Protecting citizens' privacy in smart cities

Councils must formulate a policy on the use of video analytics early on to ensure that compliance is achieved.

The rise of video analytics is enabling local councils and government agencies to gain insights to improve operations; make more informed, data-driven decisions; enhance citizen engagement; improve transportation; and create safer communities.

However, it also poses a challenge for security and privacy professionals — how to balance the organisation’s desire for information while preserving public privacy. This is compounded by the fact that the service can be outsourced, so proper due diligence is required when selecting a vendor.

With a carefully thought-out approach, value from captured information can be derived and privacy can be preserved without increased risk. Furthermore, where feasible, compliance with privacy legislation can be achieved by not collecting personal information in the first place.

There are a couple of approaches to avoid collecting personal information when using cameras of a high enough resolution. The most effective is to process the video stream in memory and not to store it on disk. Another approach is to obfuscate faces, effectively applying a de-identification technique. In both cases, advice should be sought to ensure that legislative requirements are met.

Special thought should also be given to collecting personal information and law enforcement. If cameras collect footage, then law enforcement may approach the council for footage, which can place a burden on both the council and vendor. For example, video footage that is requested by law enforcement may need to be retained for a longer period.

In some cases, compliance can be achieved by collecting video of a low enough quality that would not allow a person to be reasonably identified. However, in such a case there is also the risk that the quality of the video stream may experience false positives and produce count statistics that are not accurate.

If a vendor does collect personal information on behalf of a council, it is imperative that controls are implemented to ensure the ongoing confidentiality of that information. This often starts with a notice that informs the public that data is being collected for analytical purposes.

From here, security and privacy professionals need to translate ‘privacy by design’ into software engineering. Using a blend of controls such as encryption-in-transit, encryption-at-rest and access control, solutions can be secured to reduce the risk of unauthorised access.

Specific consideration should be given to the access control applied to live feeds to ensure that internal teams can only access video streams on a ‘need to know’ basis and with the principle of ‘least privilege’ applied.

For larger councils and government departments, privacy impact assessments (PIAs) can be used as a tool to better understand the privacy impacts of data being collected and processed by the solution. Since video analytics is a relatively new technology, PIAs can be used by privacy and security professionals to provide guidance and protocols for best practice.

As an example, councils must ensure vendors understand their responsibilities with collecting personal information and the impacts of using this information for purposes other than its intended use, such as selling it to third parties.

It is important that councils formulate a policy on the use of video analytics early on to ensure that compliance is achieved, controls are standardised and ultimately that the organisation benefits from its investment. It is a prime example of where security architecture and risk professionals need to apply privacy by design. This will ensure unauthorised access does not lead to financial loss and reputational damage.

Neil Lappage is a partner with LeadingEdgeCyber and an advisor in ISACA’s Emerging Technology Group.

Image credit: ©stock.adobe.com/au/Alexander