Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
PRELIMINARYREPORT#2FROMBATCH5OFTHEIOTSTANDARDSDEVELOPMENTPROJECTCONTRIBUTIONSTOACONCEPTUALFRAMEWORKFORMANAGINGTHESOCIALANDETHICALISSUESOFURBANIOT
FEBRUARY2018
Preparedfor:
VilledeMontréal
For:Mr.Jean-MartinThibault
Director (CTO), IT Architecture, InnovationandSecurity
VilledeMontréal
275,rueNotre-DameEst
Montréal,QC,HCY1C6
Canada
©CIRAIG FinalReport
Pageii CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
ThisreportwaspreparedbyCIRAIG(Centreinternationaldereferencesurlecycledeviedesproduitsprocédésetservices).
CIRAIGwasestablished in2001toprovidebusinessesandgovernmentwithacademic,state-of-the-artexpertiseonsustainabledevelopmenttools.CIRAIGisoneoftheworld’sleadingcentresoflifecycleexpertise.Theorganizationworkswithmanyresearchcentresthroughout theworld andactivelyparticipates in the life cycle initiativeof theUnitedNations EnvironmentProgramme (UNEP) and the Societyof Environmental ToxicologyandChemistry(SETAC).
CIRAIGhasdevelopedrecognizedexpertiseinlifecyclestools,includingenvironmentallife cycle assessment (ELCA) and social life cycle assessment (SLCA). Its researchcomplements this expertise,with studieson life cycle cost analyses (LCCAs) andothertools,includingcarbonandwaterfootprints.CIRAIG’sactivitiesincludeappliedresearchinmanycriticalsectors,suchasenergy,aerospace,agrifood,wastemanagement,pulpand paper,mines andmetals, chemical products, telecommunications, finance, urbaninfrastructuremanagement,transportationandgreenproductdesign.
DISCLAIMERTheauthorsareresponsiblefortheselectionandpresentationoftheirfindings.Theopinionsexpressedin this document are those of the project team and do not necessarily reflect the views of CIRAIG,PolytechniqueMontréalorESG-UQÀM.WiththeexceptionofdocumentsproducedbyCIRAIG(suchasthisreport),anyuseofthenameofCIRAIG,PolytechniqueMontréal or ESG-UQÀM in public disclosures relating to this reportmust receive priorwrittenconsentfromadulyappointedrepresentativeofCIRAIG,PolytechniqueMontréalorESG-UQÀM.CIRAIGCentreinternationaldereferencesurlecycledeviedesproducts,procédésetservicesPolytechniqueMontréalDépartementdegéniechimique3333,cheminQueen-Mary,suite310Montréal(Québec)CanadaH3V1A2www.ciraig.org
VilledeMontréal FinalReport
©CIRAIG FinalReport
Pageiv CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
ResearchTeam
ResearchTeam
Execution
SaraRussoGarrido
Supervision,Researchandwriting
Marie-LucArpin
Revision
ProjectManagement
Prof.NicolasMerveillePhD
Professor,ESGUQAMandCIRAIG
ProjectParticipantsfromtheVilledeMontréal:
Jean-MartinThibault,Pierre-AntoineFerron,StéphaneGuidoin,MichelCharest,SongNhiNguyen,Martin-GuyRichardandPatrickLozeau.
VilledeMontréal FinalReport
Summary
ProjectMission
ThisreportseekstolayatoguideMontréalindevelopingfordefiningaconceptualframeworkthatcanguide Montréal in establishing a program for considering and managing issues of ethics and socialacceptability associatedwith the technological and analytical systems of an urban Internet of things.Thesesystemsareresponsibleforcollectingdatafrommanysources(municipalsensors,socialnetworks,externaldatabases), internalprocessing,storageandanalysisofsuchdata,aswellasforreleasingthisdataintheformofdatabases,displaysorappsforthepublic.ThisreportbuildsontheLiteratureReview:EthicalIssuesandSocialAcceptabilityofIoTintheSmartCity1(RussoGarrido,etal.,2017).
ThereportpresentstwoframeworkstoguideMontréalindevelopingoneormoreconceptualframeworksforethicalgovernanceofIoT:
• FrameworktoassistintheidentificationandanalysisofissuesofethicsandsocialacceptabilityinIoT.
• Alistofprinciplestoguidehowtheseissuesarehandled.
Theseelementsdonot,ontheirown,constituteacomprehensiveconceptualframework.However,theyareimportantmilestonesinthedevelopmentofamorecompleteandscalableframework.
FrameworksforIdentifyingEthicalandSocialIssues
Frameworksforidentifyingtheethicalandsocialissuesdiscussedinthisreportaredesignedtoprovidedecision-makerswithtoolsthatwillhelpthemidentifyandstudyissuesassociatedwiththeIoTproject.Theseframeworksarebasedonthefollowingsourcesofinformation,withmosttakenfromtheliteraturereview(RussoGarrido,etal.,2017):
• KeycomponentsoftheIoTsystem,asoperatedbythecity.• EthicalissuesidentifiedintheliteraturerevieworintheopinionoftheCommissiond’éthique
ensciencesettechnologieduQuébecsurlesvillesintelligentes(CÉSTQ,2017).
ThebroadoutlinesoftheIoTaredescribedinthefollowingfigure.
1TheCompleteTitleIs:FinalReport#1ForBatch5oftheIoTStandardsDevelopmentProjectLiteratureReview:EthicalIssuesandSocialAcceptabilityofIoTintheSmartCity.
©CIRAIG FinalReport
Pagevi CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
FigureA:ComponentsofMontréal’sIoTSystem
Asexplainedintheliteraturereview,thesystemcanbebrokendownintofourmainphases:
• IoTprojectplanning.• Datacollectionandstorage.• Dataanalysis(internaloroutsidethecity)• Opendataanddigitalservicesforthepublic.
BasedonthesestepsandtheethicalandsocialissuesidentifiedintheliteraturereviewandtheCÉSTQ(2017)opinion,weproposethefollowingframeworkforhigh-levelidentificationofethicalissues.
.
Version mise à jour
.
Légende'des'grandes'étapes:'!!!!!!!!!!!!!!!! !Planifica)on!du!projet!de!l’IdO!! !Collecte!et!stockage!des!données!
!Analyse!des!données!(interne!ou!externe!à!l’administra)on)!!Ouverture!des!données!et!services!citoyens!numériques!
!
Installa)on!
Données!captées!
Transport!
Stockage!temporaire!
Stockage!ins)tu)onnel!
Analyse!tempsFréel!
Analyse!de!flux!
Analyses!interac)ve!&!en!lot!
Ouverture!des!
données!Analyse!(données!
périodiques!ou!interac)ves)!
Visualisa)on!des!données!
et/ou!Résultats!pour!prises!de!décisions!
Analyse!et!développement!d’applica)ons!
par!les!citoyens/entreprises!!
Applica)ons!offertes!aux!citoyens!
Planifica)on!du!projet!d’IdO!
Archivage!!
Destruc)on!des!données!!
Données!externes!
VilledeMontréal FinalReport
FigureB:GeneralFrameworkforHigh-LevelIdentificationofIssuesofEthicsandSocialAcceptability
Whiletheframeworkoutlinedbelowmaybeusefulforgeneraldiscussion,morespecificframeworksareneededthatnotonlyidentifygeneralconcerns,butprovideamoredetaileddefinitionofactivitiesandsituationsthatcouldgiveriseethicalorsocialissues.FiguresC,DandEpresentthislevelofdetail,eachillustratingasetofissuescoveredintheliteraturereview(asindicatedbyeachfigure’stitle).
.
