The Promise and Peril of Smart Technologies: Embracing Opportunities and Managing Privacy Risk
Over the last few years, concerns over data privacy, data security, and data usage have plagued some otherwise promising smart technology deployments and smart city projects (see Sidewalk Labs for an example). When we consider the significant improvements technological innovations have made to the standard of living throughout history, we can see that a stalled or canceled smart project is a socio-economic loss for the community. Exponential improvements in computing power mean that smart technologies can help communities tackle civic challenges efficiently and effectively to ensure equitable outcomes. For example, while it is common practice in many offices to keep the lights on around the clock to accommodate late-night workers and security personnel, smart energy systems can detect individuals turning on lights when needed, a simple idea that reduces energy use. Similarly, we’ve all had the experience of being stopped at a red light with no other cars at the intersection. Smart transportation systems can detect your vehicle traveling through a city and optimize the timing of traffic lights to eliminate unnecessary stops.
That is not to say that community concerns about such projects are unwarranted. While data-collecting sensors (AKA IoT devices) and machine learning (ML) analysis can provide insights into a wide range of problems common to urban life, the same tools and processes sometimes have the potential to be used in controversial ways. For example, camera-equipped streetlights in San Diego were surreptitiously used to track and monitor individuals. While this practice might aid in the apprehension of criminals, un-approved use can violate’ resident trust, reduce their sense of autonomy, and sour community relationships and future engagement.
Adopting clear and enforceable policies is imperative given the ubiquity of smart technologies in our day-to-day lives. As we grapple with an increasingly “smart” future, the Digital Trust Initiative aims to foster technology adoption and use through community empowerment that prioritizes civic well-being. Following a trust-centric resident-first approach, we outline five ideas that could help foster community empowerment.
- A Federal Privacy Law or Regulation
At present, there are no global or federal standards on protecting IoT data collected. In many instances, the current practice is to store information in vast data lakes to simplify application access. Unfortunately, the desire to streamline access to data lakes makes them vulnerable to theft and misuse. The European Union’s answer to this is the General Data Protection Regulation (GDPR). GDPR has become the benchmark for protecting consumer data, providing a framework to protect residents’ identities and associated data. In the absence of similar national government-mandated regulation in the United States, connected communities might consider the rights and responsibilities outlined in GDPR as instructive.
2. Anonymize Data at the Edge
The new generation of IoT systems features on-board processing capable of indexing data. In addition, these systems can be configured to redact or anonymize data. For example, license plate and occupant images can be removed from cameras managing intersections as it’s not necessary to know who is driving. Anonymizing at the edge also allows to minimize data collection and to only collect data required for a specifically approved use case.[1]
3. A Zero Trust Security Model
As municipalities collect more data they become more vulnerable to breaches and security incidents. A network is only as secure as its weakest link, and for a city with hundreds and possibly thousands of sensors, data channels, data stores, and data processing units, departments, and service providers, cyber risk increases exponentially.
Unfortunately, smart sensors and systems have not always been designed with a security focus. To protect themselves, municipalities should examine their current cybersecurity strategy and consider upgrading it.
Zero trust architecture (ZTA) is one emerging technology that shows a great deal of promise for protecting these projects. Unlike the classic internet model based on implicit trust – where users are assumed trustworthy until they prove to be untrustworthy – zero trust means that internet network users and their devices are not blindly trusted and granted access to sensitive networks or information. Zero trust authenticates everyone and everything. Under zero trust, security starts at the internet connection i.e. only an authenticated and authorized device and system can connect and access data.
The strength of this approach is increasingly being recognized. In fact, the US Government recently mandated a zero trust architecture to ensure regulated data is only used by authenticated and authorized systems. ZTA provides a technology to protect privacy, ensure security, and maintain compliance. Thus, for smart cities and civilians, zero trust could mean peace of mind.
4. Privacy by Design
As mentioned above, IoT systems are not always designed with security or privacy in mind, but digital privacy cannot be an afterthought or an add-on. Smart city initiatives might consider following the principles advocated by Privacy by Design (sometimes Privacy by Default), an internationally recognized privacy policy framework. Privacy by design essentially means “…data protection through technology design.”
The concept outlines seven major principles on the road to achieving truly privacy-incorporated network design. These principles all serve the same fundamental purpose – to support the idea that we should, and to demonstrate how we could, prioritize privacy. The basic concept, incorporated into the GDPR and utilized by leading companies like IBM and Deloitte, indicates that privacy should be built into the fabric of connected communities. Leaders should mandate privacy policies and assessments for all IoT and automated systems. While adopting principles and policies alone is not sufficient it is a necessary first step to creating accountability and transparency.
5. Promote a Digital Privacy Index
Just as we have public indexes for air quality and housing pricing for cities around the world, what if there were a Digital Privacy Index for smart cities? Although such an index doesn’t exist today, publications ranking tech companies’ privacy practices are available. Some even rank internet privacy by country (see also). With the launch of the Cities Coalition for Digital Rights (CC4DR) – an UN-Habitat sponsored group mandated with protecting civilian privacy and digital rights – and cities like Los Angeles gaining recognition for taking tech giants to court in order to protect their residents’ privacy, we may soon see the emergence of privacy ranking by city, as well. Such a ranking could be a powerful asset. Cities are businesses and highlighting good and bad behavior can be a strong motivator for advancing community wellbeing. For organizations and individuals, a low Digital Privacy score could be a deciding factor for economic investment and community growth.
6. Awareness and Training
Smart communities need smarter residents. High levels of digital/web literacy of the 21st century across a community can empower residents to make informed choices regarding technology use and adoption. Communities need to think about how to structure and implement digital literacy programs and technical assistance programs for their residents as part of an ongoing engagement and lifelong learning effort. Only through knowledgeable and thoughtful consideration of technology use can communities truly benefit from its adoption and use.
Technology is a double-edged sword. The splitting of the atom created a new energy source but also a weapon of mass destruction. Therefore, we need to be cautiously optimistic about technological innovations. The Digital Trust Initiative at the Discovery Park District is an effort to bring community consciousness to smart city initiatives and encourage thoughtful technology adoption and use in ways that put community well-being at the center of the smart cities’ movement.
[1] For an example of this, check out this smart traffic demo.
May 26, 2022