As city governments seek to integrate smart city technologies to tackle the growing challenges of urbanization, we are promised a technological utopia where data-driven decision-making enhances the quality of life for residents, reduces environmental footprints, and improves public services without burdening existing structures. The creation of these self-regulating systems that respond dynamically to citizens' needs comes at a price; there are ethical, social, and privacy implications that accompany them. In order to shed light on what these implications may be, I interviewed current and former smart home residents within Seattle, Washington, which has invested significant resources into smart city initiatives that have included partnerships with tech companies anchored in the area. I explored their perceptions of smart cities, uncovering concerns about data control, hopes for responsible data practices, and views on the benefits and risks. The insights of our participants revealed that the caution around the adoption of smart cities is about trust, equity, and, increasingly, cybersecurity.

Through this research, I examined how new technologies, while potentially improving quality of life, could also exacerbate existing inequalities, spark new ethical dilemmas, and redefine the relationship between citizens and their government [1].

There was excitement about the potential of smart cities, as well as a great deal of skepticism. People expressed concerns about their privacy, the potential for increased surveillance, and the risks of living in a city where data is constantly being harvested. At the same time, there was a palpable sense that, before cities get smarter, they need to address the immediate needs of residents such as affordable housing and effective public services.

  Barriers, Burdens, and Buy-In

I sought to understand participants' hesitation regarding the viability of smart city tech integration, specifically in cases where participants had adopted Internet of Things (IoT) technologies in their daily routines within their households. The responses fell into three categories: tangible feasibility, high barriers to inclusion, and commodification.

Tangible feasibility encompasses the practicality and likelihood of successfully implementing a project or idea, considering the availability of necessary resources and the ability to meet technical, economic, operational, legal, and scheduling constraints. The lived experience of being in a city where residents often deride aging physical infrastructure and inadequate social systems has made it difficult for participants to see the benefit of adding new systems with unknown benefits. This, in turn, led to questions about whether the city could handle the challenges of adding new technologies to the existing infrastructure, as well as doubts that a new set of systems would fix Seattle's existing problems.

Discussions of high barriers to inclusion touched on the obstacles that prevent individuals or groups from participating fully and equitably such as accessibility for older family members, access to internet-enabled devices, and the steep learning curves borne out of the experience of teaching family members about new technologies. This concern extended to considerations of how to maintain data stewardship.

Finally, participants addressed commodification, the process of transforming something not traditionally seen as a marketable item (e.g., ideas, experiences, social relationships, or cultural practices), into a commodity that can be bought, sold, or traded. Participants discussed the trade-offs of providing the data necessary for a smart city and the cost of that data being available to outside actors, with a lack of sufficient counter-measures and a disbelief that data boundaries would be respected.

Hesitations around the implementation of smart cities have been about privacy concerns. Residents have fears about insufficient data protections for collecting sensitive information, economic displacement, and the exacerbation of social inequalities through the widening of the digital divide and lack of sufficient considerations for the needs of people with disabilities. These concerns were not present when discussing the safety of smart home IoT devices. Nevertheless, smart city initiatives have expanded as a method of addressing the challenges of urbanization including crime, traffic congestion, waste, water management, energy use, pollution, and unequal access to healthcare, housing, and education. Our study sought to address these gaps by understanding user comprehension of smart home technology, devices, and threats as well as exploring approaches to improve user comprehension and enhance engagement with smart city technologies.

The participants' responses provide insight into what people value and expect from smart city technologies. It should be noted that all participants felt enthused about at least one aspect of smart city futures. These notions can guide policymakers and developers to focus on features that address these specific needs and concerns. While participants see significant benefits in smart cities, they also emphasize the need for ethical, unbiased, and transparent implementation.

---

To build truly smart cities, we must embed security, privacy, and accountability from the ground up—not as afterthoughts, but as core principles

---

Striking this balance is critical for gaining public trust and ensuring the long-term success of smart city projects. Understanding these perceived benefits can help shape policies and strategies for smart city development. By focusing on fairness, accountability, and transparency while ensuring ethical practices, policymakers can create more effective and publicly accepted smart city initiatives. The goal of our study was to identify the reactions and hopes of smart home residents and enthusiasts. By understanding how residents adapt to and accept smart home technologies, HCI researchers can develop strategies to foster broader acceptance and optimize the design and functionality of smart city solutions.

