Smart City Lecture 2 - Privacy in the Smart City

© Waher Data AB, 2018.
Smart City Lecture 2
Privacy in the Smart City

1. Recapture

Smart City / Society
 Automation
 Open Data
 Transport
 Traffic (C-ITS)
 Parking
 Utilities
 Health Care
 Law enforcement
 Schools
 Libraries
 Waste management
 Citizens?
 …
Smart for whom?

What can be

Chinese Social Credit System
(World’s most?) ambitious “Smart City”
project.
Calculates economic and social
reputation, based on mass surveillance
and AI:
 Honesty
 Commercial Integrity
 Social Integrity
 Judicial Credibility

Collects data from:
 Online activity
 Searches
 Shopping behavior
 Locations
 Friends
 Health
 Bank accounts
 Messages
 Smart Home appliances
 News sources
 Dating
 …

Affects:
 Job positions
 Salaries
 Living
 Travel restrictions
 Visa restrictions
 Access to schools
 Social status
 Loans
 Internet bandwidth
 …

Universal Declaration of Human Rights
Article 12:
No one shall be subjected to arbitrary
interference with his privacy, family,
home or correspondence, nor to attacks
upon his honour and reputation. Everyone
has the right to the protection of the
law against such interference or
attacks.
https://www.un.org/en/universal-declaration-human-rights/
Well… it all depends on how you choose to interpret
“arbitrary” and “attack”…

Vision of a Smart City
 Ubiquitous access to interoperable
sensors and things.
 Ubiquitous access to data and
information from society’s authorities.
 Access to smart services in all niches of
society.
 Definition of ownership of information.
 Protection of Privacy, by design and by
default.
 Market for access to things and data.
Is this Science Fiction?

2. Privacy

What is privacy?
A fundamental human right:
 The right to have confidential conversations.
 The ability to select with whom we communicate.
 Protection against unwarranted monitoring or
searches.

Does privacy extend to Social Networks?
Who can access your information?
Do you want uninvited to know:
 What you think?
 What you like?
 Who you know?
 What you’ve done?
 Spy on you?
Or be able to:
 Steal your ideas?
 Utilize your confidential information?

Does privacy extend to the IoT?
Who can communicate with devices around you,
and about what?
Do you want uninvited to know:
 When you’re home?
 If you’re in the shower?
 What places you visit?
 Your health status?
Or be able to:
 Control your vehicle?
 Turn off your pacemaker?

Ex-Director of National Intelligence
James R. Clapper
http://www.popsci.com/clapper-americas-greatest-threat-is-internet-things
”America's greatest
threat is the
Internet of Things”
Feb 9, 2016

3. GDPR
General Data Protection Regulation
Can it help?

Goals
 EU Regulation
 Automatic law in each Member State.
 Came into full effect May 2018.
 Harmonizes privacy regulations
across the EU.
 Balances
 Privacy of individuals.
 Interests of corporations.
 Legal requirements.
 Facilitate the free flow of information.

Limits
 GDPR balances
 Privacy of individuals.
 Interests of corporations.
 Legal requirements.
 Maximum required effort
 Proportionality to the rights of all
participants.
 Minimum required effort
 State of the art
 Lack of knowledge not acceptable
 Severe sanctions

Personal Data
Any information relating
directly, or indirectly, to an
identified or identifiable
natural person.
“Personality is contagious”

Processing
Any operation or set of operations
which is performed on personal data
or on sets of personal data.
“Automatic” is not mentioned. Manual processes are included.

Anonymization
Data subjects are no longer
identifiable.
Examples: Data obfuscation, statistical aggregation, etc.
GDPR

Pseudonymization
Data subjects can be identified with
the use of separate data
Examples: Pseudonyms, ordinal numbers, hashes.
GDPR

What is allowed?
 As little as possible
 For as short a time as possible
 Share with as few as possible
 For as few purposes as possible
 As correctly as possible
 If there are no other means
 After providing transparent
information
Minimalistic definition: Minimalism
Always with proportional data protection mechanisms.

Data Protection
Data must be protected*:
 By design
 By default
 State of the art
cf. Black lists vs. White lists
(*) Proportional to the risks of the data subjects, in the
absence of measures taken to mitigate the risks.

Transparent Information
 Easily accessible
 Easily understood
 Clear and plain language
 Explicit
 Purposes of processing
 Risks to the subject
 Safeguards
 Rights of the subjects
Transparency is measured on what is understood, not what is semantically stated.