Planifica(on*&*gouverne*de*l’IdO*
Collecte,*traitement,*stockage,*archivage*
Analyse*à*l’interne*
Ouverture*des*données*et*services*aux*citoyens*
• Bien*commun*• Inclusion*• Indépendance*des*
pouvoirs*publics*• Vie$privée$• Liberté$• Transparence$• Propor3onnalité$• Démocra3e$• Transforma3on$
gouvernance$• Transforma3on$de$
la$ville$
• Vie*privée*• Liberté*• Transparence*• Propor3onnalité$
• Vie*privée*• Liberté*• Inclusion*• Transparence*
• Vie*privée*• Indépendance*
des*pouvoirs*publics*
• Inclusion*• Transparence*• Démocra3e$
• Vie*privée*• Liberté*• Inclusion*
Légende:*En*gras:***Non$gras:$
Enjeux$éthiques$dont$la$présence$à$ceCe$étape$de$l’IdO$a$été$iden3fiée$dans$la$liCérature$Enjeux$éthiques$poten3els,$dont$la$présence$à$ceCe$étape$de$l’IdO$n’a$pas$été$iden3fiée$dans$la$liCérature$
Analyse*(erces*par(es*
©CIRAIG FinalReport
Pageviii CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
FigureC:ThreatsPertainingtoIssuesofthePublicGood,SocialInclusion,SeparationoftheGovernmentandBusinessSpheres,andFreedom
FigureD:ThreatsPertainingtoPrivacyandTransparency
.
Planifica(on*&*gouverne*de*l’IdO*
Collecte,*traitement,*stockage,*archivage*
Analyse*à*l’interne*
Ouverture*des*données*et*services*aux*citoyens*
Analyse*(erces*par(es*
• Tyrannie(transparence((L)(
• Analyses(prédic4ves(orientent(choix((L)(
• Analyses(prescrip4ves(décident(de(l’accès((L)(
• Profilage((IC(&(L)(• Discrimina4on(
par(analyse(algorithme((IC)(
• Fracture(numérique(affecte(accès((IC)(
• Offre(bonifiée(mais(non(publique(
• Analyses(prédic4ves(orientent(choix((L)(
• Analyses(prescrip4ves(décident(de(l’accès((L)(
• Profilage((IC(&(L)(• Discrimina4on(
par(analyse(algorithme((IC)(
• Inves4ssements(spa4alement(inégaux((IC)(
• Influence(des(intérêts(privés((ID)(
• Verrouillage(technologique((ID)(
• NonMpropor4onnalité(des(moyens((BC)(
• Manque(de(consensus,(délibéra4on(démocra4que((BC,(D)(
• Manque(de(bienfaits(pour(la(collec4vité(et(démocra4e((BC,(D)(
Légende:*Les(ini4ales(entre(parenthèses(se(réfèrent(à(l’enjeu(auquel(se(raTache(la(menace:(pour(bien(commun((BC),(inclusion((IC),(indépendance(des(pouvoirs(publics((ID)(et(liberté((L)(
Planifica(on*&*gouverne*de*l’IdO*
Collecte,*traitement,*stockage,*archivage*
Analyse*à*l’interne*
Ouverture*des*données*et*services*aux*citoyens*
Analyse*(erces*par(es*
• Vulnérabilité+des+systèmes+et+données+
• Manque+d’assen6ment+citoyen+pour+la+collecte+
• Sen6ment+d’être+surveillé+
• Généra6on+de+portraits+personnels+(via+combinaison,+ré?iden6fica6on,+inférence)+
• Suivi+géographique+• U6lisa6on+des+
données+pour+des+fins+différentes+de+celles+communiquées+
• Opacité+des+systèmes+
• Dissémina6on+de+données+personnelles+confiden6elles+
• Dissémina6on+de+données+personnelles+non?confiden6elles+
• Mise+à+disposi6on+de+données+qui+peuvent+contribuer+à+générer+des+portraits+personnels+par+autrui+
• Qualité+des+données+
• Idem+que+l’analyse+à+l’interne.+
.
VilledeMontréal FinalReport
FigureE:ThreatsPertainingtoTransformationofGovernanceandtheCity
IssueAnalysisandManagementPrinciples
Thesecondcontributionofthisreportisalistofprinciplestoapplyinexaminingandmanagingissues.Thislistisdesignedtoincorporatethekeyprinciplesforaddressingissuesofethicsandsocialacceptabilityarising out of IoT. It is intended to help determine the appropriate approach in an environmentcharacterizedbychange,innovation,transformationofthesocialbondandalossofethicalreferences.
Wedecidedtobuildonallrelevantexistingguidelinesonthesubject,indevelopingthislist,ratherthanstart from scratch. We have accordingly considered the principles proposed for IoT, the smart city,artificialintelligenceandbigdataresearch.Thefollowingboxoutlinesourprocedure:
ProcedureforDevelopingtheListofPrinciples
1. Createaninventoryofexistingrelevantprinciples.
2. Extractandexamineallprinciples,tounderstandtheircharacteristicsandseehowtheyoverlap.
3. Develop a final list of principles pertaining to IoT and the completenesswith respect to other listsconsulted.
4. Consideroverlapsbetweentheproposedlistofprinciplesandtheliteraturereview’sfindings.
5. Identifyprinciplesthatshouldbeenhancedandsubsequentsteps.
We selected lists of existing principles based on their relevance and importance. The following tableidentifiesthesedocuments,groupedbytheirtechnologicalorthematicfocus.Section3.3presentstheselistsindetail.
Planifica(on*&*gouverne*de*l’IdO*
Collecte,*traitement,*stockage,*archivage*
Analyse*à*l’interne*
Ouverture*des*données*et*services*aux*citoyens*
Analyse*(erces*par(es*
• Décisions(pour(l’op.misa.on(et(non(l’op.mum(social(
• Percep.on(de(l’impact(de(l’accroissement(des(ondes(électromagné.ques(dans(la(ville(sur(la(santé(
.
• Transforma.on(en(espace(prévisible(et(individualisé(
• Décisions(pour(l’op.misa.on(et(non(l’op.mum(social(
• Dilu.on(de(la(responsabilité(décisionnelle(
• Réduc.on(du(champ(des(possibles(
• Impact(sur(l’environnement(
©CIRAIG FinalReport
Pagex CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
TableA:ListsofPrinciplesConsidered
Category ListsofPrinciples
Generalprivacyprinciples • CanadianPIPEDAfairinformationprinciples• FairInformationPracticePrinciples(FIPPs)• OECDGuidelines• PrivacybyDesign• InformationandPrivacyCommissionerof7
FoundationalPrinciplesofPrivacybyDesign• CityofSeattlePrivacyPrinciples• EUgenerallegislationof1990and2018
GeneralIoTandsmartcityprinciples
• RecommendationsonsmartcitiesintheOpinionofQuébec’sCommissionenéthiquesciencesettechnologie
• NYC’sGuidelinesforBuildingaSmart+EquitableCity
Artificialintelligenceprinciples2 • AsilomarAIPrinciples• FairAutomationPracticePrinciples(FAPPs)• TheMontrealDeclarationforaResponsible
DevelopmentofArtificialIntelligence
Bigdataprinciples3 • Tensimplerulesforresponsiblebigdataresearch
Codesofconduct • ACMCodeofEthicsandProfessionalConduct• IEEECodeofConduct4
Wedrewupafinallistofprinciples,drawingonthe13documentsappearinginTableA.Theseprincipleswerethenclassified,summarizedanddistilledtoproduceafinallist,inlinewiththefollowingcriteria:
2TheIEEE’sdeliberations(IEEE,2017)onartificialintelligencecanbeaddedtothislistforsubsequentcontributionstotheinventory.3 The principles presented in the article by Richards and King (2014) could be added here for subsequentcontributionstotheinventory.4ACMandIEEEjointlyproducedacode,butwedidnotcoveritinthisstudy.SinceIEEEisintheprocessofcreatinganewversionof itsowncode,wedecidedtostick to the latestcodes, rather than thoseproducedaspartofacollaborativeprocess.
