When Eva Blum-Dumontet, a research officer for London-based non-profit Privacy International, attends conferences, she likes to ask people she meets if they live in a smart city.
The answer is often “no”, she says, and that is because respondents are unaware that they are from one of the many cities pouring money into such initiatives. A smart city is an urban area that uses different types of electronic data collection sensors to supply information which is used to manage assets and resources efficiently.
This response is worrying, Blum-Dumontet says, because it means they are ignorant of the potential risks to their privacy and security.
Metropolises around the world – including Hong Kong, which unveiled its blueprint last December – are racing to become smart cities, building an “intelligent” infrastructure geared towards greater efficiency. But what does it take to make a city smart?
“Smart city is a concept born in the late ’90s describing the digitalisation of urban information and the potential to apply artificial intelligence to information collected through sensors, to give timely responses to metropolitan problems,” says Dr Sara Degli-Esposti, a research fellow at the Centre for Business in Society at Coventry University in Britain.
The technology offers a wide range of solutions in areas such as traffic control, pollution and waste management, and effective use of energy.
According to a McKinsey report published in June, the world’s smartest cities are New York, Singapore and San Francisco. However, the Chinese cities of Shenzhen, Beijing and Shenzhen, and the South Korean capital Seoul, are catching up quickly, the US consulting firm said.
Another report, released by Deloitte earlier this year, found that China has 500 smart city pilot projects under way – half of the world’s total.
One such initiative is under way in the eastern city of Nanjing, which is collaborating with Germany-based software company SAP to create an intelligent traffic system.
“They are taking data from taxis and buses – their GPS location, their speed – and using the data from video cameras, traffic signals, plotting them into a traffic control system and using that to make decisions on roadworks, re-routing of buses and traffic deviation,” says Max Claps, who leads the company’s Future Cities team.
Despite the obvious benefits, however, experts warn that, around the world, citizens are woefully unaware of the impact smart city initiatives could have on their personal privacy. Smart technology also hands governments and their law enforcement agencies powerful tools to monitor citizens, control their behaviour and take surveillance to a whole new level, they warn.
“Smart cities go hand in hand with this idea of smart policing,” says Blum-Dumontet. “With facial recognition, you can easily follow a citizen step by step using a city’s cameras and sensors – where they’re going, with whom they’re meeting. Tracking an individual becomes extremely easy because it’s impossible to escape the gaze of the state.”
That could be a serious concern for citizens of authoritarian states, and in China facial recognition systems are becoming a way of life. The technology is being used for a range of commercial applications in the retail, banking and travel industries, but also for security purposes, including identifying criminals and jaywalkers.
It is also being used in the restive, Muslim-majority Xinjiang Uygur autonomous region, ostensibly to curtail protests by detecting where crowds are gathering.
A UN panel this week heard “credible reports” that a million Uygurs are being detained in internment camps in the region, in the name of combating Islamic extremism and separatist sentiments. Beijing strongly denied the claim.
Singapore, which is striving to become the world’s first smart nation plans to install more than 100,000 CCTV cameras on lamp posts, linked to facial recognition software. The government says they will help catch traffic violators and letterers, people smoking in prohibited spaces, and combat other illegal activities.
Increasingly, surveillance is occurring not just in public areas but also in private spaces. Wireless sensors have been fitted in homes for the elderly in Singapore to monitor the movements, sleeping patterns and even bathroom use of residents.
Blum-Dumontet writes in the report, Smart Cities – Utopian Vision, Dystopian Reality: “While these initiatives have obvious intended positive aims, they are also highly intrusive, and open to potential misuse or diversion towards less altruistic ends.”
Under current legislation, law enforcement agencies in Singapore are permitted access to the data without seeking court approval or citizen consultation, she adds.
Singapore has partnered with French software company Dassault Systèmes to create Virtual Singapore, a 3D city model and platform that aggregates all the real-time city data collected by the nation’s sensors and camera. It is almost a real-world version of the video game SimCity. It will allow the government to zoom in on any flat and scan it for information – its size, number of residents, energy consumption and more.
Blum-Dumontet cautions that whereas once our behaviour could be tracked only when we are online, we can now be under surveillance permanently.
“Having your energy monitored [by smart meters] means 24/7, what you’re doing in the house is being monitored by the energy companies and the government. You enter a world where you can no longer escape the surveillance,” says Blum-Dumontet. This is particularly pertinent to citizens of countries with poor human rights records and no legal framework in place to protect citizens’ data.
The “Big Brother” effect is not confined to authoritarian regimes. Even in democratic countries where people have the rights to protest and organise, smart technology could erode people’s capacity to dissent, she says.
“You’re not alone when you protest. You’re part of a crowd and it gives you strength. You find a form of anonymity by being in a crowd,” says Blum-Dumontet. Yet extensive use of facial recognition software enables law enforcement to identify every participant.
You enter a world where you can no longer escape the surveillance
Eva Blum-Dumontet, research officer for Privacy International
“Digital technology lowers the cost of surveillance and increases the imbalance of power between people – the surveilled subject – and corporations or the state and their almighty vigilant eye,” says Degli-Esposti, whose research focuses on the ethical implications of digital technology.
Claps, from SAP, acknowledges that it is becoming increasingly difficult to protect privacy in an interconnected world. One way of doing so, he says, is to increase transparency, offer layers of consent, and establish detailed rules on collection, access and use of data. However, such a framework is unlikely to become a reality in more authoritarian countries.
Concerns about smart utilities – designed to generate more accurate billing information – go beyond the fact that they can track our behaviour.
“The more we replace non-automated objects with automated ones, the more we become vulnerable to malware attacks, data exfiltration, ransomwares, denial-of-service attacks ironically produced by IoT [Internet of Things] botnets,” says Degli-Esposti. “As long as you have an operating system, which these days are mostly Android, iOS or Microsoft, the more you can be subject to fairly common forms of attack.”
With smart sensors and cameras detecting citizens’ every move, and collecting large amounts of data, what will happen if it falls into the wrong hands, or hackers hijack our smart infrastructure?
Past cyberattacks illustrate how vulnerable even the most hi-tech infrastructure can be. For example, the computer systems of a nuclear plant operator in South Korea were breached in 2014. Though the authorities insisted no critical data was leaked, the incident prompted security fears.
Also worrying is that most regional governments and city councils rely on private companies to realise their smart vision.
“Private companies are subject to strict confidentiality agreements, and terms of service and use, which prevent the client from running third-party penetration testing and getting a sense of actual risks,” Degli-Esposti says. It’s important to have in-house talent to write detailed public procurement specifications and maintain the software over time, she adds.
“Officers buying smart city solutions today will probably not be in office in 10 or 15 years, when these solutions will have to be replaced or deeply updated.”
Such a scenario played out in May last year when the Wannacry ransomware cyberattack infected an estimated 200,000 computers worldwide, including those belonging to Britain’s National Health Service trusts. An investigation revealed that the incident could have been prevented if the trusts has patched or upgraded older software.
Although experts have spoken out on the risks inherent in smart cities, some argue that the issues are still not being discussed by the wider public, partly because of a lack of consultation when these initiatives are introduced.
Blum-Dumontet sees an obvious irony: “Governments claim that they’re creating smart cities to offer better quality of services, and yet, if the general public is not involved in the discussion, who do we make smart cities for?”
More from South China Morning Post: