Kelsey Finch

Bio: Kelsey Finch is an academic researcher from Future of Privacy Forum. The author has contributed to research in topics: Data security & Personally identifiable information. The author has an hindex of 4, co-authored 4 publications receiving 52 citations.

Welcome to the Metropticon: Protecting Privacy in a Hyperconnected Town

Abstract: Introduction I. Smart City Innovation: Urban Utopia A. Finding Yourself B. Getting Around C. Keeping the Lights On II. Smart City Challenges: Life Inside the Panopticon A. Inviting the Government In 1. Pre-Urban Privacy 2. Urban Government B. Function Creep and Paternalism C. Sensors Under the Skin D. Discrimination and Data Overload 1. Discrimination 2. Data Overload III. Smart Privacy for Smart Cities A. Engendering Trust 1. Access 2. Data Featurization B. De-Identification C. Enhanced Transparency Conclusion INTRODUCTION Over half a century ago, Jane Jacobs sparked a revolution in urban planning with her 1961 book The Death and Life of Great American Cities, challenging the first wave of progressive urban renewal policies for failing to respect the needs and diversity of city-dwellers. (1) The urban redevelopment projects against which Jacobs fought aspired to revitalize and modernize U.S. cities in the postwar era, but failed to produce concrete results. (2) Ultimately, they collapsed under the weight of their own mixed performances and the vocal criticism of social reformers; their legacy lingers in "[a]rtists' renderings of slick glass and steel skyscrapers set in sunny plazas ... nurturing] hopes of a golden future." (3) For all of their high hopes, diverse and multitudinous supporters, technological promise, and intelligent planning systems, the first wave of urban renewal programs have gone down in history as "planning panaceas." (4) Today, once again a diverse array of urban planners, businesses, technologists, academics, governments, and consumers have begun to join their voices in support of the newest revolution in urban planning: the smart city. Driven by the technological promise of the Internet of Things (the increasing array of objects and devices that communicate with each other over the network) and the intelligent planning systems of big data (the enhanced ability to collect, store, and process massive troves of information), smart city initiatives are equally, if not more, disruptive to the urban existence of today as slum-clearing urban renewal efforts were in the previous century. Smart city technologies thrive on constant, omnipresent data flows captured by cameras and sensors placed throughout the urban landscape. These devices pick up all sorts of behaviors, which can now be cheaply aggregated, stored, and analyzed to draw personal conclusions about city dwellers. (5) This ubiquitous surveillance threatens to upset the balance of power between city governments and city residents, and to destroy the sense of privacy and urban anonymity that has defined urban life over the past century. (6) Although privacy advocates may yet stand in for Jane Jacobs and other social reformers in this modern urban planning debate, it is far from clear that smart cities are mere panaceas. Smart cities bring cutting-edge monitoring, big data analysis, and innovative management technologies to the world of urban planning, promising to make cities "more livable, more efficient, more sustainable, and perhaps more democratic." (7) Of course, "clever cities will not necessarily be better ones." (8) There is a real risk that, rather than standing as "paragons of democracy, they could turn into electronic panopticons in which everybody is constantly watched." (9) They are vulnerable to attack by malicious hackers or malfunction in their complex systems and software, and they furnish new ways to exclude the poor and covertly discriminate against protected classes. This Article asks whether the compelling benefits of ubiquitous data collection can be squared with privacy concerns, whether our future cities will evolve into dystopian urban panopticons or into utopian spaces without crime, pollution, or over-crowding. Part I of the Article describes the benefits and promises of data-driven, hyperconnected smart cities, including technologies to navigate and traverse urban spaces and cultures, as well as more efficient and ecofriendly smart infrastructure systems. …

