Shared for feedback by The Smart Chicago Collaborative
The Smart Chicago Collaborative has committed to educate and engage residents with the new Array of Things project, which is operated by the Urban Center for Computation and Data (UrbanCCD) an initiative of the University of Chicago and Argonne National Laboratory. Array of Things is an urban sensing project — one of the first of this kind and scale. Sensors will be placed across the city to measure livability factors like climate, pedestrian traffic, air quality, and flooding. The sensors will collect data about our city. That data will then be released for residents and researchers to interpret and use.
Residents could annotate and comment on specific language and sections of the policy using Madison. The complete text of the policy is below. See this video to get more information on how to sign up and use Madison. If you're having trouble with Madison or have a question about the tool, email firstname.lastname@example.org
8/15/16 Update: The operators of the Array of Things have posted the final versions of the governance and privacy policies. The operators also addressed comments and questions collected about the draft policies below. You can read the operators' responses to those questions and comments here. Smart Chicago also released an Engagement Report summarizing our civic engagement process/methods as well as general lessons learned about civic engagement with the Internet of Things & other emerging smart city projects.
Array of Things Governance Policy and Process
1 Purpose and Scope
This document provides a framework within which the University of Chicago and Argonne National Labs (program operators) and the City of Chicago will implement and manage the Array of Things (AoT) in Chicago by 1) defining the initial scope of the program, 2) establishing the roles and responsibilities of program partners; and, 3) describing the process by which decisions about the program will be made.
1.1 Guiding Principle
We value privacy, transparency, and openness.
1.2 Program Overview
The AoT program operators aim to build an urban-scale research instrument comprising a network of at least 500 Internet-connected "nodes," each supporting multiple environmental and air quality sensors. As a first of its kind public sensor utility, AoT will produce an open and freely available source of urban sensor measurements to support research, development, education, prototyping, and demonstration. The program operators have designed AoT to enable the instrument to evolve at a pace commensurate with consumer electronics, maintaining state-of-the-art capabilities over many years.
The initial prototype, funded by Argonne National Laboratory, involved 12 nodes equipped with a collection of environmental sensors (e.g., temperature, light, sound, humidity, air quality). Each node was mounted on private facilities at the University of Chicago, Argonne National Laboratory, and DePaul University for testing purposes, with installation occurring between July 2014 and June 2015.
Beginning in summer 2016 a second set of prototypes will be mounted in Chicago on street signal light poles and external building walls. The network will be expanded to roughly 500 nodes from 2016 to 2018. The program operators will develop functionality to enable research, application development, education, prototyping, or demonstration projects. The location of each of the 500 nodes will be determined via the process identified later in this document (§4.3). The program will be evaluated nine months after the second set of prototype nodes are mounted in the City and every 12 months from that time on. The evaluation criteria and the results of each review will be made available to the public.
Sensor readings will be processed and sent to a database managed by the program operators. A period of evaluation and calibration will be required for each sensor; this period will vary based on the sensor or data that is collection. As one function of AoT is to evaluate new sensor technologies, the evaluation process will also involve a determination as to whether a particular sensor is producing accurate data reliably. Once evaluation determines that the sensor is producing accurate and reliable data, and once calibration is complete, the sensor will enter operations and its data will be made publically available via the City's Data Portal to support application development and data analysis. All operational sensor data will be publicly available as open data, owned by the University of Chicago. The program operators have designed the AoT system to protect privacy. This document describes the processes, procedures, and technologies that will be used to collect and publish sensor data is both correct and, where necessary, anonymized before publication. Any images and other data collected by AoT nodes for calibration will be protected by information security controls, and available only to authorized individuals and only for research purposes.
2 Technical Objectives
The AoT will operate as an "instrument," involving an infrastructure and related services for research, development, education, prototyping, and demonstration of both open and proprietary technologies and services aimed at improving the sustainability, resilience, efficient operation, and livability of cities. In short, AoT will support "Smart City" and related research, development, and education. AoT is designed to support three general types of instrument use: open access to sensor data, research in areas such as sensing and information/communications technologies, and support for research in software and services.
Provide Open Data Access Regarding Urban Environment and Air Quality
2.1 Support for Evolving Technologies Over Time
The AoT involves engineering and placing a network of physically secure enclosures with power, Internet access, and standard specifications that will allow for efficient installation/replacement of those devices by City technicians. These devices must operate for period of months without physical intervention, and must be provided with adequate environmental protection, particularly with respect to temperature and moisture. The program operators and the City of Chicago will cooperate to enable nodes to be repaired and replaced in case of damage or loss.