  Smart Systems, Weak Links

IoT devices for smart homes comprise a broad range of devices, protocols, and systems that allow devices to connect and exchange information over the internet while relying on sensors and actuators to respond to data, such as motion, light, and temperature, supporting the monitoring and controlling of built environments. IoT-enabled security systems, such as video doorbells, smart locks, and motion detectors, can be accessed remotely, allowing remote home monitoring. To store and enable analysis of security footage and data, smart home devices often utilize cloud computing. When coupled with connectivity, smart homes are susceptible to security attacks due to the vulnerabilities present in these devices.

IoT applications are magnified in smart cities as the data collected by urban technologies can be used to manage assets, resources, and services including transportation systems, waste management, smart grids, and other utilities. Cities in the United States collect real-time data from their sensors. In Atlanta, for example, the North Avenue Smart Corridor uses smart traffic management to optimize traffic flow and reduce emissions. New York City plans to modernize its electric grid to enhance its capabilities, improve reliability and efficiency by flexibly managing energy demand and supply, and support the integration of renewable energy sources. These cities function as data hubs, producing and absorbing vast quantities of information through sensors, devices, and applications, which contribute to the complex and varied datasets that power urban services and infrastructure.

The city reflects large-scale infrastructure (transportation, grid management, and public services), while the home represents localized, personal connectivity through devices (smart appliances, security systems, and lighting). Smart cities rely on vast digital infrastructures, broadening the attack surface; this complexity introduces a staggering range of vulnerabilities. The potential targets for an attack are likely unevenly protected. Unlike a home router, when these systems fail, they don't just take down your ability to work from home—they risk public safety, infrastructure integrity, and civil liberties. City technology infrastructures tend to prioritize convenience and interconnectivity, often at the expense of modularity or compartmentalization. But, a sprawling, interconnected system without strong internal boundaries is a gift to attackers, visualized in Figure 1. One compromised node can serve as a launch-pad to access more critical systems: public transit networks, emergency services, even water treatment facilities. As a result, everything is connected, so everything becomes vulnerable.

Our participants were acutely aware of these risks. While few used the term "cybersecurity" explicitly, their concerns mapped onto core cybersecurity principles. Despite their concerns, our participants weren't fundamentally opposed to technology. Rather, they wanted systems that were transparent, accountable, and designed with privacy in mind. "Set a time range for collecting the data… Let [devices] delete the data periodically," one participant suggested. Others argued that it was essential to anonymize data to prevent personal identifiers from being linked to specific actions. The demand for time-limited data collection is essentially a call for data minimization, a primary tenet of secure system design. Several participants questioned why city systems needed to store any personally identifiable information (PII) in the first place. They weren't being paranoid. They were anticipating what many security professionals already know: The best way to protect sensitive data is not to collect it at all.

Participants intuitively understood this. They voiced concerns that felt abstract but were, in fact, rooted in threat modeling. One participant worried that their data might be used against them in the future—not by the city, necessarily, but by unknown actors, decades from now. This was a recognition of the long history of data misuse and the potential for future threat vectors that haven't even been conceived yet. Perhaps one of the most pervasive concerns among our participants was the fear that their personal data would be commodified, as residents are deeply uncomfortable with the idea of their data being harvested, sold, and repurposed without their explicit consent. "Our country is run like a business… I'd be shocked if [data collection and redistribution] didn't happen," said one participant. The fear is that smart cities, rather than being spaces of progress and innovation, will become platforms for exploitation. While some participants expressed conditional comfort with surveillance for safety, they nearly all emphasized the importance of knowing who's watching, why, and with what safeguards. This aligns directly with a key concept in cybersecurity: access control. Who has access to what data, under what conditions, and with what oversight?

Our research shows that while people are generally aware of the risks of data collection, they also express concern about the lack of control they have over their data. The larger the smart city network grows, the more data is constantly being shared across countless communication points. This exponential increase in data-sharing creates opportunities for both deliberate and unintentional breaches. While there are various security measures in place to prevent cyberattacks—such as encryption, firewalls, and multi-factor authentication—these systems must be continually updated to keep up with new threats. Cybersecurity in the smart city must be a dynamic, ongoing process rather than a one-time fix.

