Governing Smart Cities as Knowledge Commons 1108837174, 9781108837170

Citation preview

governing smart cities as knowledge commons The rise of “smart” – or technologically advanced – cities has been well documented, while governance of such technology has remained unresolved. Integrating surveillance, AI, automation, and smart tech within basic infrastructure as well as public and private services and spaces raises a complex set of ethical, economic, political, social, and technological questions. The Governing Knowledge Commons (GKC) framework provides a descriptive lens through which to structure case studies examining smart tech deployment and commons governance in different cities. This volume deepens our understanding of community governance institutions, the social dilemmas communities face, and the dynamic relationships between data, technology, and human lives. For students, professors, and practitioners of law and policy dealing with a wide variety of planning, design, and regulatory issues relating to cities, these case studies illustrate options to develop best practice. Available through Open Access, the volume provides detailed guidance for communities deploying smart tech. brett m. frischmann is Charles Widger Endowed University Professor in Law, Business and Economics at Villanova University. michael j. madison is Senior Scholar with the University of Pittsburgh Institute for Cyber Law, Policy, and Security, and Faculty Director of the Future Law Project and a John E. Murray Faculty Scholar at the University of Pittsburgh School of Law. madelyn rose sanfilippo is Assistant Professor in the School of Information Sciences, University of Illinois at Urbana-Champaign.

Published online by Cambridge University Press

CAMBRIDGE STUDIES ON GOVERNING KNOWLEDGE COMMONS

The mission of the series is to provide an authoritative space for high quality scholarship on the governance of knowledge commons. Following the path pioneered by Elinor Ostrom, recipient of the Nobel Prize in Economics for her work on institutional analysis of commons regimes in the natural environment, and the editors’ work in Governing Knowledge Commons, this series uses a similar framework to systematically study knowledge commons in various sectors. Readers seeking more information on knowledge commons and this series can visit http://knowledgecommons.net, a repository for scholarship produced by an international, interdisciplinary group of knowledge commons researchers. Series Editors Katherine J. Strandburg Brett M. Frischmann Michael J. Madison Madelyn Rose Sanfilippo Other Books in the Series Katherine J. Strandburg, Brett M. Frischmann and Michael J. Madison (eds.) Governing Medical Knowledge Commons Madelyn Rose Sanfilippo, Brett M. Frischmann and Katherine J. Strandburg (eds.) Governing Privacy in Knowledge Commons Erwin Dekker and Pavel Kuchaˇr (eds.) Governing Markets as Knowledge Commons

Published online by Cambridge University Press

Governing Smart Cities as Knowledge Commons Edited by

BRETT M. FRISCHMANN Villanova University, Pennsylvania

MICHAEL J. MADISON University of Pittsburgh School of Law

MADELYN ROSE SANFILIPPO University of Illinois at Urbana-Champaign

Published online by Cambridge University Press

Shaftesbury Road, Cambridge cb2 8EA, United Kingdom One Liberty Plaza, 20th Floor, New York, ny 10006, USA 477 Williamstown Road, Port Melbourne, vic 3207, Australia 314–321, 3rd Floor, Plot 3, Splendor Forum, Jasola District Centre, New Delhi – 110025, India 103 Penang Road, #05–06/07, Visioncrest Commercial, Singapore 238467 Cambridge University Press is part of Cambridge University Press & Assessment, a department of the University of Cambridge. We share the University’s mission to contribute to society through the pursuit of education, learning and research at the highest international levels of excellence. www.cambridge.org Information on this title: www.cambridge.org/9781108837170 doi: 10.1017/9781108938532 © 2023 Cambridge University Press & Assessment This work is in copyright. It is subject to statutory exceptions and to the provisions of relevant licensing agreements; with the exception of the Creative Commons version the link for which is provided below, no reproduction of any part of this work may take place without the written permission of Cambridge University Press. An online version of this work is published at doi.org/10.1017/9781108938532 under a Creative Commons Open Access license CC-BY-NC-ND 4.0 which permits re-use, distribution and reproduction in any medium for non-commercial purposes providing appropriate credit to the original work is given. You may not distribute derivative works without permission. To view a copy of this license, visit https:// creativecommons.org/licenses/by-nc-nd/4.0 All versions of this work may contain content reproduced under license from third parties. Permission to reproduce this third-party content must be obtained from these third-parties directly. When citing this work, please include a reference to the DOI 10.1017/9781108938532 First published 2023 A catalogue record for this publication is available from the British Library. A Cataloging-in-Publication data record for this book is available from the Library of Congress isbn 978-1-108-83717-0 Hardback Cambridge University Press & Assessment has no responsibility for the persistence or accuracy of URLs for external or third-party internet websites referred to in this publication and does not guarantee that any content on such websites is, or will remain, accurate or appropriate.

Published online by Cambridge University Press

Contents

page vii ix xi

List of Figures List of Tables List of Contributors

1

Introduction Madelyn Rose Sanfilippo, Michael J. Madison, and Brett M. Frischmann

1

Smart Cities and Knowledge Commons Michael J. Madison, Madelyn Rose Sanfilippo, and Brett M. Frischmann

6

part i social dilemmas around urban data 2

The Challenge for Cities of Governing Spatial Data Privacy Feiyang Sun and Jan Whittington

29

3

Open Governments, Open Data: Moving toward a Digital Commons Framework Anjanette H. Raymond and Inna Kouper

58

part ii polycentricity and urban data 4

Community Land Trusts as a Knowledge Commons: Challenges and Opportunities Natalie Chyi and Dan Wu

v Published online by Cambridge University Press

83

vi

Contents

5

Smart Tech Deployment and Governance in Philadelphia Brett M. Frischmann and Marsha Tonkovich

112

6

The Kind of Solution a Smart City Is: Knowledge Commons and Postindustrial Pittsburgh Michael J. Madison

157

part iii private influence on decision-making 7

8

9

Technofuturism in Play: Privacy, Surveillance, and Innovation at Walt Disney World Madelyn Rose Sanfilippo and Yan Shvartzshnaider

223

Can a Smart City Exist as Commons? The Case of Automated Governance in Sidewalk Toronto Anna Artyushina

248

From Thurii to Quayside: Creating Inclusive Blended Spaces in Digital Communities Richard Whitt

267

part iv lessons for smart cities 10

A Proposal for Principled Decision-Making: Beyond Design Principles Madelyn Rose Sanfilippo and Brett M. Frischmann Conclusion Brett M. Frischmann, Michael J. Madison, and Madelyn Rose Sanfilippo

Published online by Cambridge University Press

295

309

Figures

Figure 1.1 The GKC framework. Source: Madison, Frischmann, and Strandburg (2010) Figure 2.1 The internal structure of an action situation (Ostrom 2011) Figure 2.2 Organization chart of the Privacy Program and related areas (Whittington, Young, and Armbruster 2018) Figure 2.3 Criteria of a surveillance technology under surveillance ordinance Figure 3.1 Public record request form Figure 3.2 Number of rental properties by zip code in Bloomington, Indiana Figure 5.1 City of Philadelphia Metadata Catalog website Figure 5.2 City of Philadelphia SmartCityPHL Roadmap (p. 5), Survey of Existing Assets and Initiatives Figure 5.3 City of Philadelphia SmartCityPHL Roadmap (p. 8), Governance Structure Figure 5.4 City of Philadelphia DataBridge Figure 5.5 City of Philadelphia SmartCityPHL Roadmap (p. 16), decision-making process Figure 5.6 City of Philadelphia SmartCityPHL Roadmap (p. 18), Pitch + Pilot Figure 6.1 Smart city action arenas in Pittsburgh, Pennsylvania Figure 7.1 Categorical perceptions of action arenas Figure 9.1 Screens, scenes, and unseens, GLIA Foundation Figure 9.2 “SEA” cycle flows, GLIA Foundation Figure 9.3 “SEAMs” cycle flows, GLIA Foundation Figure 9.4 Digital fiduciary and data trusts, GLIA Foundation vii Published online by Cambridge University Press

page 17 31 39 45 74 75 122 127 128 130 132 133 173 231 273 274 274 287

Published online by Cambridge University Press

Tables

Table 1.1 The GKC framework page 19 Table 2.1 Privacy taxonomy and action situations 41 Table 2.2 Relevant state and federal legislative activities (compiled from Privacy Program Annual Report 2019) 42 Table 2.3 Action situations and rule configurations 47 Table 2.4 Development of the City of Seattle’s Privacy Program (Privacy Office 2018) 49 Table 2.5 Number of assessments by type of privacy review (compiled from Privacy Program Annual Report (Seattle Information Technology Department, 2018, 2019) 50 Table 2.6 Number of technologies reviewed by the surveillance ordinance (compiled from Surveillance Technology Determination Report 2017–21, www.seattle.gov/tech/initiatives/privacy/surveillancetechnologies/additional-surveillance-reports#2018) 51 Table 2.7 List of technologies determined as surveillance technology (compiled from Surveillance Technology Determination Report 2017–21, www.seattle.gov/tech/initiatives/privacy/ surveillance-technologies/additional-surveillancereports#2018) 51 Table 2.8 Number of public meetings held by departments or groups from 2018 to 2020 (compiled from the City’s Event Calendar, City of Seattle 2018–20) 52 Table 2.9 Selected results from the City of Seattle’s Technology Access and Adoption Survey, 2013 and 2018 53 Table 5.1 Socioeconomic background Philadelphia 114 Table 5.2 Pitch and Pilot programs 134 Table 5.3 Smart tools for vacant property management 143 Table 5.4 Codes per document group statistics 151 ix Published online by Cambridge University Press

x

Table Table Table Table Table Table Table

Tables

5.5 6.1 6.2 6.3 6.4 6.5 6.6

Percentage of codes used across document groups Infrastructure Citizen access to public processes Public ICTs for citizen utility Public ICTs for data-based decision-making Public support of ICTs in education and business Community data production

Published online by Cambridge University Press

151 197 202 204 206 209 210

Contributors Anna Artyushina is a research fellow in data governance and a PhD candidate in Science and Technology Studies at York University, Canada. Natalie Chyi is a fellow with the Future of Property Rights at New America and a policy manager at Facebook and Oculus. Brett M. Frischmann is Charles Widger Endowed University Professor in Law, Business, and Economics at Villanova University Charles Widger School of Law, Pennsylvania. Inna Kouper is a research scientist at Indiana University Bloomington. Michael J. Madison is Professor of Law and Faculty Director of the Future Law Project at the University of Pittsburgh School of Law, Pennsylvania. Anjanette H. Raymond is a PhD candidate at the Centre for Commercial Law Studies, Queen Mary, University of London, an associate professor at the Kelley School of Business, Indiana University Bloomington, and an adjunct associate professor of law at Maurer Law School, Indiana University Bloomington. Madelyn Rose Sanfilippo is an assistant professor in the School of Information Sciences at the University of Illinois at Urbana-Champaign. Yan Shvartzshnaider is an assistant professor and faculty fellow in the Courant Institute of Mathematical Sciences at New York University. Feiyang Sun is a PhD candidate and research assistant at the University of Washington. Marsha Tonkovich is an associate professor in the political science department of the College of Liberal Arts and Sciences at Villanova University, Pennsylvania. Richard Whitt is a corporate strategist and technology policy attorney, Fellow in Residence with the Mozilla Foundation, and Senior Fellow with the Georgetown Institute for Technology Law and Policy, Washington. Jan Whittington is an associate professor in the Department of Urban Design and Planning at the University of Washington. Dan Wu is a senior project manager at Immuta.

xi Published online by Cambridge University Press

Published online by Cambridge University Press

Introduction Madelyn Rose Sanfilippo, Michael J. Madison, and Brett M. Frischmann

Smart is in. The latest buzzword in the technology industry and policy circles is smart. We’ve built massive networked surveillance systems with the rise of the Internet that seem poised to inject intelligence into every aspect of our lives. Proponents of the Internet of Things, big data, sensors, algorithms, artificial intelligence and various related technologies make seductive promises, including that increased intelligence – “smart” phones, grids, cars, homes, classrooms, clothing, and so on – will minimize transaction costs, maximize productivity, and make us perfectly happy. Yet society isn’t really structured to optimize social institutions and systems to maximize efficiency, productivity, or happiness. It may sound counterintuitive, but we usually take the opposite approach. We don’t optimize. The social value of leaving a wide range of opportunities open for the future generally exceeds the value that society could realize by trying to optimize its systems in the present. At least in the United States, Europe, and most liberal democracies, the default operating principle of social governance of people and shared resources is to leave things open and underdetermined; this principle allows individuals and groups to engage in self-determination with different outcomes, depending on the context and changing conditions. As law professor Julie Cohen (2012) succinctly put it, we need ample room for play. We should expect locally appropriate and responsive governance, and are better when cities can experiment. Can playfulness or experimentation in governance coexist with smart systems? Regardless of the empirical answer, the seductive promises of intelligent optimization are difficult to resist, with adoption often preceding the necessary policy evaluation. Smart cities are exemplary. Around the world, cities have jumped aboard the smart tech bandwagon; others race to catch up, as public officials worry about falling behind. But whenever one sees “smart” in tech discussions, insert “supposedly” in front of “smart” and then ask a series of questions: Who gets 1 https://doi.org/10.1017/9781108938532.001 Published online by Cambridge University Press

