- Tech advances will connect citizens to cities and services
- Despite benefits, privacy questions remain
- Secure cities require joint effort from academics, private sector, and local government
Technological advancements often result in compromises. Cars may provide a level of mobility never before seen in human history, but they also contribute heavily to pollution. To live harmoniously with our innovations, societies must negotiate exactly which downsides they’re willing to accept.
So-called “smart cities” are no different. Communities all over the world are implementing bike-sharing programs, parking apps, mobile payment for transit fares, and other projects. While undoubtedly helpful, citizens have raised concerns about how the resulting data is handled.
Ginger Armbruster, Chief Privacy Officer of Seattle, takes these concerns seriously. To her, protecting her fellow Seattleites’ data is as important as providing the smart services themselves.
Smart conversations about smart cities
Science Node caught up with Armbruster at Indiana University’s Ostrom Workshop.
“The Ostrom Workshop is leveraging the intellectual legacy of its founders to continue addressing governance problems,” says Angie Raymond, director of the Program on Information Governance and leader of the workshop. “By governance, we mean the formal and informal rules that shape human behavior.”
The problem is, the rules are changing fast. A few years ago, the idea of the government tracking a citizen’s location without a warrant would be absurd. These days, it happens almost by accident.
“The primary security issue for transportation is around location and geography,” says Armbruster.
When Seattle considered permitting a bike share company to operate in the city, Armbruster looked to research done on docking bikes in London.
“Using the publicly available open-source data on those trips for a period of time, one researcher was able to figure out a random individual’s normal routes,” she says. “They were able to figure out where they started, where they lived, where they worked, and a third location, which was probably a loved one or a friend that they were visiting.”
For some, that’s a nightmare scenario. However, the tracking isn’t (currently) part of some larger plot to control the country’s populace – it’s an incidental piece of providing technology-based services.
What’s more, Armbruster suggests that we often focus on what our government is doing and fail to pay attention to what the private sector knows about us.
“It’s interesting that what we are ready to accept for convenience, we will not accept from a government perspective,” says Armbruster. “I think we need to be aware that, if it’s not okay for the government, it’s not okay for the private sector.”
That said, Armbruster understands the distrust many citizens harbor when it comes to governmental intervention into their data, and she’s doing what she can to belie these concerns.
“In the city of Seattle, we do a full privacy review,” says Armbruster. “It’s a privacy impact assessment for anything dealing with the public’s data.”
“For transportation data, are we minimizing what we can collect? Are we securing it, both in collection and in transit? Who are we sharing it with and are we making sure data sharing agreements are clear? Are we making sure that we give consent and notice? If we can give consent, we do. Otherwise, we provide notice about how data is being used. We delete it and retain it only as long as we legally have to and we only share data as required legally. “
A good example of this would be how the city handles MAC addresses. These are hardware identification numbers that are specific to each device. These can’t be changed, which means they are a unique way to identify who you are on a network.
Seattle handles MAC addresses with extreme caution. The information is hashed, encrypted, and deleted after a 24-hour period.
Beyond protecting adult citizens, children complicate the picture even more. Kids may know how to utilize technology better than their parents, and often interact with government services.
“There’s a federal regulation about gathering information on kids under 13. You have to have parental consent to collect their data. So, how do you verify that you are dealing with an adult?” asks Armbruster.
“Mostly, it’s providing notices that this service is not designed for children. It’s also being aware that mistakes could happen and taking steps to make sure that you can, at least, get positive indication that you are not dealing with a child.”
Children may require extra attention, but everyone deserves privacy when it comes to their data. Armbruster doesn’t think that’s necessarily a bad thing.
“I think, regardless of where we go at the federal level, there’s a real interest in setting up privacy programs so that folks have more transparency,” says Armbruster. “We need to build a trust with populations about how public data is consumed.”
Much like efforts to curb auto pollution, smart city technologies require people to understand consequences. Bike-sharing services are great, but they might allow someone to track your location. A truly smart city will require citizens to push back against poor data collection methods, while also understanding the give-and-take nature of technological development.