IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Chicago’s CIO Addresses IoT Privacy Concerns Through Citizen Engagement

Brenna Berman discusses potential benefits and challenges with the Internet of Things.

This story was originally published by Data-Smart City Solutions.

As the Internet of Things connected sensor networks become more prolific and technically advanced, so do the potential uses and issues in cities. Some of the most data-savvy public officials are now puzzling through highly complex IoT issues. The list includes: 1) what sensors the city should allow, license, or pay for; 2) what privacy, security, data anonymity and ownership rules should be in place; 3) what city policy and operational issues truly benefit from sensors; 4) how to manage interoperability or platform decisions; and 5) how to engage residents in these new projects. Chicago has in many ways led the application of sensors, with its Array of Things project in conjunction with Argonne Laboratories. So I turned to Brenna Berman, Chicago's highly acclaimed chief information officer, to gain insight from a city leader working on these issues and learn more about how she thinks about the potential benefits and challenges with IoT.

Q: Stephen Goldsmith: Is there a fundamental difference between the Internet of Things (IoT) and other data-driven initiatives, or is IoT an evolution and additive of other data initiatives?

Brenna Berman: IoT is more of an evolution. Like IoT, open data and predictive analytics are data-driven initiatives that can impact the efficiency and effectiveness of government. IoT simply takes data one step further and connects analytics solutions from administrative data to an Internet-enabled data collection generated by things. All of these efforts require you to think about the overall implementation of these initiatives from the perspectives of the technology you are using, the processes they impact, the people they affect, and the governance models they shift. 

Q: You were an early adapter of IoT under your Array of Things (AoT) initiative. Has that caused you to think more carefully about privacy and security for data in general?

A: Yes, but the improvements go in both directions. We may not have been as robust when originally implementing a data-driven solution with a narrower scope, and an IoT solution causes us to rethink privacy and security policies. For example, we may not need public engagement around a predictive analytics solution because it may not touch personal data, and so we may not have needed such a stringent privacy policy until we confronted the implications of an IoT solution that is collecting data from the public. That IoT solution then leads the city to rethink its privacy policy more generally.

The improvements can also work in the reverse, where foundations built for simpler data-driven initiatives can be expanded for more complex IoT solutions, making the deployment of IoT easier. For our early data-driven activities that were not as complex as AoT, we developed some very good public engagement models that we will continue to use around AoT; we just need to engage a broader set of stakeholders because AoT is a broader solution that will touch more people in the city.

Q: What are the privacy and security concerns present with IoT? What can cities do to address them?

A: Every city has to tackle privacy more directly now, because we manage, share, and collect data in a more publicly visible way than ever before. As residents become savvier about data usage and as IoT solutions become more expansive, cities need to get more serious about telling residents how their data is being used and how it is being protected. The best way to do that is through resident engagement. This is one of the first time cities have to take a step back, think about how they are handling data from new initiatives, and write down an explicit policy. Privacy policies also need to vary city to city, depending on the culture of the city; a privacy policy that works for us in Chicago is going to be different than one that works in Seattle or in New York City.

The security side is the technical implementation of these privacy principles. Privacy encompasses how you as a government are going to handle personal data, and security encompasses the technical solutions reflecting those same principles. You need security protocols within IoT systems that mirror the same principles in your privacy policy. So, for instance, if a city is serious about not allowing sensors to collect personally identified information, then protocols need to be put in place to prevent anyone from pushing software out to those sensors to collect personal information.

Q: There seems to be a tension between a city supporting common protocols and a city supporting maximum interoperability for future projects. How are you thinking about not just the current AoT in Chicago, but about future projects and how they can be properly integrated?

A: We always start from the challenges that we are trying to solve. As CIO, I try to ensure the solutions we are evaluating for these problems are going to tie back into interoperable platforms so that we are not trying to integrate multiple solutions after the fact. We pinpoint a small number of challenges and ensure that the platforms for those challenges support connectivity for data flow and the interoperability of future solutions. That way, we can build on those initial solutions in the future. Defining protocols and being interoperable is very important here, because you want to invest in solutions that are going to fit together so that you do not end up with incompatible platforms in the future.

Q: How can CIOs help increase common architecture?

A: There is not an established vernacular around IoT just yet, so creating an IoT dictionary of sorts for the CIO’s organization is crucial. Determining which standards are best for an enterprise, managing the selected standards, and explaining the standards clearly to the rest of the enterprise are all key roles for a CIO.

Q: How would you articulate your role in setting up those interoperability requirements?

A: The role of the CIO, whether in a city or a corporation, is to define the protocols that drive interoperability so that departments know what to prioritize when evaluating solutions. CIOs can help cities benefit from private sector innovations as well. Very little cities do is specific to cities alone: our financial departments overlap with banks, many departments overlap with construction companies, some cities with direct hospital services overlap with private healthcare providers, and so on. There are advanced technologies from an IoT perspective that we can borrow from the incredibly prolific private sector marketplace to help with our similar work. The key is ensuring interoperability between these private sector technologies, so deciding on interoperability and data sharing is important. Then, the CIO has to put those guidelines into place so that they are not just telling departments what platforms to buy, but partnering with departments to evaluate available solutions to make sure the right one is being purchased.

Stephen Goldsmith is the Derek Bok Professor of the Practice of Urban Policy at Harvard Kennedy School and director of Data-Smart City Solutions at the Bloomberg Center for Cities at Harvard University. He previously served as Deputy Mayor of New York and Mayor of Indianapolis, where he earned a reputation as one of the country's leaders in public-private partnerships, competition and privatization. Stephen was also the chief domestic policy advisor to the George W. Bush campaign in 2000, the Chair of the Corporation for National and Community Service, and the district attorney for Marion County, Indiana from 1979 to 1990. He has written The Power of Social Innovation; Governing by Network: The New Shape of the Public Sector; Putting Faith in Neighborhoods: Making Cities Work through Grassroots Citizenship; The Twenty-First Century City: Resurrecting Urban America; The Responsive City: Engaging Communities through Data-Smart Governance; and A New City O/S.