2

Introduction

smarter? How? With respect to what and whom? Who gains what power? These and many other important questions need to be asked prior to investment or deployment. Smart cities require trusted governance and engaged citizens, especially governance of intelligence and intelligence-enabled control. In some very important respects, smart cities should remain dumb, and that will take governance. One way to quickly see the point is by way of analogy to the Internet and the decades-long and still ongoing debate about network neutrality. When an ISP knows who is doing what online, the ISP gains power that can be exercised in various ways, such as price discrimination or prioritization. Network neutrality regulation aims to constrain intelligence-enabled control by infrastructure owners so that users retain their freedom. Cities face very similar challenges for many different infrastructures and services as they pursue smart solutions and innovation. In both cases, new smart systems transform control and influence, enhancing the power of decision-makers, while individuals and grassroots-level communities lose capabilities. Integrating surveillance, AI, automation, and smart tech within basic infrastructure as well as public and private services and spaces raises a complex set of ethical, economic, political, social, and technological questions that requires systematic study and careful deliberation. The Governing Knowledge Commons (GKC) framework provides a descriptive lens through which to structure case studies examining smart tech deployment and commons governance in different cities. This book presents a series of interdisciplinary social science case studies, deepening understanding of community governance institutions, the social dilemmas communities face, and the dynamic relationships between data, technology, and human lives. It also serves as guidance for communities deploying smart tech. The GKC provides a series of questions that any community should be able to answer prior to or at least during deployment of supposedly smart tech. Using the GKC framework to study smart cities also allows researchers to focus on different resource-usertechnology systems within a smart city – e.g., transportation, health, education, and so on. Chapter 1 of this volume applies the conceptual framework to the context of and governance challenges faced by smart cities. Drawing on the amended GKC framework, as augmented in the conclusion of Governing Privacy in Knowledge Commons (2021), this chapter articulates research questions that can guide inquiries to support both improved understanding of the datafied city as a knowledge commons and empirically grounded public policy-making. Drawing on insights from Chapter 1, chapters in Part I explore the nature of social dilemmas around urban data, highlighting two distinct structural frames: polycentricity (addressed in depth in Part II) and the dominance of private actors over public data (explored in Part III). The book concludes in Part IV with lessons for smart cities. Part I, the Social Dilemmas around Urban Data, explores some of the collective action problems, action arenas, and complexity of urban data resources in the

https://doi.org/10.1017/9781108938532.001 Published online by Cambridge University Press

Introduction

3

context of smart cities. In Chapter 2, “The Challenge for Cities of Governing Spatial Data Privacy,” Feiyang Sun and Jan Whittington explore the collective action problems associated with urban data governance in the city of Seattle, highlighting specific transaction costs and externalities associated with different departments and data resources. They argue that longitudinal governance and coordination efforts to prevent weak links from undermining citizens’ privacy are necessary investments and priorities for municipal governance. In Chapter 3, “Open Governments, Open Data,” Anjanette Raymond and Inna Kouper analyze the Bloomington Open Data Portal as a case study on co-production of participatory digital commons resources and governance in Bloomington, Indiana. They address the conceptual mapping of open data onto the GKC framework, as well as the coordination challenges posed as local governments attempt to work with other types of stakeholders. While these chapters address very different contexts and challenges, they importantly suggest the impact of decision-making structures on outcomes, highlighting the split between polycentric public arrangements and public decision-making arenas dominated by private actors. Part II, Polycentricity and Urban Data, highlights the impacts of coordination and centralization among the polycentric decision-making authorities among metropolitan agencies and services. In Chapter 4, “Community Land Trusts as a Knowledge Commons: Challenges and Opportunities,” using cases of community land trusts (CLTs) in DC, Boston, and San Francisco, Natalie Chyi and Dan Wu address the challenges associated with CLTs as the community of owners must coordinate to manage physical and informational resources and practice mutually appropriate stewardship. They find that interorganizational information flows increase governance efficiency and make a case for functional polycentricity. In Chapter 5, “Smart Tech Deployment and Governance in Philadelphia,” Brett Frischmann and Marsha Tonkovitch examine two action arenas: the macro-level action arena, which concerns city-wide governance of smart tech deployment as reflected in a set of smart city initiatives, and which concerns city-wide governance of vacant land management and the various roles smart tech plays. They highlight a series of governance challenges, including around crime, safety, and trash, that intersect multiple decision-making authorities and necessitate involvement of community groups. They also identify some fundamental limitations on what smart tech can do to resolve the vacant land crisis. In Chapter 6, “The Kind of Solution a Smart City Is,” Michael Madison addresses smart modernization in postindustrial Pittsburgh, exploring present efforts to benefit from data collection and analytics, relative to the complex history of urban technology in the region. In addition to highlighting remarkably salient properties around boundaries and expertise in smart cities, this chapter

https://doi.org/10.1017/9781108938532.001 Published online by Cambridge University Press

4

Introduction

explores the material and immaterial layers of data and governance. It notably maps the challenges from historic polycentricity cases concerning physical resources and services onto the modern, digital concerns present in smart cities today. Part III, Private Influence on Decision-Making, moves beyond the coordination and collective action challenges in the public sector to address the impact of industry on public data collection and decision-making. In Chapter 7, “Technofuturism in Play,” Madelyn Sanfilippo and Yan Shvartzshanider address the case of Disney World as a quasi-public recreational space in which highly concentrated, ubiquitous, and invisible data collection drives numerous services and innovation. They find that while many data practices are contentious and would not be appropriate for other contexts, the trust consumers have in Disney and their history of responsive governance meets local expectations. Chapters 8 and 9 both address the case of the Sidewalk Toronto/Quayside smart city project, highlighting the impact of Alphabet on governance approaches. In “Can a Smart City Exist as Commons?” Anna Artyushina explores the action arenas of data-driven planning and data trusts, arguing that the private sector can only manage public infrastructure when public administrators take on intermediary roles between companies and state regulators. This has significant implications for efforts to privatize or outsource public administration in smart cities. In “From Thurii to Quayside,” Richard Whitt explores a historical comparison to Thurii with respect to democratic ownership and city planning, highlighting the ways in which private decision-makers fail to meet the public’s inclusion, balance, and transparency expectations. He builds on this analysis to offer innovative suggestions for designing more inclusive interfaces. Part IV, Lessons for Smart Cities, synthesizes these cases and the broader literature on smart cities to think through what good governance for public data resources might look like and what we can learn from GKC structured case studies. In Chapter 10, “A Proposal for Principled Decision-Making,” Madelyn Sanfilippo and Brett Frischmann suggest a list of conceptually motivated but practically relevant questions that can guide principled decision-making in smart cities, rejecting a single set of design principles as a one-size fits-all approach. This book ends in the GKC framework tradition, with a concluding chapter reflecting on patterns and insights across cases to both understand how commons arrangements best support smart cities and what new questions future GKC studies ought to address. While the GKC framework does not serve as a normative benchmark or a functional panacea for smart cities, it provides a descriptive framework to support comparison, helping cities to learn from one another, and to structure analysis and decision-making. Smart cities are knowledge commons in which data resources generated with new and existing services must be co-produced with appropriate governance.

https://doi.org/10.1017/9781108938532.001 Published online by Cambridge University Press

Introduction

5

references Cohen, Julie E. 2012. Configuring the Networked Self: Law, Code, and the Play of Everyday Practice. Oxford: Oxford University Press. Sanfilippo, Madelyn, Katherine J. Strandburg, and Brett M. Frischmann. 2021. “Conclusion – Privacy as Knowledge Commons Governance.” In Madelyn Sanfilippo, Brett M. Frischmann, and Katherine J. Strandburg, eds., Governing Privacy in Knowledge Commons. Cambridge: Cambridge University Press.

https://doi.org/10.1017/9781108938532.001 Published online by Cambridge University Press

1 Smart Cities and Knowledge Commons Michael J. Madison, Madelyn Rose Sanfilippo, and Brett M. Frischmann

introduction and overview Why wonder about “smart” technologies and systems? The rhetoric of intelligence is seductive. With the rise of the Internet over the last twenty-five years, massive networked information systems are injecting ever more “intelligence” into the devices that surround us and even, it seems, into every aspect of our lives. If the evidence from broad acceptance of “smart” televisions and “smart” phones is to be credited, on a broad scale people like their “smart” lives. Adding “intelligence” via the Internet of Things, big data, sensors, algorithms, artificial intelligence, automation, and related technologies seems to minimize burdens, maximize productivity, and make us perfectly happy as both citizens and consumers. Smart technology promises to help us and, in the hands of public authorities, to help the government. It seems to anticipate our needs and desires; it seems to make government flexible, responsible, and error-free. To invert a line from a classic rock song, sometimes you get what you want but can’t always get what you need. What’s convenient or productive for one person may be harmful for society as a whole. “Smart” technology raises important questions and potential conflicts about individual and collective good that may make us rethink whether “smart” things are so good for the individual, after all. The smart city, the subject of this book, puts those conflicts in stark relief. City life, and the study of city life, is all about the place of individual welfare in a complex social setting. We’ll remove the quotation marks from “smart” from here on, recognizing that the word is a metaphor and that it conceals as much as it reveals. What it conceals is the fact that devices and social systems are rarely structured to optimize efficiency, productivity, or happiness. They aren’t smart, even if it’s possible to call a device, rather than a living being, smart or dumb. They have functions and meanings; they enable human beings to do certain things and to do them more or less easily or expensively. But optimizing their functions and clarifying their meanings isn’t the 6 https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

Introduction and Overview

7

only goal for their designers or for society. Calling something smart conceals the fact that in any given context, including cities (and perhaps especially in cities), we’re accustomed to, and expect, significant opportunities to choose and to act however we wish. We can use devices not only as they’re intended and designed to be used but also in other ways. And we can behave in ways that we choose and that no one else can see. At least in the United States, Europe, and most liberal democracies, the default operating principle of social governance of people and the resources they share is to leave things largely open, underdetermined, and unmonitored. That enables individuals and groups to develop their own visions for their futures and to engage in self-determination with different outcomes, depending on the context and changing conditions. Calling something smart distracts us from wondering not only about what opportunities to choose and what we might be losing but also about who is making those choices for us, and where, how, and why. This volume argues for getting past the rhetoric of smart technology and intelligence and for pursuing a different approach. Using the smart city as its focus, it offers a simple thesis: the knowledge, information, and data that constitute smart cities require governance, especially governance of data-focused intelligence and intelligence-enabled control. Smart city technology has its value and its place; it isn’t automatically or universally harmful. Urban challenges and opportunities addressed via smart technology demand systematic study, examining general patterns and local variations as smart city practices unfold around the world. Smart cities are complex blends of community governance institutions, social dilemmas that cities face, and dynamic relationships among information and data, technology, and human lives. Some of those blends are more typical and common. Some are more nuanced in specific contexts. This volume uses the Governing Knowledge Commons (GKC) framework to sort out relevant and important distinctions. The framework grounds a series of case studies examining smart technology deployment and use in different cities. This chapter briefly explains what that framework is, why and how it is a critical and useful tool for studying smart city practices, and what the key elements of the framework are. The GKC framework is useful here and can also be used in additional smart city case studies in the future. Because the GKC framework for studying resource governance relies on the premise that information, knowledge, and data are key shared resources in a given institutional setting, it’s important to set up the usefulness of the GKC framework for smart cities by briefly reviewing relevant perspectives on cities and urbanism generally. That material takes up the next section. The smart city is new because of its reliance on twenty-first-century sociotechnical arrangements and cutting-edge information technology to bring attention to the long-standing informational aspects of the city. A brief summary of the critical changes wrought by the smart city follows the history of research on the city. The chapter concludes by presenting the GKC framework itself, the foundation for the case studies that follow.

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

8

Smart Cities and Knowledge Commons

framing the city Studying the “smart” city has to start with understanding the city itself. Research on smart cities characteristically focuses on nuances of the sociotechnical “smart” (Goldsmith and Crawford 2014) and pays less attention to the details of the material “city.” But research and writing about smart cities necessarily build on generations of practice and critique with respect to cities generally. Several frames emerge from that literature and inform both smart city research generally and the case studies that appear in this book. Cities from the Bottom Up and the Top Down One frame is how the city adopts, extends, and refracts bottom-up and top-down governance perspectives. Cities are people in places, evolving over time, managing resources at various scales and in various combinations (Cronon 1992; Rybczynski 1996). Who makes those decisions? Who guides the city? Intuitively, we think of political leaders and the experts they hire. The most celebrated urbanist of the latter part of the twentieth century, Jane Jacobs, pointed out the risks of concentrating too much credit and power for urban success in the hands and offices of political and technocratic elites (Jacobs 1961). Jacobs’ vision of reform, which is still influential today, saw the city not as a machine engineered from above but instead as a complex adaptive system emerging from below, drawing on the wisdom of people experiencing the city in their daily lives, at ground level. Jacobs acknowledged that people in cities often behave selfishly and stupidly. She accounted for diversity in experience and attitude by envisioning the city as a system that is capable of generating and regenerating itself. People in cities could organize themselves via a kind of collective social intelligence, if urban planners and municipal governments would, in effect, allow the city to be as smart as it might be. Jacobs stood up for this vision in opposition to the topdown centralized control exercised by her urban planning adversaries, including most notoriously New York’s Robert Moses, who aimed to govern the city in the name of rationality, efficiency, and order. Top-down and bottom-up perspectives are rarely either/or. People in cities often fail to realize their collective capabilities. Cities become vehicles for oppression and worse; they fail to provide education, health, wealth, and security as they should. Bottom-up governance strategies need to be married productively and fairly to topdown central, perhaps even technocratic management. Does the smart city do that? If so, how, and with what consequences? Cities as Surveillance Smart cities today are often critiqued for injecting technologies of citizen surveillance into all manner of practice and places that should remain free of state

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

Framing the City

9

intrusion (Sadowski and Pasquale 2015). Asking where and how contemporary information collection is justified lines up with broader, independent histories and critiques of cities as instruments of surveillance and information collection. James Scott provocatively argues that the history of cities can be traced back to the premise that surveilling city residents and collecting information about them, especially for tax purposes, explains the origins of cities in the first place (Scott 2017). That work suggests that certain state-based surveillance functions might be essentially integral to the urban form, rather than contradictory to the aspects of cities that we imagine promote individual freedom and autonomy. It raises a key question: Can cities sustain themselves as institutions without relying in part on technologies of information collection? The smart city takes this tradition and that question to a technological extreme. If the surveillant city may be, in effect, inescapable, then looking at smart cities as sophisticated surveillance institutions provokes questions about the premises and purposes of different surveillance systems and various urban contexts; about concepts of privacy and private information; about the design and oversight of surveillance instruments; and about relations of trust and authority among urban residents and urban planners and other authorities. Perhaps cities can thrive without deep reliance on surveillance practices. If that’s the case, what does a non-surveillant city look like? How does it succeed, and how might it fail? Cities as Expertise Since at least the late nineteenth century and the rise of industrial cities, the history of urbanism and urban planning has been a history of expertise – political, administrative, and technocratic. Cities came to be seen as solutions to demands for wealth, health, safety, opportunity, and personal development, as society grew more economically, socially, and politically complex. Cities also came to be seen as posing new problems, often caused by their successes in meeting earlier social demands. Both fueled by and fueling that problem/solution framework, the Progressive political movement of the early twentieth century relied heavily on trained and trusted experts, especially economists and other social scientists (Leonard 2015). Those experts were often educated in newly formed occupational disciplines and professional schools. Degrees in hand, they were primed to lead both governments and businesses away from the era of laissez-faire and toward better outcomes for themselves and for workers and citizens. That meant safer food; safer water; better working conditions; safer and less expensive automobiles; expanded opportunities for education, leisure, and personal fulfillment; and so on. In significant respects, the smart city today is the apotheosis of this tradition of expert-led governance, promoting the good life. Its proponents inherit expectations that experts trained in design are and ought to be trusted by citizens as the city is planned and built (Knox 2020). Critics of the smart city sometimes focus attention

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

10

Smart Cities and Knowledge Commons

precisely on ways in which smart city practice reinforces the authority of technocratic expertise (Cardullo and Kitchin 2019). Unsurprisingly, today as in the past, the role of trusted and trained experts calls into question the sources and uses of the trust and power that they have acquired.