Shades of Gray: Seeing the Full Spectrum of Practical Data De-Identification

Abstract: One of the most hotly debated issues in privacy and data security is the notion of identifiability of personal data and its technological corollary, de-identification. De-identification is the process of removing personally identifiable information from data collected, stored and used by organizations. Once viewed as a silver bullet allowing organizations to reap the benefits of data while minimizing privacy and data security risks, de-identification has come under intense scrutiny with academic research papers and popular media reports highlighting its shortcomings. At the same time, organizations around the world necessarily continue to rely on a wide range of technical, administrative and legal measures to reduce the identifiability of personal data to enable critical uses and valuable research while providing protection to individuals’ identity and privacy. The debate around the contours of the term personally identifiable information, which triggers a set of legal and regulatory protections, continues to rage. Scientists and regulators frequently refer to certain categories of information as “personal” even as businesses and trade groups define them as “de-identified” or “non-personal.” The stakes in the debate are high. While not foolproof, de-identification techniques unlock value by enabling important public and private research, allowing for the maintenance and use – and, in certain cases, sharing and publication – of valuable information, while mitigating privacy risk. This paper proposes parameters for calibrating legal rules to data depending on multiple gradations of identifiability, while also assessing other factors such as an organization’s safeguards and controls, as well as the data’s sensitivity, accessibility and permanence. It builds on emerging scholarship that suggests that rather than treat data as a black or white dichotomy, policymakers should view data in various shades of gray; and provides guidance on where to place important legal and technical boundaries between categories of identifiability. It urges the development of policy that creates incentives for organizations to avoid explicit identification and deploy elaborate safeguards and controls, while at the same time maintaining the utility of data sets.

Smart Cities: Privacy, Transparency, and Community

Abstract: Today’s cities are pervaded by growing networks of connected technologies to generate actionable, often real-time data about themselves and their citizens. Relying on ubiquitous telecommunications technologies to provide connectivity to sensor networks and set actuation devices into operation, smart cities routinely collect information on cities’ air quality, temperature, noise, street and pedestrian traffic, parking capacity, distribution of government services, emergency situations, and crowd sentiments, among other data points. While some of the data sought by smart cities and smart communities is focused on environmental or non-human factors (e.g., monitoring air pollution, or snowfall, or electrical outages), much of the data will also record and reflect the daily activities of the people living, working, and visiting the city (e.g., monitoring tourist foot traffic, or home energy usage, or homelessness). The more connected a city becomes, the more it will generate a steady stream of data from and about its citizens. Sensor networks and always-on data flows are already supporting new service models and generating analytics that make modern cities and local communities faster and safer, as well as more sustainable, more livable, and more equitable. At the same time, connected smart city devices raise concerns about individuals’ privacy, autonomy, freedom of choice, and potential discrimination by institutions. As we have previously described, “There is a real risk that, rather than standing as ‘paragons of democracy, [smart cities] could turn into electronic panopticons in which everybody is constantly watched.” Moreover, municipal governments seeking to protect privacy while still implementing smart technologies must navigate highly variable regulatory regimes, complex business relationships with technology vendors, and shifting societal – and community – norms around technology, surveillance, public safety, public resources, openness, efficiency, and equity. Given these significant and yet competing benefits and risks, and the already rapid adoption of smart city technologies around the globe, the question becomes: How can communities leverage the benefits of a data-rich society while minimizing threats to individuals’ privacy and civil liberties? Just as there are many methods and metrics to assess a smart city’s livability, sustainability, or effectiveness, so too there are different lenses through which cities can evaluate their privacy preparedness. In this article, we lay out three such perspectives, considering a smart city’s privacy responsibilities in the context of its role as a data steward, as a data platform, and as a government authority. While there are likely many other lenses that could be used to capture a community’s holistic privacy impacts, exploring these three widely tested perspectives can help municipalities better leverage existing privacy tools and safeguards and identify gaps in their existing frameworks. By considering the deployment of smart city technologies in these three lights, communities will be better prepared to reassure residents of smart cities that their rights will be respected and their data protected.

Shades of Gray: Seeing the Full Spectrum of Practical Data De-identification

Abstract: One of the most hotly debated issues in privacy and data security is the notion of identifiability of personal data and its technological corollary, de-identification. De-identification is the process of removing personally identifiable information from data collected, stored and used by organizations. Once viewed as a silver bullet allowing organizations to reap the benefits of data while minimizing privacy and data security risks, de-identification has come under intense scrutiny with academic research papers and popular media reports highlighting its shortcomings. At the same time, organizations around the world necessarily continue to rely on a wide range of technical, administrative and legal measures to reduce the identifiability of personal data to enable critical uses and valuable research while providing protection to individuals’ identity and privacy. The debate around the contours of the term personally identifiable information, which triggers a set of legal and regulatory protections, continues to rage. Scientists and regulators frequently refer to certain categories of information as “personal” even as businesses and trade groups define them as “de-identified” or “non-personal.” The stakes in the debate are high. While not foolproof, de-identification techniques unlock value by enabling important public and private research, allowing for the maintenance and use – and, in certain cases, sharing and publication – of valuable information, while mitigating privacy risk. This paper proposes parameters for calibrating legal rules to data depending on multiple gradations of identifiability, while also assessing other factors such as an organization’s safeguards and controls, as well as the data’s sensitivity, accessibility and permanence. It builds on emerging scholarship that suggests that rather than treat data as a black or white dichotomy, policymakers should view data in various shades of gray; and provides guidance on where to place important legal and technical boundaries between categories of identifiability. It urges the development of policy that creates incentives for organizations to avoid explicit identification and deploy elaborate safeguards and controls, while at the same time maintaining the utility of data sets.

