Smart cities: dreams capable of becoming nightmares

By Lucien Begault, Research Intern, and Jessika Khazrik, Technologist/Technology Adviser, Amnesty Tech

Masdar City, Songdo, and PlanIT Valley. Never heard of them? That’s normal - two of these projects never made it beyond the work table. Yet, amongst ‘smart city’ enthusiasts, they are household names. Songdo may have been the only project to materialise into a city, but all these prototypes reflect utopic visions imagined through smart city projects. Sustainability, interconnectivity, and optimisation of services are sworn of this promise land – but do smart cities come with a human rights cost?  

Earlier this week, Alphabet subsidiary Sidewalk Labs released a long-awaited 1500-page master plan for a massive new smart city development in Toronto’s waterfront district. The project encapsulates the two sides of debate around smart cities. On the one hand, the company promises a “global model for inclusive urban growth” that will deliver jobs and be climate-positive. On the other has been a chorus of privacy concerns from community groups to a former Blackberry CEO, with author Shoshana Zuboff describing the project as “the frontline of an historic contest between surveillance capitalism and democracy”. 

What are smart cities?

Smart cities have become increasingly popular in urban planning over the past 10-15 years. The industry is growing at a startling rate, and smart city solutions are being implemented across the world and increasingly in emerging markets - often with the backing of the United Nations through initiatives such as the ‘United Smart Cities’ programme.

These cities are presented as ‘smart’ because they are capable, through a network of interconnected devices and new infrastructure, to gather data about the environment they host and monitor, respond, report and/or adjust accordingly. The marketing material of private providers like IBM, Oracle, and CISCO uses sleek language to build fantastic visions for cities – Sidewalk Labs presents its Toronto proposal as the “dream city of tomorrow”.

Looking beyond the rhetoric, smart cities are fundamentally about providing data-centric solutions to urban issues. Indeed, smart cities are symptomatic of the Internet of Things - an expanding network of devices connected via the internet, from smart fridges to smart heating systems, allowing them to communicate to users and developers, applications and each other through collecting and exchanging data from their monitored environment.

The fact that smart cities depend on tracking and analysing vast amounts of previously untapped data on the movements and activities of an urban population means that, as appealing as visions of smart cities may be, they largely remain utopic, and in practice can swiftly become dystopic. The benefits of smart cities have been lauded, loud and clear. But the truth is that the introduction of fully integrated, data centred technologies in city infrastructures and management presents serious threats to human rights.  

Privacy in public space – a thing of the past?

The aggregation of data collected through smart city sensors and cameras, found on rubbish bins, traffic lights, streetlights, manhole covers, CCTV and ‘free’ WI-FI can create an increasingly pervasive surveillance system, threatening privacy, freedom of expression and opinion, and peaceful assembly, and fuelling discrimination.  

As cities collect larger amounts of personal data on residents, often without their knowledge or consent, the right to privacy in public spaces becomes more effectively eroded. Smartphones exacerbate data collection by sharing, for example, geo-location data and digital interactions with mobile applications and WI-FI providers, who are, in turn, able to share data with other service providers. Accordingly, the increasingly interconnected and digital nature of city services means that the very act of being in public spaces engenders data sharing.

Such infrastructure can provide state law enforcement and security agencies with the perfect tools to intrusively track and target ethnic minorities or other protected groups. In China, smart cities in Xinjiang Uighur Autonomous Region (XUAR) already form part of the state authorities’ systematic surveillance and repression of Muslim ethnic groups in the region. Facial and gait recognition, coupled with CCTV outside mosques, and powered by new artificial intelligence (AI) and analytics technology, enables authorities in XUAR to maintain a “digital police state”.

There are also alluring opportunities for private companies keen to exploit data insights for commercial gains. Research by Amnesty Tech looking into the world of data brokers and how US consumer data could be used to profile Muslims, exemplifies the potential harms from further commercialisation of data through smart city solutions. As the article explains, “Every time you use your credit or debit card, enable WI-FI on your mobile, read the news online, tick a Terms and Conditions box, authorize an app to access your social media accounts…the chances are there is a company out there — or several — vying for your data.”

It is inevitable that data brokers will be bidding for data collected through city sensors, especially considering the personal and detailed character of that data. Aside from the obvious threats to privacy, the commercialisation of smart city data could also enable discriminatory profiling.

Crucially, in the same way that Facebook owns its users’ data, smart city providers often own data collected through their sensors. In Toronto, Sidewalk Labs has sought to quell growing protests against the project by making assurances that the vast quantity of data produced will not be controlled by the company but would be managed by an independent Urban Data Trust. But many remain suspicious of whether a company that shares its parent with Google can be trusted with such a valuable tranche of citizen data.

