We Need Digital Privacy Standards For Smart Cities

By Junaid Islam, Partner, OODA.com

April 13, 2021

Horasis Global will be hosting a session on Digital Privacy Standards for Smart Cities on June 8, 2021 at 15:30 GMT 

Smart Cities will reduce energy consumption and improve efficiency of transportation systems but have the risk of eroding personal privacy. The line between efficient resource management and surveillance is a fine one. Presently there is no global standard or even best practice for the protection of personal data that is captured by a Smart City.  More importantly many Smart Cities are storing personal information in vast Data Lakes which are vulnerable to misuse and theft.  

Smart City Risk: Omnipresent Knowledge

The critical difference between existing and emerging Smart Cities is omnipresent surveillance and machine learning analysis that can provide detailed knowledge of every citizen.  For example, it’s a common practice to keep the lights on in office buildings around the clock to accommodate late night workers and security personnel.  However Smart Energy systems can detect and track individuals to turn on lights when needed; a simple idea that would eliminate wasted energy.  Similarly we’ve all had the experience at being stopped at a red light with no other cars at the intersection.  Smart Transportation systems can observe your vehicle traveling thru a city and optimize the timing of traffic lights to eliminate unnecessary stops.  Unfortunately the same Smart surveillance systems that reduce lighting and fuel wastage also know your identity and every move. 

While the utilization of surveillance cameras and sensors to manage energy and transportations systems is not new, the new generation data collection systems operate at a much higher resolution.  New surveillance cameras have the ability to see license plates and vehicle occupants in any lighting or weather condition. Additionally new Smart systems analyze data in cloud-based Data Lakes that have an infinitely large memory (unlike human security guards).  Subsequently a Smart Building will know the history of every visitor and who they spoke to; this is a big difference from the guest sign-in book we’re all used to.

Digital Privacy Situation: Technology Is Moving Faster Than Policy

At present there are no global standards of how imaging and sensor data collected by Smart Cities will be protected.  The current practice is to store information in vast Data Lakes to simplify application access.  Unfortunately the desire to simplify access to Data Lakes makes them extremely vulnerable to misuse by government agencies as well as theft by cyber criminals.  To address the current situation a few common sense policies are recommended:

1/ Extend GDPR To Smart Cities 

Europe’s General Data Protection Regulation (GDPR) has become the benchmark for how consumer data should be protected.  GDPR provides a framework to protect the identity and associated data of citizens in a Smart City.  Policy makers should extend GDPR for imaging and sensor data allowing citizens to know what is being collected.

2/ Anonymize Data At The Edge

The new generation of imaging and sensor systems all feature on-board processing which is used to index data.  These systems can be configured to redact or anonymize data as well.  For example license plate and occupant images can be removed from cameras managing intersections as it’s not necessary to know who is driving to turn a light green.   

3/ Adopt A Zero Trust Security Model  

One emerging technology that can help safeguards Data Lakes is a Zero Trust Architecture (ZTA).  The US Government recently mandated a Zero Trust Architecture under NIST 800 207 to ensure regulated data is only used by authenticated and authorized systems.  In the ZTA security model, data can only be accessed by authenticated and authorized systems.  ZTA provides a technology to enforce GDPR within a Data Lake.

4/ Require Smart City Systems Be Secure By Default

Digital Privacy cannot be an afterthought or extra feature, it must be in the fabric of a Smart City.  Government leaders should mandate that GDPR and Zero Trust for all surveillance and management systems they deploy to protect the Digital Privacy rights of citizens. 

5/ Promote A Digital Privacy Index

Just as we have public indexes for air quality and housing pricing for cities around the world, we should publish a Digital Privacy Index for Smart Cities. Cities are businesses and highlighting good and bad behaviour can be a powerful motivation to do the right thing.  For organizations that have a choice of location, such as international conferences, a low Digital Privacy score can be an important factor. 

If there’s one thing that history teaches is that technology can be used for good and evil.  The splitting of the atom created a new energy source but also a weapon of mass destruction.  Smart Cities and the technologies that power them are no different.  As a society we must ensure that Smart Cities manage resources for the benefit of citizens; not enslave them. We need to act now.

This article was authored by Junaid Islam, Partner, OODA.com