The Political Economy of Cities Cities are far from immune to influence by interests associated with wealth and power. In many respects, cities are particularly effective expressions of those forces of political economy: Who is in charge, why, and how that changes through time. In the United States, for example, industrial and financial interests underwrote the expansion and governance of major cities and related regions during the twentieth century from New York to Chicago to San Francisco to Los Angeles (Cronon 1992; O’Mara 2019). In the twenty-first century, those firms have yielded in part to heavy influence by the pillars of the knowledge sector, which include not only the information technology firms that now dominate the economies of many US cities but also the research universities that rival or even exceed tech firms in their economic and political influence (Baldwin 2017). The relationship between the public sector and industry can go both ways. Public funding and related public policy have been key contributors to the growth of the contemporary technology industry (O’Mara 2020). In many respects, smart city governance allows public authorities to follow historical patterns of private sector subsidization with outright privatization of public functions, in everything from data storage to traffic management to certain public safety and policing functions. Cities are wealth and power generators, refractors, and accelerators. Translated into practice on the ground, the political economy of cities deals in resource management. “Resources” include both tangible resources (food, water, physical infrastructures), intangibles (space, mobility, time, labor, trust, security, political influence, happiness), and blends of these that both constitute and shape resources of all sorts and that are simultaneously independent of them, such as knowledge and information (Glaeser 2012) and, of course, money. In different respects, sustaining and governing the city means that those things have to be produced, stored, distributed, and exchanged. The explicit and implicit governance logics of cities are inevitably tied to stories about economic development (Bairoch 1988). The smart city appears to be a technology-driven opportunity to extend that economic development narrative. Installing smart systems offers opportunities not only for efficient public administration but also for showcasing a city’s productive engagement with the forces of private productivity, profit, and employment. The question is whether that equation adds up. Does the smart city promise economic returns above and beyond the benefits of good governance? If so, at what cost?

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

Finding the “Smart” in the Smart City

11

Cities as Contexts for Freedom and Self-Fulfillment Individual and collective humanity, of course, lies at the center of both scholarship and practice concerning cities. Long before modern technology prompted us to ask, “what makes cities intelligent?” (Komninos 2013), historians and philosophers of the city were critiquing ways in which the city created and limited opportunities for people to learn, grow, socialize, and otherwise thrive beyond interests in mere subsistence. The literature is as diverse as it is modern (Glaeser 2012) and, in scholars’ attention to ancient forms (Mumford 1961), long-standing. At their best, cities are places where individuals can design their own destinies, both as individuals and in social, political, cultural, and economic combinations with others. When it comes to the individual city resident, smart city practice has no single trajectory, and no single or simple impact. Smart cities appear to do many things at once. Smart city practice may enable a kind of uber-autonomy for the individual, relieving people of the frictions that characterize almost all aspects of urban life. Or smart city technology may deprive people of opportunities to individuate themselves by acts of choosing and socializing (or not) according to their own values and goals. The contrast in perspectives extends to the political sphere, where smart city technology either enables micro-level oversight and accountability of technocratic administration or obscures the loci of power to an extreme extent. Smart city technology equips individuals with sophisticated tools for managing their civic identities. It also equips the public sector with extraordinary powers of observation, surveillance, and more. It extends to social and cultural spheres. Smart city technology may amplify opportunities to explore new avenues for education and socializing with ease but also impose “choice architectures” that compress or even eliminate opportunities for humans to develop and express themselves via patterns that they develop, rather than via patterns scripted by the affordances of “smart” technology (Frischmann and Selinger 2018). That summary sketches a series of conceptual extremes. On the ground, the smart city is complex. Smart cities challenge us to ask, “how much ‘play’ should cities give us, and why and how?”

finding the “smart” in the smart city The preceding section made the point that smart cities prompt us to reexamine long-standing questions about cities. This section focuses on what’s new and different in the smart city. Collecting, recording, and sharing information about urban practices and activities aren’t new. One of the most famous uses of bureaucratized information was the system of tally sticks used for centuries by the English Exchequer to track financial obligations, a system whose end led, eventually, to the reckless disposal of unused

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

12

Smart Cities and Knowledge Commons

tallies in a fire that consumed the houses of Parliament in 1834 (Goetzmann and Rouwenhorst 2005, 111). Information and knowledge are sometimes underappreciated as key layers of the city, in addition to physical, social, cultural, economic, and political layers. Among contemporary scholars, Richard Florida and Edward Glaeser in particular have drawn attention to what each argues is the new, key role of creativity and innovation, and information and knowledge, in the future of the city (Florida 2014; Glaeser 2012). But information and knowledge layers have been there all along. Two things seem to be different now, in the rise of the smart city. One is the role of technology itself. The smart city is one institutional manifestation of the emergence of so-called Big Data, featuring massive and massively distributed information systems for collecting, storing, and analyzing data. Residents are connected to each other and to governments and other organizations by fiber and wireless connections. Via sensors and other data-collection techniques, “the people” and their environments are rendered and represented digitally in the bureaucracies of public administration and in the dynamics of everyday life. The smart city is operationalized in multiple forms at the intersection of contemporary information technologies – network-based data acquisition via text and numeric datasets and distributed screens and sensors that detect and project images, sounds, smells, and materiality (including but not limited to systems that form parts of the so-called Internet of Things), algorithmic processing, and data analytics – public administration strategies (housing, public health, safety, finance, utilities, transit, and so on), and resident involvement as potential data subjects, potential beneficiaries of data-enabled public services, and potential participants in system design and administration. The smart city is a system of systems. It includes data gathering, data pools, and data analytics and a broader ethos that embraces technology in public life. In a smart city one typically finds a combination of: (i) government-endorsed, organized, or directed technology deployment; (ii) in tandem with other public functions (such as policing or garbage collection); (iii) the construction and use of systems, such as data pools, algorithms, and analytics controlled or shaped by public administrators, that improve the second in light of the first; and (iv) normative considerations justifying the design and deployment of those systems. The emphasis on public sector actors can be misleading. By design, smart city practices can be anchored in private sector activity, and they’re intended to shape personal and private lives as well as systems of public administration. “Big Data” is often characterized by the “three v’s”: its velocity, its volume, and its variety (Batty 2016). The speed with which data in the city is collected and shared is enormously faster than in the “ordinary” city. The amount of data that may be collected and shared is vastly greater. And the character of the data that is collected and shared is far more diverse.

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

Finding the “Smart” in the Smart City

13

The second is the role of governance, and governance specifically with respect to information and knowledge. We mean governance in a broad sense, to include formal and informal systems of rules and guidelines for acceptable and unacceptable behavior in particular contexts, expressed as law, custom, and technological affordances. We highlight the challenge of governance in the smart city specifically because its information governance dimensions are too often undervalued. When governance conversations do appear, they are often limited to concerns for community participation in smart city design (Goodman and Powles 2019; Komninos and Kakderi 2019). This volume takes the broader view that information governance concerns should be explored in the smart city in multiple respects. The “voice” of city residents is critical but only one part of the story. Focusing too much on “voice” misses the fact that people can’t speak to what they don’t know or don’t understand. The “smart” character of the smart city elides the fact that resident identities and behaviors are necessarily abstracted in smart city processes in the conversion from their material origins to their digital representations. That makes these digital representations controllable, shareable, and analyzable in ways that living humans being often are not. It also makes it easier to keep the collection and manipulation of the data hidden from the people that the data represent. Another key part is the looseness or tightness of the alignment between law and policy, on the one hand, and lives of people, on the other. Regulation of actual human behavior is messy, imprecise, and contingent always on the fact that individual human beings are mostly capable of independent and at least somewhat unexpected or unpredictable action. Data are, conceptually, precise and fixed, even if data are shaped by processes of their collection, datasets expand, and the uses and meanings are open to interpretation. The smart city is in a sense a sophisticated Wikipedia version of the material city – an “image of the city,” to borrow the title of Lynch’s famous study of sociocognition among city residents (Lynch 1960) – constructed and managed collaboratively and stored in ICT systems rather than in human brains. Students of the “cognitive city” attempt to operationalize that metaphor (Finger and Portmann 2016). Digital people may live in digital twins (detailed virtual replicas of physical environments), one of the signature technologies of smart city administration (Farsi et al. 2020). In sum, the “smart” in the smart city means that intelligence lies in and through the data, rather than in and through the people. We know from long experience that people are governed and that people govern. If data somehow represent the people, then data, likewise, demand governance. Distinguishing the role of information governance from traditional “people” governance – while simultaneously recognizing their linkage – suggests a series of important questions. Does it follow that if the city is smart (or smarter, or better), then it’s the people who are smart, as administrators, residents, citizens, workers, students, and so on? In the smart city, are the people smart, so that public

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

14

Smart Cities and Knowledge Commons

administration can build on their intelligence? Do the people become smart in their thinking or their acting by virtue of administrators using data and algorithms to shape city life? Are the people generally unchanged, and are the administrators getting smart, or smarter? Research on those questions has often been conceptual and therefore speculative. The smart city is a goal, or a vision, which may follow or may lead to strategies and tactics. The smart city is often characterized in aspirational terms. A city is “smart,” it may be said, when it uses contemporary ICTs to make the city better in some respect – more accessible, affordable, efficient, clean, safe, equitable, and so on (Goldsmith and Kleiman 2017). Criticisms of the smart city often recapitulate criticisms of ICT deployments in other contexts. The smart city may be a tool of power, elitism, and exclusion; the smart city is indifferent to local conditions; the “smart” city is disempowering and dehumanizing (Eubanks 2019; Morozov and Bria 2018). Similarly, the character of governance challenges and opportunities has been obscured by the plethora of phrases used to capture what we mean by “smart” city. Related terminology includes “digital communities” (Mendes, Suomi, and Passos 2004), “data enabled cities” (Open Data Institute 2021), and “algorithmic” cities (Psarra 2018). Neutral-seeming references to “civic technology,” also known as “civic tech,” sometimes replace references to “smart” technology (O’Brien 2018). Smart cities may be characterized as “connected” communities (Nam and Pardo 2011). Prompted in part by work by the sociologist Saskia Sassen, some recent scholarship uses the heading “urban technology” (Adler and Florida 2021), species of what Sassen (2006) called sociodigital formations. IBM gave the “smart city” phrase an important boost in 2009 – the Smart City, featuring initial capitals –with a report advocating that cities get “smarter” by using new pervasive technologies of instrumentation, interconnection, and intelligence relative to a city’s core systems (Dirks and Keeling 2009). The role of computers, computing, and other information technology in urban planning and urban geography can be traced back much farther than that (Sui 1997; Wiig and Wyly 2016). Why the rhetorical pluralism? Governance is, in a word, complex. As Sassen (2006, 208) notes, in part we are asking about the reasons for these systems to exist, in part we are asking about their utility, and in part we are asking about their cultural meanings.

the gkc framework If it’s possible to do smart cities “right,” then the smart city is, in a way, a novel integration, the best of Jacobs’ vision of ground-level community engagement married to what’s valuable in a vision of central or technocratic management. The smart city is a technology-supported coordinated solution to communal governance problems based on pooled information resources, spanning information and data

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

The GKC Framework

15

resources along with streets, parks, and cultural opportunities. In a broad sense, cities often rely on and are built on commons governance – that is, managing resource flows via structured sharing – in complex community and other social contexts. In the more concrete and specific sense relevant to this volume, cities incorporate knowledge commons, managing information flows via structured sharing of knowledge resources in community settings (Madison, Frischmann, and Strandburg 2010). Knowledge commons governance in the smart city consists of the structured interplay of a city’s people and the information and data generated by their sociability, captured and analyzed in particular smart city systems. The point of using the knowledge commons framing as a starting point is to give both researchers and practitioners a standard baseline for asking empirical questions about smart city origins and practices. That research should be inclusive of multiple research methods and disciplinary and policy perspectives. This section reviews and describes the GKC research framework, which offers a useful way to build on that baseline in this volume’s case-based explorations of smart cities. Knowledge commons refers to systems or institutions for governance of shared knowledge and information resources by members of a group or community. Knowledge resources are broadly defined, where knowledge includes “a broad set of intellectual and cultural resources. . . . We emphasize that we cast a wide net and that we group information, science, knowledge, creative works, data, and so on together” (Frischmann, Madison, and Strandburg 2014, 2). In this sense, knowledge resources may lie at any point along the data, information, knowledge, and wisdom hierarchy (Henry 1974). Commons, as used in the literature upon which we build here, refers to community management or governance of resources. “The basic characteristic that distinguishes commons from non-commons is institutionalized sharing of resources among members of a community” (Madison, Frischmann, and Strandburg 2009, 841). Commons governance can take many forms and need not involve the kind of complete openness often associated with discussions of “the commons” or “the public domain” in the legal literature. Nor should “commons” be conflated with the type of resources that are managed. Commons refers to a mode of governance rather than to a particular good or type of good. Commons governance of natural resources is often explored through Ostrom’s Institutional Analysis and Development (IAD) framework. Ostrom’s work initially emphasized the appropriateness of commons governance for “common pool resources,” meaning “a natural or man-made resource system that is sufficiently large as to make it costly (but not impossible) to exclude potential beneficiaries from obtaining benefits from its use” (Ostrom 2005, 4). In economic terms, common pool resources are rivalrous and nonexcludable. Commons governance of such resources generally aims to address so-called tragedies of the commons, social dilemmas associated with overuse – congestion, depletion, and destruction.

