The Unicorns Experiment

Thomas More’s, “Of a Republic's Best State and of the New Island Utopia”[1], envisioned an ideal and fruitful community. No private property; a bartering system providing for societies essentials; No locks on the doors of the homes or shops; And fundamentally privacy is not regarded as freedom in Utopia. Silicon Velley’s elite monopolies are named Unicorns, and Alphabet the parent of Sidewalk Labs (Sidewalk) is a Unicorn. Sidewalk, pursued their first “utopia” as a smart city reliant on hyperconnectivity. Setting their sights on Toronto to lead the transition in the urban innovation industry Sidewalk focused on improving the quality, efficiency and affordability of city life. Sidewalk Toronto had hoped to ultimately serve as a model for other neighborhoods in the city and indeed for other cities around the world.

Unicorns thrive in their hyper climate of all thing’s innovation on the premise of experimentation. The mindset of trying different things; learning the voice of the consumer; intricacies of cultures; and ultimately the lines that may or may not be crossed. Sidewalk Toronto was no exception to the concept. The knowledge obtained shapes the mind of the Unicorn on how best to swift through the imaginings of its fantasies. With any experiment comes rigorous and systemic analysis to create conditions to compare. Unicorns’ experiments have led them on the ultimate conquest, the ability of persuading and controlling privacy and security.

This paper will review how Sidewalk chose Toronto as an initial test to the experiment with the boundaries of privacy and security. Through the construct that Toronto was chosen as the municipality of choice as the City had their own ambitions of innovation, ultimately becoming a global leader and driving the startups to the City. Lacking the necessary funds to obtain their goal the municipality struggled. Further, hindered by numerous regulations affecting a municipality unlike a corporation. Second, cities are concentrated spaces marked by intense social and economic activity, serving as prime locations for behaviour data collection. Toronto was an attractive choice to Sidewalk and its parent Alphabet, a haven for the Unicorn to flourish. Everything lined up for Sidewalk to experiment with Toronto to learn the constructs of how far consumers and governments will bend their limits. The purpose of the experiment was to learn how far communities, governments and individuals are willing to go to balance the benefits of smart technology and hyperconnectivity with the principles of privacy and security. An experiment to learn the answers to the ultimate conquest for all Unicorns.

The Laboratory

The Context

Sidewalk Toronto pushed the concept of interoperability one step further, arguably where no one could have dreamed. Urs Gasser defined interoperability as the mechanism that drives and manages the culture. The flow of data, and all that makes the digital realm function; reliant on the satisfaction of the customer through the ease of use of all thing’s internet[2]. Alphabet’s vision for Sidewalk’s Utopia is about pushing interoperability from childhood into its teens. Alphabet as the parent of numerous smart technologies that would facilitate interoperability in the smart city. Waymo, a startup in self driving cars and maps technologies; Verily, focused on health data and increasing efficiencies for medical insights; Nest, premised on home automation and the leader in the evolution of the smart home; Deep Mind, redefining the concept of Artificial Intelligence in consumers day to day experiences; Fiber, a development of high-speed internet; and the tech giant Google. Sidewalk was to incorporate each of these technologies, that track, trace, analyze and optimize the movement of individuals, in order to push ahead with their smart city experiment. A sampling of the potential includes streets served by autonomous vehicles and transit governed by intelligent signals; Robots moving about, sorting everything imaginable like freight to sorting the rubbish.

The destination was the use of technology to be a changing for the growth of any community. Premised on the data collected to understand the behaviours of individuals to deliver on the efficiencies of technology. An experiment is not about the destination rather the journey. Who's using the streets? Where are people travelling to and from? How does congestion evolve? Using the data from smart phones and technology, there is an opportunity to really revolutionize the base understanding of what's happening in a municipality. Ultimately the use of data for persuading action and changing behavior. The opportunity to re-imagine the city from the ground up. To reach the destination, a bending of the will must occur, that is society as a whole must relax their privacy and security concerns. Trusting the Unicorns to balance the scale in favour of what is best for society. Alphabet is an expert on the use of data; through their technologies as they are really good at gathering and managing information about what's going on the millions and billions of activities of decisions of interactions that are going on in a big city at any given moment. Here in lies the concern, is society willing, able or ready to pass the puck to the Unicorns?

