Submission to the City of Toronto Digital Infrastructure Plan Consultation – Round 1

1. What do you like about the draft principles? (Detail on the five draft principles can be found in the discussion guide – pages 7-16). They are: 1. Equity & Inclusion 2. A Well-Run City 3. Social, Economic, & Environmental Benefits 4. Privacy & Security 5. Democracy & Transparency

I like that they show the range of issues that are involved when thinking about this infrastructure plan and all of the attendant trade-offs that must be considered when making decisions related to infrastructure, which, for the City and its residents, is a major public asset. In particular, it’s great to see privacy/security being given 20% of the attention, so to speak, rather than overtaking the conversation as has been too common in these conversations to date.

4. Do you have any additional advice related to the principles?

To the point about public infrastructure, add a principle for technological sovereignty. This is a core tenet of the foundational work in Barcelona, and is prescriptive enough to have a real and measurable policy impact. One of the weaknesses of the existing principles, as a set, is that they are all status quo entrenching. It would be hard to argue that the City isn’t already considering all of these principles with existing policy. Which hardly makes these five any kind of real hard civic progress. Technological sovereignty means a commitment to public ownership/control of our key digital infrastructures for systems that organize things such as water, transportation, energy, parking, and more. This principle signals a commitment to set the design and procurement of digital systems as something that must reside in public control. This does *not* mean that the City has to build all of its own infrastructures, but it does mean that it always maintains control of what gets built and how it works. The City and its people set the terms. If the City can’t commit to this, it will continue to enable commercialization in parts of our systems that should never leave democratic oversight and control. When commercial actors are enabled to develop and design software and hardware system requirements they are exerting commercial influence/control on the City, and with them long-term impacts, that were never intended through standard procurement. This is a big red flag for agile and challenge based procurement, two issues identified by the City.  This includes setting hard and fast requirements about transparency into software systems in order to be considered as a potential vendor for the city. If vendors are unwilling to do this perhaps they should consider other sectors to operate in. Additionally, procurement should include training requirements/contracts in order to create internal capacity to manage purchases and shift operating costs for maintenance into in-house divisions.

Add a principle related to City staff from across all City divisions driving this plan and being its priority users.  Staff in each City division have intimate knowledge about the risks and opportunities related to the people they engage with through their work. They also know which existing technologies are problematic and how/why.  Given that back-office technology is on the table as part of this, there is an opportunity to consider if/how current organizational design could be supported better through technology investments. When City staff are considered priority users in this work, the City services will function better. City staff from across all divisions must be the requirement writers for future purchases, and they need staffing support to be enabled to do so, which could include roving civic product managers.

Add a principle related to context, and digital/data as an ecosystem  – something that acknowledges that this infrastructure works as a system, and it cannot be managed in a piecemeal way. Professor Jasmine McNealy has been doing work on the idea of data as an ecosystem – this would be a good place to look to consider if/how to take the issues raised and understand them through a contextual lens. This ties into process suggestions below related to digital master plans and environmental assessments, this must all be considered as a system, not its set of parts, as harms and opportunities will not be understand when assessed independently.

Add a principle that explicitly defines privacy as a public good, and develops an anti-surveillance approach. There are so many reasons to go beyond privacy as a construct related to the individual, and expand the idea out into ideas of collective privacy, privacy for groups, etc. There was mention of this concept in terms of data use, but again, this is a chance to use these principles to be a leaders in cities around the world and committing to a new paradigm for the consideration of privacy would be exactly this – it would leapfrog the updates to both federal laws that are focused on the individual, and get expansive in a new area of privacy policy. The GDPR, while a step forward in some ways (though not all, and is far from perfect) does nothing to address issues of collective privacy.

Delete the principle about “a well-run city” – the City only ever strives to do this (be well-run), and having something this generic dilutes the initiative. Same for its rationale about evidence-based decision making. This is how public policy works. There is no reason to suggest anything other would be happening at the City. All of the sub-points under this principle matter, and perhaps a better way to think about this principle would be through a lens of accountability – so to that end, perhaps revise this one to talk about accountability?

Delete “economic” from the social, economic, and environmental benefits principle.  Economic development is, no doubt, an important piece of policy for the City to think about. And the place it should live is firmly in the economic development office. We’ve seen a decade of the problems that are created when the design of the city becomes a market.  To lead in 2020 is to understand that this stream is vital, but must be parsed out from the rationale of purchasing and maintaining vital public infrastructure. The lessons learned from physical infrastructure P3s over the last twenty years hold and apply to the digital version of infrastructure.

2. What Suggestions do you have for strengthening the City’s approach

Existing models to borrow from – master plans and environmental assessments: There are models to consider for how the digital infrastructure plan is developed/created. One of them is to think of the digital version of a master plan. This concept is explained in more detail here, by Léan Doody.  Another model to consider is an environmental assessment.

Track all of New York City’s recent experiences and write them up as a case study for informing current work. Particularly the Algorithmic Accountability Task Force and the POST Act.  Facial recognition bans are spreading across cities in the US, this would also be a worthy area to hive off and do some research on.

Do research on synthetic data and create a public report on how it is generated and how it might be used in city contexts. Understand its implications for use in products and begin to develop a policy position on the topic.

3. What are the key questions that need to be addressed or clarified as the process continues?

It’s great to see agencies, boards, and commissions being considered – now formalize and prioritize their involvement in the creation of this plan.  Between the Toronto Police Services and the TTC alone, there are major system implications to consider in a surveillant context. These can’t be a side note – they should all be formally brought into the planning process, whether through a committee or another mechanism.

Create a line item in the capital budget for this plan. The way this plan is put forward is as a responsive plan, a way to respond to internal or external proposals. While this is important to have, it’s not enough. The plan should be funded, so it is not a piecemeal approach, rather an intentional strategic investment. In the interim, as the plan is developed, all of the component parts that are listed in disparate places (public wi-fi, etc.) should be listed in one place.

Define the status quo use of technology and existing infrastructure. While an exhaustive inventory is a daunting task, it’s important to have a proper handle on the technology currently in use, from back-office to public-facing. This will allow for any existing programs or purchases to be viewed through the planning lens. Where are there weaknesses in existing vendor contracts? As government technology policy analysts well know, sometimes the most innovative decision is to cancel an existing contract and reassign the money to something more productive.

Create a trigger and public notices for all RFPs under consideration from January 2020 onwards, prior to the projects going to tender, if they would be the types of projects that would be subject to this plan.  Given that this project will not be complete for close to two years, it’s vital to put in an intermediary stage process to triage any procurement occurring in the interim. In the absence of a  plan, heightened scrutiny and opportunity for public input prior to tender would be helpful starting steps.