Here’s why Google thinks you should trust it with unprecedented quantities of your city’s “urban data”
Last October, Privacy News Online wrote about an ambitious project from Google’s sister company, Sidewalk Labs. It aims to take the idea of a “smart city” to the next level, measuring everything that happens in the public sphere so that it can be optimized – and monetized. As that post reported, many people were understandably worried about the privacy implications of the Sidewalk Toronto project. The criticism has continued, with this comment from Bianca Wylie about what is at stake being typical: “The word privacy is being used when it’s far too small a word to encompass all the things it represents: collective privacy, consent, power, agency, control, freedom, and more.”
Alphabet, the parent company of Google and Sidewalk Toronto, clearly needed to address the many concerns raised. To that end, it has just made freely available four massive documents comprising over 1500 pages that go into fascinating detail about the project. They are surely destined to become a classic of contemporary urban planning, and are well worth skimming through, if only to view some of the attractive illustrations that are used throughout. These include artist’s impressions of what Sidewalk Toronto might look like if it is realized according to Alphabet’s plans. Reuters has produced a convenient one-page summary of the main points for those without the time to wade through all the documentation.
The introductory volume presents an overall outline of Sidewalk Toronto’s “Master Innovation and Development Plan”. Volume 1 looks at planning concepts and proposed operational systems; Volume 2 offers an in-depth exploration of the urban innovations; while Volume 3 spells outs the partnerships that Alphabet wishes to create at various levels. It is Volume 2 that is likely to be of most interest to readers of this blog. It lays out in detail the plans for mobility, the public realm, buildings and housing, sustainability and digital innovation. The last of these tackles the thorny privacy questions arising from the new technology that will be embedded everywhere in the Sidewalk Toronto world.
Central to Alphabet’s vision is the use of sensors of every kind to gather real-time information about what is happening in Sidewalk Toronto. The hardware design is innovative, and uses a new type of “urban USB port” that would provide a physical mount, power, and connectivity to digital devices in the public sphere. These might include Wi-Fi antennae, traffic counters, or air-quality sensors fixed to street poles and traffic signals. They are designed to be easy to install and remove, allowing devices to be constantly added and upgraded.
Complementing this hardware, Sidewalk says that it plans to use a “new type of privacy-preserving software infrastructure” enabled by technological advances in cryptography such as zero-knowledge proofs, digital signatures, and auditable data structures. These would allow people to share only the minimum amount of information necessary to complete a transaction with a digital service or app, while also providing guarantees to the service providers. It’s the obvious way forward for businesses that need a certain amount of personal data in order to operate, but don’t necessarily need full access to detailed information. For example, it may be good enough to provide data ranges for age, or financial status, without needing to provide exact and extremely sensitive information. Central to Alphabet’s digital plans is a new class of data:
Urban data would be broader than the definition of personal information and include personal, non-personal, aggregate, or de-identified data collected and used in physical or community spaces where meaningful consent prior to collection and use is hard, if not impossible. In that sense, urban data would be distinct from more traditional forms of data, termed here “transactional data,” in which individuals affirmatively – albeit with varying levels of understanding – provide information about themselves through websites, mobile phones, or paper documents.
Urban data, however produced and gathered, would be governed by a Responsible Data Use (RDU) framework:
The proposed responsible data use process would protect urban data while building on existing protections for personal information – knowing that both urban data and transaction data must be handled responsibly for a better city.
The RDU framework would be created and policed by an important new body, the Urban Data Trust. The organization would also manage all urban data from the Sidewalk Toronto project and make it publicly accessible by default (if properly de-identified). It would oversee the approval and management of data collection devices placed in the public realm, as well as addressing the challenges and opportunities arising from data use, particularly those involving algorithmic decision-making. The RDU framework would be based on “privacy by design” to ensure that privacy was considered at all stages. Some of the key requirements include:
Beneficial purpose
Transparency and clarity
Data minimization, security, and de-identification by default
Publicly accessible by default
No selling or advertising without explicit consent
Responsible AI principles required
The mention of advertising touches on a concern that many have raised about Sidewalk Toronto: that Alphabet might exploit the huge quantities of data gathered to bombard people with advertising, or to sell them products and services. In an attempt to head off that criticism, the company now says:
Sidewalk Labs has already committed publicly that it would not sell personal information to third parties or use it for advertising purposes. It also commits to not share personal information with third parties, including other Alphabet companies, without explicit consent.
Although that’s welcome, there are still some problems here. For example, we know that people often give “explicit consent” when asked, just to get rid of annoying pop-ups. They rarely read the details of what they are agreeing to. It’s easy to imagine people being persuaded to allow access to their personal data in the urban context as result of promises of better services.
And even though Alphabet has made some important changes to how it will handle what it now calls urban data, there is a larger concern with the whole venture. The entire premise of the Sidewalk Toronto project is that everything within the urban environment should be measured and then managed. Although there are undoubted benefits in some areas for doing so – improved transport and a more sustainable life-style, for example – there remains the issue that surveillance becomes pervasive. At a time when our privacy is already under constant threat from multiple directions, that normalization of surveillance seems a dangerous path to follow.
Featured image by Sidewalk Toronto.
