Last Updated: 1st October, 2019
Urban infrastructure‘s next generation is on the horizon. As an Internet of Things (IoT) technologies is becoming increasingly abundant, we can assume to see local authorities depending on them in diverse ways to enhance living, working and traveling conditions. Truly, how secure are smart cities in real, while balancing privacy with innovation? Everything from road traffic to municipal services could be more efficiently managed, and environmental issues from noise levels of air pollution improved.
It’s not the just city infrastructure that is changing. We’re quickly moving toward a world where autonomous vehicles communicate with each other and interface with cloud services as well as smart traffic signals and road sensors to drive safely without human involvement.
There are concerns as well as benefits associated with these altered cities. The more connected devices a smart city employees, the greater the risk to individual privacy. Citizens have legitimate concerns that data shared to access smart city services could be compromised in the event of a network breach. For this reason, companies working on smart city initiatives must ensure they embed cybersecurity into the very heart of their projects.
Sidewalk Labs, owned by Google’s parent company, Alphabet Inc., is one of the leading organizations in this field. Its smart city project Sidewalk Toronto Initiative, is currently slated for the launch in Canada. If this goes ahead, it will be the first step towards a futuristic connected community. How secure is it in practice – and what impact will it have on citizen privacy?
Alphabet’s Search For The City Of The Future
Sidewalk Labs’ far-reaching plan for Toronto would fold data on everything from traffic, noise and air quality to refuse collection, traffic and power distribution into North America’s largest smart city deployment. Serious questions must be raised over how access to these new systems and the data that passes after they are managed, particularly given both public and private organizations are involved.
Sidewalk’s CEO Daniel Doctoroff says he is fully aware of the privacy issues that the project raises: “We have heard lots of concerns about privacy. The strategy we have established is in direct reaction to these debates, in a democratic, autonomous process, ensuring control of urban information. The approach outlined in the Master Innovation and Development Plan will set a standard for the world.”
Secure Smart Cities And The Risk To Privacy
Despite this apparent confidence, the cybersecurity community and some local politicians continue to express concerns over security risks of this project, underlining that the incentives for Alphabet to harvest data from residents and visitors must not lead to compromised security.
In the information economy, personal data are a valuable resource. In fact, in a fully secure smart city, the data generated by residents over the decades could well be more valuable than the land on which they live. If data are not adequately secured and privacy not guaranteed, smart cities could evolve from user-centric initiatives in communities that pose significant risk.
Sidewalk Labs’ response to these concerns deepens the potential for confusion. Doctoroff claims he can’t say with definitive certainty what will happen with the information collected in Toronto.
His company declares that it will ensure data in the system are anonymized where possible – but it has also published a plan to make data open and accessible to a number of “third parties.”
If Sidewalk Labs follow Alphabet’s wider business model, it seems possible that data may be used, in part, to profile residents to provide ‘relevant services.’
The likely cause of confusion regarding use of data is the lack of clarity over who has authority over that information. When personal data enter smart city deployment systems, responsibility for the security of that information must be clearly assigned.
This issue has recently surfaced in a lawsuit where the Canadian Civil Liberties Association is seeking ‘a court order that will nullify the agreement between Sidewalk Labs and Waterfront Toronto’ – precisely because of the fears of Canadian citizens’ data being collected and stored by a US company.
Unless proper controls are established from the outset, there is a risk that data accessibility is the trade-off of living in any smart city. Companies must ensure that residents are not exchanging convenience for security and privacy.
Building A Secure Smart City
Even if companies like Sidewalk Labs were to use the data, they collect in a responsible manner that honors user privacy, a great deal of information is still vulnerable to breach in cyber-attacks. Given the large number of potential entry points in a smart city deployment of this size, innovation, cyber-criminals could feasibly have opportunities to interfere with the operations of digitally enabled services including traffic lights, public transport management, energy, water, snow removal, sewage, refuse and emergency service deployment.
The effects of a smart city breach could be far-reaching, affecting citizens on many levels. Cybersecurity technology innovation, operations and standards must be designed in the portfolio from the outset of the project.
Endpoint security, in particular, needs should be a priority, given the extent to which smart cities rely on connected devices such as cameras, lights and sensors. A single breached device can become a gateway to an entire network. Companies and community councils working on prospective projects must understand this and ensure that their earliest planning includes detailed endpoint security measures.
In the process of creating IoT-driven city districts, corporations and local government bodies must be transparent about every detail that may affect citizens, including the ways that cybersecurity is implemented and monitored. We must be transparent about the data collected, as well as the intended life cycle and purpose.
The current connected ecosystem has established some effective cybersecurity innovation practices, technologies and standards; however, within the existing deployments, it is clear that citizen data is already used for purposes of which many are unaware.