Privacy at the Municipal Level: Optimization, Aggregation, and Sourdough Tortillas

This is the sixth installment in our series on technology convergence, cybersecurity, and the implications for policymakers. You can read the full series here.

Key takeaways

  • Privacy on the municipal level means something entirely different than privacy for individuals, yet the majority of our discourse focuses on protecting individual privacy.

  • Instead of the habits of a specific individual, a malicious actor might now gain access to the electricity use data or transportation patterns etc., of an entire city captured by connected community data.

  • Aggregate data on transportation, energy, or emergency response leads to optimization both for municipal governments but also nefarious actors. It lets us optimize how we deliver services, route traffic, and respond to emergencies but it also creates the opportunity for attackers to likewise optimize their attacks and create chaos for longer periods of time by disrupting response.

  • In the current absence of broad connected community standards and of interoperability standards across devices, our communities are becoming more vulnerable.

  • The Cybersecurity and Infrastructure Security Agency (CISA) inside the Department of Homeland Security (DHS) should focus on the convergence of internet-connected technology and municipalities as a core part of its mission. 

  • Additionally, any privacy legislation cannot simply focus on individuals but needs to set standards for connected community data.

Introduction

I know what you’re thinking. “Not another post about how we need comprehensive privacy legislation,” [insert eye roll emoji] I get it. We all know that we need privacy legislation at the federal level and we all know we are unlikely to get it soon. To be fair, the Biden Administration’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence from October 2023 calls for such legislation so the need is widely recognized. Instead of covering the same ground again, we are going to talk about the privacy of entire communities, municipalities, and even regions. Think of it a bit like a tortilla. We use (or at least I do) tortillas to gather all of our delicious ingredients into a single bite rather than having one piece at a time. Inside our municipal tortilla are all of the communities, neighborhoods, and individuals who are connected to an internet-enabled architecture. The tortilla is the data we are generating not just from individuals but collectively creating a single entity that may be vulnerable to attack with implications far wider than the theft of an individual’s data. Have you ever tried sourdough tortillas? My wife makes them, and they are amazing. 

New Reality for Data Privacy

A quick way to ruin anyone’s day is a notice that your personal data has been stolen. Many people may be sitting on multiple years of free credit monitoring from any number of notable data breaches and hopefully the impacts were minimal. But they aren’t minimal in every case making data theft and/or identity theft a major problem for the person affected and perhaps their immediate network of friends and family. However, on a larger scale (and despite it sounding cold), the theft of an individual’s data is close to insignificant if we are talking about the average person. Of course, there are individuals who may incur a more significant impact than others such as government officials of a certain level, CEOs, cybersecurity professionals, celebrities, and more. But for the average person living under the biggest part of the bell curve in their average community, the theft of an individual’s data does not rise to the level of a national security or homeland security incident. Interestingly, connected community architectures are changing this reality. Instead of thinking about how an individual may be affected by a data breach, now we need to think about how entire communities, municipalities, and regions are affected and what that means for our national and homeland security. 

Connected communities consist of some combination of internet-connected devices doing any number of functions in an effort to improve the quality of life and delivery of services in a municipality. As previously discussed, convergence is at play in these architectures creating a capability that is greater than the constituent parts. With that comes the obvious collection, transmission, aggregation, and analysis of data from the entire geographic region in question. Instead of having access to a single household’s electricity use, a malicious actor might gain access to the electricity use data of an entire city. Instead of looking at the transportation habits of an individual, the transportation patterns for the entire population are captured in connected community data. This should frighten anyone reading this and send them running for some comfort food, maybe wrapped in a tortilla.

Implications of Municipal Level Data Breaches

Privacy on the municipal level means something entirely different than privacy for individuals, yet the majority of our discourse focuses on protecting individual privacy. Individual privacy remains a righteous cause that should be addressed but the impacts of getting municipal privacy wrong have truly worrisome implications. A couple of examples to illustrate the point:

Transportation: Aggregated transportation data for an entire city over multiple years can show the key chokepoints, transit hubs for people, cargo routes, and more. If a malicious actor was planning to cause an outage in traffic signals or public transportation, they could optimize their approach for maximum impact. The same is true for a kinetic attack as this kind of data would give the perpetrators the best geographic locations to place an explosive device or to begin a shooting attack.

