We discuss the problems related to access control in automated capture and access systems, which capture, store and retrieve information gathered through sensors in physical environments. We discuss several unique requirements that set capture and access apart from traditional information processing systems, and that make existing access control approaches such as role-based access control (RBAC) and digital rights management (DRM) unsuitable for this domain. Drawing from access control theory research, we devise an access control system that satisfies these requirements. Further, we describe its implementation within an existing capture and access system, and discuss emergent issues relating to retention time, rights management and information sharing. We argue that some traditional security requirements might not in fact be appropriate when applied to environmental captured information, due to the perceptual and social characteristics of such data. Finally, we provide an example of how this access control architecture might fit in a capture and access system composed of mobile devices