Estimating the success of re-identifications in incomplete datasets using generative models

Abstract: While rich medical, behavioral, and socio-demographic data are key to modern data-driven research, their collection and use raise legitimate privacy concerns. Anonymizing datasets through de-identification and sampling before sharing them has been the main tool used to address those concerns. We here propose a generative copula-based method that can accurately estimate the likelihood of a specific person to be correctly re-identified, even in a heavily incomplete dataset. On 210 populations, our method obtains AUC scores for predicting individual uniqueness ranging from 0.84 to 0.97, with low false-discovery rate. Using our model, we find that 99.98% of Americans would be correctly re-identified in any dataset using 15 demographic attributes. Our results suggest that even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymization set forth by GDPR and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model.

Smart Cities: A Survey on Data Management, Security, and Enabling Technologies

Abstract: Integrating the various embedded devices and systems in our environment enables an Internet of Things (IoT) for a smart city. The IoT will generate tremendous amount of data that can be leveraged for safety, efficiency, and infotainment applications and services for city residents. The management of this voluminous data through its lifecycle is fundamental to the realization of smart cities. Therefore, in contrast to existing surveys on smart cities we provide a data-centric perspective, describing the fundamental data management techniques employed to ensure consistency, interoperability, granularity, and reusability of the data generated by the underlying IoT for smart cities. Essentially, the data lifecycle in a smart city is dependent on tightly coupled data management with cross-cutting layers of data security and privacy, and supporting infrastructure. Therefore, we further identify techniques employed for data security and privacy, and discuss the networking and computing technologies that enable smart cities. We highlight the achievements in realizing various aspects of smart cities, present the lessons learned, and identify limitations and research challenges.

The Internet of Things: A Review of Enabled Technologies and Future Challenges

Abstract: The Internet of Things (IoT) is an emerging classical model, envisioned as a system of billions of small interconnected devices for posing the state-of-the-art findings to real-world glitches. Over the last decade, there has been an increasing research concentration in the IoT as an essential design of the constant convergence between human behaviors and their images on Information Technology. With the development of technologies, the IoT drives the deployment of across-the-board and self-organizing wireless networks. The IoT model is progressing toward the notion of a cyber-physical world, where things can be originated, driven, intermixed, and modernized to facilitate the emergence of any feasible association. This paper provides a summary of the existing IoT research that underlines enabling technologies, such as fog computing, wireless sensor networks, data mining, context awareness, real-time analytics, virtual reality, and cellular communications. Also, we present the lessons learned after acquiring a thorough representation of the subject. Thus, by identifying numerous open research challenges, it is presumed to drag more consideration into this novel paradigm.

An Introduction to Privacy Engineering and Risk Management in Federal Systems

Abstract: This document provides an introduction to the concepts of privacy engineering and risk management for federal systems. These concepts establish the basis for a common vocabulary to facilitate better understanding and communication of privacy risk within federal systems, and the effective implementation of privacy principles. This publication introduces two key components to support the application of privacy engineering and risk management: privacy engineering objectives and a privacy risk model.

The Emergence of Anti-Privacy and Control at the Nexus between the Concepts of Safe City and Smart City

Abstract: The emergence of Big Data, accelerated through the Internet of Things (IoT) and Artificial Intelligence, from the emerging, contemporary concept of smart cities coupled with that of the notion for safe cities is raising concerns of privacy and good governance that are impacting on socio-economic and liveability dimensions of urban fabrics. As these gain ground, largely due to economic pressures from large ICT providers, there is a notable increase towards the need for inclusion of human dimensions, complemented by the use of technology. However, the latter is seen as catalysing elements of control and propaganda which are thriving through oversimplified and non-inclusive urban IT policy measures. This paper dwells on the intersecting subjects of smart and safe cities and explores the highlighted issues that are deemed to cause concern and further explore the need for transparency and inclusivity in urban processes and systems. This paper is oriented towards urban planners and policy makers looking at the implementation of smart and safe cities concepts.