VilledeMontréal FinalReport
• Comprehensiveness:maximumcoverageoftopicsidentifiedinthelistsofprinciplesconsulted.• Relevance:alltopicsdirectlypertaintothemanagementofethicalissuesandthevarious
technicalcomponentsoftheIoTsystem.5• Fromthegeneraltothespecific:identificationofalimitednumberofgeneralprinciplesand
dividingthemintomorespecificones.
Obviously,ourproposedframeworkisastartingpoint.Itmustevolveandbecomemorerobustthroughconsultationandverificationofother referencedocuments,deliberationswithin the city andbroaderconsultationswithstakeholders.
Thefollowingtablepresentsthe11keyprinciplesproposed.TheycanthenbebrokenintosubprinciplesorspecificprinciplesaspresentedinAppendixG.6Determiningthefinalprinciplesanddesiredlevelsofspecificityisuptothecity.
5 However, the study did not cover principles on overall good IoT governance (in terms of infrastructuremaintenance,efficiency,etc.).6AppendixGalsotransparentlydescribesthesourcesofthekeyprinciplesproposed(thelist,frameworkorcodefromwhichtheyweretaken),aswelloflistsofprinciplesthatoverlapincertainareas.
©CIRAIG FinalReport
Pagexii CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
TableB:ListofProposedPrinciples
*Therehasbeenmuchdebateoverdefiningprivacy.Inthisreport,thetermreferstopersonalfreedomagainstanyphysicalintrusion,anyinterferenceinpersonallifeandanyimpedimenttoaperson’sabilitytocontroltheaccessanduseoftheirpersonalinformation.
Generally,theissuesandthreatsdocumentedintheliteraturereview(asappearinFiguresC,DandE)arerelativelywellcoveredbythelistofprinciplesproposed.Justtheissuesof“freedom”and“transformationofthecity”receiveonlypartialtreatmentbythisframework,towhichwehaveaddedgeneralorspecificprinciples(tobedefined)toensurecompletecoverage,asexplainedinSection4.1.
Thème& Principe&
Bien&commun& Assurer&que&l’IdO&soit&au&service&du&bien&commun&et&de&la&recherche&d’un&op8mum&social.&
Démocra3e&et&par3cipa3on&citoyenne&
Promouvoir&la&par8cipa8on&citoyenne&pour&définir&une&vision&concertée&du&projet&de&l’IdO&et&s’assurer&que&celui?ci&soit&l’objet&de&délibéra8on&démocra8que&
Vie&privée& Protéger&et&respecter&la&vie&privée*&des&citoyens&
Transparence& Être&transparent&sur&le&«&qui,&quoi,&quand,&où,&&pourquoi&et&comment&»&de&la&collecte,&la&transmission,&le&traitement&et&l’u8lisa8on&
Sécurité& Concevoir&et&opérer&le&système&IdO&en&toute&sécurité&afin&de&protéger&le&public,&assurer&l’intégrité&des&services&et&être&résilient&face&aux&aLaques&
Bonne&ges3on&des&données&
Concevoir&et&opérer&le&système&IdO&en&toute&sécurité&afin&de&protéger&le&public,&assurer&l’intégrité&des&services&et&être&résilient&face&aux&aLaques&
Évalua3ons&et&conséquences&
Réaliser&des&évalua8ons&d’impact&sur&enjeux&éthiques&pour&tous&nouveaux&programmes&de&données&et&veiller&à&l’analyse&des&conséquences&à&long&terme&sur&les&valeurs&sociales&élargies&
Équité&et&inclusion&
MeLre&tous&les&moyens&en&œuvre&pour&que&le&traitement&accordé&tous&soit&juste&et&impar8al.&Éviter&le&profilage,&la&discrimina8on&et&le&renforcement&des&inégalités&pour&développer&un&projet&inclusif&
Autonomie&des&pouvoirs&publics&
Assurer&l’autonomie&de&la&sphère&publique&et&la&primauté&de&l’intérêt&public&par&rapport&aux&intérêts&privés&
Systèmes&explicables&
Concevoir&des&systèmes&auditables&et&dans&des&cas&de&prise&de&décision&automa8sée,&donner&aux&individus&accès&aux&logiques&qui&président&dans&la&décision,&ainsi&qu’une&explica8on&des&données&u8lisées&(quelle&donnée,&quelle&source,&comment&est?elle&mobilisée)&
Liberté& Assurer&que&le&citoyen&puisse&préserver&son&sen8ment&de&liberté&
VilledeMontréal FinalReport
NextSteps
WhilethelistofproposedprinciplesisthefruitofameticulousefforttoamassexistingbestpracticesfordealingwiththeethicalandsocialissuesofanIoTsystem,asplannedforMontréal,thereareseveralstepsinvolved in perfecting this list and making it fully useful. Section 4.2 presents subsequent stepsrecommended for future enhancement of the list, including: 1) Debating, reformulating as required,selectingandvalidatingthe10proposedprinciplesandtheirspecificrelatedprincipleswithinandwithoutcitygovernment.2)Identifyinganymissingspecificprinciples.3)AsdiscussedinSection4.1.,reinforcingweakspecificprinciples.4)IdentifyinghowtheframeworkdefinesspecificpracticesateachstageoftheIoT system. In other words, we must be able to express the stated principles as specific practicesapplicabletothedailyroutinesofcityofficials.
Conclusion
This report presents frameworks designed to guideMontréal in developing one or more conceptualframeworksforethicalgovernanceofIoT.Aspreviouslymentioned,theseelementsdonotontheirownconstitute complete conceptual frameworks.However, theyare importantmilestones indevelopingamorecompleteframework.Todate,theseelementscanmakesignificantcontributionstothedeploymentof optimal analytical and management practices, and taking action on issues of ethics and socialacceptabilitywithrespecttoMontréal’sIoTsystem.Inotherwords,wecanonlydealwiththeuncertaintyand changes due to the deployment in the city of new technologies by adopting tools to support anongoing watch of emerging issues and develop corresponding practices that will contribute to thedialogueonthenextstepstotakeandsociety’schoicesinthematter.
