City moves forward with privacy initiative
Prompted by concerns over how city departments collect and use data, Mayor Ed Murray and two members of the Seattle City Council unveiled a new privacy initiative on Monday morning.
City departments handle a wide range of data, including credit card information, library records and video footage. Under the new initiative, a team of city staff members will develop principles and guidelines that departments can refer to when making decisions with privacy implications. In addition to the principles, the team will come up with a statement that explains the city's privacy and data collection practices.
“In the course of doing business with the public, the City is collecting and exchanging increasing amounts of data,” Murray said in a statement. “As we continue to make innovative technology investments, we need to implement practices that support public trust in the security and privacy of personal information.”
A committee of no more than nine privacy experts and academics will advise the inter-departmental team and, according to a document outlining the initiative, an outside firm will assess the current privacy practices in city departments sometime toward the middle of next year. The team is scheduled to submit a supplemental budget request in early 2015 for the cost of that assessment and any new city staff needed to support future privacy programs.
The departments that will have representatives on the team include, police, fire, City Light, transportation, information technology, Seattle Public Library and the City Attorney's Office. Seattle's Chief Technology Officer, Michael Mattmiller, along with staff from the Mayor's Office and the police department, briefed the City Council about the initiative on Monday morning. During that meeting, Councilmember Sally Bagshaw suggested that the team should also incorporate Seattle Parks and Recreation and the city's Department of Neighborhoods.
City Councilmembers Bruce Harrell and Mike O'Brien worked with the Mayor's Office to push the privacy initiative forward. "When we collect data we should define how we use it, delete it and who has access to it," Harrell said in an emailed statement last Friday.
Assembling teams, workgroups and committees to tackle difficult policy problems has become a signature strategy for the Murray administration. The mayor used a similar approach to come up with a proposal for the city's $15 minimum wage ordinance, which was adopted earlier this year. He tapped stakeholders from across the traditional taxi business and from app-based ride-sharing services to help develop a plan that allowed companies like Lyft and UberX to continue operating in Seattle. In late September, he and members of the City Council launched an advisory committee to address issues related to affordable housing.
The new privacy initiative was generally well received by privacy advocates.
"We're very pleased that the city is undertaking this," Doug Honig, communications director for the American Civil Liberties Union of Washington said last Friday. "It's important to recognize that privacy protection needs to be a part of city policies."
Phil Mocek, co-founder of the Seattle Privacy Coalition also voiced support when asked about the initiative last week. "This clearly will set the right tone, and it will get people in the city thinking about these issues," he said.
Mocek added that he would consider the initiative a success if it leads to guidelines that actually cause a department to stop or adjust a program that raises privacy concerns before that program gets underway. "Right now," he added, "it seems that those things happen after the fact."
In recent years, a series of surveillance technology controversies have ensnared the police department. In 2010, the department quietly acquired two 3.5-pound Draganflyer X6 helicopter drones, which could have been equipped with cameras. News broke in 2012 that the Federal Aviation Administration had granted the police department permission to fly the unmanned whirlybirds. This caused a public uproar and caught the City Council off guard. Former Mayor Mike McGinn called for an end to the drone program last year and the department has since gifted the drones, purchased with $82,000 of federal grant money, to the Los Angeles Police Department.
Other police technologies that caused a stir include surveillance cameras installed along the city's waterfront and the so-called "mesh network," which could be used to track the movement of cell phones and laptops. The department has said that the cameras and the mesh network will remain off until new policies to guide their use are put in place.
The department also has police cruisers and parking patrol vehicles that are equipped with license plate readers. The readers can detect the plates of a stolen vehicle, but also log information about other un-stolen autos in the process. "Our view is, if there's not a match, then the data shouldn't be collected," said ACLU's Honig, referring to the license plate readers.
Mike Wagers, the department's chief operating officer, did not return a request for comment about the privacy initiative last week. He was on hand to brief the Council on Monday morning and noted that Seattle was not the only city trying to find a balance between policing technology and privacy.
"Across the country police departments, I know, are struggling with this issue," he said.
Other city agencies are grappling with privacy concerns as well.
Seattle City Light has faced pushback from privacy advocates over the "smart meters" it intends to start installing next year. Using wireless technology, the meters would provide the utility with nearly real-time information about a customer's electricity consumption, including fine-grained data about when and how electricity is being used. Some of the meters can offer information about the types of appliances a consumer is using and when, and, according to a 2012 academic study by German researchers, even what type of content a utility customer is watching on their television.
But in a report issued last month, City Light said that there are currently no plans to track time-of-use data, or information about energy use characteristics, unless a customer chooses to opt into specific programs. The report also said that several layers of security would be in place to protect smart meter data against breaches.
There are plenty of other instances where the city collects data, including when someone pays a utility bill, renews a pet license or browses city web pages.
Mattmiller, the city's chief technology officer, is one of the officials heading-up the initiative. In an interview last Friday, he was careful to stress that the purpose of the initiative was not to write policies for specific technologies. "We need to have this committee identify broad concepts," Mattmiller said. "We need that foundation," he added. "There's no way we can create a policy that addresses every single scenario that comes up, because new technology will come out tomorrow that isn't addressed by our specificity."
The city's privacy initiative is one of Mattmiller's first major undertakings since taking the chief technology officer job back in June. (Before signing on with the city, he had worked on privacy- and data-security related projects at Microsoft and at PricewaterhouseCoopers.) Asked about city data that he considered sensitive, Mattmiller noted fire department medical records, library records and the proposed City Light smart meters. He also acknowledged the concerns around police department surveillance technology.
"The real goal of this committee," he said, "is to make sure that we create some citywide standards and principles about how it is we view the data we collect from the public and about our obligations."
Surveillance cam photo courtesy of GreatBeyond/Flickr.