Civic Technology That Respects Privacy with Kelsey Finch (Future of
Privacy Forum)
This blog post is part of our ‘Data, Privacy, and the Future of Trust in Public Institutions’ series, which is penned by Garrett Morrow, who was MetroLab’s Experiential Research Fellow during Fall 2020. To learn more about this series and to access other posts in this series, check out our first post here.
On December 14, 2020 I had the opportunity to sit down with the Future of Privacy Forum’s (FPF) Senior Counsel Kelsey Finch. We spoke about FPF’s work on privacy issues and its work with municipalities and activists. FPF is a nonpartisan, nonprofit institution whose goal is to advance responsible data practices for emerging technologies. Kelsey went into law school with her eye on studying intellectual property, copyright, and trademark law but while she was trying to find more of a public interest in IP law, she began studying privacy and technology policy law. From law school she joined the International Association for Privacy Professionals on a fellowship, which gave her the opportunity to work firsthand on privacy issues. About the
same time, the European Union’s General Data Protection Regulation was being negotiated while the Edward Snowden revelations were becoming public. In 2014, Kelsey and Omer Tene published an article titled “Welcome to the Metropticon” in the Fordham Urban Law Journal. Kelsey’s interest in the privacy space and local government has only increased since these focusing events.
As part of her work at FPF, Kelsey has led “smart city” working groups, hosted
workshops, and created tools (such as a Privacy Impact Assessment for smart city technologies) that can serve both the public and private sectors in a broader consideration of data-driven policies. Additionally, Kelsey and FPF have convened the “Civic Privacy Leaders Network,” a National Science Foundation-supported peer network for municipal officials addressing privacy
issues within local government to help share ideas, tools, and best practices. Kelsey has also regularly helped to organize privacy-related content as part of MetroLab Network’s Annual Summits. An important function of both expert networks and privacy events has been knowledge-sharing among city, community, and academic leaders so that each community does not need to reinvent the wheel. To that end, the MetroLab Network has been useful in connecting experts, practitioners, and academics who all work in the privacy and technology spaces.
The kinds of policies that Kelsey and FPF are involved in can broadly be described as “smart city” or “smart community” policies, with a focus on local governments’ use of connected technologies, algorithmic governance systems, open data and analytics, digital platforms, and other emerging technologies. FPF’s current work is primarily focused on helping local governments build their privacy infrastructure and capacity and enabling them to make more confident and consistent decisions about how they collect and use civic data.
Kelsey and I discussed some of the under-considered policy areas where privacy is an emerging issue due to data- and technology-driven programs. Criminal justice is widely discussed because the biases and implications are visible, but many other domains are less obvious. For example, one aspect of local government that is often under examined from a privacy perspective is the management of parks, recreation, and public spaces. Parks and other similar spaces are physical areas where there is a lot of interface with the public, but technology and data integration is not yet understood or closely examined. For example, public Wi-Fi kiosks are a policy domain where aggregate data is often created and collected that overlaps with administrative areas that have received less focus. In other words, policy areas where there may be a lot of aggregate data production need to be looked at, no matter their form. Another example is COVID-19 contact tracing data where the immediate application (public health) overlaps with many other policy areas like transportation, public spaces, and digital services. The privacy implications of those overlapping areas are not yet understood, and cities are still establishing protocols for data collection, use, and re-use.
In many American cities, there are also problems created by federalism and the potential for state- or federal-level policy preemption. While standard day-to-day municipal operations are not typically at risk, high profile technologies like facial recognition, data sharing, or algorithmic decision systems could be subject to state preemption. There does not appear to be any federal-level preemption legislation in discussion, but political cleavages vary from state-to-state so there may be more legislative action in states where there are already existing clashes between city and state governments. However, to date cities have focused on the basics of improving service delivery without stirring much federalist regulatory oversight.
A common theme that came up in my discussion with civic experts, including my conversation with Kelsey, was a disconnect between how the public views privacy in relation to the public sector versus the private sector. The public is skeptical about surveillance and big data collection wherever they see it. For example, the Equifax data breach and the Cambridge Analytica scandal are recent events that have drawn attention to how much data is being gathered. However, the public is just as skeptical of public sector data collection; indeed, the public may be even more hostile to government data collection than corporate, and this may have many explanations that should be explored. Two possible explanations are that government data collection is backed by the power of the state while corporate data collection is not. Uber and Facebook do not have police forces. Additionally, it is much more difficult for government agencies to show why collecting public data benefits the public good.
As of now, it is unclear how the public views academic data collection or academia’s role in privacy related policies. Kelsey and I discussed the positive effect university-city partnerships have had in cities like Boston, Oakland, Seattle, and Kansas City. However, Kelsey would like to see even more of the cooperation that groups like the MetroLab Network facilitate. Universities
can be a real driver of developing new technologies and data privacy policies that may not be available to cities through the market or private vendors. Indeed, there have been cases where cities are searching for technologists outside the community while there may be existing expert in the local university. Again, we see interface issues between cities and universities stemming from a lack of capacity and an incentive mismatch that can be difficult to overcome. Creating a shared vision and matching expectations between the city and the university is key but doing so will help facilitate the interface between the two public bodies.
A challenge for cities in the realm of privacy and smart city policies is that it is difficult for institutions to regain trust. The amount of institutional trust varies from city to city based on historical circumstance, but Kelsey told me that a first step in reestablishing that trust is establishing common principles with the community that allow for a co-development of shared values and vocabulary. The community engagement also lowers the stakes of the environment and helps build linking social capital ties. It should also be noted that while the ACLU has model language for surveillance ordinances that many cities have drawn upon, there is no one size fits all solution.
Two of my main takeaways from talking with Kelsey were that cities are still slowly building institutional capacity for privacy policies, and that as emerging technologies encompass more parts of the public sphere, cities will really have to think about how different overlapping, yet siloed, institutions will adapt to be flexible enough to properly govern their public spaces. Universities may act as a mediator between public and private actors, but cities will also have to learn how to better communicate with the public to demonstrate how data collection and usage leads to a public good. Additionally, cities need to communicate to generate a set of common principles. Establishing institutional bases will serve the city better in the long term than chasing short-term technological advantage. Kelsey gave the wonderful example that cities should think about how wise it is to spend municipal resources trying to improve analytics to predict potholes when they could just go out and fix potholes. Sometimes the simple, privacy respecting solution is also the just, equitable, and sustainable solution.
Garrett Morrow is a Ph.D. candidate in Political Science at Northeastern University. His dissertation looks at the politics and public trust of smart city policies, data, and algorithms. During Fall 2020, Garrett was also an Experiential Research Fellow with us here at MetroLab. His work was funded through the College of Social Sciences and Humanities at Northeastern. Garrett can be reached at morrow.g@northeastern.edu.