©CIRAIG FinalReport
Pagexiv CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
Contents
RESEARCHTEAM................................................................................................................................................IVSUMMARY..........................................................................................................................................................V
CONTENTS........................................................................................................................................................XIV
TABLES..............................................................................................................................................................XV
FIGURES...........................................................................................................................................................XVI
ABBREVIATIONSANDACRONYMS....................................................................................................................XVI
1 INTRODUCTION............................................................................................................................................1
2 ISSUE-IDENTIFICATIONFRAMEWORK...........................................................................................................22.1 KEYCOMPONENTSOFTHEIOTSYSTEM.................................................................................................................2
2.2 ISSUESIDENTIFIEDINTHELITERATUREREVIEW.......................................................................................................3
2.3 PROPOSEDISSUEIDENTIFICATIONSUPPORTFRAMEWORK.........................................................................................5
3 ISSUEANALYSIS/MANAGEMENTPRINCIPLES...............................................................................................9
3.1 PROCEDURE.....................................................................................................................................................9
3.2 INVENTORYOFEXISTINGPRINCIPLES,ALONGWITHOVERLAPSANDDIFFERENCES........................................................10
3.3 LISTSOFPRINCIPLESCONSIDERED......................................................................................................................12
3.3.1 CanadianPIPEDAFairInformationPrinciples........................................................................................123.3.2 FairInformationPracticePrinciples(FIPPs)andOECDGuidelines........................................................13
3.3.3 PrivacybyDesignandtheInformationandPrivacyCommissionerof7FoundationalPrinciplesofPrivacybyDesign............................................................................................................................................................14
3.3.4 CityofSeattlePrivacyPrinciples............................................................................................................15
3.3.5 DrawingonEuropeanRegulations........................................................................................................16
3.3.6 OpinionoftheCommissiond’ÉthiqueSciencesetTechnologieduQuébecsurlaVilleIntelligente......18
3.3.7 NYC’sGuidelinesforBuildingaSmart+EquitableCity.........................................................................183.3.8 AsilomarBeneficialIAPrinciples............................................................................................................19
3.3.9 FairAutomationPracticePrinciples.......................................................................................................21
3.3.10 TheMontrealDeclarationforaResponsibleDevelopmentofArtificialIntelligence.........................23
3.3.11 TenSimpleRulesforResponsibleBigDataResearch........................................................................24
3.3.12 ACMCodeofEthicsandProfessionalConduct..................................................................................25
3.3.13 IEEECodeofConduct........................................................................................................................27
4 LISTOFPROPOSEDPRINCIPLES..................................................................................................................284.1 ANALYSISOFOVERLAPSBETWEENTHEPROPOSEDFRAMEWORKANDTHELITERATUREREVIEW.....................................31
4.2 NEXTSTEPSINDEVELOPINGTHEFRAMEWORK.....................................................................................................32
4.2.1 EnhancingCertainPrinciples.................................................................................................................32
4.2.2 NextStepsPlanned................................................................................................................................34
VilledeMontréal FinalReport
5 CONCLUSION..............................................................................................................................................36
6 BIBLIOGRAPHY...........................................................................................................................................37
APPENDIXACOMPLETELISTOFPRINCIPLESCONSIDEREDFORANALYSIS...........................................................39
APPENDIXBVALUESANDPRINCIPLESOFSMARTCITIESSERVINGTHECOMMONGOOD(CÉSTQ,2017).............40
APPENDIXCNYC’SGUIDELINESFORBUILDINGASMART+EQUITABLECITY.......................................................43
APPENDIXDASILOMARAIPRINCIPLES...............................................................................................................48Research Issues.............................................................................................................................................................48Ethics and Values..........................................................................................................................................................48Longer-term Issues........................................................................................................................................................49
APPENDIXEMONTRÉALDECLARATION..............................................................................................................50
APPENDIXFACMCODEOFETHICS(2018)...........................................................................................................54
APPENDIXGLISTOFGENERALANDSPECIFICPRINCIPLES...................................................................................61
Tables
TABLE1:LISTSOFPRINCIPLESCONSIDERED........................................................................................................11
TABLE2:PIPEDAFAIRINFORMATIONPRINCIPLES(DEPARTMENTOFJUSTICECANADA,2017)...........................12
TABLE3:THE INFORMATIONANDPRIVACYCOMMISSIONEROF7FOUNDATIONALPRINCIPLESOFPRIVACYBYDESIGN(INFORMATIONANDPRIVACYCOMMISSIONEROFONTARIO(2015).....................................................15TABLE4:PRINCIPLESOFTHE1990EUROPEANDIRECTIVE...................................................................................17
TABLE5:ASILOMARBENEFICIALIAPRINCIPLES..................................................................................................20
TABLE6:FAIRAUTOMATIONPRACTICEPRINCIPLES(JONES,2015).....................................................................22
TABLE7:EXTRACTFROMTHEMONTRÉALDECLARATION...................................................................................23
TABLE8:LISTOF11PRINCIPLES..........................................................................................................................29
TABLE9:ADDITIONALPRINCIPLESIDENTIFIEDINTHELITERATUREREVIEW........................................................31
©CIRAIG FinalReport
Pagexvi CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
Figures
Figure1:ComponentsofMontréal’sIoTsystem...................................................................................................2
Figure2:EthicalIssuesandRelatedThreatsinthePlanningandDataCollection/StoragePhases.........................3
Figure3:EthicalIssuesandRelatedThreatsattheDataAnalysisandReleasePhases...........................................4
Figure4:OtherIssuesPertainingtoSocialAcceptabilityandtheCÉSTQ’sOpinion................................................5
Figure5:GeneralFrameworkforIdentifyingIssuesofEthicsandSocialAcceptability..........................................6
Figure6:ThreatsPertainingtoIssuesoftheCommonGood,SocialInclusion,SeparationoftheGovernmentandBusinessSpheresandFreedom.......................................................................................................7
Figure7.ThreatsPertainingtoPrivacyandTransparency.....................................................................................7
Figure8:ThreatsPertainingtoTransformationofGovernanceandtheCity.........................................................8
Figure9:OECDGuidelinesIndividualParticipationPrinciples,TakenfromCÉSTQ(2017)....................................13
Figure10:ExtractofExcelSpreadsheetHighlightsMajorandSpecificPrinciples.................................................30
Figure11:ExtractofExcelSpreadsheetHighlightingSpecificPrinciplesandtheirSources..................................30
Figure12:CertainContextualPrivacyFactorsConsidered(Gaughan,2016,17)...................................................34
Figure13:MajorPrinciplesBrokenDownintoSpecificandPracticalPrinciples...................................................35
AbbreviationsandAcronyms
ACM AssociationofComputingandMachinery
CÉSTQ Commissiond’éthiqueensciencesettechnologiesduQuébec
FAPPs FairAutomationPracticePrinciples
FIPPs FairInformationPracticePrinciples
AI Artificialintelligence
IoT InternetofThings
IEEE InstituteofElectricalandElectronicsEngineers
NYC NewYorkCity
OECD OrganisationforEconomicCooperationandDevelopment
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page1
1 Introduction
ThisreportseekstolayatoguideMontréalindevelopingfordefiningaconceptualframeworkthatcanguide Montréal in establishing a program for considering and managing issues of ethics and socialacceptability associatedwith the technological and analytical systems of an urban Internet of things.Thesesystemsareresponsibleforcollectingdatafrommanysources(municipalsensors,socialnetworks,externaldatabases), internalprocessing,storageandanalysisofsuchdata,aswellasforreleasingthisdataintheformofdatabases,displaysorappsforthepublic.
ThereportbuildsontheLiteratureReview:EthicalIssuesandSocialAcceptabilityofIoTintheSmartCity7(RussoGarrido,etal.,2017),whichidentifiedthemostlikelyissuesforthecity,basedonnumerousstudiesandthepriorexperiencesofmunicipalitiesaroundtheworld.ItseekstoguideMontréal’sdeliberationson developing one or more conceptual frameworks for ethical governance of IoT and proposes twoframeworkstodrivethisprocess:
• FrameworktoassistintheidentificationandanalysisofissuesofethicsandsocialacceptabilityinIoT.
• Alistofprinciplestoguidehowtheseissuesarehandled/.
Theseelementsdonot,ontheirown,constituteacompleteconceptualframework.However,theyareimportantmilestonesinthedevelopmentofamorecompleteandscalableframework.
Section2ofthisreportinitiallyfocusesonthefirstissueidentificationframework,largelybasedontheabove-mentionedliteraturereview.Section3describestheprocessusedindevelopingalistofprinciples.Section4presentsthislist.TheConclusionsummarizeswhathasbeendonesofarandthenextstepstotake.
7TheCompleteTitleIs:FinalReport#1ForBatch5oftheIoTStandardsDevelopmentProjectLiteratureReview:EthicalIssuesandSocialAcceptabilityofIoTintheSmartCity.
©CIRAIG FinalReport
Page2 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
2 Issue-IdentificationFramework
Ourframeworkforidentifyingethicalandsocialissuesisdesignedtoprovidedecision-makerswithatoolthatcanhelpthemidentifyandstudyissuesassociatedwiththeIoTproject.Thisframeworkisbasedontwocoreelements:
• KeycomponentsoftheIoTsystem,asoperatedbythecity.• EthicalissuesidentifiedintheliteraturereviewandintheopinionoftheCommissiond’éthique
ensciencesettechnologieduQuébecsurlesvillesintelligentes(CÉSTQ,2017).
