Madison Link: https://documents.mymadison.io/docs/array-of-things-privacy-policy
|1||All operational sensor data will be publicly available as open data, owned by the University of Chicago.|
Avoid language of "data ownership"â€”data cannot legally be owned (in the United States). This is not just cosmetic, it's important not to introduce a legally indefensible concept into a document that will (we hope) be a binding understanding of how the AoT will work. The idea that data will not only be owned by someone, by by the University of Chicago particularly, adds a level of political sensitivity that is unnecessary and possibly counterproductive.
|2||owned by the University of Chicago.||stored and published by the University of Chicago.||annotation|
|3||Make U of C's involvement explicit, and legally definable.|
|4||program operators||Program Operators||annotation|
|5||suggest capitalizing "program operators" throughout for clarity and explicitness.|
|7||open access to sensor data|
"access" isn't a type of use (the second and third phrases here are). "research on quality and use of public spaces"? "commercialization of knowledge about public spaces"? This sentence couldâ€”and probably shouldâ€”be the core of this document, but it dodges the question by stating a tautology.
|9||consistency of style|
|10||These members will be invited based on recommendations from AoT partners and others who work with community groups|
Would like to see an open nomination process for some percentage of seats. Yes, it's Chicago, but we're aiming for a _better_ Chicago.
|11||The program will be evaluated nine months after the second set of prototype nodes are mounted in the City and every 12 months from that time on.|
Add a provision to pull the plug. "If a regular evaluation determines that the AoT is unable to meet the goals of the program, or if the program is producing a preponderance of adverse effects, it may be discontinued." (or the like) The public may well be scared at a new level of surveillance/coveillance and reassurances that misuse of the data will be stopped will go a long way towards encouraging acceptance.
|12||Any images and other data collected by AoT nodes for calibration will be protected by information security controls, and available only to authorized individuals and only for research purposes.||What about under subpoena or warrant?||annotation|
|13||Node locations may be proposed by any individual or group,||Presumably a method for doing this will be required in the public web site.||annotation|
|14||Suggestions that meet selection criteria should be submitted first to the program operators at AoT@uchicago.edu , and will then be reviewed and pre-approved by the EOC if the program operators agree that the criteria has been met.||A public suggestion process would be better....||annotation|
|15||vibration||Vibration is sound. Specify: "vibration outside audible frequencies" or the like.||annotation|
|16||Pedestrian and vehicle movement data will come from computer software analyzing images|
Not saying "camera imagery" is misleading. The data that will be gathered IS IMAGES. Pedestrian and vehicle movement information will be inferred from that data. And it is absolutely 100% certain that unless this policy says that imagery will only be used for pedestrian and vehicle movement, then it WILL be used for something else. Using data in creative ways is exactly what data scientists get paid to do. This absolutely must be rewritten.
This information is subject to change so not locked in as policy here. The website will have this information as it is finalized. Along with publication of these documents we have published a map of the first wave of ~50 devices.
|18||This includes, but is not limited to, information|
What happens if in a couple of years - we want to look into gun violence prevention, will you program it to look at shootings/firearms? If you add this type of data or any other forms of data that is not currently captured, what is the process of adding (or removing) programming?
|19||This policy will be reviewed annually||and open for public comment (similar to Madison and community forums)||annotation|
This is a concerning piece of wording and implementation of this proposal. This makes me have to ask about the specific management rules of these images - who has access, how long will they be stored, and how do they get deleted? If these images are never deleted, then the entire PII section of this document is void from a technical perspective. With enough images taken over time, one can find an individual based on their clothing, follow them through each image, and eventually determine where they work and where they live. From there, it's pretty easy to figure out the rest of that person's identity. Blurring out images and license plates is not enough. To me, I think it would be better if a smarter solution could be implemented to where images are not even needed for these metrics (i.e. traffic patterns). I don't know what that solution would be, but I'm more afraid of the potential of future harm to be done with these images more than anything.
|21||Raw calibration data that could contain PII will be stored in a secure facility|
Although most citizens may not care, the technically minded ones would be interested in knowing exactly how this data is secured and encrypted. There are different ways of doing so and being transparent about that is important IMO.
|23||In order to support economic development, data from approved experimental sensors, installed for specific research and development purposes, may be withheld from (or aggregated for) publication for a period of time in order to protect intellectual property, ensure privacy or data accuracy, and enable the proper calibration of the sensor.|
Who approves the experimental sensors and what criteria will they be using to decide what/who gets approved? Will experimental sensors be allowed to collect PII and store that information on private servers?
|24||The Array of Things is designed to collect and share data about Chicago's urban environment to support research that seeks will provide insight into city challenges. This includes, but is not limited to, information about temperature, humidity, barometric pressure, vibration, air quality, cloud cover, and pedestrian and vehicle counts and patterns. Pedestrian and vehicle movement data will come from computer software analyzing images.|
This paragraph should contain two separate lists. One list describes what data is collected (camera images, raw audio, vibration data, temperature, etc.), and one list describes what data is shared, including the derived features such as pedestrian/vehicle counts.