Beyond the technical challenges, there is also the issue of public trust. How can residents feel confident that their personal data is being protected if they don't fully understand how cybersecurity is being implemented? For some, the trade-off between privacy and safety is clear. As one participant put it, "I actually prefer surveillance. I'd rather feel safe and that if somebody was gonna murder me or do something to me, I'd rather have that on camera. My family could know that this is how I died." They're willing to accept surveillance if it means quicker emergency responses and more effective policing. However, others fear that this desire for security could quickly lead to a loss of personal freedoms, with constant monitoring of daily activities. Residents need to be informed about the risks associated with smart city technologies and the measures being taken to protect their information. This means clear communication from city officials, as well as ongoing audits and reports that ensure compliance with data protection standards. When residents trust that their data is being handled securely, they are more likely to accept the smart city as a tool for improving their quality of life. However, without this assurance, the risk of public pushback grows.

Unfortunately, the current state of municipal cybersecurity governance is often reactive rather than proactive. City infrastructure is based upon what's available or affordable, and not necessarily what's secure or equitable. Cybersecurity policies certainly lag behind deployments, and public transparency is often minimal. This is where research can contribute directly: By identifying what residents expect from city systems, we can inform the design of frameworks for policies surrounding the deployment of urban technology that are both technically sound and socially accountable.

One path forward is to embed cybersecurity into the design process from day one. This means creating privacy-by-design systems—architectures where data protection is not an afterthought, but a foundational principle. It also means considering differential risk. Certain populations, such as immigrants, activists, or unhoused residents, face greater dangers from surveillance and data misuse. A smart city that collects indiscriminately is one that endangers the very people it claims to serve. That's why cybersecurity can't be reduced to firewalls and encryption protocols. It has to be about risk mitigation as well, anticipating how a breach or misuse might disproportionately harm already marginalized groups.

  Algorithmic Power, Democratic Deficits

To understand the potential for harm to citizens of a smart city, these same citizens should be involved in the co-creation of how urban technologies are deployed. Local and national governments, along with IoT technology companies, are the key stakeholders driving the implementation of smart city initiatives due to their institutional power. Corporations participate in smart city initiatives to pursue market interests, while city governments aim for more efficient governance. Meanwhile, citizens seek improved living conditions, which may not necessarily be centered by the more powerful stakeholders.

---

Smart cities promise progress, but their success depends on more than just connected infrastructure—it hinges on public trust

---

However, the emergence of smart cities introduces increased rates of algorithmic governance, where power is not directly in the hands of people, but is instead in the "hands" of a system with massive quantities of data to process. While these sensors can allow for rapid responses in case something occurs outside of the norm, there are now additional actors present within the social contract, which are the data-driven non-human agents that can automatically deploy resources and the external actors that develop the technologies. The algorithms that control these sensors are often developed in the private sector, not through public institutions, and this creates a dynamic between private and public interests that challenges the norms of democratic governance [2]. This also exposes a gap in how we consider theories of power, as well-established frameworks do not capture non-human agents that are data-driven in shaping outcomes within a city. The power that is embedded within these systems and their algorithms, which are opaque and therefore difficult to challenge, shows us that we need to reconsider how power is exercised within a city. Using citizen participation and centering the purposes that they want the smart city to ameliorate via democratic accountability could stop data from being used in ways that the public does not want. It would stand in place of practices that start by collecting massive amounts of data and then deciding what should be done with it after the fact.

This prioritization of private corporate interests and technological experts lends itself toward building a technocracy. The changes driven by technocrats are formed through the rhetorical calls for objectivity and the centering of optimization and are essentially presented as an alternative to the political friction commonplace in democratic governance. However, technocracy becomes autocracy in disguise, or as Miguel Centeno puts it, "In this process, the technocratic model of objective necessity replaces the decisionistic model of politics, which leads to the 'scientification of politics' and inevitably produces an authoritarian political framework" [3]. Smart cities do not align with theories of power that are hierarchical and purely institutional. Instead, smart cities have a distributed and networked form of power due to the use of decentralized IoT technologies, but there is still a form of centralized power held by tech companies and government agencies. This necessitates a more nuanced approach that takes both the centralized control and the decentralized nature of the methods of control into account.

  Reclaiming Agency and Embedding Equity

A significant fear expressed by our participants was that smart cities could become spaces of technocratic overreach, where decisions are made by a small group of experts rather than the people who are most affected. To avoid this, I propose a model of governance that integrates policy, community engagement, and design. It would establish criteria for evaluating urban technology projects, ensuring they align with ethical governance principles and prioritize marginalized communities. I argue that successful smart city initiatives need to have a fair allocation of resources and opportunities among residents, as the guiding principles that also undergird distributive justice. This is shown in Figure 2.

The policy layer includes independent equity audits and assessments that are performed on a schedule that determines how projects impact marginalized communities. There would be transparent reporting practices regarding project goals, funding sources, and outcomes of new initiatives to foster trust between policymakers and communities. These accountability mechanisms and iterative feedback loops would ensure all stakeholders are responsible for outcomes and can agilely address issues that arise. Establishing stringent data privacy measures works to protect individual rights and ensure that data collection and usage practices adhere to ethical standards.

The community engagement layer would involve workshops, city council meetings, and digital platforms that allow communities to contribute to decision-making processes. The goal of undertaking this community engagement is to give shared ownership over implementations to encourage their acceptance.

The design layer would include mechanisms for privacy protection, equitable access, and adaptability to bridge ethical considerations and technological advancement. This also involves including community stakeholders in the design process early and often, so that community priorities are reflected and systemic biases are resisted. By setting goals for an approach that has different layers, there is the hope of rebalancing the power that the institutions have over the community members, enmeshing equity by prioritizing community needs at every layer, and authorizing people to exercise agency through their participation in shaping the system.

Our study noted a critical gap in the governance of smart cities: The absence of clear, comprehensive laws protecting residents' privacy and data rights. Many participants were unaware of the protections currently in place, such as Seattle's ban on facial recognition technology, and expressed concerns about the growing role of corporations and governmental agencies in monitoring citizens. Without a clear legal framework, trust in smart city technologies will remain fragile.

Cybersecurity experts can play a pivotal role in shaping these legal and regulatory frameworks. By working closely with policymakers and technologists, they can help design standards and guidelines that ensure smart city technologies are deployed responsibly. This includes advocating for encryption standards, secure communication protocols, and data-sharing agreements that prioritize privacy and user consent. Furthermore, they can help ensure that cybersecurity strategies are integrated into the development lifecycle of smart cities, so that security is built in from the very beginning, rather than added as an afterthought.

  Securing the City: The Price of Progress

The need for ethical governance is clear. As technology continues to evolve at a breakneck pace, it is crucial to ensure that systems are designed not just for efficiency but with a deep understanding of their social impact. By incorporating ethical frameworks into smart city designs, cities can prevent the rise of a technocratic regime where residents' lives are governed by algorithms with little oversight.

Smart cities promise progress, but their success depends on more than just connected infrastructure—it hinges on public trust. As our research shows, residents are not resisting technology itself; they are questioning who controls it, how it protects them, and whether it serves the public good. Without strong safeguards, transparency, and inclusive design, smart systems risk becoming tools of surveillance and exclusion. To build truly smart cities, we must embed security, privacy, and accountability from the ground up—not as afterthoughts, but as core principles.

  References

[1] Alikhan, H. and Kotut, L. I don't know if the light is what I really should be afraid of: Transparency and ethics in smart city governance. Unpublished manuscript. 2025.

[2] Sadowski, J. and Selinger, E. Creating a taxonomic tool for technocracy and applying it to Silicon Valley. Technology in Society 38 (Aug. 2014), 161–168.

[3] Centeno, M. A. The new Leviathan: The dynamics and limits of technocracy. Theory and Society 22, 3 (1993), 307–335.

  Author

Hummd Alikhan is an information science Ph.D. candidate at the University of Washington in Seattle. Her interdisciplinary research explores the intersections of smart city infrastructure, cyborg theory, and digital governance, with a particular focus on how power, agency, and equity are shaped through emerging urban technologies. Alikhan investigates how urban technologies, like IoT systems and algorithmic platforms, affect not only public infrastructure but also the co-construction of self and society. Her work considers how smart cities and cyborg technologies alike reveal structural inequities, and how they may also offer new forms of empowerment and agency, especially for historically marginalized communities. Her writing has appeared at CHI, and her latest project brings together urban informatics and critical theory to propose more inclusive and equitable models for technology design and governance.

  Figures

Figure 1. A visual representation of the smart city and smart home, illustrating the integration of smart systems at varying scales.

Figure 2. A layered circular diagram illustrating the ethical governance of urban technologies, with three concentric layers representing the policy, community engagement, and design approaches.

 

Copyright is held by the owner/author(s). Publication rights licensed to ACM.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2025 ACM, Inc.