Array of Things Governance & Privacy Policy
Shared for feedback by The Smart Chicago Collaborative
The Smart Chicago Collaborative has committed to educate and engage residents with the new Array of Things project, which is operated by the Urban Center for Computation and Data (UrbanCCD) an initiative of the University of Chicago and Argonne National Laboratory. Array of Things is an urban sensing project — one of the first of this kind and scale. Sensors will be placed across the city to measure livability factors like climate, pedestrian traffic, air quality, and flooding. The sensors will collect data about our city. That data will then be released for residents and researchers to interpret and use.
One of the goals of this engagement work is to gather resident input on the governance & privacy policy for Array of Things. This policy was developed in cooperation between the operators of the Array of Things and the City of Chicago, with input provided by an independent policy board including the American Civil Liberties Union, the Electronic Frontier Foundation, and the Center for Applied Cybersecurity Research.
The public comment period is now closed. We will now start to centralize and analyze the public feedback. Between June 13th - June 27th, there were 3 ways to provide feedback on the Array of Things governance & privacy policy:
-
Residents could annotate and comment on specific language and sections of the policy using Madison. The complete text of the policy is below. See this video to get more information on how to sign up and use Madison. If you're having trouble with Madison or have a question about the tool, email sayhello@opengovfoundation.org
-
Residents could provide general feedback on the governance & privacy policy using this form
-
Residents could attend public meetings to learn more about the Array of Things project and give feedback on the governance & privacy policy in person. The first meeting will be at 5:30pm on June 14, 2016 at Lozano Library. The second meeting will be at 5:30pm on June 22, 2016 at Harold Washington Library.
7/5/16 Update: The Smart Chicago Collaborative made 44 manual additions to this page to represent resident comments/questions posed during public meetings on 6/14 & 6/22 and through Wufoo form submissions during the public comment period (June 13th - June 27th). Each manually added comment or question includes a link to the source of the comment or question. When possible, these comments and questions were inserted into a related section of the Array of Things Governance & Privacy Policy document text. General, miscellaneous, or multi-topic questions and comments were placed in the "Discussion" section. These manual additions were included so that all public input could be centralized and visually represented on Madison.
8/15/16 Update: The operators of the Array of Things have posted the final versions of the governance and privacy policies. The operators also addressed comments and questions collected about the draft policies below. You can read the operators' responses to those questions and comments here. Smart Chicago also released an Engagement Report summarizing our civic engagement process/methods as well as general lessons learned about civic engagement with the Internet of Things & other emerging smart city projects.
Array of Things Governance & Privacy Policy
Array of Things Governance Policy and Process
1 Purpose and Scope
This document provides a framework within which the University of Chicago and Argonne National Labs (program operators) and the City of Chicago will implement and manage the Array of Things (AoT) in Chicago by 1) defining the initial scope of the program, 2) establishing the roles and responsibilities of program partners; and, 3) describing the process by which decisions about the program will be made.
This document is complemented by the AoT Privacy Policy, which sets forth requirements regarding Personally Identifiable Information (PII).
1.1 Guiding Principle
We value privacy, transparency, and openness.
1.2 Program Overview
The AoT program operators aim to build an urban-scale research instrument comprising a network of at least 500 Internet-connected "nodes," each supporting multiple environmental and air quality sensors. As a first of its kind public sensor utility, AoT will produce an open and freely available source of urban sensor measurements to support research, development, education, prototyping, and demonstration. The program operators have designed AoT to enable the instrument to evolve at a pace commensurate with consumer electronics, maintaining state-of-the-art capabilities over many years.
The initial prototype, funded by Argonne National Laboratory, involved 12 nodes equipped with a collection of environmental sensors (e.g., temperature, light, sound, humidity, air quality). Each node was mounted on private facilities at the University of Chicago, Argonne National Laboratory, and DePaul University for testing purposes, with installation occurring between July 2014 and June 2015.
Beginning in summer 2016 a second set of prototypes will be mounted in Chicago on street signal light poles and external building walls. The network will be expanded to roughly 500 nodes from 2016 to 2018. The program operators will develop functionality to enable research, application development, education, prototyping, or demonstration projects. The location of each of the 500 nodes will be determined via the process identified later in this document (§4.3) . The program will be evaluated nine months after the second set of prototype nodes are mounted in the City and every 12 months from that time on. The evaluation criteria and the results of each review will be made available to the public.
Sensor readings will be processed and sent to a database managed by the program operators. A period of evaluation and calibration will be required for each sensor; this period will vary based on the sensor or data that is collection. As one function of AoT is to evaluate new sensor technologies, the evaluation process will also involve a determination as to whether a particular sensor is producing accurate data reliably. Once evaluation determines that the sensor is producing accurate and reliable data, and once calibration is complete, the sensor will enter operations and its data will be made publically available via the City's Data Portal to support application development and data analysis. All operational sensor data will be publicly available as open data, owned by the University of Chicago. The program operators have designed the AoT system to protect privacy. This document describes the processes, procedures, and technologies that will be used to collect and publish sensor data is both correct and, where necessary, anonymized before publication. Any images and other data collected by AoT nodes for calibration will be protected by information security controls, and available only to authorized individuals and only for research purposes.
2 Technical Objectives
The AoT will operate as an "instrument," involving an infrastructure and related services for research, development, education, prototyping, and demonstration of both open and proprietary technologies and services aimed at improving the sustainability, resilience, efficient operation, and livability of cities. In short, AoT will support "Smart City" and related research, development, and education. AoT is designed to support three general types of instrument use: open access to sensor data, research in areas such as sensing and information/communications technologies, and support for research in software and services.
Provide Open Data Access Regarding Urban Environment and Air Quality
Each node will report sensor values at regular intervals. To comply with security and privacy requirements (detailed in the Privacy Policy document), data will first be transmitted to a database managed by the program operators. Data meeting the AOT privacy policy standards will be published to the City's Data Portal and may also be published to other data analytics services as needed. All data published from the platform will be open and free of charge. In order to support economic development, data from approved experimental sensors, installed for specific research and development purposes, may be withheld from (or aggregated for) publication for a period of time in order to protect intellectual property, ensure privacy or data accuracy, and enable the proper calibration of the sensor.
2.1 Support for Evolving Technologies Over Time
The AoT involves engineering and placing a network of physically secure enclosures with power, Internet access, and standard specifications that will allow for efficient installation/replacement of those devices by City technicians. These devices must operate for period of months without physical intervention, and must be provided with adequate environmental protection, particularly with respect to temperature and moisture. The program operators and the City of Chicago will cooperate to enable nodes to be repaired and replaced in case of damage or loss.
2.2 Support for Software and Services Projects
Though the pace at which information and communication technologies evolves is rapid, there is a much larger potential research and education community focused on new software and services, harnessing existing hardware technologies. To support such projects will require that the AoT allow controlled access to shared programmable devices within the nodes. Once this functionality is available, changes may be required to AOT polices and processes to prevent misuse and ensure reliable and usable functions for provisioning and scheduling resources, validating and loading custom software, and restoring the devices to a known state between experiments.
3 Governance Bodies
3.1 Program Operators
The University of Chicago and Argonne National Laboratory serve as program operators and in partnership with the City will manage and operate the AoT program. The program operators are responsible for the design, development, repair, replacement, and support of the nodes and the technical infrastructure needed to enable data collection, processing, and storage.
The program operators will leverage strategic partnerships with industry, academia, and not-for-profits, as well as the increasing availability of open source tools and frameworks that can be adapted to or applied directly to the instrument, to support program goals.
The City will support the operators by providing program oversight; policy guidance; installation and maintenance support; and technical assistance to make AoT data publically accessible.
3.2 Executive Oversight Council
An executive oversight council (EOC) will oversee the AoT program, and is responsible for setting policy and establishing processes and procedures related to system operation, configuration, and capabilities, access to data and other resources, and communication and interactions with the City and community.
The council will be co-chaired by the Commissioner of the City's Department of Innovation and Technology, City of Chicago and the Director of the Urban Center for Computation and Data at University of Chicago and Argonne National Laboratory, with additional members selected from academia, industry, not-for-profits, and the community. These members will be invited based on recommendations from AoT partners and others who work with community groups.
The EOC will meet at least quarterly or as needed.
3.3 AoT Security and Privacy Group
The AoT Security and Privacy Group (SPG) will advise the EOC with regards to the cyber security and privacy of the AoT technology, procedures, and policies to enable the AoT instrument to provide the security and privacy goals described in this and other AoT policies. This group will review and advise the EOC on proposed changes to the AoT technology, procedures, and policies impacting the instrument's security and privacy, as well as making recommendations based on feedback from AoT stakeholders, experiences of the AoT program operators and other Smart City deployments. The SPG will advise the EOC and help coordinate the conducting of external reviews or testing of the AOT instruments cybersecurity and privacy.
The group will be initially chaired by Von Welch, the Director of the Center for Applied Cybersecurity Research, Indiana University, with additional members including the City's Chief Information Security Officer and others with relevant expertise, selected from industry and academia by Welch in collaboration with the EOC. The TSPG will meet at least quarterly or as needed and all recommendations of the group will be made public.
3.4 Scientific Review Group
In some cases third party teams may propose changes or additions to the instrument hardware and/or software. A scientific review group (SRG) will evaluate these proposals from AoT participants as well as other parties (individuals, community groups, companies, universities, etc.). The SRG will consult with the SPG when proposed changes may impact the security or privacy attributes of the AoT instrument. The SRG will provide a regular report on these proposals to the Executive Oversight Council.
The SRG will be co-chaired by the Chief Technology Officer of the Urban Center for Computation and Data at University of Chicago and Argonne National Laboratory and a senior representative from the scientific community.
The SRG will meet quarterly or as needed.
4 Governance Policy and Processes
As a public data service, a set of policies and processes is required to ensure that the instrument operates according to the program's guiding principles and, within the established scope and budget. These policies and processes must uphold the AOT Privacy Policy, protect the privacy and security of Chicago residents and visitors, ensure accountability and transparency, and consider education and proactive communication.
4.1 Policy
This policy document, and associated data management and privacy policy documents, will be maintained and updated under the direction of the EOC, with at least an annual review.
4.2 Transparency
The AoT program operators will maintain a public website with current information on the project ( http://arrayofthings.us/ ), including educational materials regarding the hardware and software technologies and capabilities associated with AoT, a directory with detailed information on all components, experiments, and projects supported by AoT, all policies and procedures for AoT operation, governance body meeting minutes, and reports.
The program operators will produce an annual report, which will be published to its website and will summarize any legal request and requests for changes or changes made to policies, processes, node locations, or capabilities made throughout the year.
4.3 Node Locations
The locations selected for AoT nodes will maximize the positive impact that city residents, policy practitioners, and scientists can obtain from the project.
Node locations may be proposed by any individual or group, and locations will be selected with the goal of enabling at least two of the following benefits within a geographic area:
(a) Nodes can provide data relevant to a local concern or issue of importance to the residents and businesses
(b) A relevant scientific research question may be better investigated with data from the instrument
(c) A planned or potential policy or investment that could be optimized, measured, or informed based on use of data from the instrument, and/or from scientific analysis of that data
In addition, neighborhood density, the location of partner institutions within a geographic area, and the availability of traffic lights or alternative structures (e.g. a building wall) required to mount the nodes will be considered.
Suggestions that meet selection criteria should be submitted first to the program operators at AoT@uchicago.edu , and will then be reviewed and pre-approved by the EOC if the program operators agree that the criteria has been met.
Prior to deploying AoT nodes in a given geographical area, the program operators and/or the Commissioner or designees of the City's Department of Innovation and Technology will:
1 Meet with alderman and community leaders to discuss the objectives of the project and the policies and processes in place regarding issues such as privacy, coordinated by the University of Chicago
2 Work with the Smart Chicago Collaborative or other partners to hold community meetings with residents, where the goals and details of the project will be discussed, including an emphasis on policies and procedures regarding safety, security, and privacy of the network, and on the benefits to the neighborhood associated with the network. Local media will be invited to cover these workshops
3 Post the privacy policy online prior to community meetings for residents to provide comments and questions.
4 Present the locations to the EOC for final approval.
4.4 Node Security
The AoT hardware and software design and operation procedures follow security practices developed by and for national laboratories.
The SPG will review and advise the EOC on proposed changes to AOT design, procedures and policies and their impact on the cyber security and privacy of the AoT instrument.
4.5 Node Capabilities
Node capabilities (i.e., the list of sensors and the associated data collected) will be maintained on the AoT website. Changes to the node capabilities (i.e., changes to existing sensors and introduction of new sensors) that require a change in the privacy policy must be first reviewed by the TSPG. The TSPG will advise the EOC regarding approval of such changes.
4.6 Education
Workshops will be designed and led by AoT partners and the University of Chicago. These will build on prior work including pilot workshops for high school students, held in 2014 and 2015, as well as an 8-week curriculum developed with Lane Technical High School and taught to 150 high school students in 2016. These workshops and curricula are intended to introduce concepts, ranging from environmental science to electronics design to data analytics, to neighborhood youth (and other interested parties), and provide training and education about the technologies and related science.
The AoT team continues to work with industry, local government and educational partners to explore additional opportunities to support for education and training programs leveraging the instrument. Educational materials will be made available via the AOT website.
4.7 Updates
This policy will be reviewed annually at a minimum by the program operators and the EOC for needed revisions. Others may request a review of this policy or submit a question to the operators AoT@uchicago.edu. Any proposed changes to the policy will be posted online for public review and comment prior to their incorporation.
Array of Things Privacy Policy
1 Purpose and Scope
The Array of Things is designed to collect and share data about Chicago's urban environment to support research that seeks will provide insight into city challenges. This includes, but is not limited to, information about temperature, humidity, barometric pressure, vibration, air quality, cloud cover, and pedestrian and vehicle counts and patterns. Pedestrian and vehicle movement data will come from computer software analyzing images.
The purpose of this policy is to disclose the privacy principles and practices for the Array of Things program. It is complemented by the Governance Policy and Process document, which defines how decisions about the program will be made. The privacy policy sets forth how the operators of the Array of Things program will collect and manage data, some of which may include personal information or Personally Identifiable Information (PII). The operators of the Array of Things are defined as the University of Chicago and Argonne National Laboratory.
2 Guiding Principle
We value privacy, transparency, and openness.
3 Personally Identifiable Information
Personally Identifiable Information or PII (1) is any information about an individual, including "(1) any information that can be used to distinguish or trace an individual's identify, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information." As noted in NIST 800-122, this includes the following:
-
Names
-
Personal identification numbers
-
Email or street address information
-
Personal characteristics, including photographic images of face or other identifying characteristic), fingerprints, handwriting, or other biometric data (e.g., retina scan, voice signature, facial geometry)
-
Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information)
The operators recognize the potential sensitivity of location information, electronic device identifiers, or vehicle license plate information and will apply the same processes to these data types as those described for PII in the following section.
4 Information Collection, Use, and Sharing
All policies, hardware and software specifications, design, and open source code will be publicly posted and made freely available online. Public sensor data will be published to the City of Chicago's Data Portal at data.cityofchicago.org. An Array of Things annual report will be published each year, beginning in June 2017, outlining the achievements of the program, as well as any updates or unintended deviations from the privacy policy.
The Array of Things technology is designed and operated to protect privacy. PII data, such as could be found in images or sounds, will not be made public. For the purposes of instrument calibration, testing, and software enhancement, images and audio files that may contain PII will be periodically processed to improve, develop, and enhance algorithms that could detect and report on conditions such as street flooding, car/bicycle traffic, storm conditions, or poor visibility. Raw calibration data that could contain PII will be stored in a secure facility for processing during the course of the Array of Things project, including for purposes of improving the technology to protect PII. Access to this limited volume of data is restricted to operator employees, contractors and approved scientific partners who need to process the data for instrument design and calibration purposes, and who are subject to strict contractual confidentiality obligations and will be subject to discipline and/or termination if they fail to meet these obligations.
5 Updates
This policy was developed in cooperation among the operators of the Array of Things (University of Chicago and Argonne National Laboratory) and the City of Chicago, with input provided by independent security and privacy experts.
This policy will be reviewed annually at a minimum by the operators, the AoT Security and Privacy Group, and the Executive Oversight Council (also described in Governance Policy and Process document) for needed revisions. Others may submit questions or suggestions regarding this policy to the operators through the project's public website (http://arrayofthings.us). Any proposed changes to the policy will be reviewed by the Security and Privacy Group and posted online for public review and comment prior to their adoption. Notifications of these and related actions will be disseminated through the project's social media account (@arrayofthings in Twitter).
