguishing between false positives—errors in evaluation—and errors in how the security problem is operationalised. He offers two reasons. The first reason is that excluding stoeien could reduce the algorithm’s TPR, disrupting the balance between TPR, FPR, and other performance metrics. The developers aim for fewer than 100 false positives per 100 million frames weekly, since too many alerts can desensitise human operators. The second reason is that excluding stoeien might introduce subtle biases—for instance, the algorithm might infer violence based on age rather than behaviour. Van der Lugt warns that such discrimination is both undesirable and hard to detect. In this view, error is not just mathematical but something to pre-emptively manage, placing responsibility on developers to anticipate and mitigate failure.
Another aspect concerns the mutable nature of threats and susceptibility to adversarial attacks. András Lukács9 notes that detection models ‘can be cheated by quite simple tricks’. Even data-rich systems remain vulnerable to intentional evasion, highlighting the challenge of maintaining relevance in evolving threat landscapes. John Riemen10 adds that poor input quality undermines facial recognition—for instance, the wrong still from a video may fail to identify correctly.
Practitioners suggest several strategies to respond to these issues. One is narrowing the algorithm’s scope to high-impact, clearly defined crimes. Guido Delver11 recounts moving from detecting vague ‘suspicious behaviour’ to focusing on burglary. Van der Lugt’s firm similarly focuses on weapons, vandalism, and physical violence. This narrowing reduces ambiguous boundary cases—both an ontological and an operational shift. Another strategy is continuous retraining. Dirk Herzbach12 explains how operators feed annotated alerts back into the system. Parameter tuning to balance false positives and negatives is also key. This balance is political: as Jeroen van Rest13 notes, communities vary in their tolerance for error—some may accept high false positives for safety, others may not. Thus, the acceptable error threshold becomes a negotiation site between developers, publics, and institutions.
In this light, error is not external to algorithmic systems—it is their condition of possibility. As Pasquinelli (2019) puts it, machine learning is based on ‘formulas for error correction’; error is not a failure to remove, but the mechanism through which learning occurs. Amoore (2019) similarly notes that ‘it is precisely through these variations that the algorithm learns what to do.’ Error, initially a mathematical concept, permeates every discussion of algorithmic security vision. What emerges is a double articulation of risk. While risk is usually treated as external to, and produced by, security technologies, technologies of algorithmic security vision themselves become objects of risk management. The inevitable errors of machine learning algorithms place risk not outside, but at the core of the security apparatus.
4. Reconfiguring the human-in-the-loop
The understanding of algorithmic security vision as a practice of managing error has significant consequences for the role of the human within these assemblages—our fourth main theme. The critique of algorithmic security has often construed the human-in-the-loop as one of the last lines of defence to the inevitable erroneous outcomes of automated systems (Markoff, 2020). However, critical security studies have questioned this representation, emphasising the visualisation of algorithmic predictions in graphical interfaces (Aradau and Blanke, 2018) and how the operator's embodied decision-making is intertwined with the algorithmic system of which they are part (Wilcox, 2017). Furthermore, operators may find themselves uncertain about the system's functioning when errors occur (Møhl, 2021). In other words, when considering questions of responsibility, a system's operator cannot be seen as distinct from the algorithmic assemblage (cf. Hoijtink and Leese, 2019). The question in a system's design thus is not whether a human operator makes autonomous decisions but rather, how they are to interface algorithmic predictions, and how issues of agency and responsibility are negotiated. The diagrams illustrate how this leads to differentiated processes of (in)visibilisation.
Looking across the various diagrams reveals a spectrum of system designs concerning the autonomy of security operators and the technical expertise they are expected to bear. In a first kind of designs, the human operator is central to the decision-making processes, acting as the interface between, and external to, algorithmic systems and surveillance practices. For example, Dirk Herzbach explains that when the Mannheim police is alerted to an incident by the system, it is the operator who decides whether to deploy a patrol car. Here, the human-in-the-loop has full agency and responsibility for operating the (in)security assemblage, with the capacity to evaluate and utilise algorithmic systems selectively and with care. Herzbach therefore prefers an operator to have patrol experience, so they can best assess which situations require intervention. He is concerned that knowledge about algorithmic biases might interfere with such decisions. In other words, the security operator is considered the expert of the subject of security and is expected to make decisions independently from the information that the algorithmic system provides.