Lawfulness
 Consent
 Legal obligation
 Legitimate interest
 Based on contract
 Vital interest
 Public interest
Research & Development has to be argued is a Legitimate Interest.

Individual Rights
 Transparent Information
 Access to ones personal data
 Export personal data provided by oneself
 Correct erroneous data
 Erase data*
 Object to processing*
 Restrict processing*
 Withdrawal of consent (if based on consent)
 Avoid being subject to automatic decisions
(with negative legal consequences) based
on automatic profiling.
(*) in certain cases

Propagation of Rights
When sharing information:
 Inform data subjects.
 Delegate responsibilities.
 Forward requests from data subjects.
 Includes links, copies and reproductions.

Sanctions
 Authorities are granted access to all
 Information
 Machines
 Data
 Warnings
 Reprimands
 Restrictions
 Shut down processes
 Fines (up to 4% of global annual turnover)
 Damages (even indirect, unless you prove you’re
not responsible)
GDPR

Paradigm Shift
Previous paradigm:
The more you collect, the more potential value you have.
This is no longer true.
New paradigm:
The more you collect, the greater the risk, and the greater
the responsibility.
You should only collect that to which you can assign value.

4. Ownership

Who owns the data?
Who is the owner of data?
 The person/entity generating (inventing) the data?
 The person/entity storing (controlling) the data?
 The person about whom the data relates to?
Is it important?

Legislation
Which law is applicable?
 Copyright?
 Trade secrets?
 Intellectual Property?
 Privacy?
Enforcing ownership through legal means
is difficult.

Ownership of things
How is normal ownership enforced?
 Protection behind lock & key.
 Access only to trusted parties.
 Monitoring.
 Demonstration of ownership.

Ownership of data
Why treat data differently?
Local storage (decentralization) allows:
 Protection behind lock & key.
 Limiting access to trusted parties.
 Monitoring access.
 Demonstrating ownership.
 Enforcing ownership of data.
Added benefit:
 Intrinsic value of data through access.

Edge Computing
Processing “on the Edge” instead of
“in the Cloud” allows:
 Access = Value
 Scalability
 Resilience
 Security
And it helps protect privacy…

5. Needless problems

Making privacy more problematic
Technologies making protecting
privacy more difficult:
 Centralized processing
 HTTP(S)
 CoAP, LWM2M
 MQTT
 Blockchain
You have to develop data protection mechanisms just to
counter-act the side effects of using such technologies.

Centralized processing
 Less attack surfaces
 Value of central nodes is huge
 Value/Effort ratio large
 Difficult to protect
External use
Internal use
 Consequences huge
Massive leaks

HTTP
 Good for
 Publishing documents
 Providing public services
 Bad at
 Authentication
 Authorization
 Distribution
 Asynchronous processing
 Topology problem promotes
 Centralized processing
 … or “hole punching”

CoAP & LWM2M
Tries to solve aspects of HTTP for IoT
 Still has topology problem
 Assumes middleware for Internet use
 LWM2M is standardized middleware
 Some interoperability
 IPSO Smart Objects
 Only for data collection
 Difficult to interoperate between things

Publish/Subscribe in MQTT

Privacy issues by design in MQTT
 No forwarded identities
 Authorization becomes impossible by things
 Makes injection a great threat
 Control signals
 False data
 Bandwidth depletion
 Lack of privacy
 No negotiation of who can subscribe
 Access control out-of-band (proprietary)
 Wildcards
 Makes it easy to eavesdrop
 Relies on careful operation of broker
 Overview of topic tree difficult
 Who operates the broker across domains?
 Interoperability a problem.
… and many more security-related issues exist.

Warnings
 Governments warn against bad
MQTT implementations.
 MQTT is notoriously difficult to use
securely.
 Use it only in internal secured networks.
https://cert.se/2016/09/mqtt-i-sverige

Blockchain
 Blocks cannot
 be deleted
 on request
 after a given time
 … or ever
 be corrected
 Access is given to all or nothing
 Public access has to be assumed
 Hashes of personal information is still personal
 Cryptographic Algorithms fixed
 Lends itself to future frauds
Blockchain is not suitable for personal information at all.

6. Neutral

Security ≠ Privacy
Technologies that do not help, or work
against the protection of privacy:
 TLS
 DTLS
 X.509
 VPN
 …
Using such technologies doesn’t solve any privacy issues.
But at least they don’t add new issues by themselves.

7. Ambivalence

Identities
Technologies that either help or make it
more difficult to protect privacy:
 Anonymity
 Strong identities
Pseudonyms
Using such technologies have strong privacy-related
implications. Which-way is determined by how they are used.

