Smart Technology: A Privacy and Security Perspective

Intro  0:01  

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels  0:22  

Hi, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional, providing practical privacy advice to overwhelmed companies.

Justin Daniels  0:37  

Hi, Justin Daniels. Here I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback helping clients design and implement cyber plans as well as help them manage and recover from data breaches.

Jodi Daniels  0:54  

And this episode is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, ecommerce, media and professional services. In short, we use data privacy to transform the way companies do business. Together, we’re creating a future where there’s greater trust between companies and consumers. To learn more, visit redcloveradvisors.com. When you’re on redcloveradvisors.com, you might notice that we have a really cool pop up encouraging you to sign up for our new book. Justin, what is the name of our new

Justin Daniels  1:39  

book? Data Reimagined?

Jodi Daniels  1:43  

doesn’t have like a subtitle,

Justin Daniels  1:45  

right? Well, it’s building trust one byte b y t edits time. When does it release October 4 During Cybersecurity Awareness Month,

Jodi Daniels  1:55  

so make sure you sign up for your copy and join the list. But today we’re gonna dive into one of just favorite topics.

Justin Daniels  2:05  

Yes, today’s guest doesn’t need much of an introduction in our house, but I will learn do some anyway. So today we have with us David Rhodes, who is the city attorney for the city of Peachtree Corners GA and is also legal counsel for Curiosity Lab, which is the city funded Smart City Innovation Center. And if you read anything I post on LinkedIn, I talk about them quite a bit because David and I work together often. David, welcome and good morning.

David Rhodes  2:35  

Morning, Justin and Jodi, great to be with you.

Jodi Daniels  2:38  

We’re so glad to have you. So before we dive into all the cool things that are happening, tell us a little bit about how your career evolved to what you’re doing today. Sure, and

David Rhodes  2:50  

I’ll try to keep it compact, although I will say is probably a bit of a nonlinear path. So I’ve been the city attorney formally appointed for about a year. For about three years prior to that I was the assistant, city attorney and the bulk of my say, adult life I’ve been in the military. So I was an infantry officer for six years after I graduated from Georgia. And then for the past 10 years, I’ve been a judge advocate for a brigade in the Tennessee Army National Guard. And so I really have enjoyed that role as a judge advocate, serving as legal counsel for brigade commander and brigade staff. And probably about five years ago, I started handling some limited engagement engagements for the city of Peachtree Corners, and just really enjoyed that role, both providing counsel to the city manager, his staff as well as city council. So I consider myself very fortunate to have been able to kind of migrate over and take that on full time. And I can talk a little bit later about my involvement with Curiosity Lab, which was you know, not not my idea circling but because it is a city initiative. In my position as city attorney I was I was right there to kind of benefit from that progression. So

Jodi Daniels  4:29  

perfect segue.

Justin Daniels  4:30  

So David, we’re going to open up with it almost have been a pun. It could have been upon David help educate our audience. What is the curiosity lab?

David Rhodes  4:40  

Sure. So I guess the simplest way to explain it is just to discuss the components. So the city has a 25,000 square foot building, which we call the innovation center. So that houses some tech focused startups that houses a rotating cast I have research teams, graduate students, from some universities, as well as our partners that are involved in some pretty exciting things like our 5g vertical. So that’s the call it the building component. And then also probably what gets us the most publicity is the roughly three mile autonomous and connected vehicle track. And the right of way adjacent in which is a public street to be clear. And then the right of way of that track. We also have spaces available for companies to come in and deploy IoT devices and handle use cases there. So that is kind of Curiosity Lab in a nutshell.

Jodi Daniels  5:49  

Now, you do some really interesting things at the Curiosity Lab. So maybe you can talk a little bit about some autonomous vehicles that might be there. And very specifically, what are the unique privacy challenges that cities can face when they’re deploying smart transportation technology? Yeah, and

David Rhodes  6:12  

I think it’s, it’s helpful to kind of understand the role of Curiosity Lab to the city. And I would say it’s, you know, in my mind, it’s really twofold. So there’s certainly an economic development component where we are, you know, attracting startups hoping that they grow, and ultimately, you know, scale and then stay rooted that we retain those startups. And we’ve also had some success, recruiting some much larger, more mature companies as a result of the activity going on in Curiosity Lab. So that’s the economic development side. But there’s also a significant component with the city in our public works, folks, traffic engineers, folks are watching very closely, these use cases. And so if they’re successful, we can ultimately take and scale that city wide. Your question about the privacy concerns is a great one, you know, simply but if the city is collecting data, for the generally speaking, or they’re creating public records, and under Georgia law, there’s just a right of the public to have access, and those records need to be disclosed. And so I’ll say that the challenge is really for cities to be deliberate about what kinds of data they’re collecting, and making sure that there is a really a need for that data, and then taking certain steps to ensure that we’re not bleeding into privacy concerns, and there’s not a better way to do it, meaning, you know, if you if you’re really just need a traffic count, and that can be done with object detection, versus a video feed, then then do that. And those kinds of examples repeat themselves of saying, Hey, what is the intended purpose behind this data collection? And how can we do this so that we’re not essentially endangering folks privacy rights?

Jodi Daniels  8:17  

I think the other piece that’s really important is, as cities are working with third party vendors, and that third party vendor, you mentioned a video feed, perhaps it’s a third party company that might have that feed, and is providing it to a city, but what else might they be doing with it, and I wanted to offer that for any city that’s going to be looking at any kind of technology to always really be mindful of who the vendor is and what they’re doing to.

David Rhodes  8:45  

That’s right. And I joke, sometimes when I’m when I’m working with Justin on onboarding, whether it’s a curiosity lab partner, or it could just be a city vendor, someone who has been, you know, jumped through the various RFP hoops in the city is at the point we’re ready to execute a contract. There needs to be a security and privacy audit on the front end. And back to kind of a joke is I really want those contracts and the privacy and security sections of those contracts to read at an eighth grade level, which can be a challenge, but I say that because those those contracts are similarly you know, subject to open records request and disclosure and your point about what third parties are doing with that data. I think, you know, the first perhaps most critical step is to minimize the type of data that you’re collecting, but then also putting those guardrails in there to ensure that there’s not sharing you know, with with third parties and the necessary contractual provisions are there as an additional safeguard

Justin Daniels  9:56  

has, without saying it David’s professing day Data minimization, which is a thing that

Jodi Daniels  10:01  

you’re big about. Yes. But that’s why I took the privacy question.

Justin Daniels  10:05  

I know. But David does it without even having to call it something fancy. He already understands it. But anyway,

Jodi Daniels  10:11  

I was going to that eighth grade level. So you don’t need to have fancy words. You’re right to just describe.

Justin Daniels  10:16  

Exactly. So David, another thing I want to ask you and all of the different projects that you’ve worked on, the ones that we’ve done together is talk a little bit about how you’re thinking about security has evolved on projects that have done from drones, autonomous vehicles, remote scooters.

David Rhodes  10:36  

Ai, sir? Well, I think sort of, and I’ll just call it a slap in the face. As we got Curiosity Lab up and running was we started looking at some other cities, not just here in the United States, but but also in Canada and some other places that really had successful what I would just call innovation centers where you’ve got this nice triangle between a government entity, academia and the private sector. And what what became immediately apparent to me was that when you raise the profile of that city, in the context of data gathering, you become a target, and you’ll see cyber incidents spike, and so that, you know, I would say it was kind of the catalyst for saying that the city needed to find and adopt a cybersecurity posture. And you can phrase this better than me, but you get into security by design. So prior to deploying any type of data gathering device and the right of way or anywhere else, you need to have really thought through how you’re your city guarding the receipt or transmission and storage of that data. So that’s kind of at the outset, I think that was the aha moment. You know, going forward, I think there’s just been a learning curve, about how to best accomplish data minimization, there’s a lot of, you know, edge computing, and there’s ways where, yes, this may be a camera doing object detection, but nobody’s is fooling that that camera fee that it’s kind of, you know, dying at the edge of the device there. And so really, it’s been that process, regardless of the device that we’re discussing, be it on a navy drone, or just a sensor. That’s that’s on a pole, it’s really been the same process that we’ve we’ve looked at. So hopefully, that’s responsive.

Jodi Daniels  12:44

Sure. Now, David, can you tell us what ARPA is? And how will ARPA potentially help impact how other cities modernize all of this from a cyber perspective, we’ve been talking about all these privacy and security risks that cities need to be thinking about, and how can ARPA help them do that?

David Rhodes  13:05  

Yeah, that’s a great question. So the American rescue plan Act, is local governments are receiving quite a bit of money, a lot of its dependent on population size. And the purpose of this, of these five federal funds are to, you know, on one hand, mitigate against the academic the, excuse me economic damage from the COVID 19 pandemic, but it was also intended for cities to really take a look at their assets and the delivery of services. And so I think the opportunity is huge, because for the first time, you know, the modernizing, cyber security posture was specifically called out as a permissible use of these funds. And so it’s really allowing some cities that are cash strapped, who have never been able to stretch the budget that far, to really spend the money to do things like saying, Hey, what is our cybersecurity posture? Let’s formalize this, let’s adopt standards and necessary security controls. Let’s, you know, take a look at improving intersections and other things, but doing so in a way that’s that’s mindful of both data security and data privacy. So it’s a huge opportunity, having said that, there are cities I mean, we just, I think it was in the news either last night or this morning about Jackson, Mississippi, where there were the largest cities in the state without water. There’s there’s no date certain for the repair of this water treatment facility. So I think the reality is that some cities and counties will be deploying these funds and to significant areas. It needs. But But hopefully, you know, I think more cities and counties than not will be able to take some of these funds and truly improve upon and harden their computer systems, it doesn’t get a lot of press, quite often because I think we’re just under a delusion. But there’s, you know, cities and counties are under constant threat of cyber events from from foreign actors. So I see it as a real need. Justin and I discussed this quite often. But it’s really staggering to me that there’s not a mandated standard or minimum standards that local governments need to adopt and comply with. So

Jodi Daniels  15:44  

this is really shocking, I would just a regular regular citizen over here, I would hope that cities have that in place as well, for some of these basic infrastructure needs, like water, and many of the other services that cities provide. Let’s hope that these funds will be put to good use it as you just go. Knocking on our wood desk. So,

Justin Daniels  16:12  

David, the Curiosity Lab, as you and I both know, is a very forward thinking economic development vehicle. And you and I’ve seen a lot of cutting edge developments in the last three years. I’m using your crystal ball, you know, what are your thoughts around? What do you see for the future of smart cities? Because with all the projects we do, and what I’m saying, to me, it’s more automation more data collection? But to your point, where are these privacy and security standards playing into it with cities?

David Rhodes  16:44  

Sir, it’s interesting to me, because I think when when you say, would use the term smart cities, I think the average person hears that term, really, it’s a transportation focused approach, you know, there’s this idea that people are going to be reading the paper, I should say, their tablet, getting the news on their tablet, and being whisked along in on an autonomous vehicle on a road that’s free of traffic. I think the reality is, you know, we have not developed our cities and suburbs in such a way that makes that a practical reality, at least for the short term. So where I truly see local governments making significant strides is the efficient delivery of government services. And there’s some really exciting and impactful things going on, that are quite basic, but they’re just not done broadly. And for example, I was having a conversation with our land management director order this morning, you know, discussing utilization of of IoT devices, in some of our stormwater retention ponds. And the just the short of it is, you know, you can pretty cheaply deploy some water level sensors, as well as weather sensors, and ensuring that your assets whose purpose is to store stormwater have the capacity to absorb weather events, you also see local governments doing things like deploying sensors on you know, the, for solid waste collection, so that they’re picking up trash in an efficient manner. And while autonomous vehicles may be a long ways off, you’re seeing public transit, really take advantage of this idea of saying, hey, what, why are buses following a fixed route and stopping three stocks where there’s nobody, you know, why isn’t this more on demand? And so I see the short term significant strides and benefit to the public is in those areas. And so that, you know, that excites me, I think, at the end of the day, local governments have have a duty to ensure that folks are getting the maximum return on their tax dollars. And we do that by delivering services as efficiently as possible. So those areas excite me. I think, unfortunately, just because of how, you know, I’ve read studies before just how you know that you look at the traffic densities in Atlanta metro area, and there is no silver bullet to solve that. So we’re really kind of addressing at the edges saying, Well, how do we how do we improve signalized intersections and, and have variable speed limits? And how are we addressing how cars get onto and off of for interstate systems or, you know, perhaps most significantly, having connected vehicles for emergency responders so that they’re not stuck in traffic with someone in the back? I mean, these are real world issues, that I see Smart City technology addressing in the short term, and then maybe one day we’ll we’ll have, you know, the more exciting 100% Autonomous conveyance of people on a got traffic or excuse me streets that are free of traffic. But

Jodi Daniels  20:03  

so when you commented about the bus stopping, and there’s no one there, it really resonated with me, I always wondered the exact same thing. And then what comes to mind is, I’m sure it’s been done somewhere to study would be really interesting to see the impact on overall traffic. Because when that bus stops the car behind it, the car behind it, and you have this entire daisy chain of stopping slows everything down. If you just were able to fix that one piece, it would have a, I think, very favorable impact overall.

David Rhodes  20:32  

I agree with that. And I think what we’re seeing is that, you know, the Atlanta metro area, we got this housing crunch, but we’re what we’re built out. And we built out in a way that was not enough, it was not a great use of available space. And so what we’re seeing now is, you know, kind of the, in town redevelopment taking underutilized commercial Park parcels and doing mixed use. And something that’s very popular right now is walking trails. And folks love that. So I think what we may see is taking things like walking trails and having them be multi use trails and having that be compatible with an autonomous vehicle so that you’re really doing, you know, what we call micro transit solutions that will still get people off the road. out, you know, and using an alternative means one of the things that I’m really excited about right now, and this is probably 12 to 18 months out, but the Curiosity Lab, regrow track extension project, and we’re really hoping to run the track all the way up in the 141, right away, connecting it to the forum and Town Center. And we’ve got, you know, sort of hotels and office space here in tech Park. But I think that’ll be a really exciting use case. And so anyways, I think those are more manageable and achievable goals in the short term.

Jodi Daniels  22:03  

Awesome. So this is the privacy and security podcast, and you have to cover a lot of privacy and security challenges that we talked about. What is your best personal privacy tip that you would offer? Somebody?

David Rhodes  22:17  

Gosh, I’m interested on to hear your response on this as well, Jodi. So, you know, my privacy tip is this, you know, I would be more concerned about the Tick Tock app on my phone, than I would be about a local government putting an IoT sensor in the right of way, both because of the type of data that’s collected the transparency involved in that collection, and then the ultimate public purpose behind the use. And so we certainly engage with, with with residents on on these topics, and there is what I, you know, I agree it’s a real world concern. They want to know, and they shouldn’t know what exactly what data is being collected at the same time. I think it’s interesting what what folks, you know, voluntarily share up to it, including, you know, biometric data. And they use it without alarm. But but a traffic count, they find that alarming. So that’s,

Jodi Daniels  23:26  

I would agree with you. And I think the hesitation comes because people don’t trust government. And so I always talk about in the privacy world that comes down to trust. And if an organization is not trustworthy, whomever it is, then people are going to be hesitant to have personal data collected, used and shared. So unfortunately, most government hasn’t always received the favorable trust for and so therefore, people are wondering what is going to happen with that? I personally would agree, which is why we are not tick tock people.

David Rhodes  24:03  

I will say that, you know, Peachtree Corners, unlike some social media apps, you know, we haven’t engaged in mood experiments where we control your feed, to see if we can’t see if we can’t have some, you know, depressed posts be evoked from that. So

Justin Daniels  24:24  

what I was looking at, I know because David, I was gonna ask Jodi, what’s my fav? What’s my trust? unfavorability rating? Maybe I don’t want to know.

David Rhodes  24:32  

Exactly. But one thing that I will say is that the city What should you say local government that I think that we need to do a better job of educating the public about what’s going on in their right of way. And there’s certainly what I would call you know, more benign, you know, Smart City technologies that are just Doing traffic counts that are just weight weighing garbage in a dumpster or checking on water levels and a reservoir and things like that. And then there’s a straight up public safety play. That is, you know, very much dealing with the identification and apprehension of, of bad actors. And so I think step one in terms of earning and maintaining the public trust is to be very, very specific and honest about the different programs. And really doing as you know, we talked about the eighth grade level, but just explaining, okay, you know, this, this is a camera this is surveilling either a right of way or public space. And the purpose of this is to prevent crime. And if a crime occurs in this area, then that information is provided to law enforcement. And then following through, what are the guardrails there? And so I think you’ve the risk is that you conflate all of it. And then the public, you know, simply has this, you know, it’s just a lack of understanding about the different programs and gets clogged together, and it creates, as you said, some distrust.

Justin Daniels  26:14  

You’d be surprised by how much of a challenge it is for David and I to get to that eighth grade level and help people to discern because it’s not always easy. But, David, obviously, when you’re not being a judge, advocate, and you’re not being the city attorney, we always like to ask, What do you like to do for fun?

David Rhodes  26:39  

Well, I will say, prior prior to a recent recent shoulder surgery, I’m an avid tennis player. Enjoy also coaching my my daughter’s lawsuits as I can’t take the mantle of coach, I gotta say, as an assistant coach, because I’m not there enough, but seven year old daughter play softball, so I enjoy doing that. But try to be as active as I can to combat, you know, this horrific desk lifestyle that we’ve

Jodi Daniels  27:12  

heard. There’s some great trails, but

David Rhodes  27:16  

that’s right. That’s right. Yeah, we, you know, and I need, I need to get out and use the city’s network of trails more often. So I try to stay active when I can.

Jodi Daniels  27:26  

Well, thank you so much. If people want to learn more about the Curiosity Lab, and in a Innovation Center, where could they go? Well, so

David Rhodes  27:36  

we and I should have had the all just say that if you go if you go to the city Peachtree Corners website, which you can get there through Google, you’ll be will be able to pull up the Curiosity Lab page for access the Curiosity Lab page, from the city’s web page. So this is what page does a good job of calling out kind of the various initiatives that we have going on, as well as we’ve got some great concerts that are going on at the town grinning. So but yeah, I would I would just welcome anyone who’s interested in getting additional information to go to the city’s web page.

Jodi Daniels  28:11  

Excellent. Well, thank you so much, again, for joining us today. We really appreciate it. And

David Rhodes  28:18  

yeah, thank you for thank you both for having me enjoyed it.

Outro  28:21  

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.