New York City Council Committee on Technology Oversight Hearing on Privacy of City Data (T2017-5799)

The New York Civil Liberties Union respectfully submits the following testimony regarding the privacy of city data. We thank the Committee for holding this important hearing at a time when the federal government is actively dismantling the right to privacy—just a few weeks ago, President Trump signed into law a measure reversing the Federal Communications Commission’s privacy protections over Internet browsing history. Our testimony today focuses on the revised privacy policy for LinkNYC, but we urge the Committee to take this opportunity to examine the city’s data practices generally and to ensure that in every instance those practices protect New Yorkers, especially those who are most vulnerable.

The NYCLU, the New York state affiliate of the American Civil Liberties Union, is a not-for-profit, non-partisan organization with eight offices across the state, and over 160,000 members and supporters statewide. The NYCLU’s mission is to defend and promote the fundamental principles, rights and constitutional values embodied in the Bill of Rights of the U.S. Constitution and the Constitution of the State of New York. Among the most fundamental of these rights are the rights of privacy and free expression.

The Revised LinkNYC Privacy Policy 
For the past year, the NYCLU advocated with the City to revise the privacy policies for LinkNYC, the free public Wi-Fi network that was launched in New York City at the beginning of 2016 and that will eventually become a network of as many as 7,500 to 10,000 public Wi-Fi kiosks. When the NYCLU reviewed LinkNYC’s initial privacy policy, we realized that it had significant gaps and was inadequate to protect against unwarranted government surveillance. As written, the policy allowed the company behind LinkNYC, CityBridge, to collect a vast amount of information, including Internet browsing history—deeply private information that can reveal users’ political views, religious affiliations, medial or family problems, and more. The policy did not set forth a clear retention period for any category of data, leaving open the potential for indefinite retention. It allowed the City unregulated access to video footage from the cameras on the LinkNYC kiosks. We heard similar concerns from a number of advocates and community members.

We are thankful to the City and CityBridge for responding to the NYCLU’s questions and concerns and issuing a revised privacy policy. The revised policy improves on the previous version by clarifying that browsing history from personal devices will not be retained, setting clear retention periods, and imposing additional limitations on camera use and disclosure. The policy will better protect the privacy of New York City residents as the LinkNYC service rolls out across the five boroughs and provides much-needed free WiFi service to communities.

Broader Principles for Privacy of City Data
The LinkNYC experience reflects several principles for how the City can be supportive of New Yorkers’ privacy rights in this digital age. First, the City must ensure that there is public notice and accountability to impacted communities whenever it embarks on projects that involve the collection of sensitive information about people. Whether it is a cutting-edge “Internet of Things” project that uses emerging technologies to deliver services to communities or the addition of CCTV cameras in a neighborhood, there must be full transparency on how data is collected, maintained, used, and shared. A bill that has been introduced in City Council, the Public Oversight of Surveillance Technology (POST) Act (Int. 2482-1017), would also transfer these principles to the NYPD’s acquisition of powerful surveillance technologies like cell phone surveillance equipment. This is an area in which there is currently little transparency or accountability, even as sophisticated equipment developed for military purposes make their way into our streets. We urge Committee members to support the passage of the POST Act. 

Second, the City should review its data practices across the board and ensure that it is minimizing the collection and retention of personal data to what is necessary and is consistent with its legal obligations. Large repositories of private data are gold mines for those who seek to abuse or misuse that information. Recently, several states have reportedly taken steps to assess their data policies in light of how information that they collect can be used by the federal government to target immigrant communities.¹ The City should also take affirmative steps to ensure that its data practices do not undermine New York City’s efforts to provide a safe and welcoming community for all. These principles are especially important for New York’s high-poverty communities, where public facilities like LinkNYC may be the best or only option for people to access muchneeded services.

These communities, and New Yorkers of color, already bear the brunt of excessive surveillance. The City must ensure that all New Yorkers have equal access to public notice and opportunity to comment, accountability, and privacy protections.

Thank you for your attention to this important issue. We hope that the Committee will continue to take an active role in protecting the privacy of New York City residents.

1 Spencer Woodman, On the Record: We Asked All 50 Governor Offices If They’d Share Immigration Data With Trump Administration, The Verge, Feb. 10, 2017, http://www.theverge.com/2017/2/10/14560998/trumpimmigration- ban-us-state-governor-muslim-registry-data-interviews.