How important privacy is for building smart cities and embracing the IoT
In the 60s cartoon The Jetsons, the family lived in a futuristic city with flying cars, a robotic housekeeper, and even a watch that let you do video calling. The Jetsons city of the future is with us in the here and now as we have the technology to build smart cities, and in doing so, we can create amazing places to live and work.
This idea of making our cities smart is engaging clever minds all over the world and we are witnessing the emergence of smart places across the globe.
One of the first and most extensive such initiatives is the Singapore “Smart Nation” project which is looking at the many ways to apply new technologies to build better civic areas. Up until a year ago when I moved to Hong Kong, I lived in Singapore and was lucky to have worked on many Smart Nation related projects. Projects like Smart Nation incorporate technology across transport health, home, and business to create a network of interconnected digital experiences to enhance our lives and optimize our work and play.
China has aggressively developed smart cities, which monitor and seek to control such common urban challenges as pollution, traffic congestion and widespread energy consumption through connected technologies. The government’s 12th Five-Year Plan announced in 2013 included the development of 103 smart cities, districts and towns.
In India, the government has set out their “Smart City Mission” which is initially investing in 90 cities to develop smart capabilities — the Indian government takes a pragmatic approach to smart, by seeing it as an evolving, layered system, that also solves specific issues such as clean water.
In the USA, the “Smart City Challenge“, has started a series of smart challenges, the first being around transport. This challenge, to “smarten up” U.S. cities, is looking at methods to use digital technology to solve transportation issues to improve efficiency and quicken movement of goods.
All of the visions of smart city projects have one thing in common. They are based upon the creation of, analysis of, and processing of, large amounts of data — aka integrated data exchanges, all predicated on hyper-connectivity achieved often through Internet-enabled devices. These data are the sights and sounds of the processes we use to live and work in municipalities. Much of these data have a touchpoint where the human meets the machine. We are moving into a whole new stage of Human-Computer-Interaction (HCI). The data we generate will be used to improve services, enhance lifestyles, and create better health outcomes. This is done within a framework of hyper-connectivity and big data analysis, backed by machine learning and artificial intelligence to extract as much use of these data as possible. These data hold the key to improving those processes and provides the basis for new technologies that can enhance our health, wealth, and lives. It holds great opportunity. But as with most things in life, it also has a downside and the price may be the privacy of our data.
When Cyber Meets Physical
In the past we built our cities from stone and concrete, now we will add data into that mix to create a cyber-physical foundation.
There are many definitions of what a smart city is. One of my favorites is from the British Standards Institute (BSI) who describe a smart city as:
“THE EFFECTIVE INTEGRATION OF PHYSICAL, DIGITAL AND HUMAN SYSTEMS IN THE BUILT ENVIRONMENT TO DELIVER SUSTAINABLE, PROSPEROUS AND INCLUSIVE FUTURE FOR ITS CITIZENS”
To become a smart city certain fundamental bricks need to be laid within the very foundations. This is above and beyond the governmental drivers and cost implications. There are tenets of development of the smart city which include:
- Technology that can provide fast, cheap, hyper-interconnectivity — this brings the physical and the virtual together, making fuzzy the boundaries that previously existed
- Mechanisms that handle multi-directional data flows, and that have points of convergence. This is likely in the form of smart Industrial Control Systems (ICS)
- Machine learning and artificial intelligence to analyze and optimize data usage
- A policy framework to guide development of smart capability that accounts for the security and privacy concerns of the residents
- A receptive citizenship and smart products — which may be influenced by 4 above
These five tenets are focused on the technology and human elements. Both are intrinsically linked to the successful execution of a smart city. The beating heart of a smart city is its human population. The city breathes data, exhaled by the citizens which it uses it to grow and develop. Here are some examples of where smart data to being used to build smarter cities:
- NVIDIA Metropolis uses Internet-enabled video cameras and AI to provide services such as smart parking — showing IoT car users where the best spot to park is — or traffic management to keep the traffic flowing.
- Waste management is a serious problem in the 21st century as 7.5 billion humans of which over half live in urban areas pump out waste. IBM’s intelligent waste management platform provides visualization of data analytics to optimize collection, transportation, and recovery of waste.
- Veolia offers Internet-enabled containers which let waste trucks know when to come pick the containers up, saving on CO2 emissions.
- The UK government has been pushing a goal to install smart utility service meters in all 26 million households by 2020 to make energy usage more efficient and transparent.
This exciting new world comes with a caveat. What about my data? Who is the guardian of my privacy and how can I be sure that my involvement in making things better for all, does not make things worse for me?
Pain or Gain From the Smarter City?
