In Brief
Cities like Barcelona, London, Boston, Dubai, Singapore, and Hamburg have already begun to equip their metro areas with technology to collect more data about residents and their activities. How will citizens' privacy be protected in these cities of the future?

The Rise of the Smart City

The city of Barcelona is a sensory bustle. Elaborate tiled buildings glint beneath swaying palm trees while vendors hawk their goods in Spanish and Catalan. Amid such color and sound, it would be easy to overlook the gray plastic shields that have appeared on lampposts along the city’s main drag. It’s even easier to miss what they contain: sensor boxes that collect data on everything around them.

Each is equipped with its own hard drive and a wifi-enabled sensor, which tracks elements of its environment like noise and crowd levels and pollution and traffic congestion, then transmits it to a central data service via a fiberoptic cable. Fortune reports that the sensors can even monitor the number of selfies posted from the area.

Beneath its old-world charm, Barcelona is outfitted with new-world technology, which led digital market research firm Juniper Research to grant it the title of the world’s smartest city in 2015. But it didn’t retain that superlative for long — Singapore superseded it the following year. Around the world, city government offices are equipping their cities to collect a growing amount of data about residents and their activities. Barcelona, Boston, London, Dubai, and Hamburg have already begun the process; India has ambitious goals to revamp 100 of its cities by 2022. Singapore plans to become the world’s first “Smart Nation.”

All of these efforts promise to make cities cleaner, safer, more sustainable, and more efficient. But ethicists have a different concern: How can citizens maintain privacy when data is being collected from all around them?

Somebody’s Watching

Smart cities rely primarily on two types of information: aggregated data and real-time data. Sensors aggregate data about a specific place or thing into larger computer networks, which then analyze large quantities of information to spot trends. Some cities have already used aggregated data — to monitor the most popular parking spaces in central London, to analyze traffic on Boston roads to spot hazards, and to adjust the brightness of streetlights depending on the size of crowds in Barcelona parks. Because the data is aggregated, it is effectively anonymized; it can’t be used to track individuals or gain information about them.

Cities are also gathering real-time data that does focus on individuals. In 2013, a company called Renew London piloted a program in which sensors installed in recycling bins tracked the wifi signals from passing phones. The sensors could then use the phone’s unique media access control (MAC) address to target advertisements on that bin to the individual, based on his or her movement within the sensor network. For example, if the individual had frequently passed a particular clothing store or restaurant, he or she might see more ads for that establishment.

A screenshot of marketing materials issued by the now-shuttered Renew London initiative. (Image credit: Quartz)

Renew had attempted to bring the targeted advertisements users see online into the real world. Yet unlike most websites, the company was not legally required to inform citizens that they were being tracked. After details emerged (and outrage ensued), London’s city government asked Renew to halt its trial.

Despite the backlash, many other cities are still pursuing initiatives that gather real-time data. In Singapore, for example, the government plans to require all cars to have a satellite navigation system that will monitor the location of each vehicle at any given time, plus its speed and direction. This tracking system will allow the government to automatically charge cars for parking fees and tickets, as well as levy a tax based on how much an individual drives.

The island nation is also testing several programs that gather data about city-wide infrastructure issues and the amount of energy used in individual units of government-sponsored housing (80 percent of the population lives in these complexes). Elderly and infirm patients could opt in to a program that monitors movement inside their apartments.

As more objects become connected to the internet, they will gather even more information.

“Every day — just through our smartphones, credit cards, et cetera — we leave behind us lots of digital footprints, which are recorded thousands of times every day and stored somewhere in the Cloud,” Carlo Ratti, director of the Massachusetts Institute of Technology (MIT) Senseable City Lab, told Futurism. This deluge of data could enable cities to create new smart city programs, with the intention of making our lives better.

But those programs are not without risk. “The worrying thing about this is that we live in an asymmetrical world, where just a few companies and public institutions know a lot about us, while we know little about them,” he said. Cloaked in their black boxes of information, those companies could be selling personal information for advertising and marketing, or allow hackers to gain access to information that users didn’t even know they were giving up.

Ratti believes that the best strategy to combat potential misuse of this data is for future smart city governments and organizations to implement a more transparent and flexible “data contract” between individuals, companies, and governments. Some places are already initiating such contracts — the General Data Protection Regulation (GDPR), slated to kick in beginning May 2018, will require that all businesses within the European Union share what kind of data they collect from residents and gain individuals’ consent for its use (though interestingly, it does not address data collection by governments).

The law also allows EU citizens to opt out and be “forgotten,” or to have personal data — everything from your mobile device ID to your genetic sequence — removed from any database if they no longer feel there is a compelling reason to keep it.

In order to keep future smart city initiatives transparent, Ratti said that “taking advantage of such new rules that will go into effect soon [will be] a great way to put pressure on companies that collect large amounts of data today.”

