The City of Seattle this week launched a citywide privacy initiative aimed at providing greater transparency into the city’s data collection and use practices.
To that end, the city has convened a group of stakeholders, the Privacy Advisory Committee, comprising various government departments, to look at the ways the city is using data collected from practices as common as utility bill payments and renewing pet licenses or during the administration of emergency services like police and fire. By this summer, the committee will deliver the City Council suggested principles and a “privacy statement” to provide direction on privacy practices citywide.
In addition, the city has partnered with the University of Washington, where Jan Whittington, assistant professor of urban design and planning and associate director at the Center for Information Assurance and Cybersecurity, has been given a $50,000 grant to look at open data, privacy and digital equity and how municipal data collection could harm consumers.
Responsible for all things privacy in this progressive city is Michael Mattmiller, who was hired to the position of chief technology officer (CTO) for the City of Seattle in June. Before his current gig, he worked as a senior strategist in enterprise cloud privacy for Microsoft. He said it’s an exciting time to be at the helm of the office because there’s momentum, there’s talent and there’s intention.
“We’re at this really interesting time where we have a City Council that strongly cares about privacy … We have a new police chief who wants to be very good on privacy ... We also have a mayor who is focused on the city being an innovative leader in the way we interact with the public,” he said.
In fact, some City Council members have taken it upon themselves to meet with various groups and coalitions. “We have a really good, solid environment we think we can leverage to do something meaningful," Mattmiller said.
The momentum comes from recent incidents in which the city realized it isn't where it needs to be on privacy, Mattmiller added.
“Here in Seattle, the city has had some very high-profile privacy incidents in the last 18 months,” he said, mentioning the city’s purchase of drones without giving the public notice, installing waterfront surveillance cameras without communicating or installing them properly—resulting in inappropriate surveillance of apartments—and using wireless mesh to track citizen movements by their cell phones.
“The city has not been transparent with the public about what we do with the data we collect and what protections we put in place,” Mattmiller said.
Because of the resulting backlash, the city decided to get serious about privacy, which Mattmiller felt during the hiring process. Despite the recent gaffes, privacy is one of the city’s core values, Mattmiller said.
“I was pressed hard by the City Council on what I was planning to do with privacy,” he said. "It’s exciting, in a geeky way, that it’s been thrust upon my department to help solve this challenge for the city.”
The department is responsible for three buckets: Connecting the public to its government via sites like Seattle.gov, mobile apps and an open-data platform; the city’s infrastructure—data networks and central services like email, and community technology and digital equality—making sure citizens have digital literacy and competitive broadband options.
Mattmiller’s department is also responsible for citywide standards, so if an agency wants to buy a technology, it has to comply with the office’s guidelines. The department is creating the policy that will define those standards now.
“We envision a privacy program that we will use to help drive consistency across the city,” he said.
Ginger Armbruster is the department’s lead in strategic planning and governance. She’ll lead the interdepartmental team of reps to look at what kind of stance the city wants to take on privacy. That will include taking a principles-based approach that stems from the city’s ethical stance, which is yet to be developed. That position will inform the appropriate policies for each of the city’s 32 departments.
“How will we help the police department come up with appropriate policies based on governance for themselves around surveillance that raises concerns, for example,” Armbruster said.
Mattmiller said the city is taking a granular approach to crafting policies because following a federal model, such as the NIST standards, for example, isn’t going to work for everyone.
The police department "is going to have special applications; utilities will require specs that provide supplemental information,” Mattmiller said.
To help departments become accustomed to the eventual policy, Mattmiller sees the city using toolkits that include background information on what’s important, checklists with reasonable details to help people think about the right concepts.
“Almost like a privacy impact assessment can have some risk-based scoring built in,” so would this, he said. For example, city employees might use a scorecard of sorts. If they’d checked three boxes in a column, some red flags might start to stand out. “On the fifth risk checked, you’d call the CTO and we’ll help you do the right thing.”
Armbruster said the end goal is to create policies that will hold weight over time.
“I think when looking at privacy principles, from an ethical foundation, the idea is to create something that will last while technology dances around us,” she said, adding the principles should answer the question, “What do we stand for as a city and how do we want to move forward? So any technology that falls into our laps, we can evaluate and tailor or perhaps take a pass on as it falls under our ethical framework.”
The bottom line, Mattmiller said, is making a decision that says something about Seattle and where it stands.
If you want to comment on this post, you need to login.