Anonymity
 Protects
Whistle blower
Dissident
(Criminal)
(Terrorist)
 Security decisions difficult
 Facilitates leaking personal data
How do you protect sensitive information, if you don’t know
who’s on the other end?

Strong Identities
 Protects information owners
 Allows selective responses
 Can be used to track
individuals
Logging for security purposes is legitimate. How can you
make sure logging is only used for security purposes?
(One answer: Use of standardized, open software that are
agnostic to the purposes of processing, such as brokers and
End-to-End encryption of payloads.)

8. Solutions

Solving Privacy-related problems
Examples of technologies that help
protect privacy:
 Decentralized Processing
 Edge computing
 XMPP
 Consent-based communication
 IEEE IoT Harmonization
 Data ownership in Smart Cities
Using such technologies solve many privacy related issues
by design and by default.

Decentralization & security
Decentralization has security implications:
 More attack surfaces.
 But value of each node is small.
 Value/Effort ratio small.
 Easier to protect.
 Massive data breaches difficult.
 You don’t put all your eggs into the same basket.
 More resilient.
 End-to-end encryption.

XMPP
 Authentication of clients
 SASL
 Cooperation (federation)
 Forwarding identities
 Authorization
 Roster
 Presence
 Subscription
 Solves
 Topology problem.
 Latency problem.
 Scalability problem.

Communication Patterns
Async.
Msg.
Req/Resp Pub/Sub Federation Broker P2P7
MQTT ✓ ✓
HTTP ✓ ✓
CoAP ✓ ✓ ✓
XMPP ✓ ✓ ✓✓✓ ✓ ✓* ✓
* Note: XMPP supports server-less communication as well.

XMPP & Data Protection by Design
XMPP supports data protection by design:
 Decentralization
 Ubiquitous encryption
 Even end-to-end encryption
 Global identities
 Authenticated
 Forwarded
 Federated
 Basic communication authorized

XMPP & Data Protection by Default
XMPP supports data protection by default:
 Presence negotiation
 Consent-based authorization
 Required to be able to communicate
properly.
 Consent can be withdrawn.

IEEE IoT Harmonization (1451-99)
 Sensor Data
 Control Operations
 Localization (M2M, M2H)
 Tokens for distributed transactions
 Decision Support (for devices)
 Provisioning (for owners)
 Peer-to-Peer communication
 End-to-end encryption
 Concentrator/Bridge (“Thing of things”)
 Discovery
 Ownership
 Clock Synchronization
 Secure Account Creation
 Legal Identities
 Contracts
 Automated provisioning
 Economic feedback
https://gitlab.com/IEEE-SA/XMPPI/IoT

9. Events

Smart City Lectures*
1. How to build a Smart City (Oct 4th)
2. Privacy in the Smart City (Oct 18th)
3. An Open and/or Secure Smart City (Oct 25th)
4. Harmonizing the Internet of Things (Nov 8th)
5. Introduction to Encryption (Nov 15th)
6. Earning by Sharing in the Smart City (Nov 22th)
7. …
8. …
(*) Funded by Swedish Internet Fund.

Smart City Labs*
1. Sensors and actuators (Oct 10th)
2. Connect and chat with your device (Oct 17th)
3. Publishing data from your sensor (Oct 24th)
4. Publishing and discovering devices (Nov 7th)
5. Controlling actuators (Nov 14th)
6. Decision Support for your devices (Nov 21th)
7. …
8. …
(*) Funded by Swedish Internet Fund.

 Raspberry Pi & Arduino
 Sensors, Actuators, Controllers,
Concentrators, Bridges
 Protocols:
MQTT, HTTP, CoAP, LWM2M, XMPP
 Interoperability
 Social Interaction
 Decision Support
 Product Lifecycle
 IoT Service Platforms
 IoT Harmonization
 Security
 Privacy
Amazon
Packt
Microsoft Store
Contact: https://waher.se/, https://littlesister.se/
Mastering Internet of Things

10. Open Discussion
Ownership?
Privacy?
Security?
Surveillance?
Interoperability?
Cool stuff?
Qué?
Where’s the Money?
Who pays?
What could go wrong?
Little Sister?
Harmonization?

Smart City Lecture 2 - Privacy in the Smart City

More Related Content

What's hot

Similar to Smart City Lecture 2 - Privacy in the Smart City

More from Peter Waher

Recently uploaded

Smart City Lecture 2 - Privacy in the Smart City