Hacked City

Such prodigious and complex data could particularly put individuals at risk if it got into the hands of hackers. At the 2015 Black Hat computer security conference, security experts Greg Conti, Tom Cross, and David Raymond pointed out in a presentation and subsequent paper that information security in a city is far different from that of a private company:

Cities feature complex interdependencies between agencies and infrastructure that are a combination of federal, state and local government organizations and private industry, all working closely together to keep the city as a whole functioning properly. Preparedness [against hacking] varies widely. Some cities have their act together, but others are a snarl of individual fiefdoms built upon homegrown technological houses of cards.

“It’s going to be an ongoing battle between the hackers and defenders, just as is going on right now,” Christos Cassandras, professor of electrical and computer engineering and head of the division of systems engineering at Boston University, told Futurism. Private companies and city institutions will likely need to be better coordinated in their security efforts.

Hacking is a perpetual threat, and anything connected to the internet is vulnerable. Ratti pointed out that hacking has always been part of the introduction telecommunications technology; in 1903, during an early demonstration of radio transmission technology between Cornwall and London, a music-hall magician hacked the system to broadcast several lewd messages to the Royal Academy of Sciences’ waiting — and soon scandalized — audience.

The best tool to fight hackers in smart cities, Ratti said, might be the one that many computer security teams use today: “white hat” hacking. Engineers try to infiltrate a system as a hacker would in order to identify weaknesses that real hackers could leverage (not to get information, as a real hacker would).

“[White hat hacking] may become routine practice — a kind of cyber fire drill — for governments and businesses, even as academic and industry research focuses in the coming years on the development of further technical safeguards,” Ratti said.

Finally, there is the threat that governments themselves will use the data for nefarious purposes. As Engadget points out, democracy watchdog Freedom House ranks Singapore as only “partly free” because its leading party has a history of suppressing dissenters.

There are concerns, therefore, that data the government collects could be used against political dissidents. The privacy defense charity Privacy International expressed concerns about Singapore’s lack of privacy laws in 2015, particularly given that their constitution does not guarantee a right to privacy and that they had not ratified the International Covenant on Civil and Political Rights, which includes a clause that protects privacy. Policy analysts and industry experts have echoed these considerations, both about Singapore and smart cities more generally.

Concerns like these are amplified in countries with even spottier records for human rights and civil liberties, such as the United Arab Emirates.

Singapore has taken steps to mitigate those fears and ensure citizens that their security will be protected. Vivian Balakrishnan, the country’s minister for foreign affairs and leader of the Smart Nation Initiative, told Engadget that under the Smart Nation Plan, only “anonymized traffic data will be collected and aggregated” from toll roads, and that officials will “engage independent security consultants” to test the system for weaknesses. He added that Singaporean government is dedicated to building the nation into “an ‘open-source’ society that’s characterized by high levels of trust, transparency, and openness.”

In the end, though, it will be up to individual citizens — in Singapore, and in other smart cities around the world — to stay abreast of these new programs as they are implemented.  Citizens can only hold their governments to promises of safety if those citizens know what data is being collected about them.

At the Speed of Tech

A few years ago, when Cassandras began giving talks on smart cities, he used to tell his audience that he thought most of the technology he discussed was 10 to 15 years away. Today, he admits that he was wrong — the technology has arrived far sooner. Now he expects progress will move even faster, he said.

Competition has driven this growth, Cassandras believes. “The private companies are so under pressure to compete globally,” Cassandras said. He added that “all it takes is two or three players who are moving forward faster than other” to rapidly advance the entire industry.

Cities, similarly, are under pressure to become much more sophisticated in a short timeframe. Many metropolitan areas are expanding very rapidly, so some government officials may choose to use smart technologies to prevent problems like pollution, dangerous overcrowding, and unsafe streets. A city that fails to address those problems can be plagued with health issues, legal challenges, and a drop in population — citizens and businesses alike could be tempted to relocate to cleaner, more modern centers.

“More often than not, in this process there are a lot of risks.”

Cassandras sees dangers in the rapidity of this growth. “More often than not, in this process there are a lot of risks,” he said. “Sometimes commercial development tends to put those risks, those dangers, those concerns on the side, in the effort to be there first, and make a profit first.”

Yet he also doesn’t find the data collected by smart cities more worrisome than what’s collected online already. “I’m more concerned about my privacy when I buy something on Amazon or put in my credit card number to find an airline ticket,” he said. Cassandras, and many experts in this upcoming technology, ultimately sees smart cities as an improvement for human lives. If done right, smart cities promise their residents cleaner, safer, and more efficient lives — as long the data in our lived environment is policed the same way we defend our city’s homes and streets.