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

16

Smart Cities and Knowledge Commons

The number and range of possibly relevant social dilemmas is a question for research in a specific context, rather than a premise to be assumed. Commons governance is used by a wide variety of communities to manage many different types of resources and responds to obstacles to sustainable sharing and cooperation. Some of those obstacles derive from the nature of the resources. Others derive from other factors, such as the nature of the community or external influences. Data and information collection and analysis in the smart city offers ample opportunities to explore how commons governance might be used in particular institutional contexts to respond to dilemmas associated with smart city practices. Knowledge commons governance is no panacea for those dilemmas. In practice it is important to recognize that commons governance may itself create further obstacles to sustainable cooperation. Applied to a specific case study, the GKC framework organizes answers to critical questions that emerge from both the history of cities and the study of knowledge systems: who is governing and who is governed; how; using what tools, techniques, and knowledge; and to what ends? How did the city develop? What are the strengths and weaknesses of the city as a social institution, and how might the benefits of the city be refined and amplified and its costs mitigated? Focusing on smart cities as knowledge commons leads to asking how “smart” urbanism contributes to our understanding of why and how cities thrive and decline. Studying the smart city offers the ability to turn urban geography and economics on its side, if not on its head. The GKC framework drives a deeply contextual approach to urbanism that wonders: what’s happening within the critical data and information layers of the city? The GKC framework supports a systematic investigation of the benefits and drawbacks of sociotechnical solutions to underlying social problems, or dilemmas, without committing the researcher to specific methods, research questions, or disciplinary premises. The framework operates at multiple scales, from the micro to the macro. The GKC framework offers a way to integrate data about background conditions; historical contingencies; resource attributes; community characteristics; cultural and technological affordances; formal and informal rules and norms; money, power, and politics; individual and collective beliefs and behaviors; and diverse levels of access, opportunity, literacy, and expertise. Community characteristics in the city are particularly significant and draw attention to ways in which communities include members, exclude others, and enable or disable effective participation in community governance. Research using the GKC framework complements existing “city as commons” research that builds on Ostrom but that focuses principally on community governance of the city’s material resources, especially housing and the environment (Foster and Iaione 2015). Those themes are organized via the GKC framework into a series of questions for empirical investigation. Relationships among those themes are represented visually in Figure 1.1, which is adapted for knowledge resources from Ostrom’s IAD framework.

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

The GKC Framework

17

figure 1. 1. The GKC framework Source: Madison, Frischmann, and Strandburg (2010)

Using the IAD framework, Ostrom and colleagues explored patterns of community interactions (McGinnis 2011). Action arenas serve as the core units of IAD and GKC analysis. An action arena is a recurring type of situation in which community actors interact with one another. Interactions in an action arena produce outcomes, denoted here as patterns of interactions, which can then be evaluated according to some community or socially generated criteria. The figure depicts how effects flow among conceptual building blocks. Resource characteristics, community attributes (including members and roles), and sets of governing “rules-in-use” are inputs to an action arena. Patterns of interactions accumulate, feeding back to create new action situations and influencing resource characteristics, community attributes, and rules-in-use. Knowledge resources are often produced and defined by the community. The knowledge outputs of some knowledge commons action arenas must themselves be managed by the community and may be inputs to further knowledge production. This feedback, between a community’s activity and its available knowledge resources, justifies community-level analysis, emphasizing questions related to group interactions and outcomes, rather than user-level analysis, emphasizing questions about individual experiences. The action arena concept is flexible and can be applied at a variety of levels of generality, depending on the questions being researched and the resources of interest. Governance activities themselves, determining rules to govern knowledge creation or flow or community membership qualifications, may constitute an action arena. Analyzing an action arena is meaningful only if one can identify resource characteristics, community attributes, and rules-in-use that are “exogenous” or fixed over a number of action situations within that context and if one can describe meaningful “patterns” in the outcomes of the interactions. If an action arena is defined too broadly, then identifying those elements will not be possible; if an action arena is defined too narrowly, then identifying meaningful patterns among them is not possible.

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

18

Smart Cities and Knowledge Commons

The IAD and GKC frameworks include a step in which “evaluative criteria” are applied but do not explicitly provide a yardstick for normative assessment. In the classic studies of natural resource commons, the normative goal is often implicitly assumed to be sustainable use of the resource by the community. Applications of the GKC framework to innovation and knowledge production have generally focused on whether the community is successful in terms of its internally defined goals and objectives, while recognizing that the goals of a knowledge commons community could, in principle, be out of step with, or adverse to, the values and objectives of society at large. For purposes of applying the GKC framework, the high-level GKC framework shown in Figure 1.1 can be unpacked into a more detailed set of research questions shown in Table 1.1. The GKC framework has focused primarily on community goals and objectives rather than on values from higher-level social contexts or foundational ethical and moral principles. Focusing on governance thus raises key questions: Who should be in charge of deciding what those goals and objectives are, and whether they have been achieved? In the smart city context, how is knowledge commons governance contested or reinforced? It’s possible to frame the issue in terms of the contextual “appropriateness” of information flows in the smart city, borrowing from the work of privacy scholars (Sanfilippo, Frischmann, and Strandburg 2018). How is appropriateness evaluated? One strategy for answering those questions focuses on procedural or sociological legitimacy (Habermas 1996), and the GKC framework as outlined earlier suggests directions for exploring that theme in a specific context. Legitimacy raises governance issues that may be addressed through commons institutions. That analysis would consider the development and application of internal and exogenous rulesin-use relative to both members of the community and outsiders impacted by the activities of the community. As outlined here, however, procedural legitimacy is not the only criterion that might be applied to commons governance. The framework is open-ended with respect to developing possible alternatives. The GKC framework does not adopt a specific normative stance about the ends of information flow governance or how they should be prioritized. It begins by uncovering and understanding the contextualized goals and objectives reflected in the governance of information flows in each case, the ways in which they reflect the interests of various community members, and how they are addressed in rules-in-use for information flow in light of the larger social environment.

key gkc themes Both the visual representation of the GKC framework in Figure 1.1 and the tabular list of research questions in Table 1.1 are simultaneously broad and detailed, so using

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

Key GKC Themes

19

table 1.1. The GKC framework Knowledge commons framework and representative research questions Background environment What is the background context (legal, cultural, etc.) of this particular commons? What normative values are relevant for this community? What is the “default” status of the resources involved in the commons (patented, copyrighted, open, or other)? How does this community fit into a larger context? What relevant domains overlap in this context? What social dilemmas does the community face relative to the resources involved? Attributes What resources are pooled and how are they created or obtained? What are the characteristics of the resources? Are they rival or nonrival, tangible or intangible? Is there shared infrastructure? What is personal information relative to resources in this action arena? What technologies and skills are needed to create, obtain, maintain, and use the resources? What are considered to be appropriate resource flows? How is appropriateness of resource use structured or protected? Who are the community members and what are their roles? What are the degree and nature of openness with respect to each type of community member and the general public? Which noncommunity members are impacted? What are the goals and objectives of the commons and its members, including obstacles or dilemmas to overcome? Who determines goals and objectives? What values are reflected in goals and objectives? What are the history and narrative of the commons? What is the value of knowledge production in this context? Governance What are the relevant action arenas and how do they relate to the goals and objectives of the commons and the relationships among various types of participants and with the general public? Are action arenas perceived to be legitimate? What legal structures (e.g., intellectual property, subsidies, contract, licensing, tax, and antitrust) apply? What are the governance mechanisms (e.g., membership rules, resource contribution or extraction standards and requirements, conflict resolution mechanisms, and sanctions for rule violation)? (continued) https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

20

Smart Cities and Knowledge Commons table 1.1. (continued)

What are the institutions and technological infrastructures that structure and govern decisionmaking? What informal norms govern the commons? What institutions are perceived to be legitimate or illegitimate? How are institutional illegitimacies addressed? Who are the decision-makers and how are they selected? Are decision-makers perceived to be legitimate? How do nonmembers interact with the commons? What institutions govern those interactions? Are there impacted groups that have no say in governance? Patterns and outcomes What benefits are delivered to members and to others (e.g., innovations and creative output, production, sharing, and dissemination to a broader audience, and social interactions that emerge from the commons)? What costs and risks are associated with the commons, including any negative externalities? Are outcomes perceived to be legitimate by members? By decision-makers? By impacted outsiders? Source: Adapted from Sanfilippo, Frischmann, and Strandburg (2018)

them in the context of a specific case study risks obscuring key themes that the framework aims to address. Earlier knowledge commons research has taken preliminary steps to identify those themes by synthesizing the implications of knowledge case studies completed to date (Sanfilippo, Strandburg, and Frischmann 2021). They’re listed just below for clarity. Researchers and practitioners applying the framework and analyzing cases, while bearing these questions in mind, can and should tailor their applications to their own specific interests and goals. 1. Knowledge commons governance is often a recursive phenomenon, by which information and data production dynamically constitute and reconstitute the community (or communities) producing that information and data. Exploring the character of relevant communities, including their origins, internal dynamics, and reliance on formal and informal sources of authority and integration, is a complex but critical undertaking. Knowledge commons systems, like the commons governance systems studied by Ostrom and others, may be nested hierarchically, with smaller or more limited commons systems inhabiting larger commons ecologies, and may be arranged polycentrically. Research should be attentive to the potential for effective knowledge commons

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

Conclusion

21

governance in group settings that are not defined as stereotypical smallscale, homogenous communities. Knowledge commons governance brings to the fore possible sociotechnical attributes of community design and governance. 2. Knowledge commons governance relies on community governance strategies to respond to social dilemmas involving knowledge resources. Identifying and describing relevant social dilemmas, and understanding the possible contributions of multiple social dilemmas, is often the first step in applying the GKC framework. 3. Knowledge, information, and data are central resources in studying knowledge commons governance, but they are not the only relevant resources, and they are not the only resources that might be subject to relevant social dilemmas. Research should focus on patterns by which knowledge commons governance and other systems (such as law) contribute to resource construction and to the production and collection of multiple types of resources. 4. The pragmatics of community formation and participation bear heavily on eventual normative assessment of knowledge commons governance in a particular setting. Relevant variables include the degree of self-awareness and participation in resource governance by community members; the constitution of trust relationships among community members; the timing and character of the adoption of a knowledge commons governance model by the community; and possibilities for exit from the system by individuals and groups. Those considerations all exist on spectra, and knowledge commons governance may emerge and evolve over time.

conclusion As in earlier volumes collecting case studies of knowledge commons governance (Frischmann, Madison, and Strandburg 2014; Sanfilippo, Frischmann, and Strandburg 2021; Strandburg, Frischmann, and Madison 2017), we emphasize that research using the GKC framework is still emerging and evolving but that the breadth of its possible utility is just coming into view. Knowledge sharing and knowledge pooling has roots in practices dating back centuries, but it is a fundamental feature of twenty-first-century economy and society. Knowledge sharing requires governance, a fact that also has roots in history but that is especially essential today. We refer to governance of knowledge sharing as knowledge commons. Understanding knowledge commons requires sustained and systematic empirical research. The GKC framework is designed as a foundation for that research that spans specific research traditions and fields. The smart city, with its lofty rhetorical ambitions, political and operational complexity, and sometimes hidden costs, is a natural fit for GKC research.

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

22

Smart Cities and Knowledge Commons

Designers of smart city systems aim to capture the long-standing informational characteristics of the city as data to serve a variety of ends, from transportation management to land use to public health to policing and public safety. The marriage of the city’s traditional materiality and datafication enabled by modern computing appears to be a match made in heaven. The smart city appears to be the better city. Is it? Everything depends on how the information is used: how data collection and analysis systems are designed and deployed, by whom, and for what purposes. Those are the topics that the GKC framework aims to explore, with nuance tailored to whether the case study targets one smart city system in particular or the concept of the smart city as a whole, in a particular place. This chapter has laid out the case for applying the GKC framework in three brief steps. First, it reviewed traditional and historical perspectives on urbanism and the city as important and critical contexts for understanding the turn to the smart city. Second, it described that turn itself, highlighting the features of the smart city that should cause both researchers and practitioners to pause and reflect on the pragmatics and wisdom of deploying smart city technology rather than continuing with other governance modes. Knowledge sharing and knowledge pooling are critical elements in the turn to the smart city. Third, it outlined the GKC framework itself. Each of the case studies in this volume rely in some respect on material summarized in that three-part sequence. Finally, in part because this work is primarily descriptive, like its predecessors, we note again that this approach requires its own knowledge commons to succeed. That is, it requires an expanded research community that uses and extends the framework and shares research results across cases and sectors. The structure of the GKC framework facilitates comparison across cases. We are optimistic that with greater investment in cases and greater analysis of cross-case comparisons, generalizable lessons and implications will emerge. The “Key Themes” section earlier highlights one early version of those patterns. The smart city theme here is useful in this additional respect, by bringing out details of knowledge commons in a setting that differs in many key respects from the focal areas of earlier work, including research and practice in medicine and health, and practices in privacy and security.

references Adler, Patrick, and Richard Florida. 2021. “The Rise of Urban Tech: How Innovations for Cities Come from Cities.” Regional Studies, September 1–14. https://doi.org/10.1080/ 00343404.2021.1962520. Bairoch, Paul. 1988. Cities and Economic Development: From the Dawn of History to the Present. Translated by Christopher Braider. Chicago, IL: University of Chicago Press. Baldwin, Melinda. 2017. “In Referees We Trust?” Physics Today 70 (2): 44–49. https://doi.org/ 10.1063/PT.3.3463. Batty, Michael. 2016. “Big Data and the City.” Built Environment 42 (3): 321–37. https://doi .org/10.2148/benv.42.3.321.