George Bernard Shaw once said: “science never solves a problem without creating ten more”. In the case of smart cities, this prediction may become true for our data privacy. The tendrils of the smart city reach outwards, from our homes, our work, and our day to day activities, into the wider Cloud and beyond.
Below are some examples of where smart cities and data privacy clash:
The smart home: smart cities will touch us most directly in our homes. We are already embracing the Internet of Things in our homes with products like Amazon Alexa and Google Nest. The Smart Meter initiative in the UK doesn’t directly connect to the Internet, but still siphons data back to a “mothership”. They use radio waves, which are mainly in the GSM range, to transfer data about your gas and electricity usage patterns. Irrespective of the mechanism used to transfer data, these data will contain information that is personal to you and your family. Organizations like Stop Smart Meters are actively campaigning to protect the privacy of Smart Meter data which they are saying can be sold on and used by marketing companies.
A myriad of technologies is entering our home environment. They are fun, remind us to buy that loaf of bread, and can even sing our children to sleep at night. But in doing so, they may be listening in and passing on that knowledge to unknown entities. As is the case of VIZIO who was ordered to pay $2.2 million to the FTC for collecting viewing histories of smart TV owners without permission, which they then sold onto third parties.
Out and about in the smart city: The smart city will need to be aware of itself and its residents. Smart cameras are the eyes of the smart city. Drone cameras sent out to monitor traffic could also be monitoring you. There is concern that the monitoring of individuals within society, enabled by enhanced facial recognition technology, will create an imbalance of power within society that goes well-beyond targeted marketing concerns around privacy.
And smart cities will be navigated through autonomous, connected, cars. Full autonomy requires a complex network of connected sensors. A paper from the University of South Carolina demonstrated how a Tire Pressure Monitoring System (TPMS) used in a smart car could be used as a vector to eavesdrop. This included using location tracking identifying potentially sensitive places an individual had visited.
The privacy issues in and around our use of a smart city also extend to not just individual points of interconnection, but in the aggregation of data. In a London-based project “Renew London” “smart bins” were set up to track the MAC address of pedestrian phones. The system was based on a network of sensors which would then be used to aggregate location data against local businesses and put up targeted advertising images on the recycle bins as the person passed by.
Smart working: Wearables such as the Fitbit are helping us to improve our lifestyle and get fit. A Fitbit is not just for home use. They are also being offered as part of a “corporate wellness program“. It makes sense as fit employees equal less sick leave. In turn, this can also have benefits in terms of insurance costs, showing you are fitter should equate to lowered health insurance. But what if your Fitbit data showed that your health was deteriorating? Could this intrusive information lead to people being fired?
The examples above show just how far the smart in smart city touches our lives. Every aspect of our lifestyle and daily histories will be available for the world to see. That is unless we start to look at the privacy implications of these data.
Privacy risks are often hidden. Charging an electric car could end up disclosing where you are and how far you have traveled. You can even, by precisely measuring power consumption in a home, know which movie is playing on the TV. The fact is, privacy implications of a smarter world are a complex web of interrelated and correlated data — much of which we are only just beginning to explore.
In a briefing paper on Open Data and Privacy it states:
“BEFORE ANY DATASET IS RELEASED, THE RISKS TO INDIVIDUAL PRIVACY SHOULD BE SYSTEMATICALLY BALANCED AGAINST THE POTENTIAL VALUE OF PUBLIC DISCLOSURE“
This sentiment of checks and balances needs to be where we start our smart journey. Tools like the civic open data toolkit from the City of San Francisco address privacy and security issues around shared personal data and knowledge bases such as this need to become part of the framework of smart city development. Without a balanced approach to smart city development, we can only expect a backlash from residents when the most personal information about their life is available for all to see.
Being Smart About Smart Cities
At the time of writing it was announced that Bill Gates has bought up 25,000 acres of land in Arizona, with the express purpose of building a smart city. In building a smart city from scratch, we can go beyond the Internet-enabled device, to the Internet-enabled city. In doing so, we have an opportunity to build cities that reduce waste, connect us to our health-practitioners in novel ways, make sure the traffic flows easily, and reduce CO2 emissions, amongst many other things. But the issue we have to face is that smart cities are a playground for malicious actors unless we have frameworks and systems in place to prevent that. We have already seen where we end up without those checks and balances. Privacy has become an afterthought at best, as evidenced by manufacturers rushing to get smart devices, like TVs, robot hoovers, and CCTV cameras out to market and ending up with fines for noncompliance with data protection laws.
As a global community, we must recognize the complex issues surrounding the lifecycle of smart city data, especially when these data are aggregated or open to abuse or malicious exposure. To take our cities into the next era we need to learn the lessons of the last decade and build a robust privacy infrastructure into the very foundation stones of our future smart dominions.
For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.
He held multiple interim CISO and technology leadership roles in Global 2000 companies.