The Concept

As privacy and security are intertwined, neither may function without the other, there are inherit risks. Risks stemming from the mishandling of the data, for example breaches. Geer has a theory, reliant on measurement, to understand and balance the inequality with the motivations of the producers, developers and distributors[3]. There must be a balancing of the cost of countermeasures against the cost of risk. Where the two align comes the decision on the effects outweigh the consequences. The research is underlined by requesting the affected parties to display what information do they possess? The sensitivity of the data? Consequences of the breach? Risk and harm to the affected parties? Concluding with a cost benefit analysis over an analysis of time. These are only a few answers of numerous possible questions, but the point is asking the questions to understand the measures required. Like in business, “Jobs to be Done” is a key term in disruptive strategy where the model of disruptive innovation recommends exceeding the customer's expectations, which particularly makes sense as this can help engage some of the market's most valuable customers. It is no understatement that the risks have dire consequences to an individual’s identity, behavior and their lives. Sidewalk must take this into account for their Utopia to come about.

Helen Nissenbaum elaborates on the privacy and security combination through the principles that divulge into the nature of the information collected and how it may or may not affect the owner of the data. Her principles further look into the premise of who in fact is the owner of the data ultimately concluding the consumer shall always have control of their data. Relevant to Sidewalk is her principle of the sanctity of places[4]. Sidewalk Toronto is premised on the concept that there are no boundaries for the habitation and use of their development. Niseenbaum disagrees, and underscores how fundamental are the consumers rights to be “shielded from the gaze of others”[5].

Nissenbaum concepts of the contextual integrity ultimately recognized we live in a digital realm. Information flows in context of politics, convention, and cultural expectation[6]. And protecting the sanctity of the information proves vital and may not be “transgressed”[7]. Through the flow of data, what may or may not be revealed is reliant on the “appropriateness” of the data, how likely it would have been easily revealed through one’s course of information flow[8]. The means by which it has been freely given with complete knowledge of use of the data and knowledgeable consent given, this falls under “distribution”[9]. And the intervention of justice through regulation, or the community as a whole, when there has been a violation of the sanctity of the consumers data[10].

            In line with Nissenbaum is Shoshana Zuboff’s theory of surveillance capitalism[11]. Premised on the notion that concentrating power to the private sector through the use of data consisting of the behaviors of its users. The use of these insights is very profitable and develop significant powers. So, the control of the data is used by the likes of Alphabet for their ultimate gain[12]. Sidewalk Toronto, and the experiment within, was a surveillance society founded on how far could Alphabet stretch its powers. Concluding along the same lines as Nissenbaum that the “covert” data capture violates the sanctity of individuals privacy. It is both an invasion into their information norms and an intrusion into the individual’s life. Simply, we place bubbles around us, our personal space, and there is an inherent expectation of this space. In this space intruders are not allowed, and our minds are quickly adapted to react when an intrusion occurs. And yet we allow the devices of the internet enter willingly to indulge in the benefits. This invasion, erosion, intrusion or however one may word it are associations between autonomy and privacy. Nissenbaum highlights this well:

            “freedom from scrutiny and zones of “relative insularity” are necessary conditions for             formulating goals, values, conceptions of self, and principles of action because they             provide venues in which people are free to experiment, act, and decide without giving             account to others or being fearful of retribution[13].

Combining Nissenbaum and Zubboff, Scott Peppet highlights any surveillance, tracking, and ultimately any combination and extorts a user’s data should divulge the end goal of the use of the data. And along the journey, informed and knowledgeable consent must be granted; disclosure of who will be viewing and using the data; the opportunity to select which disclosures are appropriate; the ability to remove oneself at any given point; and ultimately the user remains in control to delete the data and withdraw consent at their leisure[14]. From a security point of view Peppet underscores, is the data secure? And what forms of encryption are used; Is the data anonymized, if so, how is the service provider ensuring it is not reidentified?[15]

Peppet takes the position that most technology leave these basic security and privacy questions unanswered. And there must be a commitment by service providers to ensuring the user remains in control of the data, tracking its progress, accessing when necessary and ultimately modifying at user’s leisure. Like Geer, Peppet emphasizes the inherit risks of data and the vulnerability to any security threat. Peppet’s solution is to ensure the data that poses the most harm to the user, providing the example of personally identifiable data, should not be stored and definitely not shared. Leaving the data that is least sensitive to be encrypted, anonymized, and stored in a de-identified form[16].

