This was an overarching topic at many panels during the recent MetroLab Annual Summit, where featured speakers included municipal tech leaders, nationally renowned law professors, privacy advocates and leaders of smart city tech companies, among others. What emerged was a sense that local governments are increasingly aware of privacy considerations; that they are interested in de-identifying the data they collect; and that they only want data that will help with the work of improving services. Technology and innovation, however, can tend to outpace efforts to establish firm checks on privacy.
To understand the discussions, one must understand the current state of municipal open data, as well as how government uses smart city tech. Open data has transitioned in recent years; previously, cities made data available without much thought to what happens once it is released, meaning most cities did not release data in formats that allowed easy use by all citizens, so the only people who found it useful were civic technologists and data geeks. This is changing, with cities like New Orleans, Boston and Chicago steadily rolling out new concepts that use open data to create tools citizens can use to get information about rental properties or learn about water quality at public beaches.
Many of these leading cities are now collecting information through Internet of Things (IoT) initiatives that help them learn more about their streets, collecting data on everything from traffic flow to rainfall to air quality. These initiatives are often carried out by sensors or nodes that essentially surveil certain areas, although "surveil" is too harsh a word. Instead, these initiatives simply capture large swaths of info so technologists and other city leaders can contextualize what’s happening, paving the way for the creation of prescriptive and predictive analytics tools that can alter the allocation of city resources and, ultimately, improve quality of life.
Peter Swire, a leading privacy and cyberlaw scholar who is currently a law professor at Georgia Tech, was the chief counselor for privacy in the U.S. Office of Management and Budget under President Clinton, making him the first person to ever have U.S. governmentwide responsibility for privacy policy. He was also a member of President Obama’s Review Group on Intelligence and Communications Technology. At the summit, Swire described being in the Obama administration during the creation of data.gov in 2009 and 2010.
Swire said expectations for the power of governmental open data started high — he held a hand well above his head — but because of the potential for inadvertently identifying individuals, expectations dropped — he lowered his hand well below his neck.
Open data efforts at the city level must also consider whether data can be subpoenaed and used to make arrests, which is not the goal or function of civic open data work.
“It’s a fundamental part of an open data effort to think what can be re-identified, what is private information and can the police come and get a warrant,” Swire said, urging both public servants and gov tech vendors to always stay aware of that.
Perception is also important, as Chicago and its collaborators learned upon launching the Array of Things project, an influential smart cities initiative made up of thousands of nodes. Array of Things, which is in the process of being spread to other cities, was born of a collaboration between the city and researchers at the University of Chicago, like Charlie Catlett, the director of the Urban Center for Computation and Data.
Catlett said that when they were first setting up the nodes that collect data for the Array of Things project, the community was skeptical of any government effort to collect info, so technologists had to learn to become very deliberate when they explained what they were doing and why.
One of the representatives on the panels from city government was Michael Mattmiller, chief technology officer of Seattle, which is one of a handful of cities with a detailed privacy policy related to data governance in place.
Mattmiller said that Seattle’s approach has been shaped by the desires of the community, and that, despite being a city where data is open by preference, this has led to Seattle reducing the data it releases.
“Our people who are paying attention would much rather see us err on the side of not releasing something that could cause a mosaic effect or otherwise cause harm,” Mattmiller said.
To that end, Seattle uses a practice that’s kind of like dipping a toe in a pool. When it comes to open data, city technologists guess at the most minimally valuable open data set that would benefit the community. They pinpoint that, release it and monitor reaction. If there isn’t strong opposition, they release another data set that’s more comprehensive.
Seattle has also implemented a privacy training program for employees, and it has heeded the advice of its academic and research community, specifically that offered by research dubbed Push, Pull and Spill, which gave a number of recommendations related to open data and privacy. Currently, Seattle has implemented all of the suggestions save one, which it is working with researchers to implement now.
One of the authors of this research, Jan Whittington of the University of Washington, emphasized the importance of steady communication with the public. To this end, the city must always have a clear end goal in mind when it begins collecting new data.
“If we get down to the root of it, the idea of the technology is supposed to be that it’s serving a real public purpose that people can get behind,” Whittington said. “It’s not supposed to be a fishing expedition.”
Tom Schenk is the chief data officer for Chicago, which like Seattle has a privacy policy in place, but he also noted that his city is not subject to as many regulations as Seattle or San Francisco, and that looking to them for guidance is also helpful. Schenk said Chicago has found that its community is generally amendable to open data work when the technologists effectively communicate its purpose, specifically how it makes life better.
“Between every single one of those projects, we have the responsibility of thinking what is too much, what is too far,” Schenk said, “and it’s really a use-case-by-use-case basis.”
Nearly every speaker acknowledged the vast potential of predictive analytics that stem from this data collection, just as they all emphasized that it was important to not create tools that make residents' personal information vulnerable. But perhaps the most prevailing idea in these discussions, however, was the notion that we are in the early stages of municipal open data privacy regulations.
Speakers also voiced concern for the future, noting that while dialog may be open and strong among the first generation of smart city residents, people have a way of becoming complacent, and privacy considerations could be forgotten moving forward.
Mattmiller voiced a thought that could maybe sum up the future of the matter: “In this brave new world of IoT, notice of consent is going to be very interesting.”