May 17 2023

Smart City Strategies Must Balance Progress and Privacy, Report Says

The Information Technology and Innovation Foundation details ways that smart cities can protect citizen data.

In recent years, cities all over the country have taken strides to modernize with emerging technologies that make communities smarter, safer and more connected. And with the rapid evolution of technology, they’ve only scratched the surface when it comes to smart city capabilities. But with data collection and Internet of Things (IoT) devices powering these innovations, there are always concerns about personal privacy.

A recent report from the Information Technology and Innovation Foundation examines this tension, urging smart city leaders to balance any potential benefits to society against privacy concerns. How can cities continue to innovate without compromising the privacy of their citizens? And how founded are the public’s concerns around privacy? The report argues that there are legitimate issues to consider, but there’s also fear over hypothetical future smart city applications.

“I think a lot of the most realistic concerns about privacy is if data is tied to a specific person, and if you have all these data points, you could potentially put together a profile of a person,” says Ashley Johnson, senior policy analyst at ITIF and author of the report. “Then there are slippery slope fears. We shouldn’t allow governments to use technology in any way they want, but there are protections in place. We have constitutional rights as American citizens.”

The report details several steps government agencies can take to make sure they’re protecting citizens even as they modernize.

Click the banner below to explore cybersecurity strategies when you become an Insider.

Governments Face an Uphill Battle in Data Protection

The idea that government use of smart devices will inevitably lead to human rights issues isn’t sound, Johnson says. Instead, she says, the bigger potential threat to citizen privacy is a breach of government systems, putting data in the hands of bad actors.

“It’s not only a realistic concern, it has already happened in the past with citizen data and government employee data,” she says.

The sheer volume of data that governments collect makes protecting it difficult. Cyber workforce shortages compound the challenge, as does the fact that government agencies have fewer resources than corporations, making data protection an uphill battle for the public sector.

Proper data security in smart cities starts with securing IoT devices, as having a large number of internet-connected devices broadens an organization’s attack surface. Governments can implement zero-trust practices and limit access so that each device only touches the information it needs instead of a whole network, ITIF notes.

EXPLORE: Smart cities depend on edge computing, but securing it remains a challenge.

Agencies Can Keep Data Anonymous to Protect Citizens

Governments should anonymize data they collect through smart devices. This is usually not a problem, as most of the data collected through many sensor technologies is nonsensitive information that wouldn’t benefit from being connected to specific people. This includes data on traffic patterns, population density and energy consumption.

“For most use cases, the data doesn’t need to tie to a specific person or household,” Johnson says. “That avoids the potential of anyone building profiles of individuals based on their habits or any of that data that, on its own, is innocuous.”

However, in cases when governments do tie data to specific people, Johnson says that agencies should set that data up for automatic deletion. For example, if a state is gathering data from an electronic toll collection system such as E-ZPass, it’s receiving data tied to individuals because payments are processed via credit cards. This kind of data should be deleted once payments are processed or the need for the data is gone, Johnson says.

ITIF cites the company ShotSpotter as an example of an organization that uses automatic deletion to prevent the misuse of data. The gunfire locator service uses sensors that only send audio to a review center if it detects a potential gunshot, ITIF says. That audio is automatically overwritten after a certain period, preventing law enforcement from digging up old recordings to listen in on captured conversations or other audio.

LEARN MORE: How cities are improving data sharing across local government.

Transparency Must Be a Priority in the Data Collection Process

Citizens will naturally wonder why their data is being collected and how it’s being used, ITIF notes. Governments must have answers to these questions. Information on data collection and use should be easily accessible to the public.

Any broad communications explaining the use of data should be written in a way that’s understandable to the layperson; more technical detail can be provided in additional resources, ITIF notes.

“Having answers would not only put people more at ease and inform them but it would also allow for researchers to explore the ways that data is being used and the potential implications,” Johnson says.

There are also concerns about the commercial use of data. ITIF recommends that Congress pass federal data privacy legislation that pre-empts existing state and local laws and includes opt-in consent for the commercial use of sensitive data and opt-out consent for commercial use of nonsensitive data. Johnson says that she expects the American Data Privacy and Protection Act will be reintroduced to Congress.

Marco VDM/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.