2.2 Support for Software and Services Projects
Though the pace at which information and communication technologies evolves is rapid, there is a much larger potential research and education community focused on new software and services, harnessing existing hardware technologies. To support such projects will require that the AoT allow controlled access to shared programmable devices within the nodes. Once this functionality is available, changes may be required to AOT polices and processes to prevent misuse and ensure reliable and usable functions for provisioning and scheduling resources, validating and loading custom software, and restoring the devices to a known state between experiments.
3 Governance Bodies
3.1 Program Operators
The University of Chicago and Argonne National Laboratory serve as program operators and in partnership with the City will manage and operate the AoT program. The program operators are responsible for the design, development, repair, replacement, and support of the nodes and the technical infrastructure needed to enable data collection, processing, and storage.
The program operators will leverage strategic partnerships with industry, academia, and not-for-profits, as well as the increasing availability of open source tools and frameworks that can be adapted to or applied directly to the instrument, to support program goals.
The City will support the operators by providing program oversight; policy guidance; installation and maintenance support; and technical assistance to make AoT data publically accessible.
3.2 Executive Oversight Council
An executive oversight council (EOC) will oversee the AoT program, and is responsible for setting policy and establishing processes and procedures related to system operation, configuration, and capabilities, access to data and other resources, and communication and interactions with the City and community.
The council will be co-chaired by the Commissioner of the City's Department of Innovation and Technology, City of Chicago and the Director of the Urban Center for Computation and Data at University of Chicago and Argonne National Laboratory, with additional members selected from academia, industry, not-for-profits, and the community. These members will be invited based on recommendations from AoT partners and others who work with community groups.
The EOC will meet at least quarterly or as needed.
3.3 AoT Security and Privacy Group
The AoT Security and Privacy Group (SPG) will advise the EOC with regards to the cyber security and privacy of the AoT technology, procedures, and policies to enable the AoT instrument to provide the security and privacy goals described in this and other AoT policies. This group will review and advise the EOC on proposed changes to the AoT technology, procedures, and policies impacting the instrument's security and privacy, as well as making recommendations based on feedback from AoT stakeholders, experiences of the AoT program operators and other Smart City deployments. The SPG will advise the EOC and help coordinate the conducting of external reviews or testing of the AOT instruments cybersecurity and privacy.
The group will be initially chaired by Von Welch, the Director of the Center for Applied Cybersecurity Research, Indiana University, with additional members including the City's Chief Information Security Officer and others with relevant expertise, selected from industry and academia by Welch in collaboration with the EOC. The TSPG will meet at least quarterly or as needed and all recommendations of the group will be made public.
3.4 Scientific Review Group
In some cases third party teams may propose changes or additions to the instrument hardware and/or software. A scientific review group (SRG) will evaluate these proposals from AoT participants as well as other parties (individuals, community groups, companies, universities, etc.). The SRG will consult with the SPG when proposed changes may impact the security or privacy attributes of the AoT instrument. The SRG will provide a regular report on these proposals to the Executive Oversight Council.
The SRG will be co-chaired by the Chief Technology Officer of the Urban Center for Computation and Data at University of Chicago and Argonne National Laboratory and a senior representative from the scientific community.
The SRG will meet quarterly or as needed.
4 Governance Policy and Processes
The AoT program operators will maintain a public website with current information on the project (http://arrayofthings.us/), including educational materials regarding the hardware and software technologies and capabilities associated with AoT, a directory with detailed information on all components, experiments, and projects supported by AoT, all policies and procedures for AoT operation, governance body meeting minutes, and reports.
The program operators will produce an annual report, which will be published to its website and will summarize any legal request and requests for changes or changes made to policies, processes, node locations, or capabilities made throughout the year.
4.3 Node Locations
The locations selected for AoT nodes will maximize the positive impact that city residents, policy practitioners, and scientists can obtain from the project.
Node locations may be proposed by any individual or group, and locations will be selected with the goal of enabling at least two of the following benefits within a geographic area:
(a) Nodes can provide data relevant to a local concern or issue of importance to the residents and businesses
(b) A relevant scientific research question may be better investigated with data from the instrument
(c) A planned or potential policy or investment that could be optimized, measured, or informed based on use of data from the instrument, and/or from scientific analysis of that data
In addition, neighborhood density, the location of partner institutions within a geographic area, and the availability of traffic lights or alternative structures (e.g. a building wall) required to mount the nodes will be considered.