|25||Raw calibration data that could contain PII will be stored in a secure facility|
Will all raw data that is collected be uploaded to the secure facility? Will some of the raw data be deleted on-site after processing?
|26||Access to this limited volume of data is restricted to operator employees, contractors and approved scientific partners who need to process the data for instrument design and calibration purposes, and who are subject to strict contractual confidentiality obligations and will be subject to discipline and/or termination if they fail to meet these obligations.||Echoing Timothy McGovern's question from above: "What about under subpoena or warrant?"||annotation|
|27||open data||Specify what copyright, or a list of possible copyrights, the data will be made available under.||annotation|
|29||"instrument,"||Unclear why quotations are being used -- recommend removing quotations.||annotation|
|30||be transmitted||be encrypted, then transmitted||annotation|
|31||industry, academia, and not-for-profits|
What about groups or individuals who do not fall under any of these categories? E.g., a volunteer group that is NOT a not-for-profit.
|33||P||Should this be a numbered section header?||annotation|
|34||This policy will be reviewed annually at a minimum by the program operators and the EOC for needed revisions. Others may request a review of this policy or submit a question to the operators AoT@uchicago.edu. Any proposed changes to the policy will be posted online for public review and comment prior to their incorporation.|
The more policies AoT revises policy, and the more of itself it gives, the more daunting the public review task becomes. We all know there's a bright future for AoT, but more imagination towards shaping policy that empowers people to interact with our shared picture of the urban system must occur.
It could be nice to see more detail here about how requests to change the software will be evaluated. It's not too hard to imagine privacy issues coming up here.
I really like how much thought has been put into the privacy concerns with this project. The way the sensors process the data themselves and delete the all but a tiny fraction of the raw image/sound files is well thought through.
|37||4.3 Node Locations|
Can more sensors be placed in the north near O'Hare? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
|38||3 Governance Bodies||Who is in charge of this project? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]||annotation|
|39||3 Governance Bodies|
Tell us more about the partners involved in this work - specifically SAIC & Smart Chicago [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
When will the Lane Tech Curriculum be available to everyone? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
Is the camera in the sensors used for public safety purposes? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
Why is this meeting (the 6.14 public meeting) happening in Pilsen? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
Is this [AoT] happening in other places or cities? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
|44||4.5 Node Capabilities|
How might the project/sensors change? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
Charlie mentioned a hypothetical about counting dog walkers during the 6.14 Public Meeting â€” Could you potentially catch people who didn't pick up after their dogs? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
|46||4 Information Collection, Use, and Sharing|
What's the purpose of collecting the nonpublic raw data/images? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
|47||4 Information Collection, Use, and Sharing|
Why collect multiple images at different times? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
What about measuring cancer-causing chemicals? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
Include communities in this project [Resident Comment from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
|50||4.3 Node Locations|
Can communities influence the placement of sensors? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
A recommendation for AoT to work with the Pilsen Alliance [Resident Comment from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
Will all of the sensors be placed at the same height? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
|53||Why aluminum for the sensors? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]||comment|
|54||4.3 Node Locations|
Can a homeowner elect to have a sensor installed on their property? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
What kind of computers are in the sensors? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
|56||4.3 Node Locations|
Isn't there a research trade-off between having the sensors paced around the city randomly vs. having them placed around the city strategically? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
Has the national weather service shown interest in this work? [Resident Question from 6.14 Public Meeting. See Notes: bit.ly/614notes ]
Can law enforcement authorities require you to store data you wouldn't have stored? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
What will you do about clogged optical lenses or sensors? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
|60||3 Governance Bodies|
What independent body audits and controls deletion of data? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
Would Array of Things data result in isolating/segregating/overemphasizing certain areas of the city--particularly if itâ€™s sliced and diced? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
|62||4 Information Collection, Use, and Sharing|
With the recording of PII, will we be able to make out specific things in the pictures? Berman says some info will not be released to the public. Who is going to have access to this data? For example, the NSA? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
If the images chosen to train the cameras are random, what value does that have to a scientist? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
Wouldn't it be cheaper just to ask the neighbors if there's standing water than to have a sensor? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
What's the process for addressing issues that sensors might detect? Where I work, people don't call 311 because nothing happens. [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
|66||4.4 Node Security|
How is the internet part of the device protected? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
|67||4.4 Node Security|
Would the cellular company have access to the data? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
Are the algorithms for image recognition going to be publicly available in a repository? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]
|69||Are example data sets available? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]||comment|
|70||2 Technical Objectives||annotation|
The Chicago Architectural Foundation was thinking about using data from smartphones: were you thinking of partnering with them for data collection? [Resident Question from 6.22 Public Meeting. See Notes: bit.ly/622notes ]