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

References

23

Cardullo, Paolo, and Rob Kitchin. 2019. “Smart Urbanism and Smart Citizenship: The Neoliberal Logic of ‘Citizen-Focused’ Smart Cities in Europe.” Environment and Planning C: Politics and Space 37 (5): 813–30. https://doi.org/10.1177/0263774X18806508. Cronon, William. 1992. Nature’s Metropolis: Chicago and the Great West. New York: W. W. Norton. Dirks, Susanne, and Mary Keeling. 2009. “A Vision of Smarter Cities: How Cities Can Lead the Way into a Prosperous and Sustainable Future.” IBM Global Services. Eubanks, Virginia. 2019. Automating Inequality: How High-Tech Tools Profile, Police, and Punish the Poor. 1st Picador ed. New York: Picador St. Martin’s Press. Farsi, Maryam, Alireza Daneshkhah, Amin Hosseinian-Far, and Hamid Jahankhani. 2020. Digital Twin Technologies and Smart Cities. Cham: Springer. Finger, Matthias, and Edy Portmann, eds. 2016. Towards Cognitive Cities: Advances in Cognitive Computing and Its Application to the Governance of Large Urban Systems. Studies in Systems, Decision and Control 63. 1st ed. Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-33798-2. Florida, Richard L. 2014. The Rise of the Creative Class: Revisited. New York: Basic Books. Foster, Sheila, and Christian Iaione. 2015. “The City as a Commons.” Yale Law & Policy Review 281 (August): 282–307. Frischmann, Brett M., Michael J. Madison, and Katherine J. Strandburg, eds. 2014. “Governing Knowledge Commons.” In Governing Knowledge Commons, 1–43. New York: Oxford University Press. Frischmann, Brett M., and Evan Selinger. 2018. Re-Engineering Humanity. Cambridge: Cambridge University Press. Glaeser, Edward L. 2012. Triumph of the City: How Our Greatest Invention Makes Us Richer, Smarter, Greener, Healthier, and Happier. New York: Penguin Books. Goetzmann, William N., and K. Geert Rouwenhorst, eds. 2005. The Origins of Value: The Financial Innovations That Created Modern Capital Markets. Oxford: Oxford University Press. Goldsmith, Stephen, and Susan Crawford. 2014. The Responsive City: Engaging Communities through Data-Smart Governance. San Francisco: Jossey-Bass. Goldsmith, Stephen, and Neil Kleiman. 2017. A New City O/S: The Power of Open, Collaborative, and Distributed Governance. Innovative Governance in the 21st Century. Washington, DC: Brookings Institution Press. Goodman, Ellen P., and Julia Powles. 2019. “Urbanism under Google: Lessons from Sidewalk Toronto.” Fordham Law Review 88 (2): 457–98. Habermas, Jurgen. 1996. Between Facts and Norms: Contributions to a Discourse Theory of Law and Democracy. Cambridge, MA: MIT Press. Henry, Nicholas L. 1974. “Knowledge Management: A New Concern for Public Administration.” Public Administration Review 34 (3): 189–96. https://doi.org/10.2307/ 974902. Jacobs, Jane. 1961. The Death and Life of Great American Cities. New York: Random House. Knox, Paul L. 2020. Better by Design? Architecture, Urban Planning, and the Good City. Blacksburg: Virginia Tech Publishing. Komninos, Nicos. 2013. “What Makes Cities Intelligent?” In Smart Cities: Governing, Modelling and Analysing the Transition, edited by Mark Deakin, 77–95. London: Routledge. Komninos, Nicos, and Christina Kakderi, eds. 2019. Smart Cities in the Post-Algorithmic Era: Integrating Technologies, Platforms and Governance. Cities Series. Cheltenham: Edward Elgar.

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

24

Smart Cities and Knowledge Commons

Leonard, Thomas C. 2015. “Progressive Era Origins of the Regulatory State and the Economist as Expert.” History of Political Economy 47 (suppl. 1): 49–76. https://doi .org/10.1215/00182702-3130439. Lynch, Kevin. 1960. The Image of the City. Cambridge, MA: MIT Press. Madison, Michael J., Brett M. Frischmann, and Katherine J. Strandburg. 2009. “The University as Constructed Cultural Commons.” Washington University Journal of Law and Policy 30: 365–403. 2010. “Constructing Commons in the Cultural Environment.” Cornell Law Review 95 (4): 657–709. McGinnis, Michael D. 2011. “An Introduction to IAD and the Language of the Ostrom Workshop: A Simple Guide to a Complex Framework.” Policy Studies Journal 39 (1): 169–83. https://doi.org/10.1111/j.1541-0072.2010.00401.x. Mendes, Manuel J., Reima Suomi, and Carlos Passos, eds. 2004. Digital Communities in a Networked Society: E-Commerce, e-Business, and e-Government. International Federation for Information Processing 139. Boston, MA: Kluwer Academic Publishers. Morozov, Evgeny, and Francesca Bria. 2018. “Rethinking the Smart City: Democratizing Urban Technology.” 5. City Series. New York: Rosa Luxemburg Stiftung. https://rosalux .nyc/rethinking-the-smart-city-democratizing-urban-technology/. Mumford, Lewis. 1961. The City in History: Its Origins, Its Transformations, and Its Prospects. A Harvest Book. New York: Harcourt, Brace and World. Nam, Taewoo, and Theresa A. Pardo. 2011. “Conceptualizing Smart City with Dimensions of Technology, People, and Institutions.” In Proceedings of the 12th Annual International Digital Government Research Conference on Digital Government Innovation in Challenging Times – Dg.o ’11, 282. College Park, MD: ACM Press. https://doi.org/10 .1145/2037556.2037602. O’Brien, Daniel T. 2018. The Urban Commons: How Data and Technology Can Rebuild Our Communities. Cambridge, MA: Harvard University Press. O’Mara, Margaret. 2019. The Code: Silicon Valley and the Remaking of America. New York: Penguin Press. 2020. “The High-Tech Revolution and the Disruption of American Capitalism.” In Capitalism Contested: The New Deal and Its Legacies, edited by Romain Huret, Nelson Lichtenstein, and Jean-Christian Vinel, 199–223. Philadelphia: University of Pennsylvania Press. Open Data Institute. 2021. “Data Enabled Cities,” January 10, 2021. https://theodi.org/article/ data-enabled-cities/. Ostrom, Elinor. 2005. Understanding Institutional Diversity. Princeton Paperbacks. Princeton, NJ: Princeton University Press. Psarra, Sophia. 2018. “The City as an Algorithm.” The Bartlett Review, 2018. www.ucl.ac.uk/ bartlett/about-us/bartlett-review/bartlett-review-2018/essays/city-algorithm. Rybczynski, Witold. 1996. City Life: Urban Expectations in a New World. New York: Simon & Schuster. Sadowski, Jathan, and Frank Pasquale. 2015. “The Spectrum of Control: A Social Theory of the Smart City.” First Monday, June. https://doi.org/10.5210/fm.v20i7.5903. Sanfilippo, Madelyn Rose, Brett M. Frischmann, and Katherine J. Strandburg. 2018. “Privacy as Commons: Case Evaluation through the Governing Knowledge Commons Framework.” Journal of Information Policy 8: 116–66. https://doi.org/10.5325/jinfopoli.8 .2018.0116. eds. 2021. Governing Privacy in Knowledge Commons. Cambridge: Cambridge University Press.

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

References

25

Sanfilippo, Madelyn Rose, Katherine J. Strandburg, and Brett M. Frischmann. 2021. “Conclusion: Privacy as Knowledge Commons Governance.” In Governing Privacy in Knowledge Commons, edited by Madelyn Rose Sanfilippo, Brett M. Frischmann, and Katherine J. Strandburg, 268–90. Cambridge: Cambridge University Press. Sassen, Saskia. 2006. “Socio-Digital Formations: Constructing an Object of Study.” In ScaleUp in Education: Ideas in Principle, Volume 1, edited by Barbara Schneider and SarahKathryn McDonald, 203–16. Lanham, MD: Rowman & Littlefield Publishers. Scott, James C. 2017. Against the Grain: A Deep History of the Earliest States. Yale Agrarian Studies Series. New Haven, CT: Yale University Press. Strandburg, Katherine J., Brett M. Frischmann, and Michael J. Madison, eds. 2017. Governing Medical Knowledge Commons. Cambridge Studies on Governing Knowledge Commons. Cambridge: Cambridge University Press. Sui, Daniel Z. 1997. “Reconstructing Urban Reality: From GIS to Electropolis.” Urban Geography 18 (1): 74–89. Wiig, Alan, and Elvin Wyly. 2016. “Introduction: Thinking through the Politics of the Smart City.” Urban Geography 37 (4): 485–93. https://doi.org/10.1080/02723638.2016.1178479.

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

https://doi.org/10.1017/9781108938532.002 Published online by Cambridge University Press

par t i

Social Dilemmas around Urban Data

https://doi.org/10.1017/9781108938532.003 Published online by Cambridge University Press

https://doi.org/10.1017/9781108938532.003 Published online by Cambridge University Press

2 The Challenge for Cities of Governing Spatial Data Privacy Feiyang Sun and Jan Whittington

introduction Organizations from both the public and private sector hold large quantities of data, in both static form and real-time flow. US governmental organizations increasingly depend on the timely use of data for evidence-based policy-making, thus allowing government data to be viewed as a public resource and the governance of data to influence public interpretations of the role of government in serving the public good. If these datasets were stored and shared more widely within and across organizations, the resulting analytics could be used to improve organizational efficiency and productivity, enable and empower the general public, and produce economic and commercial value. The governance of data is, however, subject to a tension between data sharing and the need to apply both legal and technical means to protect the privacy of individuals represented in the data, as well as the need to address questions about data as property for public and private agents (Whittington et al. 2015; Young et al. 2019). Local governments face technical and organizational barriers to governing data in the public interest, and have recently begun, as exhibited in the City of Seattle, to piece together policies, departmental resources, and implementation strategies for the purpose of effective governance of data. The lack of such governance structures not only prevents organizations from receiving the full benefits of their data, but also brings a number of costs to organizations and individuals represented in the data. Data sharing is often an essential first step to enable public–private partnerships, as would be needed to provide government oversight of firms operating within the city under permits or as vendors. Without an established set of protocols for sharing and governing data, considerable costs of repeated negotiation and legal disputes emerge for governments and firms (Savage 2019). Furthermore, the lack of established governance structures for data sharing opens up an unregulated and unmonitored market for data brokers, who may then collect and rejoin released datasets, re-identify data 29 https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

30

The Challenge for Cities of Governing Spatial Data Privacy

subjects, and sell the resulting artifacts for profit (Federal Trade Commission 2014). Any economic or social costs that arise from the loss of privacy from public data can be treated as externalities that, by definition, are paid by the general public (i.e., the data subjects), while the benefits are captured by the private data brokers, which also creates harms to social equity (Savage 2019). This chapter examines the case of institutional design for urban data governance in the City of Seattle as a collective action problem, referencing three prominent theoretical frameworks for studying institutional change and institutional economics. This work centers on the Governing Knowledge Commons (GKC) framework, which is adapted from Elinor Ostrom’s Institutional Analysis and Development (IAD) framework for natural resource commons (Ostrom 1990) and developed by Frischmann, Madison, and Strandburg (2014) to study institutional arrangements for overcoming various social dilemmas associated with sharing and producing information, innovation, and creative works (Frischmann, Madison, and Strandburg 2014). Furthermore, this chapter notes the foundational integration of the IAD framework with Oliver Williamson’s transaction cost economics (TCE), highlighting the role of transaction costs in understanding the externalities associated with the governance of data (Hoofnagle and Whittington 2014; Whittington and Hoofnagle 2012; Williamson 1975, 1985). The chapter is organized in two main sections. The first provides theoretical context for understanding the case of Seattle City smart city governance, including GKC, IAD, and TCE as presented in the privacy literature, which benefits from the concepts of privacy as contextual integrity (Nissenbaum 2004) and the taxonomy of privacy (Solove 2006). The second section applies Seattle’s governance structure to this theoretical framework, as one case study of several in the GKC series to comparatively analyze institutional change and city governance.

theoretical frameworks for evaluating city governance of privacy Privacy research recognizes theoretical frameworks from economics (Acquisti 2014: Hoofnagle and Whittington, 2014) and information economics (Choi, Jeon, and Kim 2019), and includes the theories developed from within the field (Nissenbaum 2004; Rubinstein 2018; Solove 2006). Some recent advances examine the formation of institutions for governing privacy as part of a commons (Savage 2019), with reference to Elinor Ostrom’s path-breaking institutional economic work (Ostrom 1990). Elinor Ostrom’s research on the governance of common pool resources provided an empirical and theoretical explanation of institutional change within communities (Ostrom 1990). Problems governing common pool resources, such as fisheries and groundwater aquifers, offer iconic representations of the tragedy of the commons, found principally in Cournot’s model of noncooperation in the prisoner’s

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

Theoretical Frameworks

31

figure 2.1 . The internal structure of an action situation (Ostrom 2011)

dilemma (Hardin 1971). Ostrom’s contributions to game theory reveal, however, the mechanisms employed to create institutions of self-governance in these settings, providing empirical evidence, more elaborate models, and grounded theories that bear on Nash’s (1953) theory of cooperation. Frischmann, Madison, and Strandburg (2014) extend Elinor Ostrom’s (1990) IAD framework for natural resource commons to study commons-based knowledge production, or governing of the knowledge commons. Adapted to describe institutions governing information, the knowledge commons framework simply expands on the concept of resource characteristics to include those other than products of the natural world (Frischmann, Madison, and Strandburg 2014). Resource characteristics, attributes of the community, and rulesin-use (a reference to path dependence in institutional economics), are influencing factors for actors in “action situations,” which give rise to patterns of interaction and feedback loops within the community. Further, within Ostrom’s concept of IAD (Ostrom 2011), action situations are given internal structure by recognizing persons in positions meaningful to potential outcomes, who may differ in their information about the situation or their authority or ability to control the situation (Figure 2.1). And, of course, the costs and benefits of outcome situations vary, for the community as a whole and for the participants and those they may represent in the action situation. This illustrates how, as a framework, Ostrom’s IAD and the GKC identify universal elements to consider in the analysis of institutions (Ostrom 2011, 8).