Suggestions that meet selection criteria should be submitted first to the program operators at AoT@uchicago.edu , and will then be reviewed and pre-approved by the EOC if the program operators agree that the criteria has been met.
Prior to deploying AoT nodes in a given geographical area, the program operators and/or the Commissioner or designees of the City's Department of Innovation and Technology will:
1 Meet with alderman and community leaders to discuss the objectives of the project and the policies and processes in place regarding issues such as privacy, coordinated by the University of Chicago
2 Work with the Smart Chicago Collaborative or other partners to hold community meetings with residents, where the goals and details of the project will be discussed, including an emphasis on policies and procedures regarding safety, security, and privacy of the network, and on the benefits to the neighborhood associated with the network. Local media will be invited to cover these workshops
4 Present the locations to the EOC for final approval.
4.4 Node Security
The AoT hardware and software design and operation procedures follow security practices developed by and for national laboratories.
The SPG will review and advise the EOC on proposed changes to AOT design, procedures and policies and their impact on the cyber security and privacy of the AoT instrument.
4.5 Node Capabilities
Workshops will be designed and led by AoT partners and the University of Chicago. These will build on prior work including pilot workshops for high school students, held in 2014 and 2015, as well as an 8-week curriculum developed with Lane Technical High School and taught to 150 high school students in 2016. These workshops and curricula are intended to introduce concepts, ranging from environmental science to electronics design to data analytics, to neighborhood youth (and other interested parties), and provide training and education about the technologies and related science.
The AoT team continues to work with industry, local government and educational partners to explore additional opportunities to support for education and training programs leveraging the instrument. Educational materials will be made available via the AOT website.
This policy will be reviewed annually at a minimum by the program operators and the EOC for needed revisions. Others may request a review of this policy or submit a question to the operators AoT@uchicago.edu. Any proposed changes to the policy will be posted online for public review and comment prior to their incorporation.
1 Purpose and Scope
The Array of Things is designed to collect and share data about Chicago's urban environment to support research that seeks will provide insight into city challenges. This includes, but is not limited to, information about temperature, humidity, barometric pressure, vibration, air quality, cloud cover, and pedestrian and vehicle counts and patterns. Pedestrian and vehicle movement data will come from computer software analyzing images.
2 Guiding Principle
We value privacy, transparency, and openness.
3 Personally Identifiable Information
Personally Identifiable Information or PII (1) is any information about an individual, including "(1) any information that can be used to distinguish or trace an individual's identify, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information." As noted in NIST 800-122, this includes the following:
Personal identification numbers
Email or street address information
Personal characteristics, including photographic images of face or other identifying characteristic), fingerprints, handwriting, or other biometric data (e.g., retina scan, voice signature, facial geometry)
Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information)
The operators recognize the potential sensitivity of location information, electronic device identifiers, or vehicle license plate information and will apply the same processes to these data types as those described for PII in the following section.
4 Information Collection, Use, and Sharing
The Array of Things technology is designed and operated to protect privacy. PII data, such as could be found in images or sounds, will not be made public. For the purposes of instrument calibration, testing, and software enhancement, images and audio files that may contain PII will be periodically processed to improve, develop, and enhance algorithms that could detect and report on conditions such as street flooding, car/bicycle traffic, storm conditions, or poor visibility. Raw calibration data that could contain PII will be stored in a secure facility for processing during the course of the Array of Things project, including for purposes of improving the technology to protect PII. Access to this limited volume of data is restricted to operator employees, contractors and approved scientific partners who need to process the data for instrument design and calibration purposes, and who are subject to strict contractual confidentiality obligations and will be subject to discipline and/or termination if they fail to meet these obligations.
This policy was developed in cooperation among the operators of the Array of Things (University of Chicago and Argonne National Laboratory) and the City of Chicago, with input provided by independent security and privacy experts.
This policy will be reviewed annually at a minimum by the operators, the AoT Security and Privacy Group, and the Executive Oversight Council (also described in Governance Policy and Process document) for needed revisions. Others may submit questions or suggestions regarding this policy to the operators through the project's public website (http://arrayofthings.us). Any proposed changes to the policy will be reviewed by the Security and Privacy Group and posted online for public review and comment prior to their adoption. Notifications of these and related actions will be disseminated through the project's social media account (@arrayofthings in Twitter).
1: “PII” has been defined in accordance with the National Institute of Standards and Technology’s Special Publication 800-122 _Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)._ _ _Updates to the NIST guidelines will be reviewed as part of the regular review of this policy.