Privacy in digital cities: Google Glass, the right to choose, and the enduring legacy of Jane Jacobs

(The White Horse Tavern in Greenwich Village, New York, one of the city’s oldest taverns. The rich urban life of the Village was described by one of the Taverns’ many famous patrons, the urbanist Jane Jacobs. Photo by Steve Minor).

I’ve spent a lot of time over the past few years discussing the evolution of cities, and the role of technology in that evolution, with architects, social scientists, politicians and academics. In the course of those discussions, every few weeks someone has suggested that Jane Jacobs laid the basic groundwork for understanding that evolution in her 1961 book “The Death and Life of Great Amercian Cities“.

That book is more than half a century old now, and clearly it was written in the context of the technologies of the time. And those technologies are a background presence in it, not it’s focus. But in the sense that construction technologies, transport technologies and digital technologies are only effective in cities when they are subservient to the needs of the everyday lives of people and communities, then Jacobs’ discourse on the proper understanding of those lives remains highly relevant; and should be inspirational to us in understanding how today’s technologies can serve them.

In particular, it is relevant to one of the great societal, ethical, political, legal and technical challenges of our time: privacy in a world of digital information.

The concept of privacy was central to Jacobs’ analysis of the functioning of cities. Her defining characteristic of cities is that the great size of their populations means that most people in them are strangers to each other; and that creating safety and security in that context is very different to creating it a town or village where a higher proportion of people are known to each other.

Her assertion was that cities are safe places for strangers to inhabit or visit when public and private life are clearly separated. When public life is lived on streets with a mixture of residential, retail, work and leisure activities, then those streets are busy at most times of day and night. They are therefore full of observers who inhibit anti-social behaviour, and can intervene to prevent it if necessary. In contrast, private life is safe when it is lived securely and separate from those public spaces, so that strangers cannot intrude.

Places that blur these distinctions can be dangerous. Parks in sparsely populated and entirely residential suburbs, for example, are short of observers; so that if the play of children, or the behaviour of others towards them, becomes threatening, there is less likelihood of a preventive intervention.

This thinking was brought to mind this week by Jan Chipchase’s discussion of the implications of Google Glass. Glass is a “wearable computer” mounted on false spectacles that displays information to overlay what we see. It can make video and audio recordings of the world we are experiencing, and can distribute those recordings through wireless connectivity to the internet. It responds to a voice-control interface and  by recognising manual gestures.

Chipchase compared the implications of these capabilities to our assumptions of what constitutes reasonable public behaviour. Is it acceptable that strangers in the same place should record each other’s behaviour and distribute those recordings with no indication that they are doing so? Chipchase suggested that to do so would create distrust and uneasiness in public situations.

Such unsignalled recording and distribution of public behaviour blurs boundaries between new forms of public and private context. In a physically public context, an individual is privately choosing to distribute detailed information concerning other individuals in that context to a much broader audience who are unknown to the subjects of the recording.

These public and private contexts are related to and extend those that Jacobs discussed; does blurring the boundaries between them undermine safety between strangers in an analogous way?

I think it does.

(Google’s wearable computer, Google Glass. Photograph by Apostolos)

Suppose I have a conversation with a friend in a cafe about a birthday gift for my wife. If, unknown to us, that conversation is recorded and uploaded to the internet, what is the risk that my wife might discover the nature of what is intended to be a surprise gift?

If the recording is uploaded to Youtube and identified only with a time and a place, my wife is unlikely to stumble across it. But if it is uploaded to a Facebook group concerned with our local highstreet; and if it is tagged with the names of people, places and things extracted by speech-recognition technology from it’s audio content; and if it is recorded by a person who is related by friend-of-a-friend relationship to either me or my wife; then the chance of her encountering it through her own interactions with social media increases.

This is a fairly innocuous example – life is more pleasant when birthday presents are surprises, but it is hardly life-threatening when they are not. But there are many scenarios in which failures of privacy are harmful; and sometimes extremely so.

Chipchase suggested principles of behaviour for avoiding such failures – for example, ways in which Glass users could make it visibly clear to others in their vicinity that they are making a recording. Indeed, many photographers already make a point of establishing the consent of the people they are photographing; the failure of some “Paparazzi” to do so is what leads to the controversies concerning their behaviour.

This discussion is not intended as a criticism of Google Glass. On the contrary, I’m tremendously excited by it’s potential – I’ve written frequently on this blog about the astonishing possibilities that such technologies will create as they remove the boundary between human behaviour and information systems. But we do need take their implications seriously.

And while Glass is still a relatively narrowly distributed prototype, the humble smartphone and related technologies raise similar challenges. They have already fundamentally changed the relationships between our communications with other people, and our proximity to them.

(Our gestures when using smartphones may be directed towards the phones, or the people we are communicating with through them; but how are they interpreted by the people around us? “Oh, yeah? Well, if you point your smartphone at me, I’m gonna point my smartphone at you!” by Ed Yourdon)

If we use a relatively inconspicuous Bluetooth headset to make a call through a mobile phone hidden in a pocket; and if we gesture with our arms emphatically whilst speaking on that call; how should the people around us, who might be completely unaware that the call is taking place, interpret our actions? And what happens if they perceive those gestures to be rude or threatening?

Our use of such devices already creates a mass of data that diffuses into the world around us. Sometimes this is as a result of deliberate actions:  when we share geo-tagged photos through social media, for example.

In other cases, it is incidental. The location and movement of GPS sensors in our smartphones is anonymised by our network providers and aggregated with that of others nearby who are moving similarly. It is then sold to traffic information services, so that they can sell it back to us through the satellite navigation systems in our cars to help us to avoid traffic congestion.

As a result, two of the most frequent questions I am asked in panel debates or media interviews are: who owns all this data? And are big corporations using it and controlling it for their own purposes?

The answers to those questions are not simple, but they are important. Just as Jane Jacobs argued that the provision of privacy in urban environments is fundamental to their ability to successfully support all of their inhabitants; so privacy in digital environments is fundamental to the ability of all of us to benefit fairly from the information economy.

It is certainly true that organisations of all types and sizes are competing for the new markets and opportunities of the information economy that are created, in part, by the increased availability of personal information. That is simply the natural consequence of the emergence of a new resource in a competitive economy. But it is also true that as the originators of much of that information, and as the ultimate stakeholders in that economy, we should seek to establish an equitable consensus between us for how our information is used.

Max Barry’s novel “Jennifer Government” describes a world in which personal information is dominated by loyalty-card programmes that define not just the retail economy, but society as a whole – to the extent to which surnames have been replaced with institutional affiliations (hence the book is populated by characters such as Jennifer “Government”, John “Nike” and Violet “ExxonMobil”). It is simultaneously funny and scary because it is recognisable as one possible extrapolation from the world we live in today (though not, I hope, the most likely; and I should state that Nike and ExxonMobil feature in it in entirely fictitious roles).

A real information-based enterprise working to a different set of principles is MyDex, a Community Interest Company (CIC) who have created a platform for securely storing and sharing personal information. Incorporation as a CIC  allows MyDex:

“… to be sustainable and requires it be run for community benefit. Crucially, the CIC assets and the majority of any profits must be used for the community purposes for which Mydex is established. Its assets cannot be acquired by another party to which such restrictions do not apply.”

(From the MyDex website, http://mydex.org/about/ensuring-trust/).

As a result of both the security of their technology solution and the clarity with which personal and community interests are reflected in their business model, MyDex’s platform is now being used by a variety of public sector and community organisations to offer a personal data store to the people they support.

Mydex’s business structure reflects principles which occur elsewhere in examples of commercial organisations whose operations are consistent with long-term community value.

(Hancock Bank’s vault, damaged by Hurricane Katrina. Photo by Social Stratification)

In Resilience, Andrew Zolli gives another example, that of Hancock Bank’s response to hurricane katrina. Hancock are a local institution in New Orleans, and their branch network was 90% destroyed by the hurricane. Whilst they recovered their central systems relatively quickly, without a branch network there was no way to interact with their customers – the citizens of a devastated city with a desperate need for cash to purchase food and basic supplies.

Hancock’s staff were able to set up temporary facilities to meet customers, but without any connection from those facilities to their central systems, how could they know who their customers were, let alone how much money each had in their current account?

Hancock answered this challenge by referring to it’s original charter, which described the bank as an institution that supported the city’s community – not as one which existed to make profits. On that basis they decided to lend $200 to anyone who would write their name and social security number on a piece of paper and sign it.

This astonishing action put desperately needed cash into the community. And the community remembered. After three years all but $250,000 of the $42,000,000 the bank lent in this way had been repaid; and the bank had 13,000 new customer accounts and a $1.5billion increase in deposits. Ultimately, their actions made very good business sense.

So how can we influence institutions to create strategies to deal with our personal information that are similarly consistent with long-term mutual benefit?

In Collapse, Jared Diamond explores at length the role of corporations, consumers, communities, campaigners and political institutions in influencing whether businesses such as fishing and resource extraction are operated in the long term interests of the ecosystem containing them – including their communities, environment and ecology – or whether they are being optimised only for short term financial gain and potentially creating damaging impacts as a consequence.

Diamond asserted that in principle a constructive,  sustainable relationship between such businesses and their ecosystems is perfectly compatible with business interest; and in fact is vital to sustaining long-term, profitable business operations. He described at length Chevron’s operations in the Kutubu oilfield in Papua New Guinea,  working in partnership with local communities to achieve social, environmental and business sustainability. The World Resources Institute’s recent report, “Aligning profit and environmental sustainability: stories from industry” contains many other examples.

But these examples are driven by what are now very visible and acknowledged challenges that directly affect business: climate change, water shortages and the increasing impact and severity of extreme weather events. How can we bring the same approach to the design of business models that deal with personal information?

(Photo by Stefan of Himeji, Japan, showing the forest that covers much of Japan’s landmass enclosing – and enclosed by – the city. In the 17th and 19th Centuries, Japan successfully slowed population growth and reversed a trend of of deforestation which threatened it’s society and economy, as described in Jared Diamond’s book “Collapse“.)

Collapse was written 8 years ago now; and it’s messages on how to influence the sustainability agenda of businesses in the last decade may provide insight into how we should influence the privacy agenda today. In Diamond’s view, the key was to understand where we as consumers can bring the most pressure to bear in the supply chains and markets which depend ultimately on the resources we care about. In Diamond’s words:

“… the most effective pressure on mining companies to change their practises has come not from individual consumers picketing mine sites, but from big companies that buy metals … and that sell to individual consumers”.

– Jared Diamond, Collapse, 2005, p 477

As well as applying pressure to those elements in the supply chain where consumers have purchasing power, some means are needed to monitor the behaviour of businesses and certify their performance. Schemes offering such certifications include those operated by the Forestry Stewardship Council for sustainable forestry; BREEAM for sustainable buildings and Fairtrade for socially sustainable food.

There are, of course, significant challenges with this approach: who defines how the impact of resource usage should be measured? Who performs the measurement? Are systems in place across supply chains to track the movement of resources through them such that accurate, end-to-end measurements can be made?

Whilst some of these challenges can be addressed with technology solutions – such as the tracking of food through the supply chain using RFID tags – some of them will only be addressed by informed consumers. Standards for measuring impact, for example, are often defined by non-governmental organisations; and their stakeholders usually include communities, consumers and businesses with an interest in the systems being measured. Typically, several such standards compete in any industry, offering different approaches to measurement. To understand what those standards are telling us; and to use them to choose products and services that promote the outcomes that matter to us, we need to be informed, not casual, consumers.

The lesson for privacy is that all of us need to be sophisticated guardians of our own security – just as we have become more sophisticated purchasers of food and users of technology. We need to exercise that sophistication in choosing to engage with organisations whose approaches to the security and privacy of our data is respectful and transparent, and which build a relationship or transaction of mutual value.

Conversely, we need to help organisations – public or private – that use personal data to understand what for us constitutes the mistreatment of data; especially through actions that are a side effect of our direct transactions with them, akin to the environmental impact of resource industries. And where there is no choice, or no transparency to enable choice, we need to lobby politicians to make clear that we care about these issues, and that we will vote for those who address them.

Of course the security agenda in a digital age is not a new one; but as technology spreads further and deeper into city systems, and into our interactions in city environments, it is useful to bear in mind the enduring legacy of Jane Jacob’s work, and be reminded that security is at the heart of cities, not just technology.