From New York and Barcelona to Tokyo and Singapore, the promise of smart cities evokes a glittering vision of effortless efficiency, accessibility, and sustainability. When we think of a smart city, we tend to imagine a futuristic landscape where the most pressing problems of city life are being solved in real-time by AI-powered transportation systems, green energy solutions, and data-driven urban planning.
And yet, all that progress comes with a price tag, as most technologies behind the promise of smart cities rely on mass surveillance and perpetual collection of citizens’ data.
Who watches the watchmen?
From real-time crime prevention to parking habits and personal water consumption trends, the very concept of a smart city is grounded in big data, and all that data is mostly collected by private companies employed by municipalities.
However, deals between municipal officials and companies are often signed behind closed doors, while the exact details of the extent of data collection rarely see the light of day, resulting in a noticeable lack of transparency.
According to Jennifer Tisdale, principal of cyber-physical systems security at GRIMM, citizens should be advocating for increased data protection laws to avoid information misuse by the private sector. “The consumer is positioned to be consumed in this increasingly connected world. Whoever has access to the data, wins,” says Tisdale.
She believes that users should be more concerned about the public infrastructure that communicates with consumer devices, especially in regards to phone and app interaction, including “location and payment information, connected vehicles, and communication technologies not traditionally required to have robust cybersecurity practices.”
On the other hand, Janis von Bleichert, the founder and CTO of EXPERTE.com, thinks that companies would not risk overstepping their bounds when collecting citizen data.
“At the moment, private companies fear bad publicity and scandals because they adversely impact their stock prices and ultimately, alienate shareholders. As such, the market forces these companies to not get caught and risk financial ruin,” says von Bleichert.
“This control mechanism is a good thing. But even so, whenever a scandal does break, it usually shows that the company in question has been too lax in handling consumer data for a considerable amount of time.”
The problem of consent
Meanwhile, the much-needed concern for privacy on the part of citizens seems to be relatively low, as many are not even aware that their data is being collected whenever they step outside their homes.
Attila Tomaschek, the digital privacy expert at ProPrivacy, argues that the increasing ubiquity of surveillance devices in urban areas goes largely unnoticed by the average citizen, which in turn begs the question of informed consent.
“How are you, an ordinary citizen in a public setting, supposed to consent to your image and data related to your whereabouts being collected, processed, and stored - likely unsecurely - as you navigate your way through a smart city,” asks Tomaschek.
He believes that people now expect to be monitored at all times, and have come to accept it as almost inevitable.
“But perhaps, in today’s environment, as personal privacy and data protection issues come increasingly to the forefront of public consciousness, people will begin to better understand the privacy implications associated with the rapid expansion of smart technologies throughout our cities,” Tomaschek told CyberNews.
“Perhaps, officials will acknowledge the need to take a step back and thoroughly assess the implications of this tech and make efforts to deploy smart city initiatives in a way that is secure and works to protect citizens’ personal data.”
Conversely, Janis von Bleichert thinks that consent is ultimately just a legal formality intended to help businesses cover their behavior down the road in case something goes wrong.
“It almost never signals that the customer actually understands what they are agreeing to. Even if they do consent, it doesn’t mean that the company in question will refrain from behavior that the consumer believes they would abstain from,” he told CyberNews.
Grave security concerns
As the amount of data needed to run a smart city becomes ever more immense, so too grows the potential for misuse - not just by government officials or private companies in charge of operating smart city infrastructure, but also by cybercriminals and other malicious actors.
According to Attila Tomaschek, threat actors will continue to pose a considerable threat to smart cities in the foreseeable future. “The sensors, cameras, and connected devices that can help improve efficiency in traffic and public transport, water and waste management, public safety, healthcare, and more, can be exploited by cybercriminals and state-sponsored threat actors,” says Tomaschek.
He reckons that the massive amounts of data being collected by the devices monitoring smart cities make them particularly attractive targets to bad actors, especially when such IoT devices lack adequate security measures.
“It’s only going to become an increasingly dangerous scenario as cities continue becoming smarter and more interconnected, and as more and more devices are introduced into the mix. Without the proper safeguards and protections in place, smart cities will continue to pose a significant threat to data privacy,” Tomaschek told CyberNews.
Meanwhile, Jennifer Tisdale believes that state and local governments are too focused on the benefits of smart technologies and fail to account for possible security blind spots. “Little to no investment is dedicated to fund the cybersecurity layers necessary to protect data and smart city operations,” says Tisdale.
“If a grant or contract does not have a cybersecurity requirement, how will security be funded?”
A smart city on the right track
According to Tomaschek, aspiring smart cities should follow the example of Copenhagen, where city officials fully understand the security and privacy risks that come with smart city initiatives, and are actively trying to mitigate those risks.
“This is what makes Copenhagen not only a leader in the smart city movement, but also in the secure smart city movement,” claims Tomaschek.
“Engineers in Copenhagen are implementing state-of-the-art cybersecurity solutions that work towards minimizing the overall effect a potential attack may have on the city’s smart digital infrastructure. The solutions are being deployed in the city with the concept of data minimization at the forefront.”
While adequately securing a smart city is a truly monumental challenge, Tomaschek believes that Copenhagen is on the right track and should become the standard for how such a task should be approached by other cities looking to get smarter.