However, in a second kind of design, the human operator is considered an integral part of the algorithmic security vision system, influencing and influenced by its operation. Such designs acknowledge that it might be more complex for the human-in-the-loop to perform as the primary counter to algorithmic error. This is illustrated by Guido Delver, project manager for the Burglary-Free Neighbourhood project in Rotterdam, which incorporates autonomous systems into street lamps. In Diagram 6, Delver maps out the different ‘stakeholders’ of the project on a flat canvas, using the diagram as a way to spatialise relations of a heterogeneous set of key entities. He envisions the neighbourhood as a site where the public and private space—the residents and government—meet, and which also involves suppliers of technology and research institutions. By rethinking the traditional top-down hierarchy of the surveillance apparatus, Delver aims to counter government hegemony. Delver uses this rendition of the various stakeholders to ask the question ‘who [of these parties] owns the data?’. However, upsetting the traditional hierarchies comes with its own risks. Delver illustrates his point with a scenario in which the algorithmic signalling of a potential burglar may have dangerous consequences: ‘Does it evoke the wrong behaviour from the citizen? [They could] go out with a bat and look for the guy who has done nothing [because] it was a false positive.’ In this case, the worry is that the erroneous predictions will not be questioned. Thus, while often deemed to be ultimately responsible for the judgement that follows from the algorithmic process, human participation or ‘interference’ in the operation can likewise be rendered as harmful.
As a means to mitigate these concerns, in Delver’s project, the goal was to actualise an automated decision system (ADS), ‘with as little interference as possible’. Placed in the centre of his drawing, different stakeholders interact with this system in different ways. Thus, figuring the human-in-the-loop—whether police officer or neighbourhood resident—as risky can lead to the relegation of direct human intervention. For Delver, access to the data—both the data that makes inferences possible, as well as the outcomes produced by the device—needs to be curated.
The curation of data flows—acknowledging the fallibility of human decision making—is even more prominent in another diagram. In Diagram 7, John Riemen (dis)assembles the process of facial recognition as it is employed by the Dutch police. After drawing three human figures, he stresses the relations among these multiple humans-in-the-loop, and how some data should be allowed to pass (indicated by the arrows in the diagram; for example, from a database expert who performs the search to an investigator of the case), while other flows of information should be blocked. For facial detection to be accurate, the human interaction with the algorithm needs to be sanitised of personal information.
By drawing the process as series of actors, all of whom are biased, Riemen sketches out how they are embedded in, and thereby influenced by, a set of mutual relations that needs to be regulated, here the diagrams capture the relational and sequential nature of these links.
The diagrams thus challenge the simplistic view of the human-in-the-loop as a fail-safe against algorithmic errors by highlighting the complex network of sociotechnical relations they are enmeshed in. For both Delver and Riemen, the inherent error—whether performed by a person or a computer—has to be mitigated by curating the transfer of information from one node to the next. More than multiplying the number of humans-in-the-loop, these diagrams encourage us to think in terms of ‘curatorial pipelines’ (Malevé, 2023) that mediate the different human and algorithmic operations.
5. Delegating accountability to benchmarks
The final theme of our diagrams concerns the question of accountability. Literature on the ethical and political effects of algorithmic vision has notoriously focussed on the distribution of errors, raising questions of ethnic and racial bias (e.g., Buolamwini and Gebru, 2018). This critique has now been internalised in the field of AI development; virtually all of our correspondents acknowledge the concern with bias.
To mitigate it, many AI developers—including some of our respondents—have come to rely on an external reference against which the error is measured: benchmarks. John Riemen, for example, who is responsible for the use of forensic facial recognition technology at the Centre for Biometrics of the Dutch police, describes how their choice of software is driven by a public tender that demands a ‘top-10’ score on a benchmark for facial recognition vendors, maintained by the American National Institute of Standards and Technology. Often shortened to the acronym NIST (e.g., Diagram 7), this benchmark ranks facial recognition technologies of different companies by their error metric across groups. The mitigation of bias is thus outsourced to an external, and in this case US-based, institution.
