D.C. groups oppose city’s real-time vehicle location tracking policy
A Washington, D.C., neighborhood advocacy group passed a resolution this week opposing the city’s adoption of a data-sharing process that would allow it to track the location of ride-hailing vehicles, dockless e-scooters, bicycles and mopeds in near-real time.
The group, called the DC Federation of Civic Associations, is the latest to voice opposition to an amendment made in February by the D.C. Department of Transportation. A change to the department’s “2020 Dockless Bike and Scooter Share” policy included a requirement that ride-hailing and dockless vehicle companies like Uber, Lyft and Lime share trip data “as close to real-time as possible, but with no more than a 3 minute delay.” That data, which is required to be shared using a set of APIs called Mobility Data Specifications, includes trip coordinates and times.
Some mobility companies, such as the Uber-owned dockless bike and scooter company Jump, and advocacy groups, such as Communities against Rider Surveillance, the American Civil Liberties Union and the Center for Democracy and Technology, say that real-time location tracking threatens the privacy of people who use dockless vehicles and ride-hailing services.
“The District Department of Transportation (DDOT)’s new requirement that scooter and e-bike providers share granular, near-real-time location data of users poses a serious privacy threat to District residents, and has no real justification. Such data could be used to track individuals throughout the District, yet the requirement is being implemented hastily and without transparency or public input—unrelated to, and pre-dating the current COVID-19 crisis,” said Lauren Sarkesian, senior counsel at New America’s Open Technology Institute in a press release.
The civil liberties groups said the APIs, which were developed in 2018 by the Los Angeles Department of Transportation, transmit data that could be used to identify an otherwise anonymous user.
“The data the DDOT would collect through the MDS, without a warrant, could reveal much about an individual’s private life, including attendance at a political protest, a visit to a doctor or Planned Parenthood, and preferred place of worship. Collected over time, location data likely shows patterns that could reveal social relationships, personal habits, and much more,” the group of aforementioned advocacy organizations wrote in a letter to DDOT Director Jeff Marootian and D.C. Mayor Muriel Bowser in March.
When DDOT announced the new requirements on Feb. 24, the policy stated that ride-hailing companies operating in the city would have to begin sharing trip data by March 27. Following public opposition, the city appears to have paused its implementation of the MDS APIs, Sarkesian said, but DDOT has not announced any changes to the policy publicly and did not respond to a request for comment.
MDS is also used by Austin, Texas; Chicago; Dallas; Nashville, Tennessee, and other cities that are part of the Open Mobility Foundation, a coalition of governments and private partners that maintain the APIs. One of the APIs allows companies to share vehicle routes, though no city has adopted that capability, according to Mana Azarmi, policy counsel at the Center for Democracy and Technology.
Washington, D.C.’s latest requirements for MDS weren’t created with public input and haven’t been shared publicly on the agency’s website, both practices recommended by privacy advocates. Jump and the Electronic Frontier Foundation wrote a letter to Marootian in March claiming that adoption of the data-sharing APIs would constitute “unjustified surveillance” of riders and potentially “unprecedented” oversight and control of private companies and individual citizens by the D.C. government.
Other advocacy groups, like the Southern Christian Leadership Conference, have shared concerns about how the data could be used to track users of ride-hailing services in majority-minority neighborhoods and the lack of transparency from DDOT on how the data would be stored securely.
“What will prevent Metro PD from accessing MDS and targeting Black neighborhoods for over-surveillance under the guise of crime prevention? Who will stop federal immigration authorities from getting a hold of MDS data to ramp up arrests and deportations among the District’s undocumented population? And even if DDOT employees acted with the soundest moral code, there is no foolproof way to keep this data from falling into the hands of bad actors,” wrote Kevin Kimble, the SCLC D.C. bureau chief, in a letter to the city last month.