Dr Abhay Sharma, VP Development, India Urban Data Exchange (IUDX); and Hari Dilip Kumar, Project Facilitator, Security & Privacy for Smart Cities, IUDX

With close to 18 years work experience, Dr. Abhay Sharma is VP Development for the IUDX Program Unit at IISc, where he oversees the development of a production-ready IUDX platform for deployment across various Smart Cities in India. His areas of Interest include Systems Engineering, Software Engineering, Sparse signal processing, Group testing/Compressed sensing, Wireless communication systems, Video/DSP/Embedded systems, etc.

Hari Dilip Kumar is an entrepreneur, engineer and systems thinker with a deep interest in the role of technology and design for accelerating sustainable development outcomes, especially in the Indian Smart Cities. He works with IUDX as Project Facilitator for the ‘Security and Privacy in Smart Cities’ umbrella project and is interested in multi-stakeholder applications creating economic and socio-environmental value leveraging the suite of tools under development.

 

Smart cities generate large volumes of data, and from varied sources. These include installed Internet-connected sensors (air quality, traffic, etc.), demographic & geographical records, municipal tax & property records, legal documents and registrations, historical archives etc. Using these data entails individual commercial, monetary and subscription aspects, along with due consideration of their security and privacy.

Security and privacy considerations, therefore, permeate every aspect of a smart city. They gain further importance as critical economic, social and healthcare challenges will require examination and understanding of sensitive public and private data. These records could potentially drive critical new discoveries and data-informed research in the economic, social and life sciences, leading to better education, healthcare, safety outcomes, improved public services, etc. However, such data in the raw form may be damaging if misused. 

For example, to study the gender wage gap among employers within a given region requires obtaining employee compensation data from private companies. The concerned parties may be reluctant to share this data amongst themselves due to legal and privacy implications, risk of unauthorized disclosure etc. Another example is of raw data of COVID cases. Machine Learning (ML) -based analyses of these data can certainly guide decision-making for better public health outcomes. On the other hand, if leaked, the same data might be misused by bad actors to stigmatize communities or localities. How may we strike a balance?

Other issues relate to processing video data sourced from city-wide CCTV deployments. These will naturally have sensitive content whose privacy must be protected, even from systems administrators. The end results of analytics (e.g., the license plate of a speeding vehicle) must be made available only to the relevant authorities (e.g., traffic police), and all other data must be kept private. Further, centralized data collection and ML training is fraught with possibilities of inadvertent misuse, possible abuse and hacking attempts, compromising personal privacy, government laws and public safety. How can these concerns be mitigated?

Smart cities offer exciting possibilities for Intelligent Transportation Systems (ITS), which introduce information and communication technology into automobiles and management systems. Vehicles become ‘mobile sensors’ that periodically report their position, speed and on-board information from braking sensors & controllers to detect, for example, icy roads and other conditions. ITS supports a variety of data-based applications, from fleet management, to automated insurance and tolling. In Vienna, for example, about 2,000 taxis submit data which are then used by to gain a fine-grained picture of the traffic situation on all major roads.

However, ITS present a key challenge – how can privacy be protected reliably in the context of such large scale, continuous user data collection, while allowing reasonable applications to identify traffic conditions, detect speeding and automate tolling? For example, law enforcement agencies, who are granted access to transport databases, might be tempted to leverage their access to track and monitor individual drivers, deterring their participation in such schemes. How can trust be created while navigating the trade-off between individual privacy and societal benefit from user data?

In response to these challenges and questions of security and privacy, a powerful suite of technological tools is being researched, developed and deployed in the context of India’s National Smart Cities Mission, by India Urban Data Exchange (IUDX), in partnership with the Indian Institute of Science (IISc) and the International Institute of Information Technology, Bangalore (IIIT-B). These include systems for Data Consent, Differential Privacy, Federated Learning over Video Feeds, Secure Digital Enclaves for Sensitive Applications, and Secure Multi-Party Compute.

Data in smart cities must be made available only to the right parties, at the right time and for the right purpose. Data Consent refers to the specific mechanisms for encoding and enforcing data access, that are consistent with security and privacy controls, policies and governance in smart cities. It is the preferred approach for controlling access to non-personal data, and is used to implement systems like Data Trusts (of which IUDX could be seen as a prime example in the Indian context), and Data Safes.

The privacy challenges of applications like detecting speeding vehicles, traffic estimation etc. in smart cities are addressed by the powerful toolbox of Differential Privacy. This is an approach that injects controlled ‘noise’ into responses to database queries from users, in order to maintain individual privacy within guaranteed bounds while still enabling the users to compute the aggregate statistics (average vehicle speed, etc) required to enable the application. 

Differential Privacy neutralizes so-called ‘linkage’ attacks, an example of which was the identification of medical records of the governor of a US State from (anonymized) medical data and (publicly available) voter registration records. This is a challenging arena given that linkage will invariably tend to grow as new datasets are created over time! Differential Privacy is bounded by the Fundamental Law of Information Recovery – “overly accurate answers to too many questions will destroy privacy in a spectacular way”. The goal of algorithmic research on Differential Privacy is to postpone this inevitability as long as possible.

Secure digital infrastructure is being developed to mitigate concerns accompanying smart city applications relying on sensitive video feeds. ‘Trusted’ hardware enables this through the creation of Secure Digital Enclaves, whose contents are protected from the hardware up. These are being based on commercially available, upcoming platforms like Intel TDX and SGX. 

Apart from secure hardware, the privacy aspects that emerge when powerful and ubiquitous ML is available are being investigated in depth towards mitigation in a multi-stakeholder data ecosystem. The tools being developed include Federated Learning, which decentralizes ML on video feeds, allowing for privacy to be ensured by ‘painting over’ or censoring appropriate license plates, etc. Other forms of Privacy Preserving Machine Learning (PPML) are also in active development. These enable parties to collaborate in the multi-stakeholder ecosystem of the Indian Smart Cities while mitigating concerns of data and model Intellectual Property (IP) leakage during model creation and inferencing. Of these, secure Multi-party Computation (MPC) is a key cryptographic technique permitting data-owners to compute collaboratively, while protecting their data privacy from each other.  

As secure, privacy-protected data analysis becomes more accessible, individuals, companies and government agencies will be encouraged to provide access to more and more data of value, with the confidence that it will remain well-guarded while helping tackle major challenges. IUDX, along with leading researchers from IIIT-B and IISc, is working with stakeholders across society to design, develop and deploy the suite of solutions that will create secure, private Indian smart cities where multi-stakeholder applications, business models and value creation can thrive.

Related Articles