As part of the 2030 Agenda for Sustainable Development, the United Nations set forth 17 Sustainable Development Goals (SDGs) in a global effort to save the planet, eradicate poverty, and improve the quality of life for all. SDG 11 to “make cites inclusive, safe, resilient and sustainable” is reflected in many smart-city initiatives, such as the environmental benefits of smart buildings and autonomous vehicles to reduce carbon emissions and save on energy costs.
Considering that 70 percent of global carbon emissions come from cities, and that 60 percent of the world’s population is projected to live in cities by 2030[1], achieving such energy-saving goals through sustainable smart cities does sound like a dream. And in today’s rapidly changing world with rising inflation and energy costs, cities that do not adopt smart technologies may find themselves left behind in a “digital rust belt.”
But the interconnectivity of smart cities also brings about a serious threat in the form of cyberattacks. Major cities and small towns alike are already besieged by cyberattacks, which have crippled city services and critical infrastructure, from payment systems to 911 services, hospitals, transportation and more.
The costs of these attacks can amount to damages far beyond the ransomware payments sought by hackers. For example, when hackers attacked the City of Atlanta in 2018, the government refused to pay the ransomware demand of $51,000 in Bitcoin. However, the total costs in the long run were much more – the city ended up paying $17 million in recovery efforts.[2]
With the advent of smart cities, risks will increase and attack surfaces will multiply with IoT devices and sensors merging the digital and physical worlds. In order for smart initiatives to be successfully implemented, cities will have to mitigate the cyber risks by making cybersecurity a top priority from the start, as well as be able to effectively address privacy concerns of citizens, for privacy pushback has shut down more than several smart-city programs.
Take for example what happened with Sidewalk Labs, the urban innovation company owned by Alphabet, the holding company of Google. Sidewalk Labs’ plans with the City of Toronto for a 12-acre smart-city neighborhood was met with protests over concerns of privacy and data governance; it was ultimately canceled, which Sidewalk Labs attributed to COVID-19. Regardless of the stated reason for withdrawal, it was clear that for Toronto residents the proposed smart-city technologies were viewed as a surveillance-city nightmare.
There is also the case of San Diego, which originally installed smart streetlights in 2017 to improve city operations such as planning bicycle lanes and more parking locations. Then in 2018, law enforcement investigating a murder in the Gaslamp Quarter saw a smart streetlight’s video camera aimed directly toward the scene of the crime. The video footage was retrieved and later used to exonerate the suspect accused of murder.
The San Diego Police Department has called the cameras a “game-changer” and one police official declared the benefits so helpful that the department would willingly take on the $7 million expense of operating them for the next four years.[3] But privacy concerns in the city had grown, galvanizing the formation of the Transparent and Responsible Use of Surveillance Technology San Diego (TRUST SD) coalition; in 2020 the San Diego City Council passed two privacy ordinances for more transparency into the police department’s use of surveillance technologies.
Created by TRUST SD, the measures drew upon surveillance ordinances passed earlier in Oakland, Calif., where the first Privacy Advisory Commission (PAC) was formed. The PAC was the result of protests against planned expansion of the Domain Awareness Center (DAC), a surveillance hub for the Port and City of Oakland that started in 2008 with a grant from the Department of Homeland Security (DHS).
There is a scene in The Dark Knight trilogy, inspired in part by Charles Dickens’ 1859 novel A Tale of Two Cities[4], in which the character Lucius Fox reluctantly agrees to surveil 30 million people in order to aid Batman in his chase to capture the Joker. But it is accompanied with his resignation over the “beautiful, unethical, dangerous” methodology showcased in Batman’s lab as Fox struggles to coincide his aversion to what he sees as privacy infringements with wanting to help Batman stop the Joker on his destructive path.
As the scene shows, finding the right balance may not be so easy, in the movies nor in real life. For Oakland, the city known for the very first PAC, is also ranked as one of the most dangerous cities in America, with homicide rates in 2021 reaching their highest level since 2006.[5]
[1] See United Nations, https://www.un.org/sustainabledevelopment/cities/
[2] See Doug Olenick, https://www.scmagazine.com/news/security-news/ransomware/atlanta-ransomware-recovery-cost-now-at-17-million-reports-say
[3] See Teri Figueroa, https://www.govtech.com/public-safety/san-diego-mayor-orders-smart-streetlights-turned-off.html
[4] See Forrest Wickman, https://slate.com/culture/2012/07/the-dark-knight-rises-inspired-by-a-tale-of-two-cities-the-parts-that-draw-from-dickens.html
[5] See David DeBolt, https://oaklandside.org/2021/12/23/2021-oakland-deadliest-year-since-2006-homicides-shootings-gun-violence/