By examining where John Riemen’s diagram ends (see Diagram 7)—that is, where entities are no longer broken up into its component parts, but rather bracketed and considered as a whole—we get a sense of how issues are ‘black boxed’. As Riemen describes the process of facial recognition, he is able to explain and draw it in much detail. Therefore, when asked about bias mitigations, he is able to precisely locate the various measures of filtering that take place, drawing the ‘walls’ in between the different people (see the vertical line in the diagram). On the lower part of the drawing, the NIST database does not have the same detail in process, nor scrutiny. In Riemen’s diagram it becomes a single entity, represented by an acronym. As a benchmark, the facial recognition vendor test is implicitly assumed to have already implemented the measures that are required for its use by the Dutch police. The diagrams here provide a graphical illustration of the abstraction and erasure of particular processes, showing only the inputs and outputs within a general network. Put in more stark terms, where the diagram stops, the respondent’s responsibility stops. With NIST, the prevention of algorithmic bias comes to rely on a single benchmark: a de-facto standard that is managed by an external institution.
The problem is, while a particular kind of algorithmic bias (i.e., ‘demographic differentials’) is rendered central to the NIST benchmark, the mobilisation of this reference obfuscates questions on how that metric was achieved. For example, the NIST benchmark datasets are known to include faces of wounded people (Keyes, 2019). Moreover, questions about training data are invisibilised, even though that data is a known site of contestation; the Clearview company is known to use images scraped illegally from social media, and IBM uses a dataset that is likely in violation of European GDPR legislation (Bommasani et al., 2022: 154). Pasquinelli (2019) argues that machine learning models ultimately act as data compressors: enfolding and operationalising imagery of which the terms of acquisition are invisibilised.
This attention to the invisibilisation of and in/between processes reveals a discrepancy between the developers and the implementers of these technologies. On the one hand, the developers we interviewed expressed concerns about how their training data is constituted to gain a maximum FPR/TPR ratio; while showing concern for the legality of the data they use to train their algorithms—propelling for example the use of generative AI (see section 2). On the other hand, questions about the constitution of the dataset have been largely absent from our conversations with those who implement software that relies on models trained with such data. Occasionally this knowledge was considered part of the developers' intellectual property that had to be kept a trade secret. In such cases, for the implementers, a high score on the benchmark is enough to pass questions of fairness and to forgo any further inquiry into the inequalities propagated by the algorithmic system and the data through which it learns, thus legitimising its use. While the deployment of algorithmic models indirectly relies on the training data, it is not deemed relevant in the consideration for one particular model over another.
The configuration of algorithmic vision’s bias across a complex network of fragmented locations and actors, from the dataset, to the algorithm, to the benchmark institution reveals the selective processes of (in)visibilisation. It illustrates well how accountability is bracketed through the invisibilisation of the dataset as it is ‘compressed’, in Pasquinelli’s terms, into an algorithmic detection model, with the formalisation of guiding metrics into a benchmark. One does not need to know how outcomes are produced, as long as the benchmarks are in order.
Conclusion: a diagrammatic research agenda
In this conclusion, we reflect upon a final dimension of time-based diagramming as a technique for elicitation in, and analysis of interviews. What started as an endeavour to map out the politics of algorithmic security vision yielded something quite different. Traditionally, maps subordinate entities to a single overarching order. With diagramming, however, what emerges, instead of a singular rationale of algorithmic security vision, is a series of interrelated configurations. While writing this text, indeed, the search for a coherent structure through which we could map the problems that emerged from analysing the diagrams in a straightforward narrative proved elusive. It became evident that through the spatialisation of the conversations, the diagrams yielded a rhizome of interrelated problems (Diagram 8).
Making sense of the diagrams, then, can perhaps be best compared to walking, which, Michel de Certeau (1984) reminds us, is a way of traversing space that does not provide an overview. While maps produce such overview by laying out entities as distinct, walking happens along trajectories that join things together (see also Mol and Law 2002: 16). Rather than decomposing algorithmic security vision into distinct elements—algorithms, institutions, datasets—we cut across the diagrams, creating a multitude of possible inquiries and overlapping trajectories that bring issues into relation. When navigating the interstices opened up by our empirical research, we find a diagram of interrelated questions.
