Originally published on the Sunlight Foundation blog.
Recent breaches of data privacy at Facebook have been flash points for discussion and potential Congressional action about how private companies are collecting, storing, and using our personal data. As tech companies around the world scramble to implement new privacy policies, repair trust in their products, and comply with new privacy standards, city governments should be paying attention.
Private companies are dominating figures in the push toward “smart cities”. They are developing technologies that will allow cities to collect and analyze data about their residents’ behaviors through our everyday built environment including pedestrian traffic sensors, connected bikeshare, license plate readers, and more.
If wielded correctly, these technologies hold the promise of improving quality of life for residents. But what’s more certain is that tech companies will profit from mass data collection, analysis, and use.
At the center of the possibility for more tech-driven cities is a fundamental question of how cities will handle ethical data management—and just as crucially, how they will remain transparent and hold tech companies accountable. Cities should commit to proactive disclosure of smart city agreements and data management practices to avoid eroding public trust or the public’s right to information.
Open contracting is a must.
Each new technology, node, or implementation will likely involve a contract between the city and a private company. Cities should think through how to use contracts to serve the public interest before inking those deals.
Citizens are the owners of public data, and we have a democratic right to take part in deciding how our cities evolve. But if tech companies drive the conversation about the future of smart cities—and the contracts that determine them—residents will be excluded from the decisions about how data is collected about their city blocks and about their lives.
Cities should begin building governance and passing legislation that mandates transparency in smart city procurement and implementation to ensure that conversations about ethical data management happen in the open. They should invite the public to participate in determining how to ensure that data collected via public infrastructure remains in the public domain. And residents should feel empowered to participate in public conversations about the bumper rails for what vendors should be allowed to share with third parties, and how they should disclose that data sharing.
Our guidelines for open contracting, developed with the help of the Open Contracting Partnership, show how cities can empower citizens to weigh in on city contracting. By bringing questions about data ethics into the public domain, cities can build trust with residents and block corporations from making critical decisions about data use behind closed doors. Here are three questions that cities should ask themselves and their residents to inform smart city contracts.
1. Will algorithms be transparent?
Imagine that a new technology allows a city to find out where gunshots are fired. The company providing that technology probably hears a lot more than just gunshots, but instead of delivering a raw file of all the data, it uses an algorithm to identify certain noises as gunshots as well as suggestions about where to deploy police officers. If data collection and analysis methods are proprietary, and city contracts don’t mandate public disclosure, this arrangement would exclude the public from highly impactful decisions around crime and safety, and risks widening inequality around important policy issues in cities.
This happened in New Orleans when the software company Palantir implemented a pilot to preemptively identify individuals who were likely to engage in criminal activity. People were tried in court and their lives were disrupted using evidence developed by secret algorithms that Palantir helped the New Orleans police department to use. Exacerbating the problem was the fact that Palantir’s agreement with the city was an informal memorandum, making it unclear what rights the public had to see the terms of the agreement. In the worst cases, companies have pressured cities to sign non-disclosure agreements that raise even more uncertainties about what information the public has a right to.
If (and when) cities begin contracting with vendors to use algorithms to make decisions about public services, they will need to explicitly think through the mechanisms by which they can keep tech vendors accountable to the public. The City of New York recently took a first-of-its-kind action to create a committee to review and open algorithms that affect city decision-making, and that’s one model cities can follow.
2. What’s allowed with the data collected?
How should vendors be allowed to reuse the data collected by the technology they own? In many cases cities never even see the raw data collected by these technologies, and many companies consider it within their rights to use the data collected using their technology for ends that go beyond the limitations of their contracts with cities. Unless it’s stipulated otherwise, it could also be within their rights to sell that data.
As a basic rule, sensor-generated data should be shared in some form as open data. Having an open data policy in place can help. Sunlight’s best practices for this—particularly guideline #6—suggest making it clear that “information that is gathered from the public using public funds should remain publicly-accessible, regardless of government decisions to delegate its management.” When it comes to open data, we firmly believe that the public must have access to data collected through public infrastructure or with public funds.
As with any open data, company-collected data should be reviewed for potential ethical or personal privacy issues before releasing the data to the public for general reuse. Some mission-driven sensor technology companies have expressed a commitment to ensuring that sensor-generated data is aggregated and provided to the public as open data in any city engagement. However, behind the scenes, vendors can still sell and share raw data and proprietary insights about that data to other private companies unless the City mandates otherwise through their contract with the vendor.
3. Where do we draw the line on individual privacy?
There are necessarily a variety of sensitive issues associated with mass data collection in the public sphere, like: Which sensor data will be too private to release as open data? How should data be used to reduce risk to individuals? How should data be stored to reduce risks of leaks? How can we preempt unethical data analysis and protect vulnerable populations?
None of these questions can be answered in a vacuum. Public attitudes about these issues may shift or vary from city to city. But local residents need to be able to participate in answering them, and in order for that to happen, smart cities need to also be transparent cities. Advocates in Toronto are wrestling with these questions and producing thought leadership around public data ownership and appropriate transparency standards in smart city procurement and practice.
Whether your city is just beginning to explore emerging technologies or already collecting data from connected technology, every local government should be prepared to put transparency at the center of their smart city movement. Providing citizens with access to information and access to decision-making is the path to a democratically accountable smart city movement.