Peppet’s concepts and theories are wonderful, however unrealistic. Simply the theories go against innovation and very concept of interoperability. Peppet in his words suggest “four messy imperfect steps”[17]. Messy and imperfect is an understatement. Nissenbaum and Zubooff are correct that there is an inherit sanctity for the users’ data. Sidewalk had an understanding of these principles, contrary to what many believed, their destination relied on them. Sidewalk’s purpose was to bend them. Sidewalk took the concerns relating to privacy and security seriously. Innovation is all about efficiencies, and Sidewalk’s vision was a consumer centric civilization, a utopia. How may one manage such a vision without the data? It would be impossible; the data remains fundamental and necessary to the value the technology would provide. Values that have consumers spend more time with their families as they go through less red lights and congestion; creating safer communities; and having medical help promptly available from an action as simple as a fall. Obtaining consent may be possible, informed consent is not possible, and Peppet’s notion of having the consumer have the hindsight and ultimate power reduces the value of the data. How does one balance Nissenbaum integral theory of contextual integrity from the surveillance society and Peppet’s basic questions of privacy and security? Sidewalk’s solution to balance privacy and security with the innovations of technology was to create a data trust.

The Variable

Sidewalk’s placed heavy emphasis on data governance; their standards had one goal, build on the principles and standards that lacked regulation[18]. The chosen variable, an independent Civic Data Trust (CDT), premised on the data remaining in the ownership of the public and not one entity[19]. The CDT would be grounded in the principles of the popular ‘Privacy by Design’ structure. Adopted throughout the world, principally in the European Union’s privacy regulation the General Data Protection Regulation. Privacy by Design underlines several principles; Respect for user privacy; End-to-end security; Proactive not reactive; Preventative, not remedial; Minimize retention of data; Limit the need to rely on other entities to behave properly in relation to sensitive data; And process and store data with the user, as much as possible. Similar to Peppet’s principles, the same tune continues to repeat and sound like a broken record. Data minimization is one song on the record, the starred song, where the service provider in our case Sidewalk minimizes the sensitive data collected too only that which is necessary. This is an impossible feat in a smart city development, the very notion of being smart is to know as much as possible about a subject. An understanding of the variable requires all the knowledge possible. One does not know the data they require until it becomes necessary to use it, so retaining all data about the subject remains integral. Seda Gurses and Carmela Troncoso agreed that data minimization is at “odds” with the very purpose of the data collection and use[20]. Together their solution, placing another entity in control to “constrain the flows accordingly”[21]. The constraint is to ensure the powers that come from the data are not influencing those that hold the data. More importantly, the data cannot influence others in their view of a single individual, such as an employer or the police. A significant risk for the sensitivity of data spoken to by Nissenbaum, Zuboff, Peppet and many others. The data trust adopts Gurses and Troncoso’s concept soundly. Combine the data as one without being able to identify just one individual rather the data would look more like chunks of information. So, the person themselves are not identified. With further protections engrossed within the fiduciary trust.

The Nudge

We are at the dawn of a fourth revolution, from the steam engine to the electric grid and all of its applications from lighting to elevators to streetcars to subway trains all the things that frankly made the early twentieth century city what it is. Technology has the potential to reshape the economics and the design of the physical world. Ultimately it must be embraced, concluding the iron rod of privacy and security shall be bent. The question that remains is how far do we bend it?

Nissenbaum’s underscores the values of privacy as being the prevention of information-based harm; informational inequality; autonomy; freedom; preservation of important human relationships; and democracy and other social values[22]. Alphabet is a profit-seeking firm, and as such its plans for Sidewalk are not being undertaken out of a sense of civic duty. It is done because it is profitable to do so, and it is currently profitable because this data can be analyzed, packaged, and sold. A market exists for this data because it can be used to make predictions about individual behavior, which is of interest to firms in areas such as advertising and machine learning[23]. Data is a toxic asset. We need to start thinking about it as such, and treat it as we would any other source of toxicity. To do anything else is to risk our security and privacy[24]. As well the loss of privacy is irreversible, for information is never unrevealed[25]. The CDT provides no assurance or guarantee that these values would be preserved. An example, the CDT was premised on anonymization of the users’ data. Anonymization has proven to be unlikely to succeed in the protection of privacy as the de-anonymization is relatively easy with about three pieces of identifiable information about the user. Rebecca Schaeffer goes into this concept[26]. Balancing these values and understanding the risks and implications of toxic material, the CDT is the uphill path of the journey. If Sidewalk manages to travel up the hill it would be all downhill from there.