Inshort,thisframeworkisbasedontheconclusionsoftheliteraturereviewthatconstitutesthefirstpartofthisproject,addingsomenewideastakenfromCÉSTQ’sopinion(2017).Whiletheframeworkcontainsnooriginalresearch,itspresentsanewstructurefortheinformationappearinginthefirstreportunderthisproject.
2.1 KeyComponentsoftheIoTSystem
Asmentioned in the Introduction, IoT systems are responsible for collecting data frommany sources(municipalsensors,socialnetworks,externaldatabases),internalprocessing,storageandanalysisofsuchdata, aswell as for releasing this data in the form of databases, displays or apps for the public. ThefollowingfigurepresentsasimplifiedviewofMontréal’sIoTsystem:
Figure1:ComponentsofMontréal’sIoTsystem
Asexplainedintheliteraturereview,thesystemcanbebrokendownintothefourmainphasesofsystemactivities:
.
Version mise à jour
.
Légende'des'grandes'étapes:'!!!!!!!!!!!!!!!! !Planifica)on!du!projet!de!l’IdO!! !Collecte!et!stockage!des!données!
!Analyse!des!données!(interne!ou!externe!à!l’administra)on)!!Ouverture!des!données!et!services!citoyens!numériques!
!
Installa)on!
Données!captées!
Transport!
Stockage!temporaire!
Stockage!ins)tu)onnel!
Analyse!tempsFréel!
Analyse!de!flux!
Analyses!interac)ve!&!en!lot!
Ouverture!des!
données!Analyse!(données!
périodiques!ou!interac)ves)!
Visualisa)on!des!données!
et/ou!Résultats!pour!prises!de!décisions!
Analyse!et!développement!d’applica)ons!
par!les!citoyens/entreprises!!
Applica)ons!offertes!aux!citoyens!
Planifica)on!du!projet!d’IdO!
Archivage!!
Destruc)on!des!données!!
Données!externes!
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page3
• IoTprojectplanning.• Datacollectionandstorage.• Dataanalysis(internaloroutsidethecity)• Opendataanddigitalservicesforthepublic.
2.2 IssuesIdentifiedintheLiteratureReview
Figures2,3and4summarizepotential issuesofethicsorsocialacceptabilitythatare identifiedintheliterature.TheseissuesaregroupedbythemajorIoTsystemphaseinwhichtheyoccur.Phase-specificthreatsthatgiverisetosuchtheseethicalissuesarealsoindicated,asfoundintheliterature.
Figure 4 also highlights IoT-related ethical issues named in the opinion on smart cities issued by theCommissiond’éthiqueensciencesettechnologiesduQuébec(CÉSTQ,2017).Thefiguredoesnotincludeall elements identified by the CÉSTQ, but only those that pertain to IoT and complement the issuesidentifiedintheliteraturereview.
Figure2:EthicalIssuesandRelatedThreatsinthePlanningandDataCollection/StoragePhases
2
.
.
Planifica(on*du*projet*de*l’IdO
Collecte*et*stockage*des*données*
1. Orienta*on,des,inves*ssements,au,détriment,d’autres,enjeux,urbains,
2. Inégalité,des,inves*ssements,du,point,de,vue,géographique
1. Sécurité,des,systèmes,et,données,2. Manque,d’assen*ment,citoyen,pour,la,
collecte,3. Sen*ment,d’être,surveillé
1. Façonnement,du,projet,par,intérêts,privés,
2. Verrouillage,technologique,et,mennotage,contractuel,
3. Développement,d’une,dépendance,à,la,généra*on,des,revenus,de,vente,des,données,
1. Sécurité,des,systèmes,et,données,
1. Tyrannie,de,la,transparence,con*nue,2. Bonifica*on,des,données,disponibles,
pour,une,cybersurveillance,ubiquitaire,
Inclusion,
Indépendance,des,pouvoirs,publics,
Vie,privée,
Transparence,et,fiabilité,
Liberté,
©CIRAIG FinalReport
Page4 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
Figure3:EthicalIssuesandRelatedThreatsattheDataAnalysisandReleasePhases
3
.
.
1. Généra(on*de*portraits*personnels*(via*combinaison,*ré8iden(fica(on,*inférence)*
2. Suivi*géographique*3. U(lisa(on*des*données*pour*des*fins*
différentes*de*celles*communiquées
Analyse(des(données Ouverture(des(données(et(services(citoyens(numériques(
1. Dissémina(on*de*données*personnelles*confiden(elles*
2. Dissémina(on*de*données*personnelles*non8confiden(elles*
3. Mise*à*disposi(on*de*données*qui*peuvent*contribuer*à*générer*des*portraits*personnels*par*autrui
1. Discrimina(on*par*analyse*algorithmique*
1. Accès*inéquitable*aux*services*et*données*(fracture*numérique*et*personnalisa(on)*
2. Accès*inéquitable*à*l’exploita(on*des*données*ouvertes*
3. Offre*limitée*pour*les*popula(ons*défavorisées*
1. Offre*de*services*bonifiée*mais*non*publique*1. Opacité*des*systèmes*et*analyses*
1. Qualité*des*données*ouvertes*
1. Analyses*prédic(ves*orientent*les*choix*des*individus*
2. Analyses*prédic(ves*décident*de*l’accès*des*individus*à*des*opportunités*
3. Le*profilage*freine*la*capacité*des*individus*à*se*ré8inventer*
Vie*privée*
Inclusion*
Transparence*et*fiabilité*
Indépendance*des*pouvoirs*publics*
Libe
rté*
Vie*privée*
Inclusion*
Transparence*et*fiabilité*
1. Décisions*pour*l’op(misa(on*et*non*l’op(mum*social*
2. Dilu(on*de*la*responsabilité*décisionnelle*
3. Déterminisme*4. Réduc(on*du*champ*des*possibles*Tr
ansforma(
ons*
gouvernance*
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page5
Figure4:OtherIssuesPertainingtoSocialAcceptabilityandtheCÉSTQ’sOpinion
2.3 ProposedIssueIdentificationSupportFramework
Based on the IoT system’smain components, the ethical and social issues identified in the literaturereview,andtheopinionoftheCommissiond’éthiqueensciencesettechnologieduQuébec,weproposethefollowingframeworkforhigh-level identificationofethical issues.Asappears inthe legend, issuescorrespondingwithaparticularIoTphase(planning,analysis,etc.)andappearinginboldcharactersareethicalonesidentifiedintheliterature.Non-boldeditemsattheIoTphasearepotentialissuesthathavebeennotbeenidentifiedintheliterature,butcouldstillbepresent.
1
.
.
Autres'enjeux'poten-els''pour'l’acceptabilité'sociale
1. Transforma+on,en,espace,prévisible,et,individualisé,
2. Impact,sur,l’environnement,
Transforma+on,de,la,ville,
1. Décisions,pour,l’op+misa+on,et,non,l’op+mum,social,
2. Dilu+on,de,la,responsabilité,décisionnelle,
3. Déterminisme,4. Réduc+on,du,champ,des,
possibles,
Transforma+on,de,la,gouvernance,
Enjeux'complémentaires'iden-fiés'par'la'CÉSTQ'(et'non'couverts'par'la'revue'de'li@érature)'
1. Les,moyens,peuvent,ne,pas,être,propor+onnels,aux,fins,poursuivies,
Propor+onnalité,
1. Le,projet,peut,ne,pas,concilier,pas,les,valeurs,et,intérêts,pluriels,des,citoyens,
2. Le,projet,peut,ne,pas,entraîner,des,bénéfices,pour,la,collec+vité,
Bien,commun,
1. Les,citoyens,sont,des,acteurs,poli+ques,,pas,des,consommateurs,
2. Le,projet,peut,ne,pas,soutenir,les,dimensions,par+cipa+ves,,délibéra+ve,,représenta+ve,ou,décisionnelle,de,la,démocra+e,
3. Le,projet,peut,ne,pas,être,l’objet,d’une,délibéra+on,démocra+que,
Démocra+e,
©CIRAIG FinalReport
Page6 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
Figure5:GeneralFrameworkforIdentifyingIssuesofEthicsandSocialAcceptability
Whileaframeworkliketheonepresentedbelowcanserveingeneralconsiderationsofthistopic, it isusefultoemploymorespecificframeworksthatnotonlyidentifybroadissues,butthatlisttheactivitiesand situations that couldgive rise toethicalor social issues. The following figuresprovide thisdetail.Figure6concerns issuesandthreatspertainingtoprivacyandtransparency.Figure7dealswith issuesand threats pertaining to the common good, social inclusion, and separation of the government andbusinessspheres.Figure8focusesonissuesandthreatspertainingtotransformationofgovernanceandthecity.