One such trajectory revolves around the question of suspicion. As systems shift from photographic recognition to the analysis of movement and behaviour, suspicion becomes dynamic—triggered not just by who is present, but by when and how they move. This shift propels other developments. Analysing movement instead of still images requires much more training data; data that is often not readily available. While facial recognition algorithms could be trained and operated on quickly repurposed photographic datasets of national identity cards or drivers’ licence registries, no dataset for moving bodies has been available to be repurposed by states or corporations. Therefore, cinematic algorithmic vision can be seen as one of the causes behind the increasing use of synthetic data to train models against rarely documented threats. By simulating potential violence or suspicious actions, these datasets encode imaginaries of threat. These imaginaries, translated into algorithmic systems, shape how security is enacted in practice—well before any real event occurs. This shift in the construction of suspicion opens a cascade of questions. Cinematic vision complicates the study on what gestures or trajectories prompt classification as a potential threat. As cinematic vision propels the use of synthetic data, it drives a whole different set of questions: who defines what scenarios are worth simulating? What data counts as realistic? These concerns reveal the entanglement of temporal analysis, synthetic data generation, and the configuration of accountability and responsibility, offering critical entry points for investigating how deviance is constructed algorithmically.
Closely linked to the use of synthetic data we can trace the issue of error and fairness of algorithmic systems. Virtually all of our correspondents acknowledge error as inherent to algorithmic security vision: there is no ‘sublime’ algorithm. Thus while mistakes are inevitable, the way the algorithm errs — and who is affected by these errors — is considered a design challenge. Every algorithm includes thresholds that define acceptable levels of error, whether false positives, false negatives, or biased outcomes. But who sets these thresholds, and on what grounds? What level of misclassification is deemed tolerable, and for whom? And how are harms traced when models misidentify, exclude, or discriminate? The negotiation of these boundaries involves not just developers but also policy-makers, system integrators, and institutional end-users. Some turn to ‘synthetic data’ as a way to mitigate the reproduction of social biases that stem from these errors. Others’ focus on the ‘curatorial pipeline’ of data—they consider which data is allowed to pass from one operator to the other—raises the question if there is such a thing as non-synthetic data (see also Gitelman 2013). In many cases, measures are put in place to assess the fairness of an algorithm’s operation with benchmarks such as the NIST face recognition vendor test—inadvertently shifting attention away from questions around the fairness of what goes into an algorithm for its training. These decisions reflect broader power dynamics and ethical trade-offs. Understanding these structures is essential to assess how control is exercised, delegated, or contested within security infrastructures.
This brings us to a third trajectory we can draw through our diagram-based conversations: concerns on acceptability and accountability. For if systems err, the ideal of ‘human-in-the-loop’ oversight is often invoked to guarantee responsibility, while other cases—such as the Burglary Free Neighbourhood or the use of facial recognition at the Dutch police—suggest that the role of the human operator heavily depends on how their interaction with the algorithmic system is mediated; in some cases the presence of a human is considered a risk. Exploring the transparency and explainability of these hybrid systems, not just for the public but also for the human operators themselves, is crucial. Further research should thus critically analyse the ways in which accountability is architectured as humans, algorithms, and their interfaces jointly contribute to security decisions.
Together, these research questions form a comprehensive agenda for investigating the political, ethical, and social dimensions of algorithmic security vision. While one issue contains echoes of the other, the network of interrelated problematisations cannot be flattened into a single narrative. The constraints imposed by the linear structure of a text certainly necessitate a specific ordering of sections. Yet the different research directions we highlight form something else. The diagrams do not represent a map of how things are, but a drawing together generative of fresh tensions. These pathways link each question to overarching themes, thereby offering a diagram of research for future studies that seek to unpack the complex ways in which algorithmic practices are reshaping the contemporary security landscape.
Acknowledgements
We would like to thank all interviewees and Clemens Baier for their contributions, and for bearing with the technological hiccups while developing the diagram-based interview method. The invaluable feedback of the anonymous reviewers greatly improved this paper. Special thanks go to Anna Leander, Matthias Leese, Claudia Aradau, David Benqué, Rocco Bellanova, Tobias Blanke, and Mirka Duin for their thorough engagement with this text in its early stages.
Funding
This work was supported by funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (SECURITY VISION, Grant Agreement No. 866535).
Notes
This is an interactive version of the paper published under same title in Environment and Planning D: Society and Space (2025): https://doi.org/10.1177/02637758251406481. Design and implementation of the interaction by Ruben van de Ven.↩︎
The interface software and code is available at https://git.rubenvandeven.com/security_vision/svganim and https://gitlab.com/security-vision/chronodiagram↩︎
The study strictly followed the guidelines of the European Research Council in terms of informed consent, privacy and data retention, as specified in the ethics deliverables of project 866535, SECURITY VISION.↩︎
See https://www.securityvision.io/diagrams/web/companion.html↩︎
We would like to thank the reviewer who pointed out the possible links between these two logics.↩︎
Ádám Remport is a Hungarian legal expert and activist working on state actors’ use of biometric technologies.↩︎
Gerwin van der Lugt is a developer of software that detects ‘high-impact crimes’ in camera streams.↩︎
Sergei Miliaev is principal researcher and facial recognition team lead at VisionLabs in Amsterdam.↩︎
András Lukács is professor of artificial intelligence and data science at the Department of Computer Science, Eötvös Loránd University, Hungary.↩︎
John Riemen is head of the Center for Biometricts for the Dutch police.↩︎
Guido Delver is an engineer and coordinator of the Rotterdam-based Burglary-Free Neighbourhood pilot-project, that builds autonomous systems into street lamps to reinforce public security.↩︎
Dirk Herzbach is chief of police at the Police Headquarters Mannheim, Germany.↩︎
Jeroen van Rest is a safety expert and senior consultant in risk-based security at TNO, the Netherlands.↩︎
References
Ajana B (2013) Governing Through Biometrics. London: Palgrave Macmillan UK. 10.1057/9781137290755.
Amicelle A, Aradau C and Jeandesboz J (2015) Questioning security devices: Performativity, resistance, politics. Security Dialogue 46(4): 293–306. 10.1177/0967010615586964.
Amoore L (2014) Security and the incalculable. Security Dialogue 45(5). SAGE Publications Ltd: 423–439. 10.1177/0967010614539719.
Amoore L (2019) Doubt and the algorithm: On the partial accounts of machine learning. Theory, Culture & Society 36(6). SAGE Publications Ltd: 147–169. 10.1177/0263276419851846.
Amoore L and De Goede M (2005) Governance, risk and dataveillance in the war on terror. Crime, Law and Social Change 43(2): 149–173. 10.1007/s10611-005-1717-8.
Andersen RS (2018) The art of questioning lethal vision: Mosse’s infra and militarized machine vision. In: _Proceeding of EVA copenhagen 2018_, 2018.
Andrejevic M and Burdon M (2015) Defining the sensor society. Television & New Media 16(1): 19–36. 10.1177/1527476414541552.
Aradau C and Blanke T (2018) Governing others: Anomaly and the algorithmic subject of security. European Journal of International Security 3(1). Cambridge University Press: 1–21. 10.1017/eis.2017.14.
Aradau C, Lobo-Guerrero L and Van Munster R (2008) Security, technologies of risk, and the political: Guest editors’ introduction. Security Dialogue 39(2-3): 147–154. 10.1177/0967010608089159.
Azar M, Cox G and Impett L (2021) Introduction: Ways of machine seeing. AI & Society. 10.1007/s00146-020-01124-6.
Bae G, de La Gorce M, Baltrušaitis T, et al. (2023) DigiFace-1M: 1 million digital face images for face recognition. In: 2023 IEEE Winter Conference on Applications of Computer Vision (WACV), 2023. IEEE.
Bagnoli A (2009) Beyond the standard interview: the use of graphic elicitation and arts-based methods. Qualitative Research 9(5): 547–570. 10.1177/1468794109343625.
Bigo, Didier, Engin F. Isin, and Evelyn Sharon Ruppert, eds. 2019. Data Politics: Worlds, Subjects, Rights. Routledge Studies in International Political Sociology. London; New York: Routledge, Taylor & Francis Group.
Bommasani R, Hudson DA, Adeli E, et al. (2022) On the opportunities and risks of foundation models. Available at: http://arxiv.org/abs/2108.07258 (accessed 2 June 2023).
Bousquet AJ (2018) The Eye of War. Minneapolis: University of Minnesota Press.