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

32

The Challenge for Cities of Governing Spatial Data Privacy

In general, the IAD and GKC support research on the economics of institutions, as found in transaction cost economics. Transaction cost economics, as described by Ronald Coase (1960) and operationalized by Oliver Williamson (1975), provides theoretical and empirical support to the idea that institutions and organizations within well-functioning economies are formed for the purpose of economizing on transaction costs. This theory and the associated body of empirical work apply further to comparative analysis of economies (North 1990), where institutions are the defining source of variation in economic performance. TCE, GKC, and IAD are complementary, as each elaborates on institutions and their economic performance. Their principal difference may be that GKC and IAD provide a framework for connecting qualitative variables in the formation of institutions to outcomes in the form of costs and benefits to participants, which TCE describes as a transaction in a more typical well-formed market. In contrast, TCE offers research designs for comparatively analyzing the efficiency of institutions in terms of costs, which can answer questions about the relative collective benefits of the institutional changes examined from place to place or over time in GKC and IAD fashion. Both the GKC and the TCE frameworks have been applied to analyze alternative governance forms for privacy. Sanfilippo, Frischmann, and Strandburg (2018) adopted the GKC framework and complemented it with Helen Nissenbaum’s (2004) “privacy as contextual integrity” approach and Solove’s (2006) taxonomy of privacy’s diverse meanings. Through a meta-analysis of fourteen case studies using the GKC or IAD framework, the study demonstrated the usefulness of the GKC framework to systematically explore and structure variance among communities with respect to knowledge resources and participation, obstacles and dilemmas surrounding knowledge formation and flows, objectives of participants, and rulesin-use structuring knowledge and privacy commons. Whittington and Hoofnagle (2012; Hoofnagle and Whittington 2014) utilized the TCE framework and the concept of asset specificity to explain the hidden privacy cost of the exchange between consumer information and “free” online services. Asset specificity arises in data as individuals may be identified from it, making data subjects party to transactions that use the data or third parties subject to external effects from transactions. Since the exchange between consumers and online firms is not simple and discrete, but rather a continuous transaction with atypical attributes, these exchanges make it very difficult for consumers to determine the value of what they are trading. Even after an individual consumer becomes aware of the cost of privacy loss ex post, it is difficult for that consumer to switch service or withdraw their information without a significant cost due to the high asset specificity of personal information. Building upon existing studies using GKC and TCE, this case study of governance of information by the City of Seattle offers an application of these theories to municipal data governance for privacy, and an illustration of the potential for research design on the efficiency of institutional change for the purpose of privacy governance.

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

Case Study of the City of Seattle

33

case study of the city of seattle The City of Seattle has led the nation in the adoption of privacy principles and governance structures since the first appointment of a Chief Privacy Officer in 2015. This was followed by a surveillance ordinance and a series of system-wide evaluations of applications, technologies, and data assets, including the contents available as open data and for public records requests. The following subsections map the systems and policies of information governance in the City of Seattle to the components of the GKC framework. This analysis covers several relevant actions as Seattle has expanded and deepened its means and methods for governing privacy in municipal data over the past five years. This brief evolution of policy and its implementation includes the governance of data and the technologies used to collect and process data by the City of Seattle to protect the privacy of city residents, while retaining the utility of data for municipal purposes. The IAD and GKC frameworks exist as a constellation of variables that surround and define these actions. This subsection first addresses so-called external variables, which are (1) the resource characteristics, (2) attributes of the community, and (3) the rules-in-use. This is followed by subsections that focus on the action arena, by identifying (4) action situations, (5) actors in positions, (6) rule configurations as they may affect the action under consideration, and (7) patterns of potential outcomes and interactions. Resource Characteristics Cities often face conflicted objectives when it comes to the governance of urban data. On the one hand, they are pushed to provide more public access to the data to better inform decisions, facilitate research, and enhance governance transparency and accountability. On the other hand, they also have the obligation to protect the privacy of their residents in order to build and maintain public trust in represented government, the fiduciary responsibility of government with taxpayer funds and the provision of government services for the public good. The goal of the governance of urban data is to balance these two objectives through the management of urban data as a public resource. This subsection discusses the characteristics of urban data and associated common privacy challenges, noting that public trust in government is associated with effective governance of data in the public interest while perceptions of lack of trust can be interpreted as indicators of inefficient or ineffective governance of data in the public interest. However, since the concept of trust in governance of the commons is rather complex and has been discussed extensively in other IAD contexts (Ostrom 2009), this chapter only focuses on the governance of urban data. Data has monetary and governmental value as property, bringing measurable costs and benefits to users and data subjects. In transactions involving personal data, safeguards for privacy are viewed as necessary to reduce the cost to the data subject

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

34

The Challenge for Cities of Governing Spatial Data Privacy

that may arise from opportunism with guile on the part of any individual or organization possessing such data. In this sense, governance structures that safeguard privacy reduce ex post transaction costs over data that may be used to identify individuals and groups in society. A single transaction represents the smallest indivisible unit of analysis (Whittington and Hoofnagle 2012) in the study of information flow (e.g., Nissenbaum 2004). A transaction is anchored in contextual integrity when the data subject is a voluntary party to the transaction and, furthermore, knows the ex post implications of the exchange. This knowledge, however, is not easy to acquire. Safeguards for privacy lower transaction costs for the data subject by making the implications of exchange more explicit (reducing information asymmetry), constraining information flow (e.g., preventing transfer of data to third parties or distribution of data to secondary markets), and giving data subjects the right to delete data held by others (Whittington et al. 2015; Hoofnagle and Whittington 2014). The aim is to form institutional arrangements that the parties (including the data subject) would have formed if endowed with equal bargaining power (Hoofnagle and Whittington 2014; Whittington and Hoofnagle 2012). However, not all transactions of personal data require the same level of safeguarding, and implementing the appropriate safeguard requires the evaluation of privacy risks and associated transaction costs involved in each type of transaction. Safeguards can be construed as alternative governance structures in transaction cost economics (i.e., alternative institutional arrangements), and the idea of economizing is to find the alignment of transactions (with their privacy characteristics) with governance structures (institutional arrangements) to minimize transaction costs to the collection of parties involved, ex ante and ex post. In terms of safeguarding personal data for privacy, both Nissenbaum (2004) and Solove (2006) have explored the variability and heterogeneity of privacy expectations. Nissenbaum (2004) has pointed to key parameters of information norms, such as actors, attributes, and transmission principles, to locate context, identify disruptive flows, and determine the constraints on the flow of information. The TCE framework of comparative institutional analysis could be used to empirically examine or implement Nissenbaum’s contextual integrity framework in order to find governance structures that fit – i.e., that minimize ex post privacy loss. In other words, the TCE framework is a complementary methodology for understanding the effects and perhaps quantifying the variability of privacy risk and associated harms by examining the relationship between personal data and the bilateral contractual relationship of the transaction through the lens of asset specificity (e.g., trade in personal or identifiable information for another good). Asset specificity describes the degree to which an asset can be redeployed to alternative uses and by alternative users without sacrifice of productive value (Williamson 1975). Asset specificity in information is, in this way of thinking, a function of the personal or re-identifiable nature of the data in question (Hoofnagle and Whittington 2013). Personal information is, in the TCE sense, an asset unique

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

Case Study of the City of Seattle

35

to each consumer and difficult to redeploy. For example, daily routines or habits would often take months or years to change and it is almost impossible to change a person’s biological information. When an asset cannot be redeployed without a significant cost, transactions are more likely to form a bilateral dependent relationship ex post, even when the contractual relationship starts from perfect competition ex ante. Such a bilateral dependent relationship would lock consumers via their personal or re-identifiable information in the transaction, which increases the risk of exploitation by opportunism. The higher the asset specificity of a piece of personal information, the more likely a consumer is to be locked in bilateral dependent trading relations with the firms that obtain this information, and therefore this requires higher levels of safeguard. Previous analysis of Seattle data governance highlights the outsized role of personal identifiable data in city affairs (Whittington et al. 2015). The emergence of location-based services has led to an unprecedented surge in spatiotemporal data sources available to cities and their vendors, and Seattle is no exception. While the new sources offer opportunities to discover subject-level knowledge and expand fields of inquiry, they also allow the re-identification of individuals, thus raising privacy risk by revealing intimate information about persons (Thompson and Warzel 2019). Location-based and time-stamped data may be analyzed with malicious intent, with serious consequences for the persons identified through the data. This subsection identifies the common data sources the City of Seattle encounters in daily practice and summarizes the empirical evidence identified in the literature, demonstrating the privacy risks of different types of such data. Public Records Although data from public records do not possess the same level of spatiotemporal resolution as data emerging from new sources, studies have shown that the simplest location or temporal information in public records can be linked to existing available records to re-identify people. Golle (2006) examined 2,000 census data records and found that 63 percent of the US population can be uniquely identifiable by gender, five-digit zip code, and estimated date of birth. Even at the county level, 18 percent of the US population can be identified using these three variables. With the same identifiers of gender, zip code, and birth date, Sweeney (2002) linked two publicly available datasets – the voter registration list and health insurance data in Massachusetts – and successfully identified the governor of Massachusetts. Acquisti and Gross (2009) used the birth records from the SSA Death Master File (DMF) and observed a correlation between individuals’ Social Security numbers (SSNs) and their birth data, which allows statistical inference of private SSNs. The correlation is more significant for the younger cohort between 1989 and 2003, with 61 percent of records being correctly predicted by their birth data. More recently, Whittington et al. (2015) examined the datasets available from Seattle’s open data portal and estimated that nearly all tables in the selected sample

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

36

The Challenge for Cities of Governing Spatial Data Privacy

can be spatially linked to data identifying persons either by spatial coordinate information or by zip code. Surveillance Cameras Surveillance cameras, or closed-circuit television (CCTV) in particular, have long been approved by police forces, governments, local councils, and business owners to maintain safety and security (Ditton 2000). A plethora of attention to surveillance cameras can be found in urban studies literature. As early as 1996, Jean Hillier documented the course of events in summer 1994 at Burswood Casino, where security camera operators abused their access to control equipment by targeting the cameras at women for voyeuristic pleasure. The story caused major public outrage and started a widespread debate on the blurring boundaries between public and private space and activities (Koskela 2002). More recently, Spiller (2016) discussed his own experiences in the United Kingdom of identifying seventeen different CCTV cameras and being recorded, and the attempts to access his images through subject access requests. He wrote thirty-seven letters, made thirty-one phone calls, and spent £60 making the requests; and he faced a number of obstacles in obtaining the footage, including inadequate contact information, misleading or incorrect information, lack of responses, and simple rejection. Apart from the aforementioned qualitative studies, others have applied a more quantitative approach. Ma et al. (2010) studied how snapshots of traffic intersections can be used as side information to achieve various privacy attacks on a person’s mobility traces. The study used both real and simulated mobility trace data and found that ten snapshots can identify the trace of 30–50 percent of the victims. Chen, Yang, and Xu (2017) applied the K-means clustering algorithm to one week of license plate recognition data obtained in Shenzhen, China and successfully reduced the data into groups with unique travel times, travel purposes, and spatial travel patterns. Gao, Sun, and Cai (2019) measured the privacy vulnerabilities of license plate recognition data captured by high-resolution cameras on highways in Guangzhou, China. The study found that five spatiotemporal records are enough to uniquely identify about 90 percent of individuals, even when the temporal granularity is set at half a day. The study also proposed two privacy protection methods: a suppression solution and a generalization solution. An entropy measure of information loss is also introduced to measure the utility loss caused by each solution. Spatial Trajectory Data Spatial trajectory data is another popular data type. Compared with public records data and data collected by location-based sensors, it has the highest spatiotemporal resolution, which is typically within a time interval of less than a minute. Thus, it also processes the highest privacy risks among all data types. Spatial trajectory data can come in several forms, such as GPS, cell phone signal tower data, or locationbased micro-transaction information.

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

Case Study of the City of Seattle

37

Studies on the privacy risk of spatial trajectory data abound. Terrovitis and Mamoulis (2008) examined the privacy risk of trajectory data using a synthetic dataset with an initial setting of 100 unique addresses and 10,000 trajectories. The number of adversaries who observe information increases gradually and the result shows that with five adversaries (i.e., spatiotemporal data points), over 90 percent of the individuals can be identified through the dataset. Munizaga and Palma (2012) developed an estimation method for transit alighting and applied it to a week of transit smartcard and GPS data on 36 million observations for Santiago, Chile. The proposed method can build a detailed public transport origin and destination matrix at any desired time–space disaggregation. De Montjoye et al. (2013) have shown, in their study of the hourly cell-phone tower tracking of 1.5 million devices by media access control (MAC) address over fifteen months, only four spatiotemporal data points per day are needed to re-identify 95 percent of the owners of those devices. And as noted above, Gao, Sun, and Cai (2019) measured the risk of license plate recognition data and found that, even when aggregating data over a twelve-hour period, about 90 percent of individuals may be identified with as few as five spatiotemporal data points. In summary, the public resource under consideration for this study is data collected, held, and used by the municipality, and many types of municipal data happen to carry the threat of loss of privacy and associated costs to the data subject if released to the public, giving municipalities a compelling rationale for governing municipal data with privacy in mind. In the City of Seattle, events occurring in 2013 and 2014 elevated public concern over privacy to a peak, prompting the city to adopt a fresh perspective on the problem of public surveillance. Attributes of the Community The modern evolution of Seattle’s privacy policies and their implementation began in 2013, as the Seattle police began to install surveillance cameras and a mesh network with the capability of tracking wireless devices through downtown. Attentive to the emergence of cameras on city streets, critics of the system were vocal in their concern and opposition, including the Seattle Privacy Coalition, a group formed in March 2013 and incorporated as a nonprofit organization in 2014 to protect citizen privacy from government surveillance programs and intrusive corporate data collection (Seattle Privacy Coalition 2013). In response to criticism, the city deactivated the network, and began a multiyear process to conceive of policies and a governance system to protect public privacy in municipal data and information technology. Action on the part of the city was swift. In November 2014, the city convened a Privacy Advisory Committee composed of academics, practitioners, lawyers, and community advocates, which provided advice to city departments as they engaged in a new initiative to explore the role of the municipality with regard to protecting the

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

38

The Challenge for Cities of Governing Spatial Data Privacy

privacy of its residents. By February of 2015, these efforts resulted in a unanimous vote of the city council to adopt the City’s Privacy Principles, referred to by Mayor Murray as “a guide for our work in local government in order to help build and maintain trust with the people we represent” (City of Seattle 2015). Implementation began immediately, in 2015, as the city hired a Chief Privacy Officer and initiated policies and procedures associated with the principles, including notice and consent, the minimization of data collection and use, and the deletion or de-identification of data according to city data retention schedules. At the same time, the city’s approach to data governance for privacy was furthered by its participation in a study of internal data governance practices and public perception of privacy risk (Whittington et al. 2015). For example, Whittington et al. (2015) found that while the city’s open data initiative was induced by the hope of improving government transparency and accountability, without a comprehensive assessment of latent risks and effective governance structures, it can lead to harms of privacy and social equity to the general public and public employees. In 2016, the City of Seattle made an ambitious change to its organizational structure by consolidating its IT staff across the Department of IT and other departments into one office, Seattle Information Technology (Seattle IT) to provide centralized information management and tech support to its twenty-eight departments. Seattle IT hosts its Security, Risk, and Compliance division, working in tandem with the Privacy Program to meet both privacy and security needs. The Privacy Program holds city departments accountable to its privacy principles and has published a privacy toolkit for use by each department to assess the privacy implications of the data it collects and uses. In 2016–17, Seattle IT accomplished the feat of training 92 percent of municipal employees on data privacy and security via interactive training; this effort achieved high completion rates through internal monitoring, reminders, and customization. Seattle IT’s organizational restructuring plays a key role in facilitating administration of the Privacy Program and privacy training. In 2017, managerial performance reviews began to include personnel completion of annual privacy training as a success criteria (Whittington, Young, and Armbruster 2018). Figure 2.2 illustrates the structure of the Privacy Program and its relationship with other municipal departments in 2018. The Privacy Program oversees privacy issues associated with data used in the other twenty-eight departments in the municipality. The Privacy Program personnel include a Chief Privacy Officer, a Privacy Program Manager, Senior Privacy Specialist, Privacy Specialist, and Data Analyst Intern. It also has indirect reports within each department called “Privacy Champions.” Privacy Champions are volunteers nominated by the directors of each department. They are trained in data privacy, and assist the Privacy Program personnel in carrying out privacy assessments of datasets intended for Seattle’s Open Data Platform.

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

Case Study of the City of Seattle

39

figure 2.2. Organization chart of the Privacy Program and related areas (Whittington, Young, and Armbruster 2018)

The evolution of Seattle’s governance of municipal privacy was given further definition in 2018, when a city ordinance took effect that was touted by the American Civil Liberties Union as the “Nation’s Strongest Regulations for Surveillance Technology” (ACLU Washington 2017). Seattle had, in 2013 and again in 2016 (Ordinance No. 124142 and 125376), already enacted two ordinances advancing privacy concerns over technologies that may be used for the purpose of surveillance. The latest of these acts (Ordinance No. 125679) offered a significant expansion of the city’s efforts. It deepened the role of municipal governance of privacy in relation to the community by establishing a Community Surveillance Working Group, an advisory body to the city comprised of community members, and a detailed apparatus for communicating to the public about the process and results of city decisions regarding the adoption and use of technologies capable of surveillance. Altogether, this brief overview of the development of privacy policy and administration at the City of Seattle reinforces the concept of municipal privacy governance as an iterative process between the municipality and the general public it serves,

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

40

The Challenge for Cities of Governing Spatial Data Privacy

even as the varied departments and personnel, with their roles and responsibilities, grow and adapt to the new norms of privacy protection in the governance of municipal data.

The Action Arena: Action Situations and Actors The next factor of study in the City of Seattle’s institutional environment is the action situation in the action arena – in particular, the action situations for governing privacy in urban data. An action situation is a key conceptual unit of GKC to describe the social space where individuals or actors interact, exchange goods and services, solve problems, dominate one another, or fight (Ostrom 2011). The identification of an action situation and the resulting patterns and outcomes is essential as most of the description, prediction, analysis, and explanation under the GKC framework takes place at this level (Ostrom 2011; Sanfilippo, Frischmann, and Strandburg 2018). To identify the action situations in this case study, we first apply Varian’s (2004) concept of system reliability, common to data security as well as privacy, which argues that system reliability can be treated as a type of public good that depends on the successful function of the weakest link of the system. In other words, any one of many possible actors or action situations can result in a release or distribution of data that results in a loss of privacy: multiple dimensions, actors, and interactions could be identified as weak links in the effort to govern data for privacy and undermine the collective effort of the municipality to preserve citizens’ privacy. This study therefore conceives of the action situation as existing in these multiple contexts. To further dimensionalize privacy, we also employ Solove’s taxonomy of privacy (Solove 2006) to identify the array of privacy problems and the action situations under consideration. Table 2.1 presents the privacy dimensions identified in Solove’s taxonomy of privacy and the corresponding action situations, actors, and associated privacy concerns. It is worth noticing that under the original taxonomy of privacy there are four dimensions of privacy problems, which are information collection, information processing, information dissemination, and invasion. Here we cover the first three dimensions and combine collection and processing, as they often fall under the same policies. As illustrated in Table 2.1, public agencies face a variety of action situations under which they may interact with different actors, including private vendors, special interest groups, other departments in the municipality, and the general public. Depending on access to information and control, the same actors may have a different position under different action situations. For example, while public agencies provide monitoring under the action situation of the vendor agreement, they are being monitored by the special interest group under the action situation of surveillance ordinance to prevent opportunistic behavior by the public agencies.

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

Case Study of the City of Seattle

41

table 2.1. Privacy taxonomy and action situations Privacy dimension Information collection & processing

Action situations

Actors

Privacy concerns

Vendor agreement

Public agency and vendors

Surveillance ordinance

Public agency and special-interest groups Departments within public agency

Sale to third-party data brokers of data collected by vendors for public use Abusive use of data collected by city surveillance technologies Personally identifiable or sensitive information

Privacy impact assessment Information dissemination

Public disclosure request Open data release

Public agency and the general public Public agency and the general public

Request with malicious intent Data in a single dataset or from multiple joined datasets contain personally identifying or sensitive information

Rules-in-Use We group rules into federal and state laws and municipal policies. For the action situations, federal and state laws can be viewed as exogenous because they are not influenced by the outcomes of the action situations. In comparison, municipal policies can be endogenous to the action situations since they may be created or amended as an outcome of the action situation. In the State of Washington, the Public Records Act (RCW 42.56) allows for the clear majority of public agency records to be disclosable in response to a specific request. The City of Seattle estimates that it receives between 200 and 250 public disclosure requests (PDR) each week, over 12,000 annually. There is careful consideration about what can be disclosed in response to each such request. To comply with the Public Records Act, requested records may only redact or exempt attributes that are explicitly exempted from disclosure under the law, such as the home addresses of city employees, children’s information, and personal information for individuals receiving some services associated with welfare. Recognizing the impact of these requests on state and municipal government, in 2017 the Washington State Legislature passed two bills relevant to public disclosure. HB 1595 provides for an agency to charge a per-gigabyte fee for the production of electronic records, whereas costs were previously charged for photocopies and hard drives alone. It also allows agencies to deny requests generated by bots, which are

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

42

The Challenge for Cities of Governing Spatial Data Privacy table 2.2. Relevant state and federal legislative activities (compiled from Privacy Program Annual Report 2019)

Legislative activities State The California Consumer Protection Act (CCPA) The Washington Privacy Act (WaPA – SB 6281) The Use of Facial Recognition Services Bill (SB 6280)

The Remedies for Misuse of Biometric Data Bill (HB 2363) The Consumer Protection Requirements for Data Brokers Bill (HB 1503) Federal Information Transparency and Personal Data Control Act Consumer Online Privacy Rights Act (COPRA)

Timeline Effective January 1, 2020 Failed a House vote in 2019; Reintroduced January 13, 2020 Did not pass out of committee in 2019; Reintroduced in 2020 Introduced in 2020 Held over in 2019; Reintroduced in 2020 Reintroduced in 2018 Introduced in 2019

automated software programs that were used in the past to send multiple requests for records. HB 1594 requires public records officers to undergo additional training from the Attorney General’s Office as to how electronic records must be handled under the law, and initiated a study of how new technologies could facilitate disclosure of records, such as a statewide online public records platform. In addition to the Public Records Act, other state and federal legislative activities that have implications for the city are listed in Table 2.2. The rules-in-use by the City of Seattle for governing data for privacy may be categorized according to Solove’s taxonomy of privacy, by their purposes in information collection, information processing, and information dissemination. Information Collection and Processing Information collection and processing occurs as part of the governance of municipal data for privacy through the Data Privacy Review Process, vendor agreements, and the implementation of the surveillance ordinance offer insights into the information collection practices of the city.

data privacy review process. All projects initiated since 2016 must follow the Data Privacy Review Process. The Data Privacy Review Process has steps which are completed based on whether a program is deemed to have personally identifying or sensitive information. Programs that were in place prior to the creation of this process are referred for a privacy review on a case-by-case basis for specific questions,

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

Case Study of the City of Seattle

43

such as a request for Privacy Program personnel to evaluate an existing vendor agreement. In addition, the city has incorporated the privacy review as part of the technology purchasing process. This is intended to identify technologies that meet the surveillance technology ordinance criteria and ensure that they are submitted to council for review and approval prior to acquisition.  Step I: Self-assessment. The first step of the privacy review process is the self-assessment. The self-assessment is a simple web form that asks the user whether the dataset contains any personal information; it defines personal information as “any information relating to an identified or identifiable individual,” including more than twenty data elements, such as name, address, social security number, financial records, or ethnicity. If the user finds that the data does not contain personal information, or meet the definition of surveillance, no further action is needed, and the results of the self-assessment are filed for record-keeping purposes. If the user indicates that the data does contain personal information, the data proceeds to the threshold analysis. The self-assessment document is available as a web form to be filled out by the project manager. The output of the analysis is automatically filed on an internal Sharepoint server to document that it has been completed. This record also notes how many of the dataset’s attributes have been reviewed, so that in the future, if the data is updated or expanded, it may be monitored for further privacy assessments. In 2017, the Privacy Team implemented a case management and automated workflow process to keep a record of the review cases and details, manage response expectations (service-level agreements for response time) and track surveillance and privacy impact assessment requirements.  Step II: Threshold analysis. This analysis is used to assess the risk rating associated with the data collected. It requires users to specify if sensitive attributes are collected by the program, such as names, addresses, drivers’ license number, social security number, birthdate, email, biometric data, sex and/or gender, race, household info, credit card info, financial, health, or location. It next asks a series of questions about the dataset’s present purpose, data minimization, provision of notice, third-party vendor contract terms, data security, and records retention schedule. The output of the threshold analysis is a recommendation to the respondent as to whether a privacy impact assessment will be necessary to evaluate the program. The threshold analysis, like the self-assessment, is a web form to be filled out by the project manager; it is filed to an internal site in SharePoint as documentation of the answers provided.  Step III: Privacy impact assessment. The third step of the Privacy Review Process is a privacy impact assessment (PIA); it is conducted on programs

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

44

The Challenge for Cities of Governing Spatial Data Privacy

that use personally identifiable information and have been identified in the threshold analysis as representing higher risk. The project manager, privacy champion, or data owner create an initial draft of the PIA. The PIA asks for detailed information about the program, assessing the contractual terms, security measures, data collected, how data is used, and its retention period. The intent of the PIA is to compare the program to the city’s stated commitments in the privacy principles, for example, asking whether there is a means for data subjects to opt into or opt out of the dataset, or to correct inaccurate information. The Privacy Program Manager or other personnel then take this document and work closely with the project manager or data owner to refine the assessment; this investigative period usually requires a series of in-person meetings between the data owner and Privacy Program personnel. The content of the PIA depends on the salient qualities of the data collection program under review. The output of a PIA is a written report to the project manager documenting the privacy practices in place, and issuing privacy impacting mitigation recommendations where needed. In the long term, the intent of Seattle IT is to release its privacy impact assessments as open data. vendor agreement. Whittington et al. (2015) analyzed eighteen agreements between the City of Seattle and vendors that handle its data and found a wide variation in the terms governing data privacy, security, and accountability. Third parties are required to meet the same privacy principles that city departments are obligated to follow. As a result, the city has drafted model contracts for consulting engagements and third-party data-sharing agreements to include appropriate data privacy and security expectations. These are available to all departments considering data-intensive engagements with firms. surveillance ordinance. The first City of Seattle Surveillance Ordinance (SMC 14.18) went into effect in 2013. Its purpose was to provide transparency and oversight to the city’s increasing acquisition of specific surveillance technologies, such as cameras and drones. With public input, including active lobbying by the American Civil Liberties Union (ACLU), the statute was revised in 2015 to provide the council with the authority to develop an approval process for a broader definition of surveillance technologies. The new focus is on technologies whose primary purpose is to track and analyze the behavior and actions of individuals in a manner that negatively impacts civil liberties. This revised definition applies to all city departments; however, it primarily impacts public safety, transportation, and utilities, whose missions both provide needed services and regulate the public’s activities.

