Do smart cities come at the cost of data privacy?

A view of a future cityscape as envisioned by the Joint Contracts Tribunal in the UK. Today’s columnist, Chris Shannon of Fotech Solutions, offers some insights into how the push to deploy connected devices must be balanced with the data privacy rights of citizens. (Creative Commons CC BY-SA 2.0)

The smart city movement has grown in the last 10 years as a direct result of the world’s increasing urbanization. Indeed, by 2050 more than two-thirds of the earth's population will live in urban areas.

This flow of people into urban areas created denser cities, with increased demands on city services – everything from emergency services to transportation and local amenities. As cities grapple with these pressures, smart city systems are viewed as an important way to ensure that denser, more populous cities are also healthy, wealthy, and safe.

Once the hype gets stripped away, smart cities really aim to give municipal authorities a better “data view” of a city’s infrastructure and operations so that they can manage them more efficiently, save costs, reduce carbon footprints, and make better decisions.

Mobile communications technologies, GPS, edge computing and a whole host of cameras, sensors, detectors and supporting infrastructure are just some of the technologies that have a role to play in delivering city officials the data they need to make cities run more efficiently.

These data sources, coordinated via sophisticated software platforms that collate the various data types, are already used to guide transportation networks, maintain public safety and security, and tackle environmental quality issues.

However, there’s a drawback to these technologies. Much of the monitoring technology we currently employ relies heavily on personal information to ensure that they work properly. The technologies inherently capture, share, and store some level of personal data.

This raises the legitimate concern of whether the security and function of smart cities comes at the cost of privacy. In the last few years the public has woken up to the importance of protecting data. Scandals like Cambridge Analytica have proved a watershed moment in the public’s understanding of privacy issues.

More recently, the use of “track and trace” apps to help contain COVID-19 have raised the issue of data privacy. While these apps are undoubtedly useful in the battle to control the coronavirus, there are also legitimate privacy concerns with continued use of these apps. The question revolves around what data gets captured and whether it’s stored on devices or centrally. As a result, their use has rightly been closely monitored by privacy advocates and governments.

Smart cities also form part of this same picture. There are legitimate fears that smart city technology may get used to support surveillance states and that “big brother” could track people’s movements.

Many are already levelling these accusations at China – particularly the way that smart city technology has been used in Xinjiang. Comparitech found that 18 of the world’s top 20 most-surveilled cities are in China – and as many as 54 percent of the world’s 770 million CCTV cameras are reportedly in China.

However, issues with surveillance technology are much more widespread than in China. Even less controversial states, such as Singapore, have smart city systems in place that many privacy advocates would consider invasive.

In Toronto, objections have firmly centered on the data privacy implications for citizens impacted by the Waterfront Toronto project spearheaded by Sidewalk Labs, a subsidiary of Google. Although Sidewalk Labs claims they will anonymize the data, it has made no secret of its plans to make data open and accessible to third parties, which in turn has fuelled concerns that citizens will lose all control over who has access to personal data.

Some of the ethical issues here are impossible to ignore. As technology gets more capable of solving the problems of cities, it’s important that those issues are not simply replaced with new dilemmas surrounding privacy.

We need to understand that the data smart cities collect are both valuable and incredibly sensitive. At the base level, the question of how that data gets stored and accessed becomes vitally important. No city should let the data of its citizens data get exposed, stolen or in any way threatened. Beyond the obvious threat of identity theft, such a breach could open up citizens to physical crimes against themselves or their property – and also open cities up to broader cyber-attacks.

When we start to look at data management, we also run into issues around the risks that come with data centralization. With centralized data, even anonymized data could get matched up with other data sources and enable the identification of the anonymized data.

But even if these issues are overcome, we still run into the knottier problems around data governance and ownership. How do we decide the data that’s appropriate to collect? Who owns the data once it has been collected? How do we manage data sharing? How does the data get used? For what purposes?

Because many smart city initiatives are public-private partnerships the ownership isn’t always automatically clear. Does it belong to the individual? The city? The technology vendor? Can that data get sold or monetized via advertising? Can the citizen choose to opt out? All of these questions remain unanswered. Today, we do not have a model for proper data governance of this sort of data.

There are a number of cities and organizations around the world that are attempting to find answers. In Oslo, the CityZen project aims to investigate possible solutions to the data privacy challenges of smart cities. In these trials the citizens themselves – not the city or utility companies or transit authority “own” the data. Moving forward in this way will help garner the consent of citizens.

Other projects are working within existing legal frameworks. For example, the “Siemensstadt 2.0” project in Berlin – envisioned as a similar project to Waterfront Toronto – plans to build its data policies within the provisions of the General Data Protection Regulation.

Technology that puts data privacy first

In the end, cities only really need data in the aggregate, the numbers themselves, to improve services. Governments don’t need to know which specific individuals were where, or any personal information about them.

As such, smart cities should prioritize technology solutions that are anonymous by design, and reject systems that explicitly capture, or can be easily cross-referenced with, personal data, such as mobile subscriber data. The technology exists that can deliver the intelligent insights required to help make cities safer and more efficient places to live and work, while also addressing privacy concerns.

One example is Distributed Acoustic Sensing (DAS). DAS upgrades a traditional fibre optic cable to effectively convert it into thousands of vibration sensors, akin to placing an army of microphones alongside a road, a railway, a pipeline or a building’s perimeter. A laser shoots thousands of pulses of light down a cable each second. A minor proportion of this light gets reflected, and any disturbances in the light pattern gets picked up by the sensor. Each kind of disturbance has its own signature and advanced algorithms in the technology and can tell an operator what happened, exactly where it happened and when it happened.

Because DAS only gathers purely physical information, rather than relying on tracking personal metrics, it captures purely anonymous data.

Of course, cities still need to look at harnessing technologies such as cameras, UAVs and other sensors to develop a system that can monitor, diagnose and respond to changes or threats. While a system like DAS can offer an overview of the flows and activity in a city and flag potential incidents, other technologies are required to review and analyze events of interest in more detail. But here the DAS underpinning can direct other resources, such as cameras, to ensure that cities can make assessments and decisions quickly, accurately and with confidence. Working in tandem like this lets technology teams extract the most value from both, rather than running either one independently.

The precise set of these technologies and sensors will vary according to the unique challenges of each city – but this combination of a foundational layer of data capture technology and arrays that deliver a response or make a closer diagnosis of potential incidents flagged by the underlying data present are very promising. They aim to easily and quickly build up not just the detailed data view of how a city functions, but also to enhance responses to incidents.

There are still serious and legitimate privacy debates to have in the months and years ahead. But DAS and technologies like it show us that data capture and analytics don’t need to collect personally identifiable information to deliver a meaningful service. We must remember that smart cities are about improving everyday lives – adding value and convenience to what a city can offer its citizens, not tracking their every move.

Chris Shannon, CEO, Fotech Solutions

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.