On Wednesday 8th October 2014, Nathaniel Tkacz visited the Programmable City Project and delivered a seminar on “Dashboards and Data Signals”. Nathaniel is Assistant Professor in CIM at The University of Warwick. He is currently Principal Investigator for the ESRC-funded project ‘Interrogating the Dashboard’. He is author or editor of Wikipedia and The Politics of Openness, The MoneyLab Reader (forthcoming 2015), Digital Light (forthcoming 2014) and Critical Point of View: A Wikipedia Reader.
On dashboards and data signals, Nathaniel summarised his discussion as: Screen interfaces that aggregate and visualise flows of data, namely, dashboards, are greatly increasing in number and function. They coincide with the heightened interest in information visualisation and massive claims about the transformative power of big data. David Cameron has a bespoke dashboard, as does US Federal Reserve Chair, Janet Yellen. For the rest of us, there are a range of dashboard apps available from Apple or Google’s respective markets. The control screens one would expect to see in a Bloomberg Terminal, flight control tower or security operation – that is, in strategic and logistical spaces – is today becoming generalised and individualised. As is true of all interfaces, a dashboard is a relation. It is a relation of control, to be sure, and one that equally reflects a desire for control among the ‘data deluge’ as much as it does its achievement. But a closer look at the dashboard reveals much more than the proliferation of control. It can tell us, for example, about the changing nature of indicators, the everyday experience of data-driven life, and emerging forms of rationality, and it is these things that I will explore in this presentation.
We are delighted to welcome Ayona Datta to Maynooth on Monday 3rd November for the second of our Programmable City seminars this semester. Ayona Datta is Senior Lecturer in Citizenship and Belonging at the University of Leeds. Ayona’s research and writing focuses on the gendered processes of citizenship and the gendered politics of urban renewal and urbanization across the global north and south. Ayona is the author of The Illegal City: Space, law and gender in a Delhi squatter settlement (2012) and is editor of Translocal Geographies: Spaces, Places, Connections (2011).
The seminar will focus on the development of smart cities in India. In 2014, the newly elected Indian government announced an ambitious programme of building 100 new smart cities across India. These cities are presented as the answer to the challenges of rural-urban migration, rapid urbanisation, and sustainable development in India. Ayona’s seminar will examine these claims by focussing on two Indian ‘smart cities’ being built from scratch.
In May 2014 Ubisoft released a new computer game called Watch Dogs. Having sold over 4 million copies in the first week of sales it is tipped to be the game of the year. In the game, Chicago City is controlled by a central operating system (ctOS). The super computer gets a panoptic view of the city using data from cameras and sensor networks. The information obtained is used to manage the city’s infrastructure and technology as well as to maintain a database of personal information about citizens and their activities. In Watch Dogs, a disgruntled computer hacker finds a way to access and hack the ctOS, allowing him to hijack traffic lights, the power grid, bridges and toll gates, rupture water pipes, disable surveillance cameras and access personal information about fellow citizens. The motive for causing mayhem in the city is to find a gang who were involved in his sister’s death and ultimately take down the corrupt system that runs ctOS. In this article, we take a look at some of the real dangers facing today’s cities from malicious hackers.
A Character Accesses City Infrastructure and Data in Watch Dogs
In terms of technology, Chicago, as presented in Watch Dogs is a smart city. Data is fed into the central operating system and the infrastructure of the city adapts and responds accordingly. Although much of the game is fictional, Watch Dogs draws on existing technologies and echoes what is happening today. For example, Rio de Janeiro has a large control centre which applies data analytics to social media, sensors and surveillance cameras in an attempt to predict and control events taking place in the city. Its mission is to provide a safe environment for citizens. Other cities such as Santander and Singapore have invested in sensor networks to record a range of environmental and traffic conditions at locations across the cities. Earlier this year, Intel and Dublin City Council announced that Dublin is also to get a sensor network for measuring city processes. At present many of these projects are focusing on the technical challenge of configuring hardware, designing standards and collecting, storing and processing data from the city-wide sensor networks. Projects are using the data for a range of services to control the city such traffic management (guiding motorist to empty parking spaces), energy management (dimming street lights if no one is present) and water conservation (using sensors to determine when city parks need water).
The Internet of Things & Security
The roll out of such smart city technology is enabled through the Internet of Things (IoT) which is essentially a network of objects which communicate and transfer data without requiring human-to-human or human-to-computer interaction. The IoT can range from a pace maker sending patient information to a physician, to a fridge informing its owner that the milk is low. In the smart city, sensors automatically relay data to a control centre where it is analysed and acted upon.
The Control Centre in Rio de Janeiro
While Watch Dogs raises important moral and ethical issues concerning privacy and the development of a big brother society via smart city technologies, it also raises some interesting questions about the security and reliability of the technology. In Watch Dogs, the main character can control the city infrastructure using a smart phone due to a security weakness in the ctOS. In reality, we have recently seen objects in the IoT being compromised due to weaknesses in the hardware security. Baby monitoring webcams which were accessed by hackers and demonstrations of how insulin pumps can be compromised are cases which have received media attention. Major vulnerabilities of the IoT, were seen in late 2013 and early 2014 when an orchestrated cyber attack saw 100,000 ‘things’ connected to the Internet hacked and used to send malicious spam emails. The hacked ‘things’ included smart TVs, fridges and media centres. Basic security misconfigurations and failures to alter default passwords left devices open to attack.
Even mature internet technologies such as those used in ecommerce websites are vulnerable to hacking. In May this year e-bay’s web servers were hacked leading to the loss of user data. Security flaws with the OpenSSL cryptography standard (used to transmit data securely on the Internet) came to light in April 2014 with the ‘Heartbleed’ bug. A vulnerability enabled hackers to access the short term memory of servers to capture information such as passwords or credit card details of users who recently interacted with the server. All technologies which can send and receive data are vulnerable to attack and misuse unless strict security protocols are used and kept up-to-date. Unfortunately, as the examples here highlight, it seems that the solutions to security issues are only provided after a problem or a breech has been detected. This is because it’s often an unknown bug in the code or poor coding practice which provides a way for hackers to access systems remotely. There is a reluctance to invest in thorough testing of technologies for such weaknesses. Development companies seem prepared to risk cyber attacks rather than invest in the resources required to identify problem areas.
Hacking the Smart City
The fact that all systems connected to the Internet appear vulnerable to cyber attacks is very worrying when considered in the context of smart cities. Unlike personal webcams, TVs and fridges, the technology of smart cities forms part of a complex and critical infrastructure which is used to calibrate and control a city.While governments and city authorities are generally slow to publicise attacks on their technological infrastructure, the Israeli government has acknowledged that essential services that run off sensors, such as water, electricity and banking, have been the target of numerous hacking attacks. For example, in 2013, the traffic management system for a main artery in the port city of Haifa, was hacked, causing major traffic problems that lasted for several hours. Such malicious hijacking of technology is inconvenient for citizens, costs the city financially and could also have fatal consequences. Last year, it was demonstrated that it was relatively easy to hack the traffic light system in New York City. By sending false signals regarding the traffic flow at particular junctions, the algorithm used to control the traffic light sequence could be outsmarted and fooled into thinking that a particular junction was busy and therefore adjust the green time of traffic lights in a particular direction.
City technology is built on legacy systems which have been incrementally updated as technology has changed. Security was often not considered in the original design and only added after. This makes such legacy systems more vulnerable for exploiting. For example, many of the traffic light coordination systems in cities date from the 1980s when the main security threat was physical interference. Another problem with the city technology is the underlying algorithms which can be purely reactive to the data they receive. If false data is supplied then the algorithm may produce undesirable consequences. While the discussion here has focused on sensors embedded in the city, other sources of data, such as social media are open to the same abuse. In March 2014, the twitter account of The Associated Press was hacked and a message reporting of an attack on President Barrack Obama was posted. This led to $136 billion being wiped of the NY stock exchange within seconds. This is an example of humans using bad data to make a bad decision. If the human cognition process is unable to interpret bad data, what hope do pre-programmed computer algorithms have?
As cities continue to roll out technologies aimed at enhancing the lives of citizens, they are moving towards data driven forms of governance both for long term and short term actions. Whatever type of sensor is collecting data, there is a danger that data can be biased, corrupt, played, contained errors or even be faked through hacking. It is therefore imperative for city officials to question the trustworthiness of data used in decision making. From a technical point of view, the data can be made safe by calibrating the sensors regularly and validating their readings against other sensors. From a security perspective, the hardware needs to be secured, maintained and updated to prevent malicious hacking of the device. Recognising the threat which has been highlighted by Watch Dogs, the US Centre for Internet Security (CIS) issued a Cyber Alertregarding the game stating that ‘CIS believes it is likely that a small percentage of Watch Dog players will experiment with compromising computers and electronic systems outside of game play, and this activity will likely affect SLTT (State, Local, Tribal and Territorial) government systems and Department of Transportation (DOT) systems in particular.’
In other domains, such as the motor industry there is a move to transfer functions from the human operator to algorithms. For example, automatic braking, parking assistance, distance based cruise control and pedestrian detection are becoming mainstream in-car technologies in a slow move towards vehicles which drive themselves. It is likely that managing the city will follow the same pattern and incrementally the city will ‘drive’ itself and could ultimately be completely controlled by data-driven algorithms which react to a network of sensors. Although agencies such as the CIS give some advice to minimise the risk of Cyber Attacks on cities, it seems that hacking of the smart city infrastructure is inevitable. The reliance of cities on software and the risks associated with this strategy are well known (Dodge & Kitchin, 2004; Kitchin, 2014). The problem is compounded by the disappearance of the analogue alternative to smart city technologies (Townsend, 2013). This could lead to prolonged recovery from attacks and bugs due to the total reliance on technology to run cities. Cities therefore need to consider the security risks connected to deploying and using sensors to control a city and make decisions. It is also essential that control loops and contingency plans are in place to allow a city to function during a data outage just as contingency plans are made for handling the loss of other essential services such as power and water.
References
Dodge, M., & Kitchin, R. (2004). Flying through code/space: The real virtuality of air travel. Environment and Planning A, 36(2), 195–211.
Townsend, A. (2013). Smart cities: Big data, civic hackers, and the quest for a new utopia. New York: W.W. Norton & Co.
You can write down equations that predict what people will do. That’s the huge change. So I have been running the big data conversation … It’s about the fact that you can now understand customers, employees, how we organise, in a quantitative, predictive way for the first time.
Predictive analytics is fervently discussed in the business world, if not fully taken up, and increasingly by public services, governments or medical practices to exploit the value hidden in the public archive or even in social media. In New York for example, there is a geek squad to Mayor’s office, seeking to uncover deep and detailed relationships between the people living there and the government, and at the same time realising “how insanely complicated this city is”. In there, an intriguing question remains as to the effectiveness of predictive analytics, the extent to which it can support and facilitate urban life and the consequences to the cities that are immersed in a deep sea of data, predictions and humans.
Let’s start with an Australian example. The Commonwealth Scientific and Industrial Research Organisation (CSIRO) has partnered with Queensland Health, Griffith University and Queensland University of Technology and developed the Patient Admission Prediction Tool (PAPT) to estimate the presentations of schoolies, leavers of Australian high schools going on week-long holidays after final examines, to nearby hospitals. The PAPT derives their estimates from Queensland Health data on schoolies presentations in previous years, including statistics about the numbers of presentations, parts of the body injured and types of these injuries. Using the data, the PAPT benefits hospitals, their employees and patients by improved scheduling of hospital beds, procedures and staff, with the potential of saving $23 million per annum if implemented in hospitals across Australia. As characterised by Dr James Lind, one of the benefits of adapting predictive analytics is the proactive rather than reactive approaches towards planning and management:
People like working in a system that is proactive rather than reactive. When we are expecting a patient load everyone knows what their jobs [are], and you are more efficient with your time.
The patients are happy too, because they receive and finish treatment quickly:
Can we find such success when predictive analytics is practised in various forms of urban governance? Moving the discussion back to US cities again and using policing as an example. Policing work is shifting from reactive to proactive in many cities, in experimental or implementation stages. PredPol is predictive policing software produced by a startup company and has caught considerable amount of attention from various police departments in the US and other parts of the world. Their success as a business, however, is partly to do with by their “energetic” marketing strategies, contractual obligations of referring the startup company to other law enforcement agencies, and so on.
Above all, claims of success shown by the company are difficult to sustain in closer examination. The subjects of the analytics that the software focuses are very specific: burglaries, robberies, vehicle thefts, thefts from vehicles and gun crimes. In other words, the crimes that have “plenty of data to chew on” for making predictions, and are of the opportunistic crimes which are easier to prevent by the presence of the patrolling police (more details here).
This further brings us to the issue of the “proven” and “continued” aspects of success. These are even more difficult and problematic aspects of policing work for the purpose of evaluating and “effectiveness” and “success” of predictive policing. To prove that an algorithm performs well, expectations for which an algorithm is built and tweaked have to be specified, not only for those who build the algorithm, but also for people who will be entangled in the experiments in intended and unintended ways. In this sense, transparency and objectivity related to predictive policing are important. Without acknowledging, considering and evaluating how both the crimes and everyday life, or both normality and abnormality, are transformed into algorithms and disclosing them for validation and consultation, a system of computational criminal justice can turn into, if not witchhunting, alchemy – let’s put two or more elements into a magical pot, stir them and see what happens! This is further complicated by knowing that there are already existing and inherent inequalities in crime data, such as reporting or sentencing, and the perceived neutrality of algorithms can well justify cognitive biases that are well documented in justice system, biases that could justify the rational that someone should be treated more harshly because the person is already on the black list, without reconsidering how the person gets onto such list in the first place. There is an even darker side of predictive policing when mundane social activities are constantly treated as crime data when using social network analysis to profile and incriminate groups and grouping of individuals. This is also a more dynamic and contested field of play considering that while crime prediction practitioners (coders, private companies, government agencies and so on) appropriate personal data and private social media messages for purposes they are not intended for, criminals (or activists for that matter) play with social media, if not yet prediction results obtained by the reverse engineering of algorithms, to plan coups, protests, attacks, etc.
For those who want to look further into how predictive policing is set up, proven, run and evaluated, there are ways of opening up the black box, at least partially, for critically reflecting upon what exactly it could achieve and how the “success” is managed both in computer simulation and in police practices. The Chief scientist of PredPol gave a lecturer where, as pointed out:
He discusses the mathematics/statistics behind the algorithm and, at one point, invites the audience not to take his word for it’s accuracy because he is employed by PredPol, but to take the equations discussed and plug in crime data (e.g. Chicago’s open source crime data) to see if the model has any accuracy.
The video of the lecturer is here
Furthermore, RAND provides a review of predictive policing methods and practices across many US cities. The report can be found here and analyses the advantages gained by various crime prediction methods as well as their limitations. Predictive policing as shown in the report is far from a crystal ball, and has various levels of complexity to run and implement, mathematically, computationally and organisationally. Predictions can range from crime mapping to predicting crime hotspots when given certain spatiotemporal characteristics of crimes (see a taxonomy in p. 19). As far as prediction are concerned, they are good as long as crimes in the future look similar to the ones in the past – their types, temporality and geographic prevalence, if the data is good, which is a big if!. Also, predictions are good when they are further contextualised. Compared with predicting crimes without any help (not even from the intelligence that agents in the field can gather), applying mathematics to help in a guessing game creates a significant advantage, but the differences among these methods are not as dramatic. Therefore, one of the crucial messages intended by reviewing and contextualising predictive methods is that:
It is important to bear in mind that the predictive methods discussed here do not predict where and when the next crime will be committed. Rather, they predict the relative level of risk that a crime will be associated with a particular time and place. The assumption is always that the past is prologue; predictions are made based on the analysis of past data. If the criminal adapts quickly to police interventions, then only data from the recent past will be useful to police departments. (p. 55)
Therefore, however automated, human and organisational efforts are still required in many areas in practice. Activities such as finding relevant data, preparing them for analysis, tweaking factors, variables and parameters, all require human efforts, collaboration as a team and transforming decisions into actions for reducing crimes at organisational levels. Similarly, human and organisational efforts are again needed when types and patterns of crimes are changing, targeted crimes shift, results are to be interpreted and integrated in relation to changing availabilities of resources.
Furthermore, the report reviews the issues of privacy, transparency, trust and civil liberties within existing legal and policy frameworks. However, it becomes apparent that predictions and predictive analytics need careful and mindful designs, responding to emerging ethical, legal and social issues (ELSI) when the impacts of predictive policing occur at individual and organisational levels, affecting the day-to-day life of residents, communities and frontline officers. While it is important to maintain and revisit existing legal requirements and frameworks, it is also important to respond to emerging information and data practices, and notions of “obscurity by design” and “prodecural data due processes” are ways of rethinking and designing relationships between privacy, data, algorithms and predictions. Even the term transparency needs further reflections to make progress on issues concerning what it means under the context of predictive analytics and how it can be achieved by taking into account renewed theoretical, ethical, practical and legal considerations. Under this context, “transparent predictions” is proposed wherein the importance and potential unintended consequences are outlined with regards to rendering prediction processes interpretable to humans and driven by causations rather than correlations. Critical reflections on such a proposal are useful, for example this two part series – (1)(2), further contextualising transparency both in prediction precesses and case-specific situations.
Additionally, IBM has partnered with New York Fire Department and Lisbon Fire Brigade. The main goal is to use predictive analytics to make smart cities safer by using the predictions to better and more effectively allocate emergency response resources. Similarly, crowd behaviours have already been simulated for understanding and predicting how people would react in various crowd events in places such as major traffic and travel terminals, sports and concert venues, shopping malls and streets, busy traffic areas, etc. Simulation tools take into account data generated by sensors, as well as quantified embodied actions, such as walking speeds, body sizes or disabilities, and it is not difficult to imagine that more data and analysis could take advantage of social media data where sentiments and psychological aspects are expected to refine simulation results (a review of simulation tools).
To bring the discussion to a pause, data, algorithms and predictions are quickly turning not only cities but also many other places into testbeds, as long as there are sensors (human and nonhuman) and the Internet. Data will become available and different kinds of tests can then be run to verify ideas and hypotheses. As many articles have pointed out, data and algorithms are flawed, revealling and reinforcing unequal parts and aspects of cities and city lives. Tests and experiments, such as manipulating user emtions by Facebook in their experiments, can make cities vulnerable too, when they are run without regards to embodied and emotionally chared humans. Therefore, there is a great deal more to say about data, algorithms and experiments, because the production of data and experiments of making use of them are always an intervention rather than evaluation. We will be coming back to these topics in subsequent posts.
Session 4: Programmable City Project Team, included project introductions from Postdoctoral Researchers and PhD students. Here are links to the slides the complete program.
Robert Bradshaw, Smart Bikeshare
Dr Sophia Maalsen, How are discourses and practices of city governance translated into code?
Jim Merricks White, Towards a Digital Urban Commons:Developing a situated computing praxis for a more direct democracy
Alan Moore, The Role of Dublin in the Global Innovation Network of Cloud Computing
Dr Leighton Evans, How does software alter the forms and nature of work?
Darach Mac Donncha, ‘How software is discursively produced and legitimised by vested interests’
Session 3: Smart Cities included papers from Siobhan Clarke (Trinity College Dublin) and Adam Greenfield (London School of Economics). Here are links to the slides the complete program.