            One particular nudge is the bending and morphing of what Nissenbaum’s calls relative insularity[27]. For a contextual review of relative insularity Sidewalk intends to interact with the user’s space for the value add of the development and the efficiencies in the use through their technology. Persuasion and influence are counter to relative insularity and this is exactly what is required, necessary and optimal for Sidewalk Toronto. Anne Uteck stipulates that there is no one definition of space and one definition is difficult[28]. Sidewalk uses this to their advantage by nudging users and governments to overlook the constraints for the benefit of each other. In essence, break your bubble for the common good of society. A convenient twist, emphasizing the consumer would ultimately come first. Through Alphabets use of persuasion and influence individuals react accordingly and not out of their own inhibitions. For example, discovering the grocery store is significantly busy at a certain period may inhibit the consumer to go to the grocery store at that time and push to a later time or date. Whether this is beneficial or not is irrelevant. The user was influenced and persuaded by Alphabet. Which goes against relative insularity. It does not take much to realize how this ability may be used for everything in the construct of space. Utech states that space is “portable” is not about the physical more so the invisible. The space becomes one’s own, their integrity and their sense of being, highlighting relative insularity. Without a doubt Alphabet has penetrated this space, arguably more dangerous, they have managed to persuade and influence. And all it takes is to be within the vicinity of Sidewalk Toronto or the technologies of Alphabet. Sidewalk themselves use the term “digital layer”[29], running through, under and around any physical space of our environments. Consisting of data and the things data touches. Unknown to the consumer in many instances the state of what is occurring beyond their view. Uteck eloquently put it as, “public urban space takes on greater significance as new technologies are moving out of structured and enclosed physical environments into urban spaces. The technological embeddedness shifts “the emphasis from abstract information processing to concrete physical space, from clothing and cars to the entire.” As such, everyday actions and behaviors no longer belong to particular places, and because there is no place—no arena of life which is truly public, private activities can occur in these urban spaces that we may not want or expect to be observed[30], And therein lies how fundamental this nudge is to Sidewalk and Alphabet, getting people to really see that values of their technology outweigh the consumers relative insularity. Which goes against every principle of privacy and security. Privacy primarily, in that the user is not in control and the data is used for an entities influence and control. And the CDT fails for these concepts, as well that data cannot be erased, the data as it passes through its evolution over the internet remains immortal. There’s no way to certifiably ensure that every copy of some data set is permanently gone[31]. Security in that the risks of the information easily becoming identifiable to the public in the case of a breach and the harms of sensitive data being accessed by others at the leisure or negligence of Alphabet.

The Panacea

Smart cities are an emergent subject of great interest to the planet's diverse urbanist communities. The technology must be embraced; innovations offer far greater benefits than that of an individual’s privacy and security. Sidewalk recognized that society shall remain uninhibited from the persuasion and control of external forces no matter their benefits. It’s solution, the CDT, ultimately failed to travel up the hill on its short but inspiring journey.

            A fiduciary trust, like a power of attorney, are contracts that provide a trustee the interests and abilities of an individual’s assets. The assets in the case of Sidewalk were the data. The trust, which is not an organization rather a group of trustees, would have the ability to make decisions on the use and management of the data. Sidewalk’s data governance principles were grounded on an independent CDT. Which would be a steward of urban data collected throughout the development. This Trust would approve and control the collection of, and manage access to, urban data originating from the use of the services of the development and more so from the behaviors surveilled within the community. The data governance through the CDT were about ensuring that urban data is collected and used in a way that is beneficial to the community, protects privacy, and spurs innovation and investment. In essence, combining all we know about the protection of privacy and security and bridging them together. An example of the bridge, when an entity came to access the data, the CDT would use impact assessments. Impact assessments recognized and implemented by governments and service providers throughout the world. Designed to reveal the possible outcomes and implications from the proposed use of the data. Ensuring clarity and transparency in the use of the data and fundamentally balancing innovation with privacy and security[32].

            The CDT also addressed the issue about “data residency”, where the data would be stored and ensuring federal and provincial laws would remain prevalent over the data and the CDT. A controversial subject, as the internet and in turn the cloud have no borders. And ensuring the data remains in one place goes against everything that is the internet and interoperability. The CDT solution was to create contracts with providers to ensure the laws of the given country or province would prevail. Along with the assurance of data encryption and technologies that ensure the data may only be accessed by the originating and rightful users or providers. A simple and elegant solution to a complex problem[33].

            Another concern would be the precedent that may develop for the privacy in general across the globe. The precedent that private entities could separate themselves from Canadian laws. Underlining that monopiles like Alphabet may make policy, policy making is inherently democratically provided to our governments on every level. The platform Sidewalk has suggested, is that one entity has supremacy in the intellectual property, procurement, data governance, policy and access. Why should a Unicorn have this potential? Giving Alphabet the benefit of the doubt for a moment, as analyzed the distress is not in the benefits of the technologies rather the fact that a private company ultimately dominates a community from every angle. The CDT was an ambitious attempt at solving this very problem. As we discerned though the flaw was that the services, opportunities and most of all behaviors of consumers conducted within Sidewalk Toronto would be part and parcel of the package that the CDT was offering. Fundamentally, ownership will still remain in the hands of Alphabet. Each of these ideas goes a little further in specifying the roles in a CDT ecosystem, which will determine how effective it can be as a protection of the public interest, or prevention of wholesale corporate capture.

            One of many downfalls of the CDT’s related to the ownership of the data. The primary issue relating to the creation of the CDT. All could see that the CDT could not manage to be independent of Alphabet. Alphabet would be the primary user of the data for the functioning of Sidewalks utopia. Together they have the most to gain from the data for the functions, services and the development of the smart city. In Toronto and throughout the globe, as Toronto was the initial experiment driving the smart city ambitions. Alphabet’s ambitions outweighed any benefits of the CDT. Few unicorns could compare to the ambitions of Alphabet as they set their expectations on how to dominate the internet and all things information. Sidewalk’s data governance overstepped its jurisdiction with its solution to the balancing of innovations against privacy and security. The CDT could not convince society that Alphabet remained in control. Ultimately the principles of democracy prevented the experiment from climbing the hill. Society is at liberty to participate at their leisure in the pursuit of happiness.

            How may have Alphabet succeeded with the Sidewalk experiment? Particularly the balance of privacy, security and democracy. A balance that remains ripe for the progress of fourth revolution already upon us. Democracy has rightly taken its place as a variable in the experiment, remaining the viable piece to the solution. The balance is not a phantasm, regulators are left with what society relies on them to do. And the time for regulators to step up has escalated significantly since the Sidewalks experiment began in 2017. Along with Sidewalk the Internet of Things and interoperability have evolved incredibly. As Uteck describes that soon all spaces we present ourselves in will be surveilled, and the data held to extraordinary value[34].

            The uncertainties that have risen from the innovation in technology, remain unclear. It falls on a regulator to provide clarity. Peter Drahos developed fourteen compliance questions integral to the interference of regulation[35]. Of the fourteen, question one social and economic costs and benefits; question five business model; and question seven capacity to comply are of particular importance to the Sidewalk experiment. Drahos forms these compliance questions with the Nielsen-Parker holistic compliance model. Summarily the regulation is driving the interests and motives of the Sidewalk with their characteristic capacities and resources ultimately to ensure compliance. Regulators do not want innovators to flee rather be guided to attain an ultimate right or principle, for our purpose the protection of privacy and security of the individual. Within the context of Drahos compliance principle the following paragraphs will review how regulation has engaged the digital realm to fasten privacy rights in a number of instances.

ONE – The Social and Economic Cost and Benefits

The question asks, will the compliance of the legislation hinder the companies from innovating in the country. This question requires the regulators to understand that they want the innovators to perform and yet comply. A balancing act often misguided or misjudged.

            First in the short line of regulations in pursuit of this balance relating to privacy and security is the Charter of Rights and Freedoms (CofR)[36]. CofR protects citizens through section seven life, liberty and security; section eight, secure from unreasonable search and seizure; and section fifteen, all are equal and have equal protection. The criticism of the CofR is twofold, first it does not apply to corporations and second the onus of proof falls on the individual to prove they had an expectation of privacy. Sidewalk and Waterfront Toronto were the two developers of Sidewalk Toronto. Both private corporations with neither having the CofR apply to them. If for a moment the CofR would apply, proving that there was an expectation of privacy would be difficult given the very nature of the smart community and hyperconnectivity. Where it is about openness, integration and uniformity generally mapped in a privacy policy. Returning to Nissenbaum’s “contextual integrity” model and the emphasis on norms, is at the heart of the reasonable expectation of privacy test because one cannot tell what expectations society is prepared to recognize as reasonable unless one looks at society’s practices and specifically privacy norms[37].