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

Case Study of the City of Seattle

45

figure 2.3 . Criteria of a surveillance technology under surveillance ordinance

Figure 2.3 shows the criteria of a surveillance technology used in the review of surveillance ordinance. The Intelligence Ordinance requires that they be incorporated into the privacy review process. At the review intake stage, a set of questions are used to qualify certain technology acquisitions as surveillance. Surveillance technologies to undergo council review and ordinance approval for their purchase, deployment, or continued use. For certain categories of technology acquisitions, privacy review is required by default at the purchase request stage. Information Dissemination Information dissemination within the scope of governance of privacy occurs mainly through the public disclosure request process and the open data program.

public disclosure request. In the State of Washington, the Public Records Act (RCW 42.56) allows for the clear majority of public agency records to be disclosable in response to a specific request. The City of Seattle estimates that it receives between 200 and 250 public disclosure requests (PDR) each week, over 12,000 annually. Each department hires staff to handle. There is careful consideration about what can be disclosed in response to each such request. To comply with the Public Records Act, requested records may only redact or exempt attributes that are explicitly exempted from disclosure under the law, such as the home addresses of

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

46

The Challenge for Cities of Governing Spatial Data Privacy

city employees, children’s information, and personal information for individuals receiving some services associated with welfare. A summary of information exempt from disclosure under the law is available online via the Washington State legislature. Recognizing the impact of these requests on state and municipal government, in 2017 the Washington State legislature passed two bills relevant to public disclosure, the previously discussed HB 1594 and HB 1595. open data program. Since 2016, all new datasets pushed onto the Open Data Platform, data.seattle.gov, undergo the Data Privacy Review Process as described above. Open data is published through the release process by an open data champion in consultation with the open data manager in Seattle IT and the data owner. Most prospective open datasets are not about individual people – for instance, data that would be useful for home buyers such as green building data and which properties use underground gas storage tanks. In these cases, privacy self-assessment is used to document the fact that the dataset does not contain personally identifiable information. In some cases, datasets that become open data require a thorough privacy review and consultation. Two such datasets are from the police department: “officer use of force” and “officer involved shootings”, both of which document incidents in which police officers used force or discharged weapons. These datasets were released as part of a transparency and accountability initiative within the police department. Privacy Program personnel also advise open data champions and the open data program manager not to include “foreign keys” or other attributes in a dataset that could be used to link the dataset with another one. This is a measure to avoid the “mosaic problem” – the capability to combine disparate datasets on common attributes, which makes it more likely that the persons represented in anonymized datasets could be re-identified. In a seminal study, Harvard researcher Latanya Sweeney (2000) could uniquely identify 87 percent of the US population using only three attributes: date of birth, gender, and zip code. Ostrom (2011) classified rules-in-use into seven categories: boundary rules, position rules, scope rules, choice rules, aggregation rules, information rules, and payoff rules. Boundary rules define the number and attributes of the participants. Scope rules identify the potential outcomes that can be affected and the actions linked to specific outcomes. Position rules establish positions in the situation. Choice rules articulate choice sets or actions that actors in each position may, must, or must not take. Aggregation rules define the level of control that an actor exercises in a position. Information rules delimit an actor’s access to information or define what information should be held secret. Payoff rules describe the rewards and punishments as a result of certain actions or outcomes. Table 2.3 summarizes the categories of rule used in each action situation. Two immediate observations emerge from Table 2.3. First, compared with other action situations which mostly rely on punishment or cost as deterrents for actions, vendor agreement is a more

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

Case Study of the City of Seattle

47

table 2.3. Action situations and rule configurations Privacy dimension Information collection & processing

Action situations

Categories of rules-in-use

Vendor Boundary rules agreement Position rules Scope rules Choice rules Aggregation rules Information rules Payoff rules Surveillance Boundary rules ordinance Position rules Scope rules Choice rules Aggregation rules Information rules Payoff rules Boundary rules Privacy impact assessment Position rules Scope rules Choice rules Aggregation rules Information rules

Payoff rules Information dissemination

Public disclosure request

Open data program

Boundary rules Position rules Scope rules Choice rules Aggregation rules Information rules Payoff rules Boundary rules Position rules Scope rules Choice rules Aggregation rules Information rules Payoff rules

Descriptions of rules-in-use in the action situations Who has access to the data The role of public agencies and the vendor Purposes of data collection Intended uses of data Control over collected data Access to the information of data collection and processing Rewards for fulfilling the agreement and punishment for violations The geographic boundary of the proposed surveillance technology The role of public agencies Purposes of data collection Intended uses of data Control over collected data Access to the information of data collection and processing Punishment for violations The geographic boundary of the proposed project The role of public agencies and other involved parties Purposes of data collection Intended uses of data Control over collected data Required training and access to the information of data collection and processing Punishment for violations The requested dataset Not applicable Purposes of data request Intended uses of data request Not applicable Not applicable Cost of the data request The geographic boundary of the data Personnel involved in the privacy impact assessment Not applicable Not applicable Not applicable Not applicable Not applicable

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

48

The Challenge for Cities of Governing Spatial Data Privacy

market-driven governance form that utilizes both punishment and rewards under the payoff rules. Secondly, the public disclosure request and the open data program as alternative forms of information governance may have weaker control over shared information as they have fewer rules compared with other action situations, and thus they may be more vulnerable to privacy attacks. Outcomes and Patterns This subsection summarizes the three patterns discernible at this time. Other patterns may emerge as time goes on, or perhaps in relation to additional shifts in technology, internal organizational changes within the municipality, or the municipality’s relationship with firms engaged in permitted activities, firms acting as vendors, and city residents. Positive Feedback Loop The original policy and office of privacy set up a feedback loop within the city’s organizational structure, which reinforced the purpose of the new institutional rules under development and in action. Table 2.4 illustrates the institutional feedback loop with the development of the city’s Privacy Program from 2015 to 2019. As the Privacy Program matures, the privacy practices, policies, and processes become more institutionalized, emerging from unstructured and reactive practices into more formally defined governance rules and cultural norms of the organizations. Besides the organizational changes, the Privacy Program has reinforced its technical capacity by adopting new tools, such as the implemented Privacy Review and Risk Management Tool by OneTrust, the Data and Survey Demographic Data Collection Playbook, and If-Then Planning Tool for IT Project Reviews and extending its scope to integrate systems, such as credit card purchases that were previously not covered by the review process. The If-Then Planning Tool is a privacy recommendation tool created by Orrick and the City Attorney’s Office to identify action items and risks mitigations prior to their privacy review to decrease the privacy review process time (Privacy Office 2018). A city-wide data privacy and information security training is foundational to the city’s Privacy Program. Included with other mandatory training courses for new employees, data privacy is a top priority for the city’s leadership. The training was deployed in late 2016; employees received reminder emails until they had completed the training. As of March 2017, 92 percent of all 12,000 City of Seattle employees had taken the training (Privacy Office 2018). Some departments, such as Seattle police, have 98 percent compliance with the training. As of October 2017, the training course has been required to be completed annually by all city employees. Completion is tracked through an automated training system and managers are held accountable for their employees through performance review metrics. The training materials were developed over six months via a collaboration with a private

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

2015 First created

49

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

table 2.4. Development of the City of Seattle’s Privacy Program (Privacy Office 2018)

The program was created with six principles to provide guidance and tools for city employees when working with personal information.

2017

2018

2019

Ad hoc

Repeatable

Defined

Managed

Optimized

Unstructured approach where privacy policies, processes, and practices are not sufficiently defined or documented. Privacy management is mostly dependent on initiatives by individuals rather than processes.

Privacy is viewed as a compliance exercise and the approach is largely reactive with some guidelines. There is limited central oversight of the privacy policies, processes, and practices, with siloed approaches between units.

Privacy policies, processes, and practices are defined, comprehensive to meet business needs, and are consistently implemented throughout. There is a holistic and proactive approach with widespread awareness.

Privacy is embedded in the design and functionality of business processes and systems and is consistent across the agency. Welldefined governance and oversight structures exist.

Privacy is viewed as a strategic initiative with a clear agency culture of continuous improvement. The agency is viewed by stakeholders and the public as a leader in privacy management, introducing innovative initiatives to meet their needs.

50

The Challenge for Cities of Governing Spatial Data Privacy

partner specializing in online training management systems. After authenticating their ID through an online portal, employees can access a thirty-minute interactive training. When personnel do not have access to a computer (e.g., stage hands for events at the Seattle Center), they are sent the key points of the training as a paper document to their homes. Some training is customized for the needs of certain personnel, such as the City Light service fleet, which handles unique data types. Privacy Governance Consolidation and Scope Expansion The Privacy Office of the city gradually became a locus of consolidation for the privacy review of data-intensive technologies and activities. This is a sign of maturity of the system of governance, and may be considered a source of efficiency, even as it can be considered an expansion of the scope of its work across programs appropriate to privacy concerns. This includes reaching back into some of the more challenging tasks that such an office may face, such as the assessment of existing data for potential privacy concerns. Many of these patterns are evident in organizational changes, or changes in roles and responsibilities noted above. This is also evident, however, in the growth and types of privacy reviews undertaken by this office. Table 2.5 shows the number of privacy assessments undertaken by the type of privacy review. Overall, contracts with vendors, acquisitions, and IT projects receive the most assessments. Besides, an increase in the number of assessments for acquisitions and contracts was observed from 2017–18 to 2018–19. Whereas there could be multiple factors leading to such an increase, from a transaction cost economics perspective, the observed trend can illustrate the effort of gradually providing more safeguards by the city for these two types of activities since they have higher complexity and privacy risks than others. Table 2.6 shows the number of technologies reviewed by the surveillance ordinance in the city department. It is worth noting that of all 912 technologies, only eight were determined to be surveillance technology. Table 2.7 lists the eight technologies. While Seattle City Light (the city’s electricity company) and the IT department table 2.5. Number of assessments by type of privacy review (compiled from Privacy Program Annual Report (Seattle Information Technology Department, 2018, 2019) 2017–18

Total 2017–19

2018–19

Assessments Percentage Assessments Percentage Assessments Percentage Acquisitions Contracts IT projects Other Survey/form Open data Total

153 225 324 257 19 51 1029

14.87% 21.87% 31.49% 24.98% 1.85% 4.96% 100.00%

229 191 90 30 19 11 570

40.18% 33.51% 15.79% 5.26% 3.33% 1.93% 100%

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

382 416 414 287 38 62 1599

23.89% 26.02% 25.89% 17.95% 2.38% 3.88% 100.00%

Case Study of the City of Seattle

51

table 2.6. Number of technologies reviewed by the surveillance ordinance (compiled from Surveillance Technology Determination Report 2017–21, www.seattle.gov/tech/ initiatives/privacy/surveillance-technologies/additional-surveillance-reports#2018)

Department Seattle City Light IT dept. Seattle police dept. Seattle public utility Transportation dept. Citywide Other Total

2017 Q4

2018 Q1–Q4

2019 Q1–Q4

2020 Q1–Q4

2021 Q1

Total

28 19.31% 45 31.03% 14 9.66% 15 10.34% 5 3.45% 0 0.00% 38 26.21% 145

40 17.47% 41 17.90% 38 16.59% 23 10.04% 21 9.17% 7 3.06% 59 25.76% 229

48 17.52% 41 14.96% 31 11.31% 27 9.85% 29 10.58% 16 5.84% 82 29.93% 274

39 19.02% 28 13.66% 21 10.24% 26 12.68% 19 9.27% 16 7.80% 56 27.32% 205

8 13.56% 4 6.78% 5 8.47% 10 16.95% 6 10.17% 7 11.86% 19 32.20% 59

163 17.87% 159 17.43% 109 11.95% 101 11.07% 80 8.77% 46 5.04% 254 27.85% 912

table 2.7. List of technologies determined as surveillance technology (compiled from Surveillance Technology Determination Report 2017–21, www.seattle.gov/tech/ initiatives/privacy/surveillance-technologies/additional-surveillance-reports#2018) Department Seattle police dept. IT dept. Transportation dept. Seattle police dept.

Reviewed items

Year

Quarter

SmartForce‚ BulletinWizard for Retail Theft Seattle IT Visitor Registration System Seattle’s Safest Driver Competition Mobile App Body-Worn Video Program Photo Enforcement Program UFED Premium Software Upgrade Black Bag Forensic Software Seattle Justice Center Interview Room Camera Replacement

2017 2017 2017 2017 2017 2019 2019 2021

4 4 4 4 4 2 3 1

have the largest number of technologies reviewed, the police department has the most surveillance technologies (six out of eight). The vast difference between the number of reviewed technologies and the number of surveillance technologies shows the use of the surveillance ordinance as not only an assessment tool for a large collection of technologies, but also a screening tool that can dramatically reduce review time by narrowing down to a small selection of technologies for detailed assessments.

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

The Challenge for Cities of Governing Spatial Data Privacy

52

table 2.8. Number of public meetings held by departments or groups from 2018 to 2020 (compiled from the City’s Event Calendar, City of Seattle 2018–20) Departments or groups

2018

2019

2020

Police dept. Transportation dept. Fire dept.

3 2 2

0 0 0

0 0 0

Surveillance Advisory Working Group Seattle privacy office

0 0

10 1

3 2

IT department

0

0

2

City and Public Interaction and Public Attitude Change The work of the city has elicited increasing interest and participation from the community as it has delved into matters of community concern, such as the uses of technology by the police force and department of transportation, which raise concerns about civil liberties. Table 2.8 shows the number of public meetings held by the different departments or groups from 2018 to 2020. Prior to 2019, the public meetings were only used for public comments on the surveillance technologies and were held by the department that was responsible for the introduction of the new technology. In 2019, regular monthly meetings were held by the Surveillance Advisory Working Group, which includes members from both the public and private sectors, academia, and communities. Besides meetings on newly acquired surveillance technologies, there were also public meetings designed to raise the awareness of information privacy among the public, such as the Data Privacy Day and public workshops delivered in the Seattle public library. To explore the attitudinal change toward privacy among the general public, we examined the 2013 and 2018 Technology Access and Adoption Surveys of the City of Seattle. The surveys were conducted by the City of Seattle IT department to learn about residents’ use of and attitude toward information and communication technology, such as computer and the Internet, cable TV, and mobile phones. Table 2.9 presents the number of respondents with and without privacy concerns over high-speed internet stratified by age and income group. Overall, only 32 percent of respondents expressed privacy concerns in 2013 while 70 percent of the respondents expressed privacy concerns in 2018, which indicates a significant increase in the awareness of privacy among the general public. In terms of demographic differences, baby boomers and the middle-income class ($25–75K) had the highest percentage of respondents with privacy concerns in both 2013 and 2018. However, millennials (aged 22–37) and the highest income group ($100K+) showed greatest increases in privacy concerns from 2013 to 2018. In summary, the city’s Privacy Program has seen significant growth with more structured institutional design, expanded scope of work, and more active public

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

2013

Age Millennials (aged 22–37) Gen X (aged 38–53) 53

https://doi.org/10.1017/9781108938532.004 Published online by Cambridge University Press

table 2.9. Selected results from the City of Seattle’s Technology Access and Adoption Survey, 2013 and 2018

Baby Boomers (aged 54–72) Income