To Executive Committee,

As you consider the update on the City of Toronto’s Digital Infrastructure Plan, please add a principle for technological sovereignty. This is a core tenet of the foundational work in Barcelona, and is prescriptive enough to have a real and measurable policy impact. One of the weaknesses of the existing principles, as a set, is that they are all status quo entrenching. It would be hard to argue that the City isn’t already considering all of these principles with existing policy. Which hardly makes these five any kind of real hard civic progress.

Technological sovereignty means a commitment to public ownership/control of our core digital infrastructures for systems that organize things such as water, mobility, energy, parking, and more. This principle signals a commitment to set the design and procurement of digital systems as something that must reside in public control. This does *not* mean that the City has to build all of its own infrastructures, but it does mean that it always maintains control of what gets built and how it works. The City and its people set the terms. If the City can’t commit to this, it will continue to enable commercialization in parts of our systems that should never leave democratic oversight and control.

When commercial actors are enabled to develop and design software and hardware system requirements they are exerting commercial influence/control on the City, and with them long-term impacts, that were never intended through standard procurement. This is a big red flag for agile and challenge based procurement, two issues identified by the City. This includes setting hard and fast requirements about transparency into software systems in order to be considered as a potential vendor for the city. If vendors are unwilling to do this perhaps they should consider other sectors to operate in. Additionally, procurement should include training requirements/contracts in order to create internal capacity to manage purchases and shift operating costs for maintenance into in-house divisions.

A few other suggestions as well:

Add a principle related to City staff from across all City divisions driving this plan and being its priority users. Staff in each City division have intimate knowledge about the risks and opportunities related to the people they engage with through their work. They also know which existing technologies are problematic and how/why. Given that back-office technology is on the table as part of this, there is an opportunity to consider if/how current organizational design could be supported better through technology investments. When City staff are considered priority users in this work, the City services will function better. City staff from across all divisions must be the requirement writers for future purchases, and they need staffing support to be enabled to do so, which could include roving civic product managers.

Add a principle that explicitly defines privacy as a public good, and develops an anti-surveillance approach. There are so many reasons to go beyond privacy as a construct related to the individual, and expand the idea out into ideas of collective privacy, privacy for groups, etc. There was mention of this concept in terms of data use, but again, this is a chance to use these principles to be a leaders in cities around the world and committing to a new paradigm for the consideration of privacy would be exactly this – it would leapfrog the updates to both federal laws that are focused on the individual, and get expansive in a new area of privacy policy. The GDPR, while a step forward in some ways (though not all, and is far from perfect) does nothing to address issues of collective privacy.

Delete the principle about “a well-run city” – the City only ever strives to do this (be well-run), and having something this generic dilutes the initiative. Same for its rationale about evidence-based decision making. This is how public policy works. There is no reason to suggest anything other would be happening at the City. All of the sub-points under this principle matter, and perhaps a better way to think about this principle would be through a lens of accountability – so to that end, perhaps revise this one to talk about accountability?