This appeared as “Soon Your City Will Know Everything About You” on the Foreign Policy website June 7th 2016.
The world’s cities are collecting ever-increasing amounts of data. It’s time for mechanisms to prevent abuse.
They call it “the Internet of Things” — the rapidly growing network of everyday objects equipped with sensors, tiny power supplies, and internet addresses. Within a few years, we will be immersed in a world of these connected devices. The best estimates suggest that there will be about 60 billion of them by the year 2020.
Currently, the biggest users of these sensor arrays are in cities, where city governments use them to collect large amounts of policy-relevant data. In Los Angeles, the crowdsourced traffic and navigation app Waze collects data thathelps residents navigate the city’s choked highway networks. In Chicago, an ambitious program makes public data available to startups eager to build apps for residents. The city’s 49th ward has been experimenting with participatory budgeting and online voting to take the pulse of the community on policy issues. Chicago has also been developing the “Array of Things,” a network of sensors that track, among other things, the urban conditions that affect bronchitis.
Edmonton uses the cloud to track the condition of playground equipment. And a growing number of countries have purpose-built smart cities, like South Korea’s high tech utopia city of Songdo, where pervasive sensor networks and ubiquitous computing generate immense amounts of civic data for public services.
The drive for smart cities isn’t restricted to the developed world. Rio de Janeiro coordinates the information flows of 30 different city agencies. In Beijing and Da Nang (Vietnam), mobile phone data is actively tracked in the name of real-time traffic management. Urban sensor networks, in other words, are also developing in countries with few legal protections governing the usage of data.
These services are promising and useful. But you don’t have to look far to see why the Internet of Things has serious privacy implications. Public data is used for “predictive policing” in at least 75 cities across the U.S., includingNew York City, where critics maintain that using social media or traffic data to help officers evaluate probable cause is a form of digital stop-and-frisk. In Los Angeles, the security firm Palantir scoops up publicly generated data on car movements, merges it with license plate information collected by the city’s traffic cameras, and sells analytics back to the city so that police officers can decide whether or not to search a car. In Chicago, concern is growing about discriminatory profiling because so much information is collected and managed by the police department — an agency with a poor reputation for handling data in consistent and sensitive ways. In 2015, video surveillance of the police shooting Laquan McDonald outside a Burger King was erased by a police employee who ironically did not know his activities were being digitally recorded by cameras inside the restaurant.
What would Urban Privacy Commissioners do? They would teach the public — and other government staff — about how policy algorithms work. They would evaluate the political context in which city agencies make big data investments. They would help a city negotiate contracts that protect residents’ privacy while providing effective analysis to policy makers and ensuring that open data is consistently serving the public good.
The toughest part of the job would be verifying that the creative applications city agencies develop for any new technology — whether software-based (apps, data analysis) or hardware (traffic cams, drones) — uphold constitutional edicts such as due process while affirming legal and human rights and respecting community values. Courts may eventually evaluate how city governments use Internet of Things infrastructure, but it would be better to build the public interest into our urban sensor networks now.
Security experts have demonstrated that several kinds of urban censor networks, such as those in Lyon and Melbourne, are vulnerable to hackers. Trendnet, a company that provides surveillance solutions for homes and businesses, was compromised in early 2012, exposing camera feeds into living rooms several global cities, including Hong Kong and Moscow. Knowing this, a growing number of cities have appointed Chief Technology Officers who manage computer emergency response teams, address security incidents, coordinate responses, and share threat information with other cities.
Yet such officials rarely act as public defenders or independent advocates for city residents, and very few urban governments have dedicated staff and resources for privacy and data management issues. Many cities have ombudsmen or public advocacy offices, yet often these officials are partisans who must manage a wide portfolio of public issues.
There are three challenges to big data Internet of Things projects run by municipal governments. First, the public doesn’t always understand the trade-offs involved. Sometimes such projects violate our privacy but render big returns, making government agencies more effective, energy grids more efficient, and highways easier to navigate. More transparency might help combat biased algorithms, but that transparency might reduce privacy.
Second, municipal agencies aren’t very sophisticated with their privacy and data management strategies, if they have them at all. The valuable data collected by public agencies is often sold to private firms, simply turning public and civic data into private intellectual property.
Third, public trust in both government data management and the Internet of Things is low. Indeed, both policy makers and industry advocates are considering ways to address this problem. Urban Privacy Commissioners would help by educating citizens and keeping local governments and tech startups honest.
The Internet of Things is turning cities around the world into laboratories of democracy, where urban leaders experiment with the trade-offs between policy innovation and mass surveillance. We should welcome the policy innovation — and dedicated city-level privacy commissioners would help ensure that the Internet of Things is put to work for the public good without making personal privacy a casualty.