Data Leak Exposes Citizens of an Entire Smart City in China Drew Wilson | May 6, 2019 A security lapse has exposed citizens of an entire smart city in China. The discovery was made by a security researcher. In a lecture from years ago, Cory Doctorow said “technology giveth and technology taketh away”. This seemingly timeless line appears to be very relevant to this day. This latest data leak certainly is a fresh reminder of this. To make matters worse, it appears a major company, Alibaba, is wrapped up in all of this. Alibaba may not exactly be a household name for some North American’s, but in places like China, that company is, in fact, massive. Apparently, data from a smart city was stored on Alibaba. A lapse in security meant that anyone could access critical surveillance data such as facial recognition information. Here’s a part of a report from TechCrunch: The database was an Elasticsearch database, storing gigabytes of data — including facial recognition scans on hundreds of people over several months. The data was hosted by Chinese tech giant Alibaba. The customer, which Alibaba did not name, tapped into the tech giant’s artificial intelligence-powered cloud platform, known as City Brain. “This is a database project created by a customer and hosted on the Alibaba Cloud platform,” said an Alibaba spokesperson. “Customers are always advised to protect their data by setting a secure password.” “We have already informed the customer about this incident so they can immediately address the issue. As a public cloud provider, we do not have the right to access the content in the customer database,” the spokesperson added. The database was pulled offline shortly after TechCrunch reached out to Alibaba. While artificial intelligence-powered smart city technology provides insights into how a city is operating, the use of facial recognition and surveillance projects have come under heavy scrutiny from civil liberties advocates. Despite privacy concerns, smart city and surveillance systems are slowly making their way into other cities both in China and abroad, like Kuala Lumpur, and soon the West. “It’s not difficult to imagine the potential for abuse that would exist if a platform like this were brought to the U.S. with no civilian and governmental regulations or oversight,” said Wethington. “While businesses cannot simply plug in to FBI data sets today it would not be hard for them to access other state or local criminal databases and begin to create their own profiles on customers or adversaries.” It’s unclear whether or not any criminal element managed to get their hands on such data, it’s a safe bet pretty much everyone hopes that the only ones that managed to access the data are the ones that reported the security lapse. While the concept of smart cities might be fruit for sporadic discussion in North America, the concept of smart homes is becoming increasingly part of a broader discussion for privacy. When someone has a product such as an Amazon’s Alexa, Google Home, or other devices, there are certainly discussions on what personal information companies are receiving in return for a small amount of convenience. In Britain, there is a similar discussion surrounding the UK porn filter system as managed by the BBFC. One of the criticisms of the system is that private companies now are being required to hold a certain amount of personal information supposedly in an effort to prevent minors from accessing adult material online. This over top of just how many security camera’s there are in some cities within Britain itself. So, it’s not that big of a stretch to start thinking that such debates could be a forerunner to the debate on privacy within the technological infrastructure of an entire smart city. The question is, what exactly are we giving up for the sake of some convenience for instance. While some of the debate may surround who gets to hold on to that personal information, a much bigger cause for concern for some is what happens when that information gets broken into or, even worse, leaked online (as is clearly the case here). This latest data leak should trigger discussions on what does privacy mean in the future. How does society want to balance their privacy with that convenience that comes with something like smart technology. Already, there is some discussion and interest over reforming privacy laws in Canada, but whether that makes a dent in the broader election discussion remains to be seen. Either way, this latest incident should serve as a wake-up call over whether we should just blindly jump forward into technology or take a moment and assess the implications of this. After all, at least there is lead time to discuss all of this before such technology hits. Drew Wilson on Twitter: @icecube85 and Facebook.