Leading privacy advocates and technology analysts say Toronto should smarten up: it is at risk of becoming a city of surveillance.
They are worried about plans for urban redevelopment along the city’s eastern waterfront, and a new techno-enabled community to be built there called Quayside. Concerns are so great that several people have resigned from advisory or consultative roles with the project’s developers and overseers.
The waterfront community will be highly wired, and heavily sensored – as in, lots of sensors around the community, capturing data about many if not most activities. It will be a test lab for big data analytics, where cutting edge technologies will be monitoring and analyzing the work and play and shop and sleep habits of community residents and visitors.
Such data collection and analysis is key to the notion of a smart city, one that is designed and operated to provide needed services to its citizens in an efficient, open and transparent manner that benefits all concerned. But the same collection and analysis causes concerns about the privacy, ownership, control and even sovereignty of the data itself.
The redevelopment project, known as Sidewalk Toronto, is a joint effort between Waterfront Toronto and Sidewalk Labs, a subsidiary of Alphabet (formerly Google). Waterfront Toronto is a quasi-governmental organization, a public advocate if you will for the transformation of the city’s lakeshore. Alphabet is a multinational media and information technology conglomerate (a highly profitable one, with $33.7 billion in revenues in the third quarter of this year alone).
There’s one of the concerns: the waterfront development is an unusual hybrid of government representation and a multinational for-profit corporation.
One of the project’s critics resigned from the Waterfront Toronto board over that seeming contradiction: “How can [Waterfront Toronto], a corporation established by three levels of democratically elected government, have shared values with a limited, for-profit company whose premise is embedded data collection?” asked real estate developer Julie Di Lorenzo.
The potential for a conflict of interest between the disparate agendas of corporate profit and social benefit has not been significantly lessened by the responses offered by Sidewalk Toronto representatives to stated concerns over data collection control and privacy.
Announced plans do show, for example, that Sidewalk Labs does not intend to own the data it gathers in public spaces and instead will relinquish control of it to an independent organization to be called the Civic Data Trust, made up of various technology groups, IT organizations, government agencies as well as the key partners in Sidewalk Toronto, Sidewalk Labs and Waterfront Toronto.
At a meeting of the Waterfront Toronto Digital Strategy Advisory Panel, it was announced that the Trust would be “encouraged” to take steps to protect the gathered data by de-identifying it at the source. If done properly, de-identification removes any possibility that the data can be personally identified or traced to a particular individual.
Privacy advocates say that such “encouragement” does not go nearly far enough – technology developers on the project would still be able to make their own decisions about data handling.
Concerns over de-identification led to the resignation of another project advisor – Dr. Ann Cavoukian.
She’s a former Privacy Commissioner of Ontario, and she’s credited with developing the concept called “Privacy by Design”. The guiding principles behind PbD, which Cavoukian helped define, are widely accepted in the industry as a foundation for privacy protection at all levels.
“If personally identifiable data are not de-identified at source, we will be creating another central database of personal information … that may be used without data subjects’ consent, that will be exposed to the risks of hacking and unauthorized access. Why take such risks?” she pointedly asked when tendering her resignation from a consulting role with Sidewalk Labs.
Referring to the multipartite Data Trust during a phone interview with WhatsYourTech.ca, Dr. Cavoukian added: “When I heard that the Trust could be encouraged, but not required, to de-identify data at the source, well, that’s when the radar went off. If you allow a choice-based system, you give up the privacy part. I had to resign.”
Rather than a smart city that respected privacy, one that could be a prototype for other cities around the globe, Cavoukian says Sidewalk Toronto is in danger of becoming a city of surveillance.
(Waterfront Toronto noted in a response to Cavoukian’s resignation that it respects her work in privacy, and the principles of Privacy by Design which she helped established. The organization also said that it was “just the beginning of this process” and that it is “still identifying the privacy risks to which we will apply every privacy protection available to us.”)
Nevertheless, Cavoukian’s concerns about the lack of data protection and privacy are echoed and amplified by others who have resigned from the project.
TechGirls Canada founder Saadia Muzaffar also left her position with the Digital Advisory Panel. In a strongly worded resignation letter, she wrote that project participants and organizers show “a blatant disregard for resident concerns about data”, and she cited additional concerns about as-yet-to-be-answered questions regarding privacy and intellectual property.
Not only is Sidewalk Labs looking to gather data about urban life, it is looking to work with third-party partners to develop new tools to gather that data. Having Toronto as a test bed for various urban data collecting technologies allows the company to refine and redeploy those tools in other cities (and vice versa, as Sidewalk Labs has several smart city-type developments underway).
However, like the data itself, some tech entrepreneurs say there is little or no protection for their innovative ideas and inventive data applications.
Data localization, or sovereignty, is another crucial issue connected with the Toronto development plans. Just where will any collected data reside? Where will it be processed or analyzed? Many privacy advocates say data must be held locally, or at least in this country, to be secure. Data must be under Canadian jurisdiction, and subject to Canadian privacy laws – not those of other countries.
Waterfront Toronto is sensitive to the issue, and in its statement about Dr. Cavoukian, it said “We will ensure that any party proposing technologies for use in the Designated Waterfront Area meet any and all Canadian privacy legal requirements and beyond.”
“By … providing information to us, you consent to the processing, transfer and storage of information in and to the U.S. and other countries, where you may not have the same rights and protections as you do under local law.”
“We may share information … with affiliates of Sidewalk Labs; with service providers who … carry out work on our behalf…” and …“In connection with, or during negotiations of any merger, sale … spin out…corporate restructuring…or acquisition of all or a portion of our business by another company…”
The latter point is interesting for a number of reasons, not the least perhaps is the fact that Alphabet was created by a corporate restructuring and a merger of several of its own corporate interests, including the search giant Google.
For her part, Dr. Cavoukian is less concerned about where data is stored than how it is stored: “It’s all in how you protect the data,” she said. “There are secure cloud applications, and theoretically you could securely retain (de-identified data) in the U.S. or Canada.”
But she acknowledges a public perception that may differ: “I do understand that most Canadians want data retained in Canada” and she cites the position of another privacy expert, Chantal Bernier, once the federal privacy commissioner now a privacy and cyber security lawyer with Dentons Canada LLP.
Cavoukian points to the strong needs stated by many Canadians for data privacy and security as one reason Sidewalk Labs will “have to yield”.
“If for no other reason, it is about perception,” she said. “People are afraid their data will be accessible by others, so let’s keep it here.”
The public reaction to Sidewalk Toronto plans, and to issues surrounding data privacy and security more broadly, are a pleasant surprise to Cavoukian.
“I am astounded at the attention on this (her position on privacy and the stated reason for her resignation); I never expected all the attention and positive responses. People are listening to the issues, they are discussing the issues. If nothing else, that’s the good impact from all of this.”
Another possible good outcome, one not fully fleshed out yet but gaining traction in some circles, involves the recognition that data has value (one reason with Alphabet is willing to invest $50 million or more to the Toronto project) and that paying people for their data – or paying communities or cities or countries – is another way to show respect for that data.
If Sidewalk Toronto announced the opening of a Data Bank, for example, in which secure and encrypted accounts stored voluntary and consensual data contributions from various entities, and then paid them or gave them interest for that data, well, that could be a smart solution.
Data de-identification would still be an option, and residents could still choose that option without missing out on the benefits of living in a smart community. But they could also choose the ‘pay-me-to-play-with-my-data option’, letting their data be tracked with more specificity.
As long as they gave informed consent for the game to start in the first place.