Energy: How energy is generated and transmitted is critical to the livelihood of individuals and for economic success. Data that shows peak times, high demand geographic areas, and other details likewise give malicious actors ways to optimize their attacks for maximum effect.

Emergency Services: You know where this is going. If you can gain data on response times, routes, shift changes, and other details, you can again optimize your attack for maximum effect. 

Two themes emerge from these examples: 1) they are all critical infrastructure sectors, and 2) optimization. The data we are generating and aggregating in our municipalities as a result of connected community deployments tells an important story. On one hand, it lets us optimize how we deliver services, route traffic, and respond to emergencies. On the other hand, it creates the opportunity for attackers to likewise optimize their attacks and create chaos for longer periods of time by disrupting response. Imagine using this kind of data analysis to execute an attack on a municipality where there is a US military presence. What would happen if gridlock was created in Norfolk, VA ahead of a kinetic attack on Norfolk Naval Base? How long would that attack last if the responders cannot get to the scene? How bad could a data-informed explosive attack on the public transportation system of a major city be? What if emergency responders were also slowed down from responding? Now we are looking at scenarios that rise to the level of homeland and national security problems.

The imperative to secure data from connected community architectures is not limited to protecting individual privacy, though that is a factor. It extends to protecting vital information about our communities, municipalities, and regions as a whole. That includes information about critical infrastructure that can increase the efficacy of cyber and/or kinetic attacks in the homeland. In the current absence of broad connected community standards and of interoperability standards across devices, our communities are becoming more vulnerable. Efficiencies cut both ways. Efficient energy delivery is based on data that shows use patterns. Those same use patterns can be used for disruption and we aren’t talking about just having the lights go out for an hour. This is a clear vulnerability that matches directly to the 16 critical infrastructure sectors and to the 55 national critical functions. The more efficiency we introduce, the more the same data analysis can be used against us at the municipal level. 

A Path Forward

Now that you are stress eating sourdough, let’s talk about what happens now. The promise of connected communities intersecting with a growing urban population makes it impossible for us to simply rip it all out and say forget it. Instead, we have to find ways to use this technology safely and securely. But safety and security mean more than just the safety and security of the individual living in the community. It also means the safety and security of the community as a whole. And of the region as a whole. An individual having their private data stolen is a shame but having the data of entire cities stolen could be catastrophic. For this reason, the Cybersecurity and Infrastructure Security Agency (CISA) inside the Department of Homeland Security (DHS) should focus on the convergence of internet-connected technology and municipalities as a core part of its mission. 

This issue cuts across CISA’s Cybersecurity Division (CSD) and its Infrastructure Security Division (ISD). The National Risk Management Center (NRMC) has done extensive research on risks and impacts on critical infrastructure creating a perfect opportunity to leverage the talent already on staff and focus it on the issues that affect citizens and the homeland the most. The proliferation of connected communities without unifying strategies, accountable officials, clear standards, and public communication will end in a significant breach. More than being concerned with another free year of credit monitoring, we need to be concerned with the bigger picture. Our critical infrastructure is exponentially more threatened than any individual from the same technology concept. Convergence is at the core and the major threat is municipal level data. 

The idea of community or municipality-level privacy is new and forces the privacy conversation into space it does not usually occupy. Any privacy legislation cannot simply focus on individuals but needs to set standards for connected community data. Anything less will continue to expose our greatest concentration of citizens and infrastructure to exponential risk. 

Nick Reese

Research Associate for Emerging Technology at GoTech; Former Director for Emerging Technology Policy at the Department of Homeland Security (2019-2023)

Read Nick’s Full Bio

Previous
Previous

A Call for Municipal IoT Interoperability Standards: Security, Binding Agents, and Towers of Baked Goods

Next
Next

Exploring Information and Cyber Warfare in the Israel-Hamas Conflict