This summer I investigated how cities deploying “smart” technologies are addressing issues of privacy and data security. In particular, I was interested in mechanisms of public disclosure, accountability, and transparency around these topics. Based on my research, I determined five guiding principles to make a smart city an open city.

Engage early and often

Public officials need to engage community members in determining what technologies to acquire when they have the potential to affect issues of privacy and security. This includes publicly deciding how personal data is collected, used, and protected on behalf of the public good.

Oakland, CA: Oakland Privacy Advisory Commission and Surveillance Ordinance

Oakland’s Privacy Advisory Commission, established through a city ordinance, sought to increase community engagement by passing a Surveillance Ordinance explicitly stating that public input and public opinion should be considered prior to the funding, purchase, acquisition or use of any surveillance technologies. The Privacy Advisory Commission seeks to increase resident participation within  the decision-making process for surveillance technology by reviewing future acquisitions, providing longer notice periods (compared to the existing notice period of only 72 hours, as mandated by the California Brown Act),  partnering with community based organizations, and conducting off-site community outreach. By codifying the need for public input and creating a Commission that consists of invested residents, Oakland provides an example of how cities can integrate community engagement in existing processes.

Open decision-making

Smart cities policies should hold public officials to clear transparency and public accountability standards around technology implementation. This means legislating that staff responsible for overseeing smart city policy are mandated  to disclose how, where, and why a project will be implemented, within a specific timeline of the new smart city project launch. Moreover, to build trust and ensure acquired technologies are developed in ways that do not violate civil liberties, smart city policies should mandate that public officials share how and why smart city projects are selected before their official implementation.

Chicago, IL: Array of Things

The Chicago Array of Things is an urban sensing project aimed to build a “public sensor utility”, with a network of Internet-connected “nodes”, collecting real-time data on the city’s environment, infrastructure, and activity. The project also resulted in the creation of the “Array of Thing Governance and Privacy Policy and Process,” which clearly outlines expectations of transparency in how data is collected, where smart technology (nodes in this case) will be placed, and the criteria for selecting installation locations. The policy was drafted through a partnership between the City of Chicago, University of Chicago, and Argonne National Laboratory. The policy went through a public vetting process that lasted six months and included the use of  public meetings and online tools to collect public feedback.

By reducing opacity around where nodes are placed and why those locations are selected, residents can ensure nodes are being placed without bias; that is, communities are receiving equal treatment with no special treatment on the basis of demographic composition. Moreover, residents can provide recommendations on the project though a Google Form including suggestions on where nodes should be places and ideas for the kind of data AoT should measure, allowing for more opportunities for public participation. Residents could also view the architecture and sensor list of nodes online in a table listing types of sensors used, data each sensor was measuring, and privacy notes for each sensor.

Good Smart City Governance

Smart city policies should set an expectation of public disclosure of the types of data being collected, as well as methods of data storage and transfer. In addition, public officials should thoroughly consider data ownership, especially when entering into a public-private partnerships and ensure cities have the ability to own or control the data generated from the devices and platforms they are using. Cities should also maintain transparency around data analysis and usage, especially where process and decision-making automation through the use of algorithms is in use.

New York, NY: Guidelines for the Internet of Things (IoT)

Within its IoT Guidelines, NYC has two sections: 1) Privacy + Transparency and 2) Data Management that explicitly outline how data measured by any IoT systems should be categorized, collected, stored and archived. Moreover the policy recognizes the need for audits and monitoring for accuracy and validity. The Data Management section goes above and beyond when it outlines the expectation that data sets will be checked for geographic, social or system-driven bias.

New York, NY: Algorithmic Accountability Bill

The NYC Algorithmic Accountability BIll requires the creation of a task force to develop a process for reviewing algorithms to ensure equity and transparency. The task force would inspect the goals behind implementing the algorithm, the data that went into model, how the data was analyzed, and publicize the impact. This is one of the first taskforce of its kind and will explicitly review automated decisions systems “through the lens of equity, fairness and accountability.”

Documented public privacy impact assessments

Smart city policies should ensure public officials consider how new technologies will impact a resident’s right to privacy and confirm there are appropriate safeguards to protecting this right. This can take the form of a publicly available privacy impact assessment, created prior to each smart technology acquisition that is  subject to a public review period to allow for effective public oversight. This process should take place before the technology in question is acquired.

Oakland, CA: Oakland Privacy Advisory Commission and Surveillance Ordinance

Oakland’s Surveillance Ordinance requires a Surveillance Impact Report that evaluates the impact of a new surveillance technology on civil rights and liberties The Surveillance Impact Report must be completed even before public officials can seek funding for new smart technologies. This report informs the Technology Use Policy that circumscribes how the policy can and cannot be used. This provides an opportunity for City Council and the public to consider the non-monetary costs of new surveillance acquisitions. Oakland also requires Privacy Impact Assessments to be retroactively created for surveillance technology acquired before the Oakland Surveillance Ordinance was passed to ensure all surveillance technology is subject to the same review, creating a strong policy that can have a wide-ranging impact.

Seattle Privacy Impact Assessment

Seattle makes all technology privacy impact assessments (PIA) public by publishing them online on their Open Data Portal. The table organizes PIA’s by technology, vendor, and date PIA was approved, allowing the public to easily filter through and find the relevant PIA. Currently, there are only nine PIA’s published on this site since April 2017, even though the original surveillance ordinance was passed in 2013. In 2017 the original ordinance was amended to require city departments to report surveillance technologies already in use and present them for review by the council.

Robust open data practice

Cities that are striving to increase data collection and real-time analysis for improved efficiencies recognize that data transparency is integral to a true smart city. As a result, smart cities should  default to open data and treat information as a public good. A vision of an open, smart city will require prioritizing digital inclusion and tackling the digital divide.

Chicago, IL: Chicago Executive Order for Open Data

Chicago’s Executive Order establishing an Open Data policy that required proactive data publishing by city departments. Chicago requires the Chief Data Officer to work with the Chief Procurement Officer to ensure open data as a default in written into the contracts of new technologies. While open and transparent government is mentioned in the Chicago Tech Plan, the smart city plan relies upon the precedent of open data set by the Open Data Policy. This Executive Order facilitated the open data language within the Array of Thing’s Governance Policy: all data (once proven to be accurate and reliable after calibration was complete) was to made publicly available through the existing Chicago Data Portal.

Transforming a city to a smart city will be an iterative process for which transparency and accountability will be paramount. As new technologies are produced and old technologies develop new capabilities, cities that will be at the forefront of this work will recognize the need to create processes for continuous education and engagement, for both elected officials and public residents. Just as our built infrastructure is modernized, our methods for public accountability will need continuous updates to keep up with changes in data collection and surveillance.