6 tips to help a ‘smart’ city navigate around privacy issues
From Dubai to Chicago, cities around the world are becoming increasingly “smarter”, using interconnected technologies to improve efficiency and digitize services.
Many governments see smart technology, in its various guises, as a way to boost development. India, for example, is in the midst of rolling out its Smart Cities Mission, launched in 2015, in a bid to improve the quality of life in 109 of its cities. Dubai, meanwhile, is digitizing its cityscape at a rapid pace, launching 121 smart services and over 1,129 smart initiatives over the past three years.
More broadly, data of the type that runs smart technology has moved front and centre in the global discussion over sustainable development. A first-of-its-kind global summit on development data took place in January, followed by a first-ever conference on data and cities in March.
The panoply of data-gathering innovations that can underpin the smart-city framework is broad: street lights fitted with license plate readers and gunshot detectors, sensors that detect and count passing smart phones, the ubiquitous presence of closed-circuit cameras in many cities and much more.
But the lightening-fast proliferation of some of these tools has brought with it a host of privacy concerns. Not least is the worry that an increase in data-gathering sensors, audio-recording devices and cameras in urban areas amounts to excessive government surveillance that erodes the space for public dissent.
“Widespread surveillance could lead to chilling effects on the behaviour of people in public spaces,” said Kelsey Finch, policy counsel with the Future of Privacy Forum, a Washington-based nonprofit group that focuses on advancing responsible data practices. “Folks won’t feel like they can protest or that they can speak freely or just go about their lives. Even if you don’t have anything to hide, you still need space to be who you are without the pervasive monitoring [by] government.”
Already, facial-recognition technology is reportedly being used in the Chinese city of Jinan to catch jaywalkers — an example of how smart technology can be used to police public spaces.
Data-privacy advocates such as Finch also worry that with cities and private companies collecting more and more data about citizens, this opens up a potential trove for thieves or others with nefarious intent. If this data is not properly secured and stripped of personally identifying information, it could be used for fraudulent activities, experts warn.
So, how can city officials who want their cities to benefit from the smart-city technologies available today — and still to come — do so in a way that respects and protects their citizens’ privacy, now and into the future?
A new online tool from Finch’s organization, released in March, offers some guidance. Shedding Light on Smart City Privacy is an interactive infographic. The tool shows the array of smart city technologies available today — smart power and water metres, for instance, and drone-mounted cameras for traffic monitoring.
The tool highlights data-related privacy concerns: surveillance, unexpected use of data and data “spills”, such as when personal information is leaked due to a database being hacked. It then offers advice on how to improve data privacy.
The Shedding Light tool also links to a collection of resources on smart-city privacy. These offer best practices, codes of conduct as well as reports from other cities, researchers and advocacy groups. They’re all keyed toward helping local policymakers in this arena.
Citiscope’s Brendon Bosworth spoke with Finch about what city officials need to know when it comes to smart cities and data privacy. Here are six of the main takeaways.
1. Employ an expert to manage privacy from the beginning
For cities looking to implement smart-city and data-related projects, it’s important to manage the privacy component from the beginning and throughout the project’s lifecycle, advises Finch.
Ideally, this would involve having an expert — such as a chief privacy officer, a staffer often sourced from the private sector — on board who can oversee privacy issues and do regular audits of data projects.
It’s also important to train city staff on privacy and how data collected about citizens can and can’t be used. Here, collaborations with academia can be beneficial.
“There is a lot of groundwork that needs to go into any project to protect privacy, to maximize the data benefits while minimizing privacy risks,” said Finch. “It takes a lot of different skill sets. As city officials start doing these projects, they need to seriously think about bringing in experts and bringing in additional points of view for these discussions.”
2. Engage the community
Cities rolling out smart-city projects need to inform citizens of what type of data will be collected and how it will be used, as well as to get feedback on privacy concerns, Finch advises.
3. Minimize data collected, and ‘de-identify’ personal data
A core way to promote privacy is through what’s known as data minimization: limiting the collection of personal information solely to that which is directly relevant and needed for the task at hand, says Finch.
For instance, if a city wants to introduce a new technology such as sensors or cameras to count the number of people passing a certain street every day, decisions first would need to be made about the appropriate level of identifiable information to collect. In this case, officials would need to look at whether it would be necessary to capture images of faces (the most identifiable), or to count pedestrians with sensors that measure heat (least identifiable), or to simply count the number of passing Wi-Fi- and Bluetooth-enabled devices.
Privacy advocates also highlight the importance of data de-identification. This involves modifying a dataset so that the information in it can no longer be used to identify individuals. This involves removing information such as names, personal identification numbers, and email and home addresses, as well as factors that in combination could identify a person — age, gender and sector they work in, for instance. In April 2016, the Future of Privacy Forum published a visual guide to data de-identification.
Tied to the issue of data minimization is not using data collected for one purpose for other, very different purposes in the future, explains Finch. “These days there’s a particular concern that data collected for one purpose might be reused by future administrations for another purpose,” she said.
This issue came to the fore in the United States recently with concerns that the Trump administration could try to use personal data collected about undocumented migrants who had applied for New York’s municipal identification card to inform deportations. The city recently won the right to destroy personal documentation collected through the programme, thus protecting undocumented immigrants.
4. Use local storage
Another way to mitigate the risks of personal data later being used to identify people or being accessed by unauthorized parties is to make sure that raw data collected is not sent to the Internet “cloud” but rather is processed on a local device, with only aggregated data sent to online storage.
For example, if a sensor was mounted on a street light with a camera for counting passing cars, bikes and people, it would analyze the video footage, delete the raw footage, and then send only the number of people, cars and bikes counted to the cloud. That aggregated data would then be used for analytical purposes without using personally identifying information, Finch says.
5. Make sure vendors toe the line
With various tech companies providing services in the smart-city sector, city officials need to be vigilant about managing privacy expectations and practices with the companies contracted to operate smart-city tools, do data analytics and store data, advises Finch.
This requires putting in place contractual agreements on privacy and personal information, understanding and regularly monitoring vendors’ security and privacy practices, and doing regular reviews on how contracted companies are using the personal data collected.
It also involves making sure that service providers commit to using the data only for specified purposes, and not “re-identifying” the data — matching anonymized data to the people it was collected from.
6. Be careful with open data
Along with the rise of smart-city tools and technology, there has been increased interest in “open” data for cities over the past years. Cities from Cape Town to San Francisco have created open-data portals, sharing public information on public transport, crime, health and public services.
While open data helps researchers, civil society and the general public to better understand the workings of their cities and to hold local authorities to account, it needs to be handled with caution so that publishing it doesn’t inadvertently reveal personal information about citizens.
Again, Chicago offers a good example in this regard. This year, the city published the names of special-education students along with services provided to them in a dataset intended to shed light on district spending, as reported by the Chicago Sun-Times. The data was subsequently taken down.
“The goal of open data is to shed light on government, not to inadvertently harm the people that it’s supposed to serve,” says Finch. “As we can make more data available about people within the city we need to be careful about how that gets handled.”
City officials looking to get up to speed on good open-data practices can consult a playbook from the Berkman Klein Center for Internet and Society at Harvard University, published in February. The book “codifies responsible privacy-protective approaches and processes that could be adopted by cities and other government organizations that are publicly releasing data,” according to the publisher.
San Francisco has also published an open-data-release toolkit that serves as a step-by-step guide for municipal agencies and data programme staff on releasing open data.