.
Planifica(on*&*gouverne*de*l’IdO*
Collecte,*traitement,*stockage,*archivage*
Analyse*à*l’interne*
Ouverture*des*données*et*services*aux*citoyens*
• Bien*commun*• Inclusion*• Indépendance*des*
pouvoirs*publics*• Vie$privée$• Liberté$• Transparence$• Propor3onnalité$• Démocra3e$• Transforma3on$
gouvernance$• Transforma3on$de$
la$ville$
• Vie*privée*• Liberté*• Transparence*• Propor3onnalité$
• Vie*privée*• Liberté*• Inclusion*• Transparence*
• Vie*privée*• Indépendance*
des*pouvoirs*publics*
• Inclusion*• Transparence*• Démocra3e$
• Vie*privée*• Liberté*• Inclusion*
Légende:*En*gras:***Non$gras:$
Enjeux$éthiques$dont$la$présence$à$ceCe$étape$de$l’IdO$a$été$iden3fiée$dans$la$liCérature$Enjeux$éthiques$poten3els,$dont$la$présence$à$ceCe$étape$de$l’IdO$n’a$pas$été$iden3fiée$dans$la$liCérature$
Analyse*(erces*par(es*
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page7
Figure6:ThreatsPertainingtoIssuesoftheCommonGood,SocialInclusion,SeparationoftheGovernmentandBusinessSpheresandFreedom
Figure7.ThreatsPertainingtoPrivacyandTransparency
.
Planifica(on*&*gouverne*de*l’IdO*
Collecte,*traitement,*stockage,*archivage*
Analyse*à*l’interne*
Ouverture*des*données*et*services*aux*citoyens*
Analyse*(erces*par(es*
• Tyrannie(transparence((L)(
• Analyses(prédic4ves(orientent(choix((L)(
• Analyses(prédic4ves(décident(de(l’accès((L)(
• Profilage((IC(&(L)(• Discrimina4on(
par(analyse(algorithme((IC)(
• Fracture(numérique(affecte(accès((IC)(
• Offre(bonifiée(mais(non(publique(
• Analyses(prédic4ves(orientent(choix((L)(
• Analyses(prédic4ves(décident(de(l’accès((L)(
• Profilage((IC(&(L)(• Discrimina4on(
par(analyse(algorithme((IC)(
• Inves4ssements(spa4alement(inégaux((IC)(
• Influence(des(intérêts(privés((ID)(
• Verrouillage(technologique((ID)(
• NonMpropor4onnalité(des(moyens((BC)(
• Manque(de(consensus,(délibéra4on(démocra4que((BC,(D)(
• Manque(de(bienfaits(pour(la(collec4vité(et(démocra4e((BC,(D)(
Légende:*Les(ini4ales(entre(parenthèses(se(réfèrent(à(l’enjeu(auquel(se(raTache(la(menace:(pour(bien(commun((BC),(inclusion((IC),(indépendance(des(pouvoirs(publics((ID)(et(liberté((L)(
Planifica(on*&*gouverne*de*l’IdO*
Collecte,*traitement,*stockage,*archivage*
Analyse*à*l’interne*
Ouverture*des*données*et*services*aux*citoyens*
Analyse*(erces*par(es*
• Vulnérabilité+des+systèmes+et+données+
• Manque+d’assen6ment+citoyen+pour+la+collecte+
• Sen6ment+d’être+surveillé+
• Généra6on+de+portraits+personnels+(via+combinaison,+ré?iden6fica6on,+inférence)+
• Suivi+géographique+• U6lisa6on+des+
données+pour+des+fins+différentes+de+celles+communiquées+
• Opacité+des+systèmes+
• Dissémina6on+de+données+personnelles+confiden6elles+
• Dissémina6on+de+données+personnelles+non?confiden6elles+
• Mise+à+disposi6on+de+données+qui+peuvent+contribuer+à+générer+des+portraits+personnels+par+autrui+
• Qualité+des+données+
• Idem+que+l’analyse+à+l’interne.+
.
©CIRAIG FinalReport
Page8 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
Figure8:ThreatsPertainingtoTransformationofGovernanceandtheCity
Planifica(on*&*gouverne*de*l’IdO*
Collecte,*traitement,*stockage,*archivage*
Analyse*à*l’interne*
Ouverture*des*données*et*services*aux*citoyens*
Analyse*(erces*par(es*
• Décisions(pour(l’op.misa.on(et(non(l’op.mum(social(
• Percep.on(de(l’impact(de(l’accroissement(des(ondes(électromagné.ques(dans(la(ville(sur(la(santé(
.
• Transforma.on(en(espace(prévisible(et(individualisé(
• Décisions(pour(l’op.misa.on(et(non(l’op.mum(social(
• Dilu.on(de(la(responsabilité(décisionnelle(
• Réduc.on(du(champ(des(possibles(
• Impact(sur(l’environnement(
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page9
3 IssueAnalysis/ManagementPrinciples
The list of principles to apply in reviewing andmanaging issues is intended to incorporate themostrelevantprinciplesfordealingwithissuesofethicsandsocialacceptabilityduetotheIoTproject.Thelistprovidesguidanceandbasicrulesforexamininganddealingwiththemoredifficultcasesarisingoutofthisproject.Theseprinciplesareintendedtoactasaroadmapinanenvironmentcharacterizedbychange,innovation,transformationofthesocialbondandlossofethicalreferences.
3.1 Procedure
WedecidedtobuildonallexistingguidelinespertainingtoeverytechnologicalandanalyticalcomponentoftheIoTsystemindevelopingthislist,ratherthanstartfromscratch.Wehaveaccordinglyconsideredthe principles proposed for IoT, the smart city, artificial intelligence and big data research.We havestudiedtheseprinciplesto identifyoverlapsamongthose identified inthe literature,aswellasothersofferingnewandvaluableperspectives.Weultimatelydevelopedafinallisttailoredtothesystemunderconsideration.Wethencomparedourfinallistwiththeliteraturereviewtopinpointfurtherquestionsforstudy. The following box outlines our procedure,with each step considered in detail in the followingsections.
ProcedureforDevelopingtheListofPrinciples
1. Createaninventoryofexistingrelevantprinciples.
2. Extractandexamineallprinciples,tounderstandtheircharacteristicsandseehowtheyoverlap.
3. Develop a final list of principles pertaining to IoT and the completenesswith respect to other listsconsulted.
4. Consideroverlapsbetweentheproposedlistofprinciplesandtheliteraturereview’sfindings.
5. Identifyprinciplesthatshouldbeenhancedandsubsequentsteps.
©CIRAIG FinalReport
Page10 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
3.2 InventoryofExistingPrinciples,AlongwithOverlapsandDifferences
Existinglistsofprincipleswereselectedfor:
• TheirrelevancetooneormoretechnologicaloranalyticalcomponentsoftheIoTsystem.Inparticular,weconsideredprinciplespertainingtobigdata,algorithms,artificialintelligenceandinformationsystems.
