The demand for smart city solutions is expanding rapidly, especially in our primary market, the KSA. At the premier tech event LEAP in Riyadh in February 2023, I had several fascinating discussions about smart city-related topics with Saudi government leaders and business executives. During these discussions, I found myself exploring the dichotomy of smart city technologies and human freedoms: While the promise of an AI-powered urban environment, which anticipates and adapts to each individual’s needs in real-time, is an inspiring vision, the flip side is the potential to build a piece of enormous digital surveillance machinery stripping away individual freedoms.

Finding the perfect balance between smart city data collection and protecting peoples’ privacy is challenging, but here are some thoughts on things we should consider and how open-source tools can help fine-tune this delicate balance.

Smart cities use technology to improve residents’ efficiency and quality of life. One of these technologies is people flow tracking systems, which monitor and analyze the movement of people in public spaces such as streets, parks, malls, and transport hubs. These systems can provide valuable insights for urban planning, traffic management, public safety, and environmental sustainability.

However, people flow tracking systems also pose significant challenges to privacy protection. These systems collect and process large amounts of personal data, such as location, identity, behavior, and preferences of individuals. This data can reveal sensitive information about people’s habits, preferences, health conditions, social relationships, and political opinions. Moreover, unauthorized parties such as hackers, advertisers, or governments can access or misuse this data.

Therefore, it is essential to ensure that people flow tracking systems respect the privacy rights and expectations of the citizens. Regulators and companies can achieve this by adopting various measures such as:

1. Implementing privacy-by-design principles requires that service providers embed privacy protection into the design and operation of people flow tracking systems from the outset. Responsible service providers minimize the collection and retention of personal data; anonymize or pseudonymize the data; encrypt and secure the data; provide transparency and accountability for the data processing; and enable user control and consent over the data.

2. Applying privacy-enhancing technologies enables people flow tracking systems to perform their functions without compromising privacy. For example, differential privacy adds noise to the data to prevent individual identification; homomorphic encryption allows computation on encrypted data without decrypting it; federated learning distributes the learning process across multiple devices without sharing raw data; and zero-knowledge proofs prove a statement without revealing any information. Furthermore, open-source-based encryption tools, which allow semi-anonymous digital identities with public and private key pairs, may help add more privacy to people flow tracking systems.

3. Establishing privacy governance frameworks: These frameworks provide legal and ethical guidelines for regulating the use of people flow tracking systems. They include laws and regulations that define the rights and obligations of data subjects and controllers; codes of conduct and best practices that set standards for responsible data handling; oversight mechanisms that monitor compliance with privacy rules; enforcement mechanisms that impose sanctions for violations; and redress mechanisms that offer remedies for harms.

By adopting these measures, smart cities can balance the benefits of people flow tracking systems with the risks for privacy protection. This way, they can foster trust and confidence among their citizens while enhancing their livability and competitiveness.

The infrastructure of smart cities runs on IoT (Internet of Things) devices, which monitor and adjust millions of processes in real-time across the urban environment. Road traffic, smart parking, utility management, facility operations, and many other processes rely on the 24/7 interplay of sensors, data, and devices.

Public and private sector organizations are the primary operators of the IoT systems of smart cities, and they need to maintain a healthy attitude toward using personal data ethically in their services. For example, do I need to authenticate with my real-life identity when charging my electric vehicle? Could I charge my car more anonymously as I do with cash at a gas station today?

Open-source technologies like Bitcoin’s Lightning Network (Lightning) could provide a more private alternative to fully centralized services. Lightning is a second-layer technology built on the Bitcoin network, which uses peer2peer connections to enable close-to-real-time and close-to-zero-fee microtransactions. Every bitcoin consists of 100 million satoshis (sats) which allow for highly dynamic and granular ways of paying for services, such as the charge for my electric car. One could visualize electricity streaming to my vehicle while sats stream to the charging station.

Most people will naturally opt to use fully centralized IoT services for convenience. The same logic played out in adopting the internet, where most people voluntarily use it via centralized services and devices from Google, Microsoft, Facebook, Amazon, and Apple. Still, open-source technologies such as Bitcoin and the Lightning can provide viable options for law-abiding people who don’t want to be surveilled 24/7 during their lives. Lightning will also be helpful in machine-to-machine commerce, which we expect to grow exponentially within smart city environments. For example, self-driving taxis could pay EV-charging stations for electricity without human facilitation.

As an upcoming digital asset class, bitcoin’s price volatility can seem too high for the above use cases. Bitcoin experts expect the volatility to lessen as global user adoption takes Bitcoin’s market cap closer to Gold’s 13 trillion market cap. In the meanwhile, Bitcoin-backed stablecoins have the potential to provide a viable interim solution. In the next 12 months, bitcoin-backed stablecoins representing USD, and potentially other fiat currencies, will launch on Lightning. In other words, Bitcoin can soon work as the base-layer technology for personal and machine-to-machine payments without exposure to bitcoin’s price volatility.

Using Bitcoin-backed stablecoins can also remove the headache of handling tax reporting for organizations, people, and devices participating in smart city economies until more countries forfeit capital gains taxes for using bitcoin for payments. Even in my home country Finland, which has some of the most comprehensive tax regulations in the world, a citizen can spend small amounts of bitcoin per year without tax reporting obligations. And at the other end of the spectrum, El Salvador has made bitcoin legal tender, and more countries will follow.

Smart city regulators and service providers should educate themselves on the tremendous opportunities the internet-of-value provided by Bitcoin-related open-source technologies can do to enhance citizen well-being, privacy, and efficiency of commerce.

When citizens of smart cities interact with public services, they use digital identities to log in to the services they use. In many cases, such as in legal matters, the person’s real-life identity connects with their digital identity for a valid reason. But in many cases, connecting real-life identity with digital identity is intrusive and creates multiple risks for individuals. Nick Szabo famously stated in 2001 that trusted third parties are security holes.

For example, when a resident of a smart city wants to go to a digital art exhibition, does she have to log into the ticketing platform with her real-life identity, or could she reserve the art exhibition ticket by logging into the ticketing service semi-anonymously? After all, in most places, I can still buy art exhibition tickets with cash today.