The Downside to Smart Cities

I read almost daily about another smart city initiative somewhere in the country as cities implement ideas that they think will improve the quality of life for citizens. I just saw a statistic that says that over two-thirds of cities have now implemented some form of smart city technology. Some of the applications make immediately noticeable differences like smart electric grids to save power, smart traffic lights to improve traffic flow, and smart streetlights to save electricity.

But there are a few downsides to smart city technology that can’t be ignored. The two big looming concerns are privacy and security. There was an article in Forbes earlier this year that asked the question, “Are Privacy Concerns Halting Smart Cities Indefinitely?” Citizens are pushing back against smart city initiatives that indiscriminately gather data about people. People don’t trust the government to not misuse personal data.

Some smart city initiatives don’t gather data. For instance, having streetlights that turn off when there is nobody in the area doesn’t require gathering any data on people. But many smart city applications gather mountains of data. Consider smart traffic systems which might gather massive amounts of data if implemented poorly. Smart traffic systems make decisions about when to change lights based upon looking at images of the cars waiting at intersections. If the city captures and stores those images, it accumulates a massive database of where drivers were at specific times. If those images are instantly discarded, never stored and never available for city officials to view then a smart traffic system would not be invading citizen privacy. But the natural inclination is to save this information. For instance, analysts might want to go back after a traffic accident to see what happened. And once the records are saved, law enforcement might want to use the data to track criminal behavior. It’s tempting for a city to collect and store data – all for supposedly good reasons – but eventually, the existence of the data can lead to abuse.

Many people are very leery of systems that capture public video images. If you look at smart city sales literature, it’s hard to find sensor systems that don’t toss in video cameras as part of any street sensor device. I just saw a headline saying that over 400 police departments now partner with Ring, the video cameras people install at their front door – which allow police to have massive numbers of security cameras in a city. It’s incredibly easy for such systems to be abused. Nobody is uncomfortable with using surveillance systems to see who broke into somebody’s home, but it’s highly disturbing if a policeman is using the same system to stalk an ex-wife. Video surveillance isn’t the only sensitive issue and smart city technology can gather all sorts of data about citizens.

What I find scarier is security since smart city systems can be hacked. Security experts recently told Wired that smart city networks are extremely vulnerable to hacking. Municipal computer systems tend to be older and not updated as regularly. Municipal computer systems have the same problems seen in corporations – weak passwords, outdated and ignored security patches, and employees that click on spam emails.

Smart city networks are more vulnerable to attack than corporate networks that sit behind layered firewalls because a smart city network can be attacked at the sensor edge devices. It’s well known that IoT devices are not as rigorously updated for security as other components of computer networks. I’ve seen numerous articles of hackers who were able to quickly defeat the security of IoT devices.

While there might be a concern that city employees will abuse citizen data there is no doubt that hackers will. It’s not hard to envision hackers causing mischief by messing with traffic lights. It’s not hard to envision terrorists paralyzing a city by shutting down everything computer-related.

But the more insidious threat is hackers who quietly gain access to city systems and don’t overtly cause damages. I have one city client that recently found a system they believe has been compromised for over a decade. It’s not hard to envision bad actors accessing video data as a tool to use for burglary or car theft. It’s not hard to imagine a bad actor selling the data gathered on city networks to players on the dark web.

I’m not against smart city technology, and that’s not the point of this blog. But before a city deploys networks of hundreds of thousands of sensors, they need to have planned well to protect citizen data from misuse by city employees and by abuse from hackers. That sounds like a huge challenge to me and I have to wonder how many cities are capable of doing it right. We’ve seen numerous large corporations get hacked. Smart city networks with huge numbers of sensors are far less secure and look to be an open invitation to hackers.

An End-run Around Broadband Regulation

In a recent article in Wired, Susan Crawford, the Harvard law professor who follows tech policy and telecom writes about the long-term strategy of the big ISPs to avoid regulation. She discusses the attempt of ISPs to equate some of their actions to be the equivalent of free speech – thus removing any such ISP actions from regulation.

The big ISPs aren’t the only big corporations adopting this strategy which has been enabled due to the Citizens United v. Federal Election Commission decision in 2010. This landmark Supreme Court decision ruled that the free speech clause of the First Amendment to the Constitution prohibits the government from regulating independent expenditures for communications from corporations – specifically in that case campaign contributions to politicians. Corporations have been emboldened by that ruling to push to widen the definition of First Amendment rights for corporations. While not entirely accurate, the most common interpretation of that case is that corporations now have some of the same First Amendment rights as people, and corporations want to expand that list of rights.

The heart of the big ISP argument is that transmitting speech is protected by the First Amendment. The ISPS want to equate the act of transmitting a voice call or sending any transmission of data as protected speech – the same as speech between two people. Susan Crawford’s article describes the big ISP argument, and to a non-lawyer the big ISP logic is a bit hard to understand. However, what matters is that the big ISPs are hoping to get a favorable hearing of the issue should this ever make it to the Supreme Court – a ruling in their favor would effectively eliminate the possibility of regulated ISP broadband transmissions.

To anybody who is not a constitutional lawyer this seems like a silly argument. It’s clear to most of us that big ISPs can best be classified as utilities. They sell services that we think of as utility products. Depending upon the market, the ISPs differ in the degree of competition, but even where there aren’t telecom monopolies, we understand that the big cable companies and telcos act like oligopoly providers and don’t vigorously compete with each other on price. I think the average person believes that the big ISPs services ought to be regulated to some extent since we are all aware of ways that the big ISPs have abused their customers in the past.

The big ISPs are currently enjoying the least amount of regulation they’ve ever seen. The current FCC effectively walked away from regulating broadband. While there are still telephone and cable TV regulations on the books that derive from acts of Congress, the current FCC is regulating those products in the lightest manner possible.

However, the big ISPs know this could change in a hurry. In 2017 the Supreme Court ruled that the prior FCC had the authority to impose net neutrality rules using Title II regulation. The ISPs understand that as future administrations change, they could get a future FCC that is pro-consumer rather than pro-ISP. They also understand that a future Congress could pass new laws that provide for stricter regulations.

In fact, it’s almost inevitable that the regulatory pendulum will swing the other way – that’s how regulation of all industries has always worked. The government will implement new regulations and the companies that are regulated will challenge those regulations and over time weaken them. When regulation become too lax, the government will restart the cycle with a new round of tougher regulations. The very nature of regulation leads to this cycle of swings between tougher and weaker regulation.

ISPs are their own worst enemy, because like all monopolies they can’t seem to control themselves from going too far in the way they treat customers. Just in recent news we saw the State of Minnesota suing Comcast for lying about hidden fees on cable bills. We just heard about the big wireless carriers selling real-time customer cellphone location data to the highest bidders like bounty hunters, after promising the government they would stop the practice. The big ISPs (and all monopolies) are unable to police themselves because the desire for greater profits always overrides common sense – which is the primary reason that we regulate big corporations.

As a consumer I feel that the current FCC has gone too far towards deregulation, and as someone who understands regulation, I’ve always assumed the pendulum would swing the other way. You have to give the big ISP lawyers credit for thinking out of the box, and they have found a tactic that they hope might remove them from the regulatory cycle. I think anybody that buys services from these big ISPs hopes that they are unsuccessful in this effort.