Bravington Alison and King Nigel (2019) Putting graphic elicitation into practice: tools and typologies for the use of participant-led diagrams in qualitative research interviews. Qualitative Research 19(5): 506–523. 10.1177/1468794118781718.
Bucher T (2018) If...Then: Algorithmic Power and Politics. New York: Oxford University Press.
Buolamwini J and Gebru T (2018) Gender shades: Intersectional accuracy disparities in commercial gender classification. Proceedings of Machine Learning Research 81: 1-15.
Calhoun L (2023) Latency, uncertainty, contagion: Epistemologies of risk-as-reform in crime forecasting software. Environment and Planning D: Society and Space. SAGE Publications Ltd STM: 02637758231197012. 10.1177/02637758231197012.
Copeland Andrea J and Agosto Denise E. (2012) Diagrams and Relational Maps: The Use of Graphic Elicitation Techniques with Interviewing for Data Collection, Analysis, and Display. International Journal of Qualitative Methods 11(5): 513–533. 10.1177/160940691201100501.
Crawford K and Joler V (2018) Anatomy of an AI System. SHARE Lab; AI Now Institute. Available at: http://www.anatomyof.ai (accessed 26 January 2021).
Crilly Nathan, Blackwell Alan F and Clarkson P. John (2006) Graphic elicitation: using research diagrams as interview stimuli. Qualitative Research 6(3): 341–366. 10.1177/1468794106065007.
Cyphert, Amy. 2024. ‘Generative AI, Plagiarism, and Copyright Infringement in Legal Documents’. SSRN Electronic Journal25(2): 49–65. https://doi.org/10.2139/ssrn.4938701.
de Certeau M (1984) The Practice of Everyday Life (tran. S Rendall). 1. paperback pr., 8. [Repr.]. Berkeley, Calif.: Univ. of California Press.
Deleuze G (1988) Foucault (tran. S Hand). Minneapolis: University of Minnesota Press.
Deleuze G, and Guattari F (1980) Mille plateaux. Collection ‘Critique.’ Paris: Éditions de minuit.
Deleuze G (1994) Difference and Repetition. New York: Columbia University Press.
Druhle L (2015) Critical Atlas of Internet. Available at: https://louisedrulhe.fr/internet-atlas/ (accessed 22 February 2021)
Farocki H (2004) Phantom images. Public. Available at: https://public.journals.yorku.ca/index.php/public/article/view/30354 (accessed 6 March 2023).
Fisher DXO (2018) Situating border control: Unpacking Spain’s SIVE border surveillance assemblage. Political Geography 65: 67–76. 10.1016/j.polgeo.2018.04.005.
Gandy OH (1993 [2021]) The Panoptic Sort: A Political Economy of Personal Information. Oxford: Oxford University Press.
Gerner A (2010) Diagrammatic Thinking. In Atlas of Transformation, edited by Zbyněk Baladrán and Vit Havránek. Zurich: JRP/Ringier. Retrieved from: http://monumenttotransformation.org/atlas-of-transformation/html/d/diagrammatic-thinking/diagrammatic-thinking-alexander-gerner.htm.Gitelman L (2013) ‘Raw Data’ Is an Oxymoron. Infrastructures series. Cambridge (Mass.): MIT Press.
Haggerty Kevin D and Ericson Richard V. (2000) The surveillant assemblage. The British Journal of Sociology 51(4): 605–622. 10.1080/00071310020015280.
Hoijtink M and Leese M (2019) How (not) to talk about technology international relations and the question of agency. In: Hoijtink M and Leese M (eds) Technology and Agency in International Relations. Emerging technologies, ethics and international affairs. London; New York: Routledge, pp. 1–24.
Hurley Sean M and Novick Laura R. (2006) Context and structure: The nature of students' knowledge about three spatial diagram representations. Thinking & Reasoning 12(3): 281–308. 10.1080/13546780500363974.
Huysmans J (2022) Motioning the politics of security: The primacy of movement and the subject of security. Security Dialogue 53(3): 238–255. 10.1177/09670106211044015.
Isin E and Ruppert E (2020) The birth of sensory power: How a pandemic made it visible? Big Data & Society 7(2). SAGE Publications Ltd: 2053951720969208. 10.1177/2053951720969208.
