New York City’s free Wi-Fi program sparks privacy debate
New York City’s efforts to build a free public Wi-Fi network have sparked a fierce debate over how the consortium of companies partnering with the city for the project will protect user data.
The New York Civil Liberties Union penned a letter to Mayor Bill de Blasio’s office last week, charging that the privacy policy for the LinkNYC project — an effort to convert 7,500 old telephone booths around the city into Wi-Fi kiosks — lacks “robust language” to protect users “against unwarranted government surveillance.”
Further, the privacy advocates wrote that they’re “concerned about the vast amount of private information retained” in the system, specifically worrying that the policy’s stipulation that personally identifiable information must be deleted “after 12 months of user inactivity” could be “effectively an indefinite retention period for people who use LinkNYC in their daily lives.”
De Blasio’s office and the city’s private sector partner CityBridge — a group of tech companies including Qualcomm and Civiq Smartscapes — vehemently deny those charges.
“New York City and CityBridge have created customer-first privacy protections to ensure our users’ personal information stays that way — personal,” Natalie Grybauskas, a spokeswoman for the mayor, wrote in a statement.
Jen Hensley, general manager of LinkNYC, added in a statement that they “never sell any user’s personal information,” and they “would require a subpoena or similar lawful request” before providing data to law enforcement and “will make every effort to communicate government requests to impacted users.”
However, the NYCLU wants CityBridge to notify users via email about any requests for data from the government, unless there’s a “lawful judicial order barring” them from doing so. Similarly, the group feels CityBridge’s collection of user data like “what websites they visit on their devices, where and how long they linger on certain information on a webpage, and what links they click” could prove just as invasive as gathering other personal information.
[Read more: NYC refines open data policy with new laws]
In emails provided to StateScoop, Maya Wiley, counsel to the mayor, wrote to the NYCLU that CityBridge will only share “anonymized, aggregated information” about users’ online habits.
“Anonymized browser history is not subject to the one-year retention limit, and it may be disclosed more generally than personally identifiable information,” Wiley wrote. “Indeed, the intention is that anonymized browser history may be used to sell advertising and for other commercial purposes.”
Daniel Castro, vice president of the Information Technology and Innovation Foundation think tank, suggested that sort of stipulation is “very vanilla,” analogous to privacy policies for public networks at coffee shops or airports.
“They’re collecting data, as most organizations do, to improve the experience and they share it, as most do, when they’re required for law enforcement purposes,” Castro told StateScoop.
But the NYCLU believes the city needs to be unusually sensitive to privacy issues for the network’s users, since many will be low-income residents, writing that “this effort should not result in creating a class of residents who otherwise cannot afford the Internet and must pay for their access with their right to privacy.”
Angela Siefer, director of the nonprofit National Digital Inclusion Alliance, agreed with that point, noting that people with high-speed connections at home might be willing to sacrifice privacy for convenience. But others, who may be using the network to get connected for the first time, might not be fully aware of the trade-off, she cautioned.
“Folks who haven’t previously had solid access to the Internet have less experience with privacy,” Siefer said.
But with the involvement of the private sector, Siefer recognizes that there’s a need to find a “middle ground” on the issue. She believes “some of our data is going to be given up” in any partnership with industry, but that can be worth it to help bring the Internet to so many who are disconnected.
However, she thinks providing more transparency is one solution. While LinkNYC does alert all users when they sign up for the network about the data CityBridge collects, Siefer feels the city needs to be proactive about reaching out to people about the issue.
“There are some people that are choosing not to use the Internet because they don’t know who’s going to get into their lives,” Siefer said. “If you don’t trust the government to begin with, and then the government’s providing Internet, there’s probably a good chance that you think that they’re looking at everything that you look at. So the idea of trust is huge.”
The NYCLU hopes to see LinkNYC build some of that trust by adjusting its privacy policy, but Castro cautions that process could bring all sorts of legal headaches. He noted that the Federal Trade Commission is quick to sanction companies that don’t follow their privacy policies to the letter, which doesn’t encourage CityBridge to set strict standards.
“Companies are being caught in this kind of regulatory trap where they want to be very transparent about their practices, but they also have to be cautious about what they say,” Castro said.
The NYCLU didn’t respond to multiple requests for comment from StateScoop about how and when they’d like to see CityBridge revise the policy, but the mayor’s office did pledge to keep these issues in mind going forward.
“We will continue to work to ensure legitimate concerns are addressed,” Grybauskas said.
Contact the reporter who wrote this story at alex.koma@statescoop.com, or follow him on Twitter at @AlexKomaSNG.