IGF USA, Washington DC, Center for Strategic and International Studies (CSIS) July 27, 2018
- Getting citizens engaged in IoT from the outset is essential for successful, people-centric smart cities. By bringing citizens into the conversation as early as possible, they feel invested in the process and see the value in connected communities.
- The privacy and security of smart cities are huge concerns at every level of society and the conversations about risk-management, scaling, resiliency and best practices need to be elevated.
- The future of smart cities is a shared responsibility and their success will depend on a multistakeholder, consensus-based approach.
The session began with each of the four panelists giving a brief overview of their current work, areas of focus and expertise, which highlighted just how broad the scope of Internet of Things (IoT) can be.
Eddan Katz talked about the industrial IoT in the manufacturing sector and his work on safety and security policy, protocols and best practices. Katz explained that, as no single entity has control of the IoT, the inclusion of all stakeholders – including financial institutions, insurers and Board level executives – in the dialog from the outset is imperative for risk mitigation. The IoT is a shared responsibly and needs to be handled collaboratively.
Sokwoo Rhee gave an overview of the history of IoT, and reiterated Katz’s point that IoT policy frameworks must be developed by consensus: policy that no one wants to use is useless. Rhee noted that the IoT has been around for decades but is now being deployed faster than security and resiliency concerns can be addressed. When people are asked for their top concerns regarding IoT, privacy and security are always mentioned. Lack of policy and guidelines are therefore not really an awareness issue but a timeline or resource issue.
Michelle Richardson spoke about the need to involve citizens in developing privacy frameworks for smart city systems: it’s important to ensure that everyone understands what’s at stake in terms of the collection and sharing of personal data. She noted that, while smart city technologies present some of the highest risks for civil liberties, they also have the most potential to influence privacy and security best practices across the board. While it is widely agreed that privacy needs to be respected at all levels, there still is no clear understanding on what privacy actually is or means.
Jeff Brueggeman talked about the infrastructure and technologies behind smart systems and highlighted how some cities have successfully implemented IoT devices and are using data to improve their communities. Brueggeman noted that privacy and security issues must be addressed, stating that all cities should make a commitment to security and employ a chief security officer. He added that one of the biggest challenges with IoT is that every sector of the economy is becoming involved in ICT and is now being forced to address issues that they’ve not had to think about in the past.
The panel discussed risk management and agile governance. Katz spoke about approaching risk management as a whole and the need to consider technology, policy, operating procedures, corporate structures and corporate governance when mitigating risks.
The panel discussed scale. Rhee gave examples of cities that are leading the way in the development of best practices at scale and named New York, Los Angeles, San Francisco and Washington D.C., Portland, Austin and Kansas City. He also added that smaller cities are developing solutions that work for them, often within consortiums which work on shared problems and solutions. While there is no central directory of best practices as yet, cities look to what has been successful and impactful in other cities and replicate solutions.
The panel discussed privacy concerns. Richardson noted that data/IoT laws in the public and private sector have been static for decades and are still very permissive. She noted that the public is very uncomfortable with certain technologies, such as video or sound recording, facial recognition and profiling applications. Richardson used the example of the city of Seattle to demonstrate that, when citizens are involved in decision-making as a client in the process, they become much more receptive to new technologies as they are made aware of the value that IoT solutions can add to their communities.
The panel discussed 5G. Brueggeman explained that 5G would provide much faster speeds and much lower latency and could act as a facilitator and enabler for smart infrastructures that need instant and continuous connectivity. He used the examples of public transport systems, connected cars, real-time video for emergency services and AT&T’s FirstNet, a high-speed wireless broadband network for first responders. He noted that cities could make deployment of 5G easier by making permits easier to acquire. Smart communities can help bring 5G to their cities by creating the demand for it.
There was ample time reserved for discussion with the audience. The following issues were debated:
- IoT and the right to repair: smart cities may be at the mercy of manufacturers and vendors for repairs and updates to software and devices. Communities should be able to fix or upgrade their own devices and good policy should be transparent and include the right to repair. However, updating small, low-cost devices is very difficult and there is currently no agreement on how to implement this.
- How are smart cities going about engaging communities and ensuring that, in addition to being connected, cities are becoming better places to live? Most cities are not really designed to engage citizens on issues such as data collection and surveillance. Getting people involved in smart solutions from the outset has been one of the key lessons learned in several of the pioneering smart cities. To ensure citizen engagement, some cities have passed local regulations that mandate public consultation before the city can purchase certain types of technology.
- Data will be the fuel of all smart cities and even small glitches in accuracy can have serious – even fatal – consequences. How will the integrity of data be controlled? There are already disputes on data ownership and organizations are competing to become the central data repository exchange mechanism. How to manage, secure and use the infinite amounts of data generated by the IoT is an ongoing debate at all levels.
- The resiliency of smart systems is paramount. What steps are being taken to prevent hacks on critical public infrastructure, such as the electricity grid? This is an urgent issue that many people are working to address. There is a UN Security Council resolution that places an obligation on governments to find the vulnerabilities within their systems. However, there will need to be much more effort to secure the IoT and all sectors need to rethink governance and policy. From the technical side, distributed networks cannot be secured in the way as non-distributed networks so people need to start thinking differently.
Dan Caprio, moderator, thanked the panel and the audience for their participation. He noted that there is an active IoT dynamic coalition within the global IGF and that a session would be held during the IGF 2018 event in Paris in November. He welcomed anyone interested in IoT to join the coalition: https://www.iot-dynamic-coalition.org
Jeff Brueggeman, Vice President, Global Public Policy, AT&T
Jeff Brueggeman is Vice President-Global Public Policy for AT&T. He is responsible for developing and advocating AT&T’s global public policy positions on privacy, cybersecurity and Internet policy issues.
Eddan Katz, World Economic Forum
Eddan Katz is the Project Lead on Protocol Design Networks at the World Economic Forum, where he facilitates the norms-setting process and dissemination of the protocols advanced by the projects at the Centre for the Fourth Industrial Revolution.
Sokwoo Rhee, National Institute of Standards and Technology
Dr. Sokwoo Rhee is Associate Director of Cyber-Physical Systems Program at the National Institute of Standards and Technology (NIST). He is currently leading the Global City Teams Challenge (GCTC) which aims to create a replicable and scalable model for collaborative incubation and deployment of Internet of Things (IoT) to improve the quality of life in smart cities around the world.
Michelle Richardson, Center for Democracy and Technology
Michelle Richardson is the Deputy Director of the Center for Democracy and Technology’s Freedom, Security, and Technology Project, where she works to ensure that government programs do not infringe on privacy and civil liberties.
Dan Caprio, The Providence Group
Dan Caprio, Co-founder and Executive Chairman, is an internationally recognized expert on privacy and cybersecurity. He has served as the Chief Privacy Officer and Deputy Assistant Secretary at the Commerce Department, a transatlantic subject matter expert for the European Commission’s Internet of Things formal expert group, a Chief of Staff for a Federal Trade Commission Commissioner and a member of the Department of Homeland Security Data Privacy and Integrity Advisory Committee.
Susannah Gray, San Francisco Bay Area Internet Society Chapter
Susannah Gray is the President of the San Francisco Bay Area Internet Society Chapter. In addition to this role, she works as a strategic communications consultant and collaborates with organizations that focus on critical Internet infrastructure and Internet governance.