For several, this means crafting privacy frameworks and establishing privacy advisory commissions that convene local experts to examine how the city is using — or plans to use — surveillance technologies and give advice about whether the benefits are worth the risks.
In 2016, Oakland, Calif., kicked off what its chair, Brian Hofer, told GovTech was the nation’s first municipal-level privacy advisory commission. This year has seen a smattering of other cities follow suit with similar efforts.
But while Hofer says he would “recommend Oakland’s [privacy advisory commission] model across the board,” he also acknowledges there are vexing limitations to his city’s current approach.
Six years after that commission launched, what’s working, what’s not, and what can other cities learn?
THE FIRST PRIVACY ADVISORY COMMISSION
Oakland’s Privacy Advisory Commission (PAC) gets public feedback and advises the city on how to safeguard residents’ privacy when acquiring or using tools that collect or store their data, as well as proposes related policies.
“Anytime you want to use a new piece of technology, buy a piece of technology, change the way you use it, or whatever, every department has to submit first an impact statement and use policy to the commission,” Oakland Chief Privacy Officer Joe DeVries told GovTech. “Ultimately, the PAC approves the use policy, and then it goes to the city council for approval. And then staff can use the technology or purchase it or enter into a data sharing agreement.”
Unlike one-off committees gathered after particularly controversial technologies come to light, commissions are standing bodies that can apply continual focus on privacy matters.
Oakland’s privacy advisory commission formed after the public became aware that a surveillance project originally intended to only monitor the port and airport had expanded citywide. The city convened a short-term committee to advise it, which then recommended creating both a privacy policy and a standing commission. Hofer was one member.
“By our second meeting of our ad hoc committee we knew, like, ‘We need a permanent body. We’re going to need a framework. This is going to be constant — there’s always going to be new and emerging technologies,” said Hofer, who is also the founder of Secure Justice, a nonprofit that aims to help residents have a say in how governments and private-sector partners use surveillance technologies and the gathered data.
DESIGNING A PRIVACY COMMISSION: PROS, CONS, AND COMPLICATIONS
Municipalities setting up privacy review bodies will need to make a variety of decisions, and there are benefits and challenges to each choice.
Expertise
Advisory groups can pull together a strong mix of expert viewpoints. Oakland’s, for example, must include members with backgrounds in areas like civil rights and privacy; government transparency and openness; law enforcement; and technology security; per its bylaws.
These local experts can be helpful resources for translating officials’ and residents’ concerns into action.
“Lay people are lay people. They have some concerns… Maybe they can share about a bad police encounter,” Hofer said. “But they don’t know the solution [such as] how do you articulate, how do you put in the guardrails?”
Not all municipalities have significant experience with considering matters through a privacy lens and creating a board of privacy specialists gives governments a quick way to tap into such knowledge. This can spare elected officials from trying to squeeze in time to study up and become experts while also handling all their other job responsibilities, Hofer said.
In Oakland, DeVries, who also is Oakland’s director of interdepartmental operations and holds other roles, said he didn’t have a background in privacy before being named CPO. And many city departments aren’t used to deeply thinking through privacy implications. But department members often find that just going through the process of filling out impact statements and use policies for the commission can be a crash course in the topic.
“That process is a learning experience for every staff member that goes through it,” DeVries said. “By making staff go through that thought process and put pen to paper, you’re spreading the importance of privacy and data protection.”
Volunteers?
Cities vary in how much they turn to outside support to guide their privacy reviews and decisions.
Oakland’s commission relies on nine unpaid volunteers, none of whom may be elected officials. San Francisco’s Privacy and Surveillance Advisory Board is part of its Committee on Information Technology (COIT), which has nearly the reverse composition, including mostly government officials and two public members. COIT’s director was not available to speak for this story.
Seattle, known for having a CPO with a strong privacy background and resources, struck something of an in-between approach.
Seattle convened volunteers in 2014 for a short-term committee, having them meet three times to help craft a set of principles that would guide Seattle’s long-term privacy approach, but did not follow this with a permanent civilian advisory group. The committee included members of civil liberties groups like the ACLU as well as companies like Alaska Airlines and Microsoft — which had experience creating private-sector privacy programs that Seattle hoped could be adapted for the public sector, CPO Ginger Armbruster told GovTech. She believed the temporary nature of the committee helped recruit participants from major organizations who may have been unavailable for long-term commitments.
In Oakland, relying more heavily on volunteers brings pluses and minuses.
Hofer says using a volunteer board can give independence and may make members more willing to push back against city proposals than they might be if they were paid.
But this also means that the commission’s work depends heavily on the amount of free time and energy its members have. And that people without much of either likely cannot participate, which prevents the board from accurately reflecting the local population, Hofer said.
“I don’t have children; I control my own schedule — I’m my own boss — so I can carry some of that burden. But what if I wasn’t in that category?” Hofer said.
Ideally, participating wouldn’t be burdensome. DeVries said the city is supposed to provide volunteers with accurate, timely and informative impact statements and other reporting, so that their responsibilities are only “spending a few hours reading the documents before each meeting,” and making recommendations.
But things don’t always go according to plan, and Hofer has launched lawsuits intended to help the commission do its work — something not expected of the average volunteer.