            Second, the Privacy Act 1983[38] designed as initial step in protecting individual’s privacy. Initially for Ontario’s municipal, health and government sector, it was expected to stretch to the private sector. This occurred in the year 2000, when the Personal Information and Protection of Electronic Documents Act (PIPEDA)[39] was introduced. Section. 3 provides the purpose is to establish, in an era in which technology increasingly facilitates the circulation and exchange of information, rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. Structured on the principles that revolve around the collection and use of data rather than the person’s privacy itself. PIPEDA protects an individual’s data from unauthorized use of information about an identifiable individual.

            In 2020, the federal government introduced Bill C-11[40], which attempts to further the balance of social and economic costs and benefits. The Act, as of current has yet to be passed, would replace PIPEDA with the Consumer Privacy Protection Act (CPPA). CPPA recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. CPPA emphasizes transparency in the use of data and the decisions that would come about the collection of the data. Expectations of consent that are to be knowledgeable and explicitly granted. Although there remains the issue, if the consent would be informed consent with the review of a professional such as a lawyer. Rights to data mobility so data may be moved and controlled at the leisure of the user. Primarily the CPPA follows many guidelines of Privacy by Design and scholars such as Peppet. Conclusively attending to numerous concerns of the Sidewalk development and CDT. Does the CPPA balance the innovator and the consumer with the regulation? One is lead to believe it does!

An underlining issue remains though, that private companies such as Alphabet strive for regulation in order to find ways to develop within the rules and bend the iron fist. Another notion, Sidewalk may have terminated their Toronto project on the very premise that they found the CPPA leans on the consumer end and not provide a balance. Leading to question five of the Drahos compliance questions.

FIVE – Business Model

Regulation is a passenger in the vehicle that is the entities business model, and the vision is the driver. Sidewalk’s vison is the optimization of the quality of life. With data being infrastructural. Data is the how the services would inevitably work together and how the goods would flow to the consumer. The business model relied heavily on Alphabet’s attempt at policy making, the CDT. The CDT was the nudge of Alphabet’s experiment focusing heavily on the default standard to open publishing; the concept of ‘urban’ data; localization; and theory of law and authority. Sidewalk though these premises were seeking an open system. To synthesize ownership and privacy values to the ultimate benefit of the community. Believing that the data collected would be public, and not owned by any one institution. As it is public it may be used by any individual producing the qualifications set out by the CDT. Inevitably providing the CDT enforcement powers as well. In order for regulation to adhere to this business model it would require a compromise to address the challenges. On the one part the CDT would be deregulated, and on the other part Alphabet would be regulated by the means of the CPPA. This is not a balance but disservice to the consumer ultimately. An underline the very question is urban infrastructure to be optimized, monetized or securitized?

SEVEN – CAPACITY TO COMPLY

Understanding that legislation relies in the delivery of individual rights, in the Sidewalk case that would be protection of information gathered from the data. In part legislation would allow the use of the information once certain requirements are complied with. A lease of the data upon delivery of privacy and security of society through expressed consents. This simple reform would lay the foundation for a more flexible, and more useful policy about individual privacy[41]. Such an endeavor requires extraordinary amounts of resources to manage compliance. The CDT simply lacks the resources for responsible and equitable data use. Towards the CDT the beneficial purpose of securing the data outweigh the negative impacts of a privatized body. From the time it would take to develop the CDT and ensuring its compliance with regulations; to the steps necessary for an inclusive organization capacity to mend with an openness institution like Alphabet. Ultimately earning the complex technical policy and issues by the technologies. Let alone the resources to tackle the risks to security.

Criminals are opportunists, and to breach the CDT would be an opportunist’s prize. And ultimately CDT’s authority to data collected through Sidewalk, as opposed to the significantly larger amount of data that companies collect through mobile devices, websites, and apps. The CDT provides little or no information on how it attempts to tackle leasing personally identifying information. The CDT standard to public ownership and at the CDT’s leisure the use may be subject to audit, investigation, and enforcement. Another angle, the CDT would grant licenses to collect and use data reliant on the sensitivity of the data. The less sensitive the likely the data will flow openly to the providers in need of the data. No test was laid out by Sidewalk, and whether such tests would be effective. The primary goal of the CDT was managing components relating to the publics access; enforcement; and exemptions. The CDT selectively controlling public access, building a policy apparatus around access, and an enforcement mechanism of use-based license limitations. In most governance systems, those functions are at least separate, if not sometimes in direct conflict. Even if the contradiction is intentional, the presumption of open data publication limits the CDT’s access to management and enforcement powers. The CDT would have conflicting mandates, with entirely separate operational requirements to implement. Ann Cavoukian, resigned because she said Sidewalk had reneged on its promise that all data would be de-identified at the source. Her departure over such a basic feature of data flows, fully one year into the project, showed just how undeveloped or at least undisclosed the data policies were. Leading to the conclusion the CDT, as policy maker and enforcer, would be in direct conflict with the capacity to comply with any legislation.

