Scratching Below the Surface: IoT Privacy Risk

Further to the topic of Privacy & Security for Smart Cities (E. Kenneally, “Scratching Below the Surface: IoT Privacy Risk,” in IEEE Internet of Things Magazine, vol. 1, no. 1, pp. 8-10, SEPTEMBER 2018. doi: 10.1109/MIOT.2018.8552484, available at https://ieeexplore.ieee.org/document/8717595):

This column delves into privacy risks of the IoT using risk concepts that are more native to the security domain in order to conceptually bridge our collective understanding, articulation, and management of privacy concerns in the IoT which otherwise might not be sufficiently considered or foreseen by existing legal and technical controls. It has become almost cliché that the so called Internet of Things (IoT) means different things to different people. When it comes to privacy and security risks, what is implicit across the myriad conceptualizations of IoT lies the key to unearthing why IoT risk heralds a difference with a distinction compared to traditional offline and online contexts. Critics of an exceptionalist view of IoT risk might contend that the IoT is really just distributed computing on steroids, i.e., the IoT is merely a relabeling and repackaging of technologies past like client-server, web services, SoA, mobile, virtualization, and distributed computing, which means that risk management is merely an exercise in grafting the decades-long understanding of privacy and security from those familiar contexts onto the IoT. Without getting into a religious debate, it is incontrovertible that there are advances in the quality and quantity of data collection from IoT technologies as opposed to previous generations of technology, and these are driven by real and prospective socioeconomic value propositions.

GCTC Tech Jam – 2019

GCTC Global Tech Jam 2019 | BroadbandUSA

Register here.The Global Cities Team Challenge (GCTC) Global Tech Jam brings together research institutions, private sector companies, grass roots organizations, and public entities to explore deployment of data-driven decisions and to benefit communities. This international consortium will discuss deploying emerging technologies to improve infrastructure and create conditions

 

Intelligent Privacy for Smart Cities

Join us at the upcoming Portland Tech Jam ’19 where we’ll present our forthcoming paper that addresses Smart Cities privacy and innovation challenges with pragmatic policy-informed technology solutions:  Look for the full article in the ACM Conference Proceedings (Isaac Potoczy-Jones, Erin Kenneally, John Ruffing, “Encrypted Dataset Collaboration- Intelligent Privacy for Smart Cities, SCC’19, September 2019, Portland, Oregon USA).  In summary:

The past year has seen increasing scrutiny of Smart Cities efforts with regard to privacy. Privacy advocates have criticized Smart City data collection on the whole and critiqued specific city efforts that they feel have crossed a line.

Cities are struggling with a number of privacy issues, including how to address third parties’ collection of Smart City data, how cities consume personally identifying information from third-parties, and how public records laws intersect with privacy concerns.

The majority of data that cities collect are subject to disclosure under public record laws, with an attendant obligation to anonymize sensitive private information. However, as the amount and availability of data increases, the ability to cross-reference, correlate, and de-anonymize or re-sensitize datasets also increases. This leads to re-identification attacks that infringe the privacy of individuals in those datasets, and fosters mistrust in city governments and technology vendors. A fundamental challenge is that open data and privacy interact in complex and unpredictable ways. Some cities may choose to allow third parties to collect and manage that data in an effort to encourage innovation in the delivery of city services, while simultaneously wrestling with the legal and policy implications, such as privacy and public records law compliance. Unfortunately, this also may have undesirable privacy outcomes depending on a third-party’s use of that data and the city’s role in encouraging its collection.

In this paper, we will discuss concrete approaches to smart cities data privacy governance including collection and management, and specifically, an innovative pilot project supported by the U.S. Department of Homeland Security, Science & Technology Directorate aimed at demonstrating how privacy technology can help harmonize data sensitivity risks with intended benefits.

Smart City Data: APIs – Open Source

Streaming data presents a different problem from query/response.

streaming-api-projects/smart-city-data

These are streaming projects for city data, showing what is possible when you make valuable city data available in real time. The current projects in this repository are: All projects proxy city data using Streamdata.io, and uses Server-Sent Events (SSE) to push updates to each existing city data JSON API, only sending what changes using JSON Patch.

Parking Policy is Hot

Suddenly, Everyone Wants to Talk About Parking

What’s the most emotional topic in transportation? According to Donald Shoup, it’s parking. “Thinking about parking seems to take place in the reptilian cortex, the most primitive part of the brain responsible for making snap judgments about flight-or-flight issues, such as how to avoid being eaten,” Shoup writes in the introduction to his new book, Parking and the City (Planner’s Press, Routledge, 2018).

NIST GCTC Expo Registration Available

We’re on track in the Data Supercluster for an exciting Expo event. Check out the details at the NIST GCTC Expo web site and sign up. Its free to attend, but you must register.

Smart and Secure Cities and Communities Challenge Expo

In 2019, Global City Teams Challenge brings you the Smart and Secure Cities and Communities Challenge (GCTC-SC3) Expo, co-hosted by NIST and U.S. Department of Homeland Security Science and Technology Directorate (DHS S&T).