A Public Interest Tech Approach to Smart Cities
Theme: Public and Critical Infrastructure
Author: Brian Ray, Leon M. and Gloria Plevin Professor of Law and Director, Center for Cybersecurity and Privacy Protection, Cleveland State University
Smart cities are surveillance cities. Every “smart” technology involves automating — and therefore scaling — the acquisition of information about residents in a community. That information raises significant privacy risks, sometimes on its own, and especially when connected with other information that cities routinely collect. Cities and their police forces over-deploy these technologies in and against marginalized communities, causing serious equity concerns. Smart city planning processes generally fail to incorporate systematic methods to address these issues or to engage affected communities to ensure equitable access to their benefits.
Quite often the choice to acquire smart technologies is driven by technology vendors. These companies have a vested interest in emphasizing their purported (and often untested) public safety and cost-saving benefits while discounting or ignoring the risks they pose. This lack of transparency and accountability results in communities losing control over important decisions that affect their daily lives.
The U.S. lacks a comprehensive federal consumer data privacy law to regulate the acquisition and use of surveillance technologies. And although an increasing number of states including Washington, Utah, and Virginia have adopted strong privacy laws modeled on California’s pathbreaking statute, these laws generally exclude government data collection from the protections they create.
Over 40 communities across the U.S. have started to fill this legal and policy gap and assert control over the process for selecting and using surveillance technologies. These communities have adopted ordinances loosely based on the Community Control Over Police Surveillance (CCOPS) model law developed by the American Civil Liberties Union and a coalition of other advocacy organizations. CCOPS laws vary widely in their details, but all require explicit authorization to use surveillance technologies and an explicit evaluation of the risks they pose. While driven by concerns over police use of surveillance technologies, most of these laws define “surveillance” broadly to cover civilian agencies as well.
These laws typically extend beyond data privacy and require explicit attention to the potential disparate impact a technology may have on marginalized groups within a community. These laws thus embody a public interest technology approach to smart city development by giving residents a direct say in whether to adopt surveillance technologies and in how they are used in their communities.
Smart City Privacy & Equity Community Awareness & Empowerment
This past semester we piloted an interdisciplinary clinic funded by the Public Interest Technology University Network (PIT-UN) and supported by the CSU T.E.C.H. Hub and the IoT Collaborative designed to raise awareness of the CCOPS model and to assist existing CCOPS communities. A group of Cleveland State University law and graduate students worked with the city of Oakland’s Privacy Advisory Commission (COPAC) and the Oakland Department of Transportation (OakDOT) to evaluate a proposal to expand an app-based mobile parking payment system run by several private vendors.
The five-student team comprised Sarah Behlke, who is working on a master of social work degree, and law students Sharilyn Clark, Jessica Cohen, Zachary Jacobson, and Katrice Williams. This team learned the history of CCOPS legislation and the details of the COPAC process through an online training program we created with a group of national experts: Kelsey Finch (Aleada Consulting), Miles Light (Future of Privacy Forum), Brian Hofer (Secure Justice), Lydia de la Torre (Golden Data Law), Ann LaFrance (Squire Sanders ret.), and Candace Moore (Golden Data Law). The team then worked directly with COPAC and OakDOT to analyze how the system would work within the existing parking enforcement program, which relies on automated license plate readers, as well as the privacy policies of the vendors.
The students presented their analysis and recommendations at the commission’s December 2022 meeting. Their accompanying memorandum made eight recommendations to mitigate risks, including incorporating restrictions based on California’s consumer privacy law on how the vendors can use consumer data they collect and in establishing a more equitable system for citation payments.
After the presentation, Commission Chair Brian Hofer, who also participated in the clinic, said that the students’ analysis “raised important issues that weren’t included in the draft proposal from the city” and “saved the commission several months of work.”
Student Testimonials
Student participants spoke highly of the experience.
Cohen said that “this clinic allowed us to expand our understanding of data privacy and how it impacts equity while applying what we have learned in the classroom to a real-world challenge.” She added, “It was a privilege to engage in this work and we are grateful to the city of Oakland and Cleveland State University for this incredible opportunity.”
Williams, a fourth-year law student at the CSU College of Law, found it exciting to participate in an interdisciplinary online course around data security and privacy. “I was able to employ my previous graduate degree in social work with my current educational pursuit in law to understand how cities’ adoption of connected technologies can pose risks to privacy and equity for residents,” she said.
She said the team focused on the implementation of a mobile parking payment system and the deployment of automated license plate readers to verify parking sessions. On its face, this is “relatively innocuous,” Williams said. “However, when vehicle-mounted ALPR/ANPR (automated license plate readers/automated number plate recognition) cameras are deployed in cities — specifically low-income communities — it significantly increases the likelihood that low-income residents will be disproportionately targeted for ticketing and other driving penalties, including license suspension and car towing for unpaid tickets, and it can chill free speech when images of people and homes are taken.”
Williams highly recommended that other law schools consider partnering with cities that are adopting surveillance and connected technologies, “so our elected leaders understand the potential misuse of technology.”
My name is Sharilyn Clark, and I am a second-year law student at Cleveland State University College of Law. I had the opportunity to participate along with four colleagues in the school’s Data Privacy and Equity Assessment Clinic during the fall 2022 semester.
In the clinic, we reviewed a proposed use policy and impact statement for a surveillance technology for the city of Oakland, California. We used the city’s surveillance ordinance, state regulations, and advice from our advisers to come up with eight proposals to safeguard use of the technology. These recommendations encompassed our concerns about the city’s use protocols, the city’s relationship with vendors, and vendors’ capacity to collect certain personal information while working on behalf of the city. We submitted the recommendations in a memorandum and gave a presentation to the city and the Oakland Privacy Advisory Commission.
This clinic has expanded my view of how critical it is for the safety of citizens to conduct proper analysis of technologies prior to government implementation. Regrettably, municipalities often lack adequate resources to support such projects and research, and as a result, extremely technical concepts can be misunderstood. This clinic allowed us — three fellow J.D. candidates from the College of Law and one master of social work candidate from the School of Social Work — to fill that gap.
In this clinic I was able to expand my knowledge of privacy laws, increase my experience working with municipalities in an advisory capacity, and engage meaningfully with the proposed documents to create equity-based recommendations. I am grateful to have participated in a semester’s worth of fulfilling work alongside my talented colleagues and our advisers, and I look forward to tracking this technology throughout its legislative process and onward.