Conclusion

In the ``information age'' attention is becoming a more and more valuable commodity, and ways to economize on attention may be quite valuable. Junk mail, junk phone calls, and junk email are annoying and costly to consumers[42]. Now more than any time in history real solutions must present themselves, and experiments like Sidewalk Toronto are the course of action.

            Sidewalk, reliant on the CDT, established stepping stones from their experiment in Toronto. The goal to balance innovation with privacy and security was not attained, however the information gathered from the process will prove relevant in their pursuits. Information such as the networks of professionals and experts right through to the ability to frame privacy and security in a digital realm. Sidewalk, a novice in urban innovation, has acquired an influential amount of information. This information now places Sidewalk and Alphabet as an expert in the field.

            The highlight of the experiment, undoubtedly was the journey. Through the journey Sidewalk learned that privacy and security may be bent while still retaining values. This is accomplished by the ensuring data, sensitive or not, remains in the control of the user and ensuring end-to-end security. Sidewalk ultimately learned that simply using their services privacy may not be bent to intrusions of persuasion and control over the users’ daily activities. Uteck emphasized that these intrusions of privacy create victims that unknowingly are being observed and if knowingly are abused (Uteck, 2009, p. 112). The precedents of “off the wall” technology and not “through the wall” established by the Supreme Court of Canada through an analysis of the CofR (Uteck, 2009, p. 121). Summarize very well, the surveillance society has boundaries that may not be crossed.

            Sidewalk and the CDT s cannot be treated as separate entities from the unicorns that source them. This will be a barrier for the remainder of their endeavors in smart cities and everything that is privacy and security. Sidewalk should embrace their parents, and use them to attain the achievements worthy of success. Parents are centers of excellence, investment and development. Sidewalk should look to buying parcels of land outside of cities where they may experiment under their own policies and procedures. Once successful, using the precedent to enter established communities.

            Smart cities are inevitable, and Toronto has lost its opportunity to be a leader yet surely, they will be a follower in the not-too-distant future. Society has only managed to press the pause button. Regulators and society must come together during this small window of opportunity to embrace the innovations and solve the mysteries of privacy and security. Our legislators have one chance to getting this right, ignoring or pushing the technology is not the way. Rather embracing the technology and seeking methods to deliver the data necessary with little compromise to consumer. My suggestion, seek out technology to solve the critical issue. An example, Dauntless Artificial Intelligence technology created by Massachusetts Institute of Technology, preserves any data not in the user’s possession in anonymized method that may never be discovered; remaining manageable for control; ensures location accuracy to allow deletion; and respect the users privacy. AI has the potential to syndicate with humans to solve many of our concerns.

BIBLIOGRAPHY

Bill C-11 (Second Session, Forty-third Parliament 2020). Retrieved from https://parl.ca/DocumentViewer/en/43-2/bill/C-11/first-reading

Dawson, A. H. (2018, October 15). An Update on Data Governance for Sidewalk Toronto. Retrieved April 07, 2021, from Side Walk Labs: https://www.sidewalklabs.com/blog/an-update-on-data-governance-for-sidewalk-toronto/

Drahos, P. (2017). Regulatory Theory: Foundations and Applications. ANU Press.

Gasser, U. (2015). Interoperability in the Digital Ecosystem. Research Publication No. 2015-13 July 6, 2015, 30. Retrieved from https://dash.harvard.edu/bitstream/handle/1/28552584/SSRN-id2639210.pdf

Geer, D. E. (2015, July/August). The Right to Be Unobserved. IEEE Computer and Reliability Societies, p. 1.

Geer, D. E. (n.d.). Complex Security, Secure Complexity. Retrieved from http://geer.tinho.net/bolin.geer_3LR_4.pdf

McDonald, B. W. (2018, October 9). What Is a Data Trust? Centre for International Governance Innovation. Retrieved April 10, 2021, from https://www.cigionline.org/articles/what-data-trust

More, T. (1516). Libellus vere aureus, nec minus salutaris quam festivus, de optimo rei publicae statu deque nova insula Utopia. Netherlands. Retrieved from https://en.wikipedia.org/wiki/Utopia_(book)

Nissenbaum, H. (2004). Privacy as Contextual Integrity. Washington Law Review, 101-139. Retrieved from https://crypto.stanford.edu/portia/papers/RevnissenbaumDTP31.pdf

Onuoha, M. (2017, January 30). What It Takes To Truly Delete Data. Retrieved March 2021, from FiveThirtyEight.

Panel, W. T. (2020). DSAP Supplemental Report on the Sidewalk Labs Digital Innovation Appendix (DIA). Toronto: Digital Strategy Advisory Panel.

Peppet, S. R. (2014-2015). Regulating the Internet of Things: First Steps Toward Managing Discrimination, Privacy, Security, and Consent. Colorado Law Scholarly Commons, 85-178.

Personal Information and Protection of Electronic Documents Act (S.C. 2000, c. 5). Retrieved from https://laws-lois.justice.gc.ca/ENG/ACTS/P-8.6/index.html

Privacy Act (R.S.C., 1985, c. P-21). Retrieved from https://laws-lois.justice.gc.ca/ENG/ACTS/P-21/index.html

Schneier, B. (2016, March 4). Schneier on Security. Retrieved February 2, 2021

Troncoso, S. G. (n.d.). Engineering Privacy by Design Reloaded. Computers, Privacy & Data Protection, 25. Retrieved from https://www.esat.kuleuven.be/cosic/publications/article-1542.pdf

Uteck, A. (2009). Ubiquitous Computing and Spatial Privacy. In I. Kerr, V. Steeves, & C. Lucock, Lessons from the Identity Trail (p. 575). New York: Oxford University Press Inc.

Varian, H. R. (1996). Economic Aspects of Personal Privacy. National Telecommunication and Information Administration Report, 7. Retrieved from http://people.ischool.berkeley.edu/~hal/Papers/privacy/

Zuboff, S. (2015(30)). Big Other: Surveillance Capitalism and the Prospects of an Information Civilization. Journal of Information Technology, 75-89.

[1] (More, 1516)

[2] (Gasser, 2015, p. v)

[3] (Geer, p. 179)

[4] (Nissenbaum, 2004, pp. 111,112)

[5] (Nissenbaum, 2004, p. 112)

[6] (Nissenbaum, 2004, p. 119)

[7] (Nissenbaum, 2004, pp. 119,120)

[8] (Nissenbaum, 2004, pp. 119,120)

[9] (Nissenbaum, 2004, p. 122)

[10] (Nissenbaum, 2004, p. 125)

[11] (Zuboff, 2015(30), p. 75)

[12] (Zuboff, 2015(30), p. 85)

[13] (Nissenbaum, 2004, pp. 129,130)

[14] (Peppet, 2014-2015, pp. 160-162)

[15] (Peppet, 2014-2015, pp. 160-162)

[16] (Peppet, 2014-2015, p. 164)

[17] (Peppet, 2014-2015, p. 149)

[18] (Dawson, 2018, p. 3)

[19] (Dawson, 2018, p. 2)

[20] (Troncoso, pp. 19,20)

[21] (Troncoso, pp. 19,20)

[22] (Nissenbaum, 2004, pp. 128,129)

[23] (Zuboff, 2015(30), p. 78)

[24] (Schneier, 2016, p. 2)

[25] (Geer, The Right to Be Unobserved, 2015)

[26] (Nissenbaum, 2004, p. 129)

[27] (Nissenbaum, 2004, pp. 131,132)

[28] (Uteck, 2009, p. 115)

[29] (McDonald, 2018)

[30] (Uteck, 2009, p. 117)

[31] (Onuoha, 2017)

[32] (Dawson, 2018, p. 4)

[33] (Panel, 2020)

[34] (Uteck, 2009, p. 111)

[35] (Drahos, 2017, p. 221)

[36] (Uteck, 2009, p. 96)

[37] (Nissenbaum, 2004, p. 119)

[38] (Privacy Act)

[39] (Personal Information and Protection of Electronic Documents Act)

[40] (Bill C-11, 2020)

[41] (Varian, 1996, p. 6)

[42] (Varian, 1996, p. 2)