"Smart Cities" Are Too Smart for Your Privacy

No one wants to live in a “dumb” city.  But I question whether anyone ought to want to live in a really smart city either.  I’d prefer to just live in a smarter city -- one that puts my privacy and security first before rolling out ubiquitous sensors and broad-scale data collection in the name of some larger public good.

I understand the promise of smart cities and I personally embrace technology as a means to improve our lives. But privacy so far has been an afterthought in the smart city discussion, if it is even considered at all.  Take, for example President Obama’s “Smart City” Initiative announced in the Fall of 2015:

Today, the Administration is announcing a new “Smart Cities” Initiative that will invest over $160 million in federal research and leverage more than 25 new technology collaborations to help local communities tackle key challenges such as reducing traffic congestion, fighting crime, fostering economic growth, managing the effects of a changing climate, and improving the delivery of city services. . . . An emerging community of civic leaders, data scientists, technologists, and companies are joining forces to build “Smart Cities” – communities that are building an infrastructure to continuously improve the collection, aggregation, and use of data to improve the life of their residents – by harnessing the growing data revolution, low-cost sensors, and research collaborations, and doing so securely to protect safety and privacy.  

That’s a smart investment in the future, but in over 4000 words of new grants, proposals and collaborations with local communities, the word “privacy” was mentioned in the document exactly once in that hortatory preamble.  In short, it was an afterthought, not the predicate for the program.

Many cities around the world are building technology infrastructures in public places that will collect vast amounts of data for a variety of “public good” reasons. But regulatory agencies or those in charge of acquiring technology or deploying “smart” services often don’t consider privacy impacts or risks. To illustrate the point, a few weeks ago, I submitted comments to the New York City Taxi and Limousine Commission on its proposal to collect precise drop-off data from for-hire services like Uber, Lyft and others. I asked why the government needed to know precisely where customers got picked up and dropped off by for-hire services when the ostensible purpose of the rule was to reduce driver fatigue.

The Commission had not addressed the privacy implications of the proposed rule in its public notice for comment.  Thus, it was no surprise that it ignored the many privacy concerns raised by commenters, passing the rule unanimously after a brief public hearing. No doubt trip data can be useful for many purposes (Uber, for example, helps cities by providing aggregated data for transportation planning purposes), but gauging driver fatigue is about as remote as you can get. One can surmise that the Commission probably had ulterior motives for insisting on the data collection, but it takes no guess at all to understand that it didn’t particularly care about the privacy of Uber or Lyft users.

The Commission was not interested in balancing regulatory needs against individual privacy risks--risks the Commission knew about because its prior disclosure of trip data to data analysts showed how easy it was to identify individual riders. The Commission conducted no privacy impact assessment; considered no alternatives with lesser privacy impacts; and failed to inform the public how long it would keep the data, with what other government agencies it would share it and for what purposes, or to whom it would disclose it such as in response to public records act requests or for commercial use. The Commission has no privacy officer and no privacy policy to govern its conduct. It is accountable to no one. It is the epitome of what a “dumb city” agency looks like in our present and future “smart city” lives absent a regulatory privacy epiphany.

Dumb agency rules are bad enough when it comes to privacy, but some privacy advocates are more concerned more about the malevolent possible uses of smart city technology. The Electronic Frontier Foundation (EFF) recently published a blog post about the San Jose City Council proposal to install over 39,000 “smart streetlights.”  While “smart streetlights” themselves are not problematic, the lights have ports that can accommodate video cameras and microphones.  EFF urged the San Jose City Council to adopt an ordinance to ensure democratic control of all of the city’s “surveillance technology decisions—including whether to plug spy cameras into the ports of smart streetlights in the future.”  EFF opposes what it calls the ever-expanding “the web of street-level surveillance” in cities today with deployment of automated license readers, cell site simulators, CCTV, facial recognition and other surveillance technologies. It wants to see democratic control of decision-making to acquire or deploy surveillance technology and privacy by design features to prevent mission creep for services like smart lights.

The fact is that there is an astonishing lack of privacy law applicable to most aspects of smart city data collection and use.  Even when cities venture into providing broadband Internet access in competition with commercial providers, the rules that apply to the city are unclear at best.  A recent report about the multi-year effort by the town of Concord, Massachusetts, to establish a broadband communications infrastructure had me wondering about the privacy rules that would apply to 100-mile fiber optic network the city built as a backbone for a smart grid and delivery high-speed Internet access to homes and businesses.

For one thing, all providers of broadband Internet access are required to build in wiretap capabilities under the Communications Assistance for Law Enforcement Act (CALEA), 47 U.S.C. §§ 1001 et seq.  There is no exception for municipalities providing such services.  That being the case, one wonders exactly how federal, state and local authorities will use the back door in a municipal network. How will municipalities execute wiretaps or obtain customer information from their own municipal provider?  Will the municipal provider be transparent with its customers and provide notice of such requests where lawful much as other commercial providers do today?  A smart city would work that out in advance of deploying services.

For another thing, cities are not subject to suit under the federal wiretap law for wrongfully intercepting and disclosing communications between citizens according to the Court of Appeals for the Seventh Circuit. See Seitz v. City of Elgin, 719 F.3d 654 (7th Cir. 2013). To explain, even though the relief section of the Wiretap Act says that a claim may be brought against a “person or entity” that violates the Act, the substantive prohibitions in section 2511 of Title 18 apply only to a “person.”  According to Seitz, Congress did not include cities in the definition of “person.”  The Sixth Circuit reached a different conclusion a decade earlier, so at best, there is an apparent split in the circuits, but the Seventh Circuit probably has it right. See Adams v. City of Battle Creek, 250 F.3d 980 (6th Cir. 2001). Legislative arcania aside, it is a serious issue for municipal providers, raising concerns ranging from E&O insurance to qualified privileges and immunity to employee misconduct to contingent liability and litigation risks.

The answers for smart cities may be to provide a dumb pipe, but don’t bet on that future, especially because providing such services will raise revenue for cities from subscription fees to advertising and analytics dollars.  Some cities may choose to outsource all of the platform or network operations of a smart city, and that also will raise a host of privacy questions about ownership and use of data.  

Smart city privacy concerns will not be going away soon, but the real risk is that the really smart city arrives before the law catches up to it or we realize how powerful the data collection and processing has become. It would be much smarter and better to develop a set of comprehensive privacy rules to govern the advent of smart cities and to limit municipal collection, use and disclosure of user information before it is too late.  

Last point. Haven’t private companies already made our homes smart and aren’t they already competing to make cities smart too?  Sure. But those providers already are subject to privacy laws that provide remedies for security breaches or disclosures of personal information. States hold private companies to standards that they don’t apply to other state agencies.  When I sent my comments on the New York Taxi & Limousine Commission proposal to the New York Attorney General’s office for consumer protection and asked them to ensure the City protected consumers by addressing privacy concerns, I received an email thanking me for my comments and telling me that my concerns “have been duly noted and will be kept on file for future reference.”  We need smarter cities and we need government that is smarter about the privacy risks to, and concerns of, their constituents.

Add new comment