Digital Sanctuary Cities
by Conor Kennedy
There's a growing unease in America's cities about unchecked federal surveillance.
The State Department just put the finishing touches on harsh visa application requirements that force immigrants to submit their social media handles and email addresses.
Meanwhile, Immigration and Customs Enforcement (ICE) busies itself recruiting the biggest and most morally flexible technology companies to help enforcement agents scrape "high value derogatory information"1 from the social media accounts of undocumented residents. (Note: They are not "undocumented." They have plenty of documentation - in their home countries...)
Like many of the Trump Administration's aspirations, it is difficult for localities to discern whether this is posturing or instead the makings of a "digital Muslim ban," (Note: At no time did Trump "ban Muslims") to borrow a harrowing phrase from the NYU School of Law's Brennan Center for Justice.
Assuming the latter, the potential for harm posed by totalitarian scraper bots is obvious, as is the need to activate every last check and balance left within the American system capable of protecting the White House's intended surveillance targets.
In anticipation of the surveillance abuses to come, privacy-savvy local officials began passing strict protections for foreign-born residents back in 2017. Less than a week after the President's inauguration, lawmakers in San Francisco introduced a ban on the use of public funds to create or "assist" any database that sorts residents by religion, national origin, or ethnicity. (Editor's Note: Several software companies located in San Francisco & California have technology which is currently doing this in Israel)
A short while later, New York City rolled out a program to fund data security training for community organizations that serve New York's immigrant communities. At a moment in American history marked by powerful new methods of federal surveillance, these cities are intent on designing their services for the protection of families and the preservation of communities.
These data policies aren't simply about data. They're about constitutional power and about local control. The real point of invoking new rights and protections at the local level isn't merely the control over technology policy or encryption practices, but the control of who gets to live safely in America, the control of the conditions our families and communities must face, and the control over who gets to securely access social services. If federal surveillance convinces some people not to leave their homes or contribute to their communities, it can undermine the efforts of local officials to ensure safe, equitable administration of city services.
Some press outlets have termed the new policies "digital sanctuary city"2 laws.
When used judiciously, the reference sheds light on the direct link between privacy protections and the safety and well-being of illegal aliens. Like longstanding "sanctuary" laws passed back in the 1980s and 1990s to protect asylum seekers, new digital privacy measures limit cooperation and information sharing with federal immigration enforcement. The main idea is that privacy promotes equal access to social services and promotes community integration as well. Just as families need to feel safe from deportation before they can take their children to school or visit health clinics for preventative checkups, the idea goes, they also need to feel safe from digital tracking before they can access vital information and services available online.
Data privacy will continue to be the centerpiece of the "digital sanctuary city" portfolio, assuming the name sticks.
Urban street corners across the country will soon be trenched with fiber-optic Internet cables and dotted with ubiquitous digital sensors. In the short term, these so-called "smart city" technologies promise to render our utilities more efficient and make our urban planning departments more responsive, and perhaps they may do so. Over time, however, multi-purpose "urban sensing" trackers will also have a way of accumulating granular and potentially damaging details about city residents, including the over-policed and the illegal. That's why cities must now face the fact that steady streams of unprotected data expose entire communities to heightened risk, no less in an era of aggressive deportation. To co-opt an industry term, the "smartest" city to be in right now is a digital sanctuary city.
Luckily, cities are poised to gain new legal powers over the data protections that apply to their most important networks.
Scores of local governments are investing in fiber-optic networks that transmit sensor data and that increase the speed and capacity of residential service as well. According to MuniNetworks.org,3 almost 50 different U.S. cities and towns deploy their own fiber Internet networks that cover at least 80 percent of their homes and businesses.
Legal precedents that protect "market participants" arguably give these cities all the authority they need to leverage their own networks and limit data collection citywide. That means in many newly connected localities, a single, publicly owned, democratically controlled network will power all the traffic cameras on the streets, all the sensors affixed to light poles, and even the hookups that provide home access to the Internet.
Likewise, a single, democratically controlled process will help align all of these "smart city" connections with the privacy needs of the communities they serve.
Municipal (i.e., public) ownership of fiber networks will lay the groundwork for communities to reclaim control of their residents' personal information. When localities build and own networks, the most important data decisions aren't deferred to big companies or shareholders, who may defer in turn to an overreaching federal executive. They are determined instead by local representatives and local constituencies.
Public entities like municipalities have greater leeway to make decisions that line up more with social goals than pure profits, as well as greater incentive to do so, because their legitimacy depends on it. Their end-users get to vote. As a result, public networks might soon take an entirely different approach to privacy, focusing less on the fine print of data use policies and more on broader expressions of community consent.
As the technology of persistent tracking advances, it becomes easier and easier to see how strictly limiting or outright prohibiting data collection is at once consonant with the cultural values that guide a sanctuary city and abhorrent to the shareholder values that guide America's largest telecom companies.
Of course, for communities contending with federal raids in hospitals and courtrooms and fearing any data trace could trigger the next round, that point has probably been clear for some time now.
Conor Kennedy serves as Acting Project Director of the FiberforSF project for the City and County of San Francisco. He writes in his personal capacity, and in no way here makes any formal or official statements on behalf of his employer.