Pilots carried out under the EU project DECODE (DEcentralised Citizen Owned Data Ecosystem) show how smart cities can promote trust and social value when individuals are given control over their personal data. Tom Symons, head of government innovation at Nesta, a research partner in the project, explains the technology behind it.
What is at stake if authorities use public data without their consent?
If data is collected but citizens don’t know which data and how it is being used it creates a very untrusting relationship. It is difficult to operate as a fair, free and open democracy when citizens fundamentally do not trust how an authority is using their data.
The public backlash against the Sidewalk Labs redevelopment in Toronto and against the use of sensors, cameras and microphones in public places in Amsterdam are examples of the kind of adversarial relationship between city and state that can result if questions of data are not properly considered.
What is DECODE?
It is a response to people’s concerns about a loss of control over their personal data on the internet, which has resulted in the erosion of privacy and autonomy. The €5m research project set up four European pilots, in Amsterdam and Barcelona, to demonstrate practical alternatives for data sharing that create social value and put individuals back in control of personal data.
A great deal of effort was put into developing genuine technical innovation to allow interaction and data sharing to happen securely, privately and in a way that minimised the amount of data being shared.
We built a full-stack tech solution, using a combination of emerging approaches and cutting-edge technologies, including things like attribute-based credentials, advanced cryptography and smart contract technology. A critical aspect was to co-create each solution with citizens to ensure we were responding to genuine real-world problems and how people live their lives in cities.
What happened in the pilots?
One pilot in Barcelona focused on the digital democracy platform Decidim, meaning “we decide” in English, which enables people to hold discussions, vote on things, sign petitions etc. Some of the functions on the platform require authentication to prove people are a resident.
There was a fear among citizens that signing petitions would give the municipality too much information, allowing it to know peoples’ identity, what they were doing and their points of view.
If data is collected but citizens don’t know which data and how it is being used it creates a very untrusting relationship. (Image: Mast3r/Dreamstime.com)
DECODE developed technology to enable petitions to be signed anonymously, whilst authenticating the signatory as a resident of Barcelona. This was done using attribute-based credential technology – individuals create specific data attributes related to their identity, contained in their DECODE ‘wallet’, and when proof of a particular identity marker is requested (in this case status as a resident of Barcelona) only the relevant attribute data is checked without revealing any further data.
Attributes can be created for any kind of data point related to identity, whether it’s age, gender, postcode for example, it just requires the service you’re interacting with to have a front end that integrates with the DECODE tech stack.
An Amsterdam pilot used the same principle to create an ID for young people wanting to prove their age when entering bars and clubs. A data attribute in their DECODE wallet was created from a one-off scan of their passport. When asked for ID at a participating venue, the bouncer would simply scan their DECODE wallet and it would pull up a picture of who the data attribute related to and whether or not they were over 18. No other personal information from the passport was revealed.
Another pilot in the city worked to build more privacy into a neighborhood social networking site. Previously, the only way for users to log in to the site was via a Facebook account, and some users were concerned the Facebook data might be shared with the website. DECODE developed a system to securely authenticate users without revealing any additional personal information. There are now plans to set more differential rules around who can see posts and for how long etc.
A lot of experts talk about informed consent as key to putting the public in control of their own data. Is that your belief?
It is really important when it comes to citizen-generated data and the smart city agenda, things like mobility data, or sentiment data, could be really useful for smart city decision making, but they reveal a lot about the individual.
The only way to do this ethically is to put people in control and get their consent. If you are the controller of the smart city this approach is likely to require more work, things might take longer and may not look exactly as you imagined they would, but it enables a far greater level of trust between citizen and state and it should help you educate and bring people with you on the journey.
Nesta has proposed the creation of a Data Commons system for Europe – what would that involve?
It is a mechanism for data governance put in the hands of the people sharing their data. Rather than have one of a small number of organisations or entities control the rules for how data is shared, this is a ‘bottom-up’-type system whereby decision-making about how that data is shared is carried out largely by participants in the data sharing environment.
The idea would be to create hundreds, or even thousands of separate data commons for separate issues, such as noise monitoring or mobility data.
A great deal of effort was put into developing genuine technical innovation to allow interaction and data sharing to happen securely, privately and in a way that minimised the amount of data being shared.– Tom Symons, Nesta
There are two levels of decision-making that would influence this. The specific rules governing the data being shared can be 100% bottom up and controlled by everyone participating. The second level considers things like the technology infrastructure of the data commons, the options people are given for how they share their data and how decisions are taken about the commons itself.
It is likely this wouldn’t be a pure democracy, in terms of everyone making the decisions, because it is quite technical in nature and people may not want to be involved. It might require a board of governance or a board of trustees, potentially nominated by the participants, to make the decisions.
Over time, we would like to see cities develop more and more data commons for different types of data and uses.
What if people don’t want to share their data, would the smart city dream collapse?
The kinds of personal data we’re talking about is not currently accessible by city governments in an ethical way. It is possible, with the right technology, to create a world in which some people will feel comfortable sharing their data for public benefit. It might be that residents are sacrificing some very small degree of privacy for access to this data using something like DECODE, but that trade-off is necessary to create smart cities that deliver social value to residents, and our team worked extremely hard to incorporate the principle of “privacy by design”, which minimises any privacy concerns as far as is technically possible.
Are you concerned that AI can enable organisations to aggregate anonymised data and from that infer a lot of information that wasn’t originally consented to?
That’s one of the drivers behind DECODE, the fear that your digital identity is becoming increasingly detailed and more and more data is being collected about you and you’re losing control of it. The advancement of AI makes it even more important to ensure individual control over data. AI can only develop with access to data, which should only be harvested with the consent of individuals rather than through ‘shady’ data mining.
How is your research being taken forward?
The DECODE project was completed at the end of 2019 but there are a couple of project partners who are taking different aspects of it forward. Our project coordinator Francesca Bria has been working with UN Habitat to develop a toolkit to help other cities scale up DECODE as well as other digital ethical approaches developed when she was CTO of Barcelona.
Dyne.org was technical coordinator during the final stages and created the free open source technology. It is now looking at licensing arrangements to enable other organisations to deploy DECODE for commercial purposes. This should help keep the code base up to date, keep the GitHub documented and advance and continue to build a community of developers, so that other entities can continue to use it for free.
Keeping the DECODE tech up to date, well documented and easy for people to deploy is key to its future use across Europe.