Building privacy-forward IoT: Intelligence without Surveillance

In a previous post, our CEO Tara Pham shared the privacy philosophy that has guided Numina from the day it was founded up through present day, several years later. As a team, we know the value that data and technology bring to urban planning and street design. At the same time, we recognize the potential privacy concerns that widely deployed IoT sensors and real-time location data can bring. As rich datasets on our cities and public spaces expand, they can present serious privacy vulnerabilities to citizens. We believe that companies deploying sensors in public spaces have a responsibility to develop security and privacy best practices not as a retrofit, but from the initial design.

At Numina, we have developed a “smart” sensor that processes imagery to collect real-time insights from the public realm: streets, sidewalks, parks, plazas — the space “between buildings” that makes up about 45% of the space in cities. Our sensors are deployed on light poles or buildings, gathering a continuous stream of movement data of people, vehicles, and objects like bags of trash and obstructions in the road. We translate this information into insights that illuminate critical needs for action in urban planning and accessibility, streets maintenance, waste management, mobility services, and more. Before the data is sent to or stored in our servers, it is anonymized on site (“at the edge”) to uphold our principles of Privacy by Design and Intelligence without Surveillance.

Building and maintaining privacy-forward systems is an active process at Numina. Here are some of our best practices today:

1. Edge Processing

Numina’s sensors are built to process images onboard the device, eliminating the need to send images to the Cloud for processing. We do not, as a regular practice, store imagery, which can be later accessed for additional data extraction or surveillance purposes. (We randomly sample less than .02% of all imagery purely for accuracy validation purposes, addressed further in #4.) 

2. Information Security

Sensors are decentralized, logically isolated from each other and from the rest of Numina’s network resources, notably our Cloud servers. All of our communication occurs over encrypted channels. Only authorized devices can communicate with the sensors. This approach removes pathways for potential data interception or sensor access by unauthorized parties.

3. Data Lifecycle

Not all data is equal, from a security and privacy standpoint. Rich image data provides valuable insight, but also poses risk because it contains detailed visual data about people and their behavior in a real world setting. Numina does not store images long-term, only the anonymized intelligence extracted from them. Personally identifiable information (PII) is never extracted.

4. Image de-identification

In the occasional, randomly sampled image collected for accuracy validation purposes, Numina masks or removes any PII through a process of “de-identification”. Images are de-identified prior to anyone, including members of our team, ever interacts with them.

As object detection and tracking technologies advance rapidly, it’s important that companies who work with image and video footage match that advancement in their security and privacy practices. Also, while state-of-the-art image obfuscation tools for hiding faces or license plates may stump humans, these techniques are not always robust countermeasures against machines. IoT companies handling image data must utilize techniques that offer protection from humans as well as machines.

Image data is an essential component of improving our powerful deep learning algorithms that can extract valuable insights. At Numina, our ultimate goal is to empower cities with actionable intelligence in a way that is transparent to, and in the best interests of citizens.


To learn more about our approach to upholding privacy in the public space, please enjoy: