The objectives of smart buildings and vehicles often revolve around two axes: physical security and energy efficiency. An attempt is made to provide intelligence to both buildings and to cars to avoid serious incidents (floods, fires, traffic accidents) and to reduce CO₂ emissions as much as possible.
In addition, there is usually a great interest in improving the comfort of users and providing them with new functionalities. It also seeks to facilitate the work of the people in charge of the maintenance and repair of the different systems that make up both buildings and vehicles. And obviously, directly or indirectly, intelligence always reduces costs for owners.
Big data centers
To achieve these objectives, numerous sensors are installed that allow a large number of physical variables to be measured. Buildings and vehicles are becoming, in the process of digitization, large data centers, systems of systems. They are vigilant of everything that happens inside and around them.
The information collected helps decision makers to make them in an agile, automated and efficient manner. And for this, we work in hyper-connected environments. Large amounts of data are captured, transmitted, processed, viewed and stored every hour.
This massive information management has caused in intelligent environments a growing concern about aspects related to cybersecurity. It is understood that the different agents involved in the design, construction or manufacture, operation and use of intelligent systems they have a responsibility in the protection of the confidentiality of all this data. And in preventing potential adversaries from taking control.
And what about privacy?
However, as in other scenarios, privacy is being the great forgotten in this whole process. Ensuring that data is protected is not guaranteeing that the levels of privacy offered to users are adequate. Privacy needs data to be protected, yes, but it goes much further. It has to do with how they are captured, processed, shared, retained, etc.
For example, it is very common for a smart building to have different types of video cameras or devices that capture images in various locations. We all have more or less clear that the image of a person, to the extent that it identifies or can identify it, constitutes a personal data. And for this reason, the use of this type of cameras is advised and an attempt is made to apply privacy strategies from the design following the recommendations of different authorities and organizations.
However, it is also common in these buildings to use smart meters in homes to measure energy consumption. These meters are connected by the telecommunications network (usually by internet) to the control centers of the energy providers.
This type of smart meter allows us to analyze the behavior pattern of the people who live in a certain address, not only from the point of view of energy consumption. You can find out how many people live in it (and if they are at home or not at all times), genders and ages, socioeconomic status, what time they go to sleep and get up, what are their hobbies, what kind of entertainment services consume, if they have contracted an individual security system (alarm, surveillance cameras), etc. Even in the case of users with electric cars, information about their mobility patterns can be obtained.
This information, by itself, allows to build very detailed profiles on coexistence groups and individual people. If you can also come across data that comes from other meters or sensors, from social networks, from data breaches in the past, etc., this profiling can be tremendously accurate. And yet, in most cases we are not aware that we are exposed to this threat. We are not warned with a striking sign. Nor are there so many explicit recommendations by authorities or organizations about how to protect the privacy of users in relation to this type of meters or sensors.
Impacts for users and conclusions
In the example we have used, the possible impacts on users of the loss of their privacy could be very varied. They could be stigmatized because some of their habits become public and that causes problems with their neighbors or with another provider. Or they could suffer a power imbalance if a provider does not offer them the same as other consumers, or raises their rate.
These same reasoning can be applied in relation to many other sensors that collect information in smart buildings or smart cars. Let’s think, for example, of all the information that car insurance companies can collect through the vehicle’s sensors when we hire a smart insurance policy that takes into account our driving habits.
It is essential that all agents involved in the design, manufacture, construction, deployment, maintenance and operation of these intelligent environments are aware of their obligations regarding user privacy. That they comply with basic principles such as legitimacy or proportionality. And that they apply privacy strategies from the design. They must guarantee transparency in relation to the data they collect and for what purpose they do so, allowing users to exercise all their rights in an agile manner, minimizing the data collected, etc. If these aspects are not fulfilled, the intelligence that we intend to achieve will never be completely.
Marta Beltran, Professor and coordinator of the Degree in Cybersecurity Engineering, Rey Juan Carlos University and Miguel Calvo, Professor of the Degree in Cybersecurity Engineering, Rey Juan Carlos University, Rey Juan Carlos University
This article was originally published on The Conversation. read the original.
Reference-www.eleconomista.com.mx