Keyes O (2019) The gardener’s vision of data: Data science reduces people to subjects that can be mined for truth. Real Life Mag. Available at: https://reallifemag.com/the-gardeners-vision-of-data/.
Larkin JH and Simon HA (1987) Why a diagram is (sometimes) worth ten thousand words. Cognitive Science 11(1): 65–100.
Leese M (2015) ‘We were taken by surprise’: Body scanners, technology adjustment, and the eradication of failure. Critical Studies on Security 3(3). Routledge: 269–282. 10.1080/21624887.2015.1124743.
Lyon D (2003) Surveillance as Social Sorting: Privacy, Risk, and Digital Discrimination. London: Routledge.
Mackenzie Adrian (2017) Machine Learners: Archaeology of a Data Practice. Cambridge, Massachusetts: MIT Press.
Malevé N (2020) On the data set’s ruins. AI & SOCIETY 36: 1117–1131. 10.1007/s00146-020-01093-w.
Malevé N (2023) Practices of benchmarking, vulnerability in the computer vision pipeline. photographies 16(2). Routledge: 173–189.
Markoff J (2020) Robots will need humans in future. The New York Times: Section B, 22 May. New York. Available at: https://www.nytimes.com/2020/05/21/technology/ben-shneiderman-automation-humans.html (accessed 31 October 2023).
McKim Robert H. (1980) Experiences in Visual Thinking. Monterey, California: Brooks/Cole Publishing Company.
Mol A and Law J (2002). Complexities: Social studies of knowledge practices. Durham: Duke University Press. https://doi.org/10.1215/9780822383550.
Møhl P (2021) Seeing threats, sensing flesh: Human–machine ensembles at work. AI & Society 36(4): 1243–1252. 10.1007/s00146-020-01064-1.
Muller B (2010) Security, Risk and the Biometric State. Oxon: Routledge. 10.4324/9780203858042.
O’Sullivan S (2016) On the diagram (and a practice of diagrammatics). In: Schneider K, Yasar B, and Lévy D (eds) Situational Diagram. New York: Dominique Lévy, pp. 13–25.
Pasquinelli M (2019) How a machine learns and fails – a grammar of error for artificial intelligence. Available at: https://spheres-journal.org/contribution/how-a-machine-learns-and-fails-a-grammar-of-error-for-artificial-intelligence/ (accessed 13 January 2021).
Pasquinelli M and Joler V (2020) The Nooscope manifested: AI as instrument of knowledge extractivism. AI & Society 36: 1263–1280. 10.1007/s00146-020-01097-6.
Peirce, C. S. 1931–1966. The Collected Papers of Charles S. Peirce, 8 vols. C. Hartshorne, P. Weiss & A. W. Burks (eds.). Cambridge: Harvard University Press.
Pugliese J (2010) Biometrics: Bodies, Technologies, Biopolitics. New York: Routledge. 10.4324/9780203849415.
Soon W and Cox G (2021) Aesthetic Programming: A Handbook of Software Studies. London: Open Humanities Press. Available at: http://www.openhumanitiespress.org/books/titles/aesthetic-programming/ (accessed 9 March 2021).
Steyerl H (2023) Mean images. New Left Review 140/141 (Mar/June): 82–97. 10.64590/uhm.
Stjernfelt F (2007) Diagrammatology: An Investigation on the Borderlines of Phenomenology, Ontology, and Semiotics. Synthese Library 336. Dordrecht: Springer.
Stjernfelt, Frederik. 2011. ‘On Operational and Optimal Iconicity in Peirce’s Diagrammatology’. Semiotica 2011 (186): 395–419. https://doi.org/10.1515/semi.2011.061.
Uliasz R (2020) Seeing like an algorithm: Operative images and emergent subjects. AI & Society 36: 1233–12413. 10.1007/s00146-020-01067-y.
van de Ven R and Plájás IZ (2022) Inconsistent projections: Con-figuring security vision through diagramming. A Peer-Reviewed Journal About 11(1): 50–65. 10.7146/aprja.v11i1.134306.
Wilcox L (2017) Embodying algorithmic war: Gender, race, and the posthuman in drone warfare. Security Dialogue 48(1): 11–28. 10.1177/0967010616657947.
Zuboff S (2019) The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. First edition. New York: Public Affairs.