Authorities and Resources?
Hofer’slawsuits themselves highlight another hurdle commissions can face: limited resources and authorities.
Hofer and his organization, Secure Justice, charge that the police department retained license plate reader data longer than allowed, failed to conduct obligatory audits on their use of the tools, as well as misrepresented and failed to provide full details about the number of times the tools helped in investigations. Without that information, the commission cannot accurately judge whether the technology is useful enough to outweigh privacy concerns.
As a civilian advisory group, the privacy commission can’t compel departments to comply with its requests, and members, understandably, lack clearance to view sensitive information, like criminal databases, to confirm if figures reported to them by the police are accurate and complete, Hofer said.
“My biggest concern with the overall vetting model itself is that you’re forced to take things at face value,” Hofer said. “We’re being told certain statistics, provided certain metrics — like the annual reports and the impact statement — and, I’ve personally discovered, a lot of these things are just complete fictions. They’re lies. We’ve caught the police lying to us repeatedly.”
While the police department was unable to speak with GovTech, DeVries said he believes a variety of factors are behind its tensions with the council. He believes newer police staff misunderstood policies, and so retained license plate reader data longer than allowed. Officers also stopped conducting audits after automatic auditing software became too outdated and they would’ve had to perform cumbersome, manual auditing instead.
To fix the commission’s limitations, Hofer advocates for supplementing civilian-comprised commissions with an inspector general who conducts auditing on their behalf and with legal counsel who can help compel recalcitrant public agencies to uphold obligations.
DeVries said that many of the commission’s struggles could be improved if Oakland had the resources for more privacy staff or to assign someone who could dedicate more time to ensuring reporting processes are followed.
Appointed or Elected?
Municipalities will also need to decide whether commission members are appointed by the city or elected. The latter might give a greater air of legitimacy — because members are directly chosen by the public — but also locks out those without the resources to run a campaign, Hofer said.
HEART OF THE MATTER
Oakland’s model isn’t the only one, of course. The diversity of communities’ needs and governance structures means there’s no “one-size-fits-all approach,” said Kade Crockford, director of the ACLU of Massachusetts’ Technology for Liberty Program, which pushes for transparency and limits over government use of surveillance tools.
A critical issue is that choices around surveillance technology procurement are “effectively policy decisions about the ways in which local government will spy on their own residents,” yet often have been made without the approval or awareness of elected legislative officials and — sometimes — without even that of mayors or city managers, she said.
“For too long, government technology decisions have been made largely by unelected officials in the executive branch at the municipal level,” Crockford said.
The ACLU crafted a Community Control Over Police Surveillance (CCOPS) template legislation that communities like Oakland have adopted. The policy aims to ensure residents are included in surveillance technology decision-making and that civil rights impacts are carefully considered.
Some cities and towns that adopt the CCOPS ordinance use a privacy commission to advise city councils, while others like Somerville and Cambridge, Mass., have seen city councilors attend to privacy and engage voter input without needing such a group, Crockford said.
“What is necessary… is having city councilors who are engaged and committed to taking this process seriously,” Crockford said.
THE MANY PATHS TO PRIVACY
Different kinds of incidents and concerns prompt municipalities to reconsider their relationship to privacy.
San Diego, for example, recently adopted a privacy commission similar to Oakland’s in response to fears that the city’s use of surveillance technology could lead to discriminatory policing practices.
Residents discovered that a streetlight replacement project had installed new lights equipped with surveillance technologies like video cameras and microphones. The city originally aimed to use the data to inform traffic management, and some police investigations, per The San Diego Union-Tribune. But detractors feared the technology would encourage invasive surveillance as well as over-policing in communities of color and criticized lack of public transparency. The sensors ultimately were shut off.
Now the new privacy board aims to get ahead of such problems. It will advise city officials on whether proposed technology procurements conflict with privacy goals or if already acquired tools violate civil rights or bring discriminatory impacts.
Dallas, meanwhile, has been in talks with Seattle. The Texas city is looking into developing a citywide privacy framework due to concern over how the government manages resident data, and officials are considering convening a temporary committee of expert advisers to help.
Privacy Officer Rosie Reyes and CISO Brian Gardner are just starting to explore this work. Coming from backgrounds that familiarized them with HIPAA obligations, they have long been interested in reshaping the city’s data governance approach to be more focused on privacy protecting resident data, Gardner told GovTech.
“When I came to the city, when Rosie [did]… we saw a gap there,” Gardner said. “Our backgrounds are pretty in depth in health care, and we just thought, this is something we need to consider. This needs to be on the plate and looked at from a data governance perspective, because we all see it coming in legislation across the U.S., and we want to get ahead of the curve.”
When cities experience pushback over certain technologies, the most effective response goes beyond just banning the particular tools, Armbruster said. Governments also should drill down to uncover what about the technology is most troubling — for example, outcry over facial recognition tools might be driven by concerns about equity.
With that knowledge in hand, the policymakers and advisers can craft principles that address that concern in all forms of technologies going forward.
“You’re well served by having a set of principles that you adhere to, because technology morphs and interests change,” she said. “But if you can set a high-level set of principles about what’s important, that will help guide your policy and future policy.”