Smart cities and Tech Evolution - XXXIX - Data Value Protection

22 data records are stolen or lost every second in 2015. Credit: Gemalto

Types and Source of breach incidents in the first half of 2015. Credit: Gemalto

Data have become so valuable that have attracted the interest of digital thieves, hacking in the system, stealing and tampering.

Data protection should be the top priority of the physical owners of data, the ones controlling the storage and access to the data. This is usually the weak point and the one mostly attacked by hackers. 

The other usual way of stealing data is by physhing, stealing the access credential from the owner by having him providing the credential to the hacker that is emulating a legit website.

Intercepting data as they are transmitted is much more difficult since they are brocken in packets that may flow over different paths, likewise hacking a wireless link.

The number of data breaches keeps growing, year over year and now its tally has pass the billion mark of data records lost or stolen. Banks, merchants storing their clients credit cards have been the major target, along with million of individual PCs attacked via physhing.

As Municipality are starting to aggregate data they are becoming vulnerable to attacks and they should also become aware of the possibility of malicious attacks aiming at disrupting the city services and processes as they will be relying more and more on data.

This is going to be a never ending story. As data will continue to increase their value and importance there will be more and more attempts to hack, technologies will provide better security but at the same time technology provides better ways to attack data.  It is like having technology that lets you create more resistant steel to buid your safe and at the same time more powerful laser beams to drill it.

Protecting the privacy of citizens (and biz) data is also a major concern for the Municipality (and anyone storing people’s data). Here the protection of data as such, through anonimity, is not enough since the anonimity can be circumvented through correlation as previously noted.  

Unfortuantely, for both security and privacy, we are faced with a chain whose “rings” are owned and controlled by different parties, one being the originator of the data, often the citizen. It is sufficient to break one of these rings to have access (in many cases) to the whole chain.

Clearly, tampering with a personal PC is affecting only the data chain connected to that PC (that person), data segmentation in the data bases of the Municipality or merchands should protect other data chains (although some times this has not been the case, particulalry when the breach affected a PC of a data manager who has higher clearance).

Although in abstract people value their privacy in many cases we see that their behaviour is not “privacy conscious”. The use of social media is a clear example. People are revealing a lot about their private life with no serious thought about the consequences. The ubiquitous use of tagging let third parties to publish a photo where I happen to be in without any control from my side.

As image recognition becomes more and more effective it will be no surprise to see the possibility of searching billion of photos and identify my presence in them, even if I was not tagged. Privacy is very feeble in this digital world.

Another important point is to preserve the ownership of data and as we have seen over and over this is an even tougher issue than privacy.  Bits can be copied at will and a copy is not different from the original.

However, data managed through a system of API that delivers certain data upon request are easier to protect, at least to a certain extent, and notice can be taken on who is asking for those data. There are a number of techniques to make this happen and platforms like FiWare support this type of control. The point is to enable an economic market on data. If revenues are made by using data owned by a certain party that party has to have to possibility to enter negotiation with the party using his data to come to an agreement on revenue sharing.

This ia important for the data owner as well as for others that might consider sharing their data through that platform.

The point is that a platform should be like a market square. It should open goods to potential buyers and should enact rules to sustain value for each transaction.

A Municipality moving onto the Open Data framework should provide access through a platform able to sustain a marketplace.

Author - Roberto Saracco

© 2010-2020 EIT Digital IVZW. All rights reserved. Legal notice. Privacy Policy.