Privacy expert Ann Cavoukian, who resigned as an advisor to Sidewalk Labs last year in protest over surveillance fears, says the master plan still has fundamental flaws around data de-identification – namely, ensuring that any data collected cannot be linked back to specific individuals. This is a vital issue, because without strong safeguards it is surprisingly easy to “re-identify” anonymised data – and even seemingly innocuous data can infer very personal information about an individual.

But even before entering debates around data management practices, there is a more fundamental question: should we accept at all the trend towards tracking, analysing and monetising ever more and more data on our activities, which smart cities exemplify? This goes to the heart of the business model of companies like Google and Facebook, known as “surveillance capitalism”.

Issues of the Private in the Public

The development of smart city innovations has been largely a matter for the private sector. Most city councils, initially at least, rely on private companies for the development and implementation of smart city projects. As such, these projects are typically designed to serve the incentives of “surveillance capitalism”, namely to amass vast stores of data on people’s activities and mine the data to predict – and influence – behaviour, ultimately to drive profit through advertising.

As Sara Degli-Esposti, Honorary Research Fellow at Coventry University, explains, “we can't understand smart cities without talking of digital giants' business models (e.g. Google, Amazon, Chinese Baidu, Alibaba, Tencent). These corporations are already global entities that largely escape governmental oversight. What level of control do local governments expect to exercise over these players?”

In reality, the control governments have over these tech giants is very little. As the technology advances and data infrastructures take over city management, the result could be the complete transfer of public services to tech giants. “All because”, as Degli-Esposti posits, “local government would have lost proprietary rights over the obscure, multi-layered data systems developed over the years and would be incapable of operating it”. While such detailed data in the hands of local government could also threaten human rights, these proprietary issues create risks that could reduce public control over how their own cities are run and governed.

Private-public partnerships are often bound by confidentiality agreements imposed for reasons relevant to the proprietary nature of the technology. This clearly makes it hard for citizens to scrutinise the systems being fitted to their cities and used by and on them. The illegibility of these closed source proprietary models raises serious concerns in regards to accountability and transparency related to the use of this technology.

Likewise, the ‘black box’ issue of AI – the fact that the decision-making process behind new algorithmic technologies will often not be traceable by and for those deploying it, nor by those affected by it – further obscures so-called smart city solutions and creates a trust deficit.

Increasingly, the business model of surveillance capitalism itself – the unprecedented level of data collection, and the concentration of power to a handful of unaccountable companies – is coming under scrutiny as fundamentally misaligned with human rights. We should be asking whether so much data should be captured in the first place.

A human rights-based approach

Human rights must be put at the centre of development plans for smart cities. Civil servants should have a deep understanding of the technologies they are contracting, and enforce public procurement specifications that protect against abusive or wrongful use of the technologies. Technology needs to have safeguards to ensure that its use is consistent with human rights standards. Ultimately, people whose rights will be affected by these technologies should have control over whether and how these new technologies are used through meaningful public oversight, consultation and control. 

The rather unique case of Barcelona highlights how powerful a citizen-driven, democratised and smart city project can be. The smart city model that Barcelona followed brings together civic participation with new governmental infrastructure and emerging technologies. The smart city of Barcelona is built made out of three components: an open-source data collection and sensor platform called Sentilo; a second open-source platform that processes and analyses the data called CityOS; and a user interface level of service apps that enables access to all the data.

Since all the digital infrastructure of Barcelona’s city model is open-source, this design helps mitigate the previously mentioned risks of profit-driven privatization and closed-source proprietary software, while allowing citizens to claim collective ownership of their data. All produced data is available for citizens as well as private companies and interested parties, yet the city with its people decide together the parameters of proper access that retain privacy and hence, preserve the ultimate collective ownership of data in the city.

While it is yet to be seen whether this model will be effective in protecting against human rights risks, Barcelona’s design remains the exception, not the rule. Private companies still, most often, lead on contractual terms and dictate regulatory processes while civil servants often lack the necessary knowledge and expertise to challenge them. In Toronto, it is now up to city authorities to decide whether to trust Sidewalk Labs’ vision for the future.

Ultimately, the only way smart cities can deliver their utopian promise is by being designed from the outset in a way that enhances rights and freedoms. As long as these projects are fuelling state repression or following the relentless drive of surveillance capitalism they will serve to only further empower Big Tech and governments at the expense of cities and people’s human rights.