As we settle into the era of smart devices can we use them to build privacy-friendly smart cities?
Imagine a world where everything we do, the things we say, even the expressions on our face, are collected and used to optimize city services? As I sit and type this in 2019, this is no longer the stuff of sci-fi novels; it is the stuff of the here and now.
By 2025, analysts, International Data Corporation (IDC), predict that 41.6 billion connected IoT devices will generate 79.4 zettabytes of data. Much of this data is our personal data. That is, data that represents us as digital entities; our behavior, our name, our location, what we like, how we look, the amount of energy we consume, our travels, who we are friends with, what our beliefs are.
Smart cities are being designed to use this data in the name of sustainability. IoT and other devices will generate the zettabytes of information that describe our digital-selves. But is this a good thing or the stuff of dystopian nightmares?
When privacy in smart cities goes wrong
There are many cases where worrying privacy precedents are being set in a rush to make our cities smarter. Those described below are but a few, just to give you a flavor of the scope of the problem:
The case of your face
Facial recognition has some very positive use cases within the smart city. For example, it can be used to locate missing persons or spot criminals in a crowd. However, the use of facial recognition is raising concerns about potential privacy violations.
In the US, councils in Oakland and San Francisco have banned the use of facial recognition. In the UK, police forces are pushing back against government plans to use facial recognition. Facial recognition may be a bridge too far as we mature our view of what smart cities should include.
Smart or not so smart energy?
All over the world, governments are focusing on smart meters. According to Accenture, the 10 largest smart meter deployments in the world amount to over 500 million devices installed by 2020. The data collected and aggregated across these devices shows the intimate details of our energy use. Privacy activists, Electronic Privacy Information Center (EPIC) have listed 14 ways they believe smart meters and the smart grid may adversely impact privacy. The list includes identity theft and profiling.
Surveillance capitalism and the smart city
The Toronto Smart City project, Quayside, is rapidly becoming the poster child for how not to create privacy-friendly smart cities. The project is being run by the Google-owned Sidewalk Labs. The project promises an affordable, inclusive, and climate-positive community. However, it has been haunted by privacy issues. Ex-privacy commissioner for Ontario, Ann Cavoukian, resigned from the project as an advisor last year. Dr. Cavoukian decided to step down when she found out that Sidewalk Labs would not be de-identifying personal data, as promised.
Smart cities collect enormous amounts of personal data. Organizations such as Privacy International are concerned that, unless carefully protected and respected, these data can be used for purposes of surveillance by companies and governments.
Techniques to help maintain private smart cities
If we want our smart cities to thrive, we need to think before we build. There are a number of areas that we can use to help us create smart cities that are privacy-friendly, including:
Get the buy-in of all stakeholders
Engaging citizens from the outset of a smart city project is an important starting point. It is the data of these citizens that will drive smart processes. It is just good practice to get the buy-in from citizens as well as vendors.
Cities such as Seattle, Oakland and New York City are setting the bar for smart city privacy policies. Oakland has developed the Surveillance and Community Safety ordinance to ensure that citizens are engaged before police are allowed to acquire or use surveillance technology.
In Amsterdam, the Tada! Manifesto encourages the various stakeholders of a smart city project to sign up for the ethical and responsible use of data.
Good data governance
The data created, aggregated, stored, and shared within the context of a smart city is a critical infrastructure. Governance of urban data as infrastructure can create a more positive privacy environment. Initiatives such as the EU SmartImpact project, have looked at governance models that work across the various stakeholders within the smart city. The project looked at how to classify smart city data and what actions and policies should be applied to this data.
Legislation for the smart city
Legislation can help to create the structures to protect smart city-data. For example, in the U.S. Privacy International has managed to get a judicial review of the collection and use of smart meter data. The judge agreed that the Fourth Amendment protects energy consumption data.
Having laws to protect data create an environment where privacy is taken seriously. In other areas of the world, laws, and initiatives focused at the IoT level, are taking shape. For example, in the UK, there is a consultation around the inclusion of privacy principles in the design of consumer IoT devices.
Technology and privacy awareness
Technologies such as anonymization and de-identification solutions can be effective in providing a technology backbone to many processes in a smart city. Other areas that can help to manage privacy are in the use of robust and flexible consent models. Ensuring that citizens and vendors are privacy-aware can also be very powerful in helping to alleviate privacy violations.
Privacy by design (PbD)
A full 93 percent of consumers place privacy and security as a top priority and concern according to research from The Economist, Intelligence Unit. Privacy should be an integral design goal when building smart city devices and systems.
Being “smart” is not just about having the latest technology to do a job. Being truly smart is about using technology wisely. History has shown us that times change. Governments change. Liberty is lost, found, and lost again. We must be cognizant of the power offered by the “smart” component in combination with personal data.
Governance over the application of smart devices and the collection of personal data must include a strong mandate to use every possible model of protection. The smart cities of today and tomorrow can provide a sustainable future for the 66% of us expected to be city dwellers by 2050. But it should not be at the cost of our personal privacy.