• Theirubiquitousmentionintheliterature,basedonthefrequencywithwhichtheywerecitedandreferencestothembyotherwriters.
Weprimarilyspoketoresearchersandstakeholders in the field,butalsoperformedWebsearches8inmaking these selections. The four basic documents that contributedmost to our studywere: 1) RobKitchin’sreport(2016)“Gettingsmarteraboutsmartcities:Improvingdataprivacyanddatasecurity.”2)MegLetaJones’article(2015)“TheIroniesofAutomationLaw:TyingPolicyKnotswithFairAutomationPrinciples.”3)ThereportoftheCommissiondel’éthiqueensciencesettechnologiesduQuébecsurlesvilles intelligentes (2017). 4) An interview with Kate Crawford inWired magazine (Rosenburg, 2017)entitled”WhyAIisstillwaitingforitsethicstransplant.”
The documents we ultimately selected came from a wide range of sources. Some contain generalprinciplesreflectinganinternational,Canadianorprovincialconsensus.Somearestatementsofprinciplesfromthemunicipalsectorandacademicforums.Othersarecodesofconduct.
Theselecteddocumentsarelistedinthefollowingtableandgroupedaccordingtothetechnologicalortopicalcomponentstheyconcern.Section3.3thenpresentsthelistsofprinciples.
8We primarily used Google Scholar, since its does not automatically exclude grey literature, which this reportpresentsasbeingoffundamentalsignificance.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page11
Table1:ListsofPrinciplesConsidered
Category ListsofPrinciples
Generalprivacyprinciples • CanadianPIPEDAfairinformationprinciples• FairInformationPracticePrinciples(FIPPs)• OECDGuidelines• PrivacybyDesign• InformationandPrivacyCommissionerof7
FoundationalPrinciplesofPrivacybyDesign• CityofSeattlePrivacyPrinciples• EUgenerallegislationof1990and2018
General IoT and smart cityprinciples
• RecommendationsonsmartcitiesintheOpinionofQuébec’sCommissionenéthiquesciencesettechnologie
• NYCIoTGuidelines
Artificialintelligenceprinciples9 • AsilomarAIPrinciples• FairAutomationPracticePrinciples(FAPPs)• TheMontrealDeclarationforaResponsible
DevelopmentofArtificialIntelligence
Bigdataprinciples10 • Tensimplerulesforresponsiblebigdataresearch
Codesofconduct • ACMCodeofEthicsandProfessionalConduct• IEEECodeofConduct11
Weexaminedtheseliststofindoverlapsbetweenprinciples,aswellastodistinguishthefeaturesofeach.WebeganbyenteringalloftheprinciplesonanExcelspreadsheet.Thisresultedin80separateprinciplesthatwecouldgrouparoundcommonconcepts.AppendixApresentsthecompletesetofprinciples.Wethenidentifiedoverlapsbetweenanddifferencesamongtheprinciples,toextractalistofcoreprinciplesbackedbyacertainconsensus,whileprovidingcomprehensivecoverageoftheethicalissuesidentifiedintheliterature.Section4presentsthisfinallist.
9TheIEEE’sdeliberations(IEEE,2017)onartificialintelligencecanbeaddedtothislistforsubsequentcontributionstotheinventory.10 The principles presented in the article by Richards and King (2014) could be added here for subsequentcontributionstotheinventory.11ACMandIEEEjointlyproducedacode,butwedidnotcoveritinthisstudy.SinceIEEEisintheprocessofcreatinganewversionof itsowncode,wedecidedtostick to the latestcodes, rather thanthoseproducedaspartofacollaborativeprocess.
©CIRAIG FinalReport
Page12 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
3.3 ListsofPrinciplesConsidered
Thissectiondescribeseachofthelistsconsidered,asappearinTable1,above.
3.3.1 CanadianPIPEDAFairInformationPrinciples
ThePersonal InformationProtectionandElectronicDocumentsAct (JusticeCanada,2017)setsoutFairinformationprinciples.
ThislistwasselectedbecauseitappliestoallentitiesbasedinCanadaandbecausetheseprinciplesformtheverycoreofCanadianprivacyprotectionlegislation.
Table2:PIPEDAFairInformationPrinciples(DepartmentofJusticeCanada,2017)
Principles Explanation
Principle1-Accountability An organization is responsible for personal information under its control. It mustappoint someone to be accountable for its compliancewith these fair informationprinciples.
Principle2-IdentifyingPurposes
Thepurposesforwhichthepersonalinformationisbeingcollectedmustbeidentifiedbytheorganizationbeforeoratthetimeofcollection.
Principle3-Consent Theknowledgeandconsentoftheindividualarerequiredforthecollection,use,ordisclosureofpersonalinformation,exceptwhereinappropriate.
Principle4-LimitingCollection
Thecollectionofpersonalinformationmustbelimitedtothatwhichisneededforthepurposes identified by the organization. Informationmust be collected by fair andlawfulmeans.
Principle5-LimitingUse,Disclosure,andRetention
Unlesstheindividualconsentsotherwiseoritisrequiredbylaw,personalinformationcanonlybeusedordisclosed for thepurposes forwhich itwascollected.Personalinformationmustonlybekeptaslongasrequiredtoservethosepurposes
Principle6-Accuracy Personal informationmustbeas accurate, complete, andup-to-dateaspossible inordertoproperlysatisfythepurposesforwhichitistobeused
Principle7-Safeguards Personal information must be protected by appropriate security relative to thesensitivityoftheinformation.
Principle8-Openness An organization must make detailed information about its policies and practicesrelatingtothemanagementofpersonalinformationpubliclyandreadilyavailable.
Principle9-IndividualAccess Uponrequest,anindividualmustbeinformedoftheexistence,use,anddisclosureoftheirpersonalinformationandbegivenaccesstothatinformation.Anindividualshallbeabletochallengetheaccuracyandcompletenessofthe informationandhave itamendedasappropriate.
Principle10-ChallengingCompliance
Anindividualshallbeabletochallengeanorganization’scompliancewiththeaboveprinciples. Their challenge should be addressed to the person accountable for theorganization’scompliancewithPIPEDA,usuallytheirChiefPrivacyOfficer.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page13
3.3.2 FairInformationPracticePrinciples(FIPPs)andOECDGuidelines
The Fair Information Practice Principles (FIPPs) andOECDGuidelines on the Protection of Privacy andTransborderFlowsofPersonalDataarecentraltoCanadianPIPEDAfairinformationprinciples(above),aswellasprinciplesgoverningmostWesternlegislationinthisarea(RichardsandKing,2014;Cate,2006),makingthemfundamentalprinciples.
FIPPs were published in the United States in 1973. 12 These five principles are also summarized asopenness,uselimitation,individualparticipation(righttoobtain/correctdata),dataqualityandsecuritysafeguards.FIPPswereeventuallyupdatedandenhancedintheformoftheOECDGuidelines.
InhisreportpresentingsmartcityprivacygovernancerecommendationsforDublin,RobKitchin(2016)proposedbasingitsgovernanceframeworkonFIPPs,OECDGuidelinesandPrivacybyDesignprinciples(Kitchin, 2016). Kitchin did however note that several critics of the FIPPs and OECD Guidelines haveclaimedthattheserulesdonotadequatelyaddresstheissueofharmcausedbypredictiveanalysis,whichistheresultofinference,datasharing,reuseofdatafornewpurposesand,generally,unpredictabledatause inanageofbigdata. Furthermore,whilenotice andconsent are included in FIPPsand theOECDGuidelines,itisgenerallyacknowledgedthattheyhavenot,todate,beentrulyeffectiveinthesmartcity(Kitchin,2016).WeshallexaminethesepointsfurtherinSection4.