1 : “PII” has been defined in accordance with the National Institute of Standards and Technology’s Special Publication 800-122 _ Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)._ _ _ Updates to the NIST guidelines will be reviewed as part of the regular review of this policy.
Denise Linn Smart Chicago
Question 1: Please tell us your thoughts or feedback on the Array of Things Governance & Privacy Policy. Response 1: At the Symposium on Usable Privacy and Security 2016, held last week (June 22-24, 2016) in Denver, Colorado, a group of privacy and security researchers looked at the Array of Things project and its current documentation. The short report below is a compilation of their feedback. Overall, we appreciated the thought and care given to privacy and security throughout the proposed documents and the Array of Things project. Having a period of public comment, an open and thoughtful process for selecting new node locations, and an AoT Security and Privacy group are steps that lead to practical privacy for the people of Chicago. That said, we have comments on a few areas of the document that we hope you will consider. PII in the open data set In the privacy policy, you say “PII data, such as could be found in images or sounds, will not be made public.” What is the process for deciding what is PII and removing it? Removing all PII from this data set may actually be fairly difficult and error prone, and there may be a lot of PII, especially if video captures faces or license plate numbers. You should determine what will be involved in doing this and perhaps revise the language in the privacy policy to set more realistic expectations. Is there a way for people who believe their PII has been shared to have it removed? Currently there is no contact information in the Privacy Policy, and thus no way for people to remove or correct information they believe is inaccurate or wrongly shared. If sound recordings are going to be made, it is important to make sure this is in compliance with the Illinois wiretapping law. Notice The current policy document has no specifics on how notice will be provided to residents of node areas or visitors who happen to drive or walk through the range of a node. We believe significant thought needs to be given to how to notify people that they are in area/range of a node and their data is being collected. This will also allow them to find out what choices they have in removing their PII or other data from an open repository. We hope that consideration will be given to notice, including: What languages will the information be presented in? What technologies will be used (e.g., a sign, a short link, a QR code, some sort of mobile notification scheme, an app to show which streets are covered by these nodes) The format and display of the information itself (e.g., a street sign, at what height, using what set of color schemes or logos that relates to the project) Is there any effort made to allow people with low-literacy rates or vision-impairment to have access to this material? How updates to the project’s policies and notices can be communicated to people who walk or drive through the range of a node A plain language (non-legalese) version of the privacy policy should be made accessible to the public Notices should include contact information for the Privacy Officer or similar role responsible for managing privacy issues on the project Data Use / Purpose In most privacy policies, it is important to explain what collected data will be used for. While much of the data collected as part of this project will be made public (through the open data repository) and then can be used for nearly anything, it is still important to explain potential data use to participants. This should include, at least: A description of how each data type collected will be anonymized and aggregated. Specific examples that show how each data type could potentially be used. What sorts and format (i.e., aggregated versus specific data items) of data the annual report will include. Consideration of establishing a use policy for the open data set, or setting up guidelines for how to respond in the event that open AoT data is used by other parties for malicious or discriminatory purposes. Notice regarding whether the data will be used by law enforcement for any purpose. Annual Report While it is commendable that the AoT group has declared that the policy will be reviewed annually, we would recommend that the review include more specification (What sources of data will be reviewed? How can the community participate? Will this include potential breaches, violations of policy, and/or public complaints?), as well as address the need for evaluation, specifically: is the project meeting its stated goals? Who will review the project for compliance with its stated policies, and how will this review be conducted? How will the annual report be distributed to the public? Small edits to the language “Collection may include but is not limited to” or “other biometric data” are phrases that should be avoided. While they may be standard legalese for privacy policies, given your project’s spirit and values, we recommend that you strive for openness and transparency. You should do your best to explicitly describe all data collected and the purpose of collecting them. If more types of data are collected in the future, then the descriptions and explanations should be updated. Prepared by SOUPS 2016: Lorrie Faith Cranor, Carnegie Mellon University* Alain Forget, Google Patrick Gage Kelley, University of New Mexico Jen King, UC Berkeley Sameer Patil, New York University / Indiana University Florian Schaub, Carnegie Mellon University / University of Michigan Richmond Wong, UC Berkeley *Lorrie Cranor is currently on leave from Carnegie Mellon University, serving as Chief Technologist at the US Federal Trade Commission. These are her own views and do not necessarily represent the views of the Commission or any Commissioner. [Source: Wufoo Form Entry 9. See bit.ly/AoTWufoo ]
Denise Linn Smart Chicago
Question 1: Please tell us your thoughts or feedback on the Array of Things Governance & Privacy Policy. Response 1: The Future of Privacy Forum (FPF) is a think tank seeking to advance responsible data practices and is supported by leaders in business, academia and consumer advocacy. (The views herein do not necessarily reflect those of the Advisory Board or supporters of FPF). We would like to thank the Array of Things (AoT) project for this opportunity to provide feedback on the proposed Governance and Privacy Policies, and to engage with the broader Chicago and smart city communities. We applaud the AoT’s commitment to building a transparent and responsive program. While this initial privacy policy proposal provides a useful starting point, we urge the AoT’s Security and Privacy Group and Executive Oversight Council to expand or revise it in several ways to better achieve its goals of balancing privacy, transparency, and openness. 1. The Privacy Policy should reflect a FIPs-based framework. The Fair Information Principles (FIPs) are “the framework for most modern privacy laws around the world” and NIST recommends that in order to “establish a comprehensive privacy program that addresses the range of privacy issues that organizations face, organizations should take steps to establish policies and procedures that address all of the Fair Information Practices” (http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf). The current AoT Privacy Policy addresses some, but not all, of these principles. In a more robust FIPs-based Privacy Policy, we would also expect to see meaningful details regarding: - What rights or mechanisms, if any, individuals might have to access, correct, or request the deletion of their PII? - What mechanisms, if any, provide individuals with redress regarding the use of their PII? - In addition to discipline and confidentiality promises, what accountability controls (such as employee training, vendor audits, or data use agreements) will help ensure employees, contractors, and approved partners with access to PII comply with the privacy policy. - How long will PII be retained, how PII will be disposed of after it is no longer reasonably necessary for the purposes for which it was collected, and how PII will be treated if the AoT program dissolves or transfers ownership. - How and when PII will be deleted or de-identified. - How the program operators will respond to requests from local, state, or federal civil or law enforcement agencies to access PII (such as when presented with a warrant or subpoena) and to what extent PII is subject to Freedom of Information Act disclosure requests. - Information on how to contact AoT officials regarding any privacy or data security breaches. - How will PII be secured through appropriate administrative, technical, and physical safeguards (such as encryption at rest and in transit, local processing or storage, etc.) against a variety of risks, such as data loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure. - What mechanisms, if any, are available for individuals to exercise control or choice over the collection of PII (e.g., could individuals turn off their phones or participate in an opt out to avoid certain kinds of tracking?) - How the AoT minimizes the collection of PII. Importantly, given the significant amount of information that residents of and visitors to Chicago might be expected to digest, a layered privacy notice highlighting key points would be appropriate. Additional notifications, such as public signage on or around AoT nodes or just-in-time mobile notices pointing to the full privacy policy might also help provide meaningful notice. 2. More meaningful technical details within the Privacy Policy would improve trust and transparency for the wide array of stakeholders interested in assessing the program’s privacy and security promises and practices. The AoT’s Privacy Policy is relevant not just to the citizens and communities of Chicago but also a wide range of civil society organizations; other local, state, and federal government officials; academics; potential vendors or research partners; technologists and privacy professionals; and the media. Accordingly, we recommend that the Privacy Policy further expand or clarify: - Distinguishing clearly between PII and sensitive data collected by the AoT. The Privacy Policy states that because of their “potential sensitivity,” location information, electronic device identifiers, or vehicle license plate information should be regarded as PII. This conflates between the concept of PII and that of sensitive data, missing the clear consensus among regulators and privacy experts that regardless of sensitivity, these data fields are PII. (See e.g., NIST Report on De-Identification, http://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf; FTC Director Jessica Rich on persistent device identifiers https://www.ftc.gov/news-events/blogs/business-blog/2016/04/keeping-online-advertising-industry; Shades of Gray: Seeing the Full Spectrum of Practical Data De-Identification, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2757709). In privacy nomenclature, describing data as PII typically means that the data can be linked to an identifiable individual, whereas considering data “sensitive” typically signals that the data will be treated to a higher standard of privacy protection. In order to avoid confusion, we suggest clarifying these terms. - When audio or image files may contain PII, what specific kind of PII is collected. There is a stark difference in privacy impact between software used to simply detect faces (facial detection) and software capable of identifying individuals in photos via biometric templates (facial recognition). A similar distinction is made between speech detection and speech recognition capabilities. Given the general public unease about loss of anonymity and privacy in public spaces, it is key to clarify what technologies are being used in this context and what capabilities they have for processing PII. This will help allay fears regarding the use of PII from image and audio files captured in public spaces. - How the AoT will ensure adequate de-identification for data made public through the City’s data portal. Open data enables important scientific research and urban innovation. Given the AoT’s intent to make its data available freely, it must implement the strongest possible protections against the intentional or inadvertent re-identification of any individuals within the data set. AoT should clarify publicly how it will ensure that the risk of re-identification is sufficiently low that individual privacy can be guaranteed. What is the acceptable threshold for re-identification risk, and how is it calculated? Will the AoT use differential privacy solutions? How will AoT handle the de-identification within image or audio files as opposed to structured textual data? Will any legal controls or commitments (such as agreements to not attempt to re-identify data) be required before accessing de-identified data? While not expected to publish every detail of its de-identification strategy or lock itself into a particular set of practices, the AoT should make known important parameters to increase trust and transparency. 3. Additionally, FPF recommends that all smart city initiatives, including the AoT, implement a variety of other organizational and technical measures to safeguard personal data, including: a. Mapping data flows, including where data is collected and how it is used throughout the entire AoT ecosystem. b. Classifying data according to sources, identifiability, sensitivity, and uses. c. Documenting processes and procedures for sharing data with third parties and monitoring vendors, including data use agreements, audit and standard contractual terms, and transparency about how and by whom scientific partners are “approved.” d. Safeguards to protect against unfair or discriminatory uses of data. e. Identifying what data sets are owned by which stakeholders, and any relevant copyright, licensing, or access provisions. f. Documenting risk-benefit assessments and structured ethical review processes for evaluating new research or uses of PII. (See, e.g., https://fpf.org/wp-content/uploads/FPF_DataBenefitAnalysis_FINAL.pdf) Thank you again for this opportunity to comment. [Source: Wufoo Form Entry 8. See bit.ly/AoTWufoo ]
Denise Linn Smart Chicago
Question 1: Please tell us your thoughts or feedback on the Array of Things Governance & Privacy Policy. Response 1: In the wake of the pullback on current capabilities of the Array, one is still left with the concept of function creep. When new technology is introduced for a stated purpose, this purpose may not be the only purpose the technology is capable of. In other words, the capability profile of the apparatus in question is capable of a high degree of plasticity as viewed over time. [Source: Wufoo Form Entry 7. See bit.ly/AoTWufoo ]
Denise Linn Smart Chicago
Question 1: Please tell us your thoughts or feedback on the Array of Things Governance & Privacy Policy. Response 1: Hello there, I've been following AoT for the past two years. Happy to have the opportunity to share my thoughts. Thank you! 1. I have concern for how AoT envisions managing the tricky nature of feedback from the data, and how key variables and interactions will be chosen to formulate a picture of the urban system . . . could new variables chosen to model policy and decision making compromise privacy ? 2. We all know cities are a complex system that constantly evolves, so will AoT's foundational pillars of privacy do the same ? How could this public concern be quieted ? 3. How could AoT's blend numerical data and qualitative methods to more holistically craft future privacy policies ? [Source: Wufoo Form Entry 6. See bit.ly/AoTWufoo ]
Denise Linn Smart Chicago
Question 1: Please tell us your thoughts or feedback on the Array of Things Governance & Privacy Policy. Response 1: It is the following section which casues me the most concern: "The Array of Things technology is designed and operated to protect privacy. PII data, such as could be found in images or sounds, will not be made public. For the purposes of instrument calibration, testing, and software enhancement, images and audio files that may contain PII will be periodically processed to improve, develop, and enhance algorithms that could detect and report on conditions such as street flooding, car/bicycle traffic, storm conditions, or poor visibility. Raw calibration data that could contain PII will be stored in a secure facility for processing during the course of the Array of Things project, including for purposes of improving the technology to protect PII. Access to this limited volume of data is restricted to operator employees, contractors and approved scientific partners who need to process the data for instrument design and calibration purposes, and who are subject to strict contractual confidentiality obligations and will be subject to discipline and/or termination if they fail to meet these obligations." Of course the question becomes how does the public verify precisely who has such access to the PII data? Will access parameters be modified over time? Specifically, what assuramces can one gain that the Chicago Police Depertment, NSA, or other agencies will not have access to this data? /// Question 2: Do you have any remaining questions about the Array of Things project or the Governance & Privacy Policy? Response 2: Many. [Source: Wufoo Form Entry 5. See bit.ly/AoTWufoo ]
Denise Linn Smart Chicago
Question 1: Please tell us your thoughts or feedback on the Array of Things Governance & Privacy Policy. Response 1: The public meeting last week was very informative. I see no problems with on the governance and privacy policy. Seems like all areas are covered in the policy. Would like to see more information and contact information for the project team leaders. There is no one person to contact managing the project. Many of the groups involved in the project need to clean up their web sites and ways to contact and/or call to speak to a live person. The project will be very good for urban planning and community problem solving. Our organization would like to participate in the next assignments of AoT monitors on the Northwest side of Chicago. We are currently reaching out to Northside universities (i.e. Loyola and North College Prep High). Please keep up in the loop of information and we would like to schedule a meeting in out community to talk about the project. Hope to hear from you soon. Dr. Donald W. Walsh Indian Woods Community Association (www.indianwoods.org) FAiR (www.fairchicago.org) /// Question 2: Do you have any remaining questions about the Array of Things project or the Governance & Privacy Policy? Response 2: 1) How do we submit an official request to participate in the project as a community organization? 2) Can you make a presentation in our community if we coordinate the locations, invites, etc...?) 3)FAiR has a group of experts that would like to speak to the project lead persons. How do we coordinate that? 4) Can you please send me the full contact list of the persons managing the project? [Source: Wufoo Form Entry 4. See bit.ly/AoTWufoo ]
Denise Linn Smart Chicago
Question 1: Please tell us your thoughts or feedback on the Array of Things Governance & Privacy Policy. Response 1: I'm agin it. It will be violated. Do I trust James Clapper? Why should I trust Charlie Catlett? The public has not been given the opportunity to approve or disapprove of this venture beforehand, as is the case with the Internet of Things as a whole. But the numbert of people for and against this initiative is ultimately irrelevant, since there is always a sizable contingent which is trained to will its own domination. Metadata will carry the day and the undeniable benefits such a system as the Array of Things is capable of will be more than offset by its drawbacks. This major advance within the paradigm of the Electronic Panopticon world-as-prison should be opposed by every free-thinking individual. /// Question 2: Do you have any remaining questions about the Array of Things project or the Governance & Privacy Policy? Response 2: My only question is how can I avoid it? [Source: Wufoo Form Entry 3. See bit.ly/AoTWufoo ]
Denise Linn Smart Chicago
Question 1: Please tell us your thoughts or feedback on the Array of Things Governance & Privacy Policy. Response 1: I think information sharing should be limited carefully. No data should be downloaded to individual personal devices. This sounds a lot like big brother. If the data is there somebody will access and use it. [Source: Wufoo Form Entry 2. See bit.ly/AoTWufoo ]
Denise Linn Smart Chicago
Question 1: Please tell us your thoughts or feedback on the Array of Things Governance & Privacy Policy.
Response 1: Please If and when the project closes how will PII be properly disposed of so that it will not later be leaked?
[Source: Wufoo Form Entry 1. See bit.ly/AoTWufoo ]
Denise Linn Smart Chicago
The Chicago Architectural Foundation was thinking about using data from smartphones: were you thinking of partnering with them for data collection? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
Denise Linn Smart Chicago
Are example data sets available? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
Denise Linn Smart Chicago
Will the funding continue for Array of Things if it's successful? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
Denise Linn Smart Chicago
Are the algorithms for image recognition going to be publicly available in a repository? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
Denise Linn Smart Chicago
Would the cellular company have access to the data? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
Denise Linn Smart Chicago
How is the internet part of the device protected? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
Showing 1 to 15 of 75 entries