Since the Canadian standards appearing in Section 3.3.1 are largely drawn on the FIPPs and OECDGuidelines,thesedocumentsarequitesimilar.However,thefollowingdifferencesshouldbenoted:
• TheOECDGuidelinesstatethattheuseofpersonaldatashouldnotbeincompatiblewiththepurposesforwhichitwascollected.
• TheOECDGuidelinesstatethatthereshouldbeageneralpolicyofopennessastotheidentityandusualresidenceofthedatacontroller.
• TheOECDGuidelinesstate:“Meansshouldbereadilyavailableofestablishingtheexistenceandnatureofpersonaldata,andthemainpurposesoftheiruse.”
• TheOECDGuidelinesincludeadditionaldetailsontheformofopennesswithrespecttopersonaldatashouldtakethroughtheindividualparticipationprinciple,asshowninthefollowingfigure:
Figure9:OECDGuidelinesIndividualParticipationPrinciples,TakenfromCÉSTQ(2017)
12Inthe1973report“Records,Computers,andtheRightsofCitizens,”bytheUSgovernment’sAdvisoryCommitteeonAutomatedPersonalDataSystems.
©CIRAIG FinalReport
Page14 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
3.3.3 PrivacybyDesignandtheInformationandPrivacyCommissionerof7FoundationalPrinciplesofPrivacybyDesign
In2015,theInformationandPrivacyCommissionerofOntariopublishedaguideonprivacyandpersonalinformationformunicipalgovernments.TheCommissionerproposedsevenprinciplesformunicipalitiestoapplyintheseareas.TheprinciplesarequitesimilartoPrivacybyDesignrules,whichenforceprivacyprotectionsbydefault.Thismeansassumingthatalldatacollectedis,bydefault,private,unlesscitizenspropose that it is not. This approach incorporates privacy principles in design specifications, IT uses,business practices, physical environments and system/application infrastructures (Cavoukian, 2012;Kitchin,2016).
WeselectedtheOntariostrategysinceitisaCanadianinitiativecorrespondingwiththeissuesraisedbyurbanIoT.ItisalsobasedonPrivacybyDesign,akeysetofprinciplesamongthevariouseffortsaimedatensuringtheprotectionofprivacyinasmartcity,asmentionedbyKitchin(2016)andmanyothers.TheEuropean Union, the US Federal Trade Commission and several other national privacy protectioncommissioners(Kitchin,2016)haveadoptedthisapproach.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page15
Table3:TheInformationandPrivacyCommissionerof7FoundationalPrinciplesofPrivacybyDesign(InformationandPrivacyCommissionerofOntario(2015)
Principle Explanation
ProactivenotReactive ThePrivacybyDesign(PbD)approachischaracterizedbyproactiveratherthanreactivemeasures.Itanticipatesandpreventsprivacyinvasiveeventsbeforetheyhappen.
PrivacyastheDefaultSetting We can all be certain of one thing— the default rules!PrivacybyDesignseekstodeliverthemaximumdegreeofprivacybyensuringthatpersonaldataareautomaticallyprotectedinanygivenITsystemorbusinesspractice.Ifanindividualdoesnothing,theirprivacystillremainsintact.
PrivacyEmbeddedintoDesign PrivacybyDesignisembeddedintothedesignandarchitectureofITsystemsandbusinesspractices.
FullFunctionality—Positive-Sum,notZero-Sum
Privacy by Design seeks to accommodate all legitimateinterests and objectives in a positive-sum “win-win”manner,notthroughadated,zero-sumapproach,whereunnecessarytrade-offsaremade.
End-to-EndSecurity—FullLifecycleProtection
PrivacybyDesign,havingbeenembeddedintothesystempriortothefirstelementof informationbeingcollected,extends securely throughout the entire lifecycle of thedatainvolved.
VisibilityandTransparency—KeepitOpen
PrivacybyDesignseekstoensurethatitscomponent
partsandoperationsremainvisibleandtransparent,tousersandprovidersalike
RespectforUserPrivacy—KeepitUser-Centric
Above all, Privacy by Design requires architects andoperators to keep the interests of the individualuppermost by offering suchmeasures as strong privacydefaults, appropriate notice, and empowering user-friendlyoptions.
3.3.4 CityofSeattlePrivacyPrinciples
Followingmonthsofconsultationswithstakeholders,SeattleadoptedsixprivacyprinciplesinFebruary2015. We selected this initiative because it constitutes one of the few attempts by a municipalgovernmenttoestablishbasicprinciplesapplicabletosmartcitygovernance.
Of these principles, a few closely correspond with those presented in documents mentioned above,particularlywithrespecttothefollowingconcepts:
• Performprivacyimpactassessmentsonnewdataprograms.• Allowpeopletohavetheirdatadeleted.• Ensurethatsubcontractorswithaccesstopersonaldataaresubjecttothecity’sprivacypolicies.
©CIRAIG FinalReport
Page16 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
SeattlePrivacyPrinciples
1. Wevalueyourprivacy:Privacyimpactassessmentswillbeconductedonallnewdataprograms.13
2. Wecollectandkeeponlywhatweneed:Thecityonlycollectstheinformationitneedstodelivercityservices.
3. Howweuseyourinformation:Whenpossible,thecitymakesavailableinformationaboutthewaysitusespersonalinformationandcommitstogivingpeopleachoicewheneverpossibleabouthowitusestheirinformation.
4. Weareaccountable:Thecitycomplieswithallfederalandstateprivacylaws.5. Howweshareyourinformation:Thecityfollowsfederalandstatelawsaboutinformation
disclosure.Businesspartnersandcontractedvendorsthatreceiveorcollectpersonalinformationfromthecitymustagreetoitsprivacyrequirements.
6. Accuracyisimportant:Thecityworkstocorrectinaccuratepersonalinformation,whenpractical.
Thecityconsequentlyadoptedaprivacycommitmentbasedonthesesixprinciples,applyingprivacyanddatamanagementpracticestoallitsdepartments.
(Gaughan,2016,p.33)
3.3.5 DrawingonEuropeanRegulations
In1990,theEuropeanCommissionpublishedtheCouncilDirectiveontheProtectionofIndividualswithRegardtotheProcessingofPersonalDataandontheFreeMovementofSuchData.Thisdocumentservesasaroadmapfortheadoptionbymemberstatesofnationallegislationonthematter.ThisDirective,andthesubsequentGeneralDataProtectionRegulationadopted inApril2016(tobe implemented inMay2018)arecertainlycomplexpiecesoflegislation,resultingfromdeliberationandcompromise.Wehavenointentionofcomprehensivelyanalyzingorexaminingthesetexts,butwillsimplyidentifytheirmainprinciplesandinparticular,thosepertainingtoissuesthathavesofarreceivedlittleornoconsideration.
WeselectedtheDirectiveandRegulationforthisprojectbecausetheyfocusoncertainissuesreceivinglittleornocoverage inother frameworksor listsofprinciples.TheDirective, forexample,pertains to“knowledge of the logic involved in any . . . automated decisions” and proposes an independentsupervisory authority—in the form of an outside agency that audits datamanagement and use–andpersonalrecourseintheeventofdamage.Theseprinciplesaresummarizedinthefollowingtable:
13This commitment also requires an assessment of impact on privacy of the privacy threshold for all newdatacollectionprograms(Gaughan,2016).
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page17
1Limite'des'
objectifs
Les données devraient être utilisées pour des fins spécifiques et subséquemment analysées
ou communiquées seulement si ceci n'est pas incompatible avec les fins du transfert initial.
Lorsque les données sont transférées pour des fins de marketing, les sujets des données
devraient'être'en'mesure'de'soustraire'ses'données'si'souhaité
2
Qualité'des'
données'et'
proportionalit
é
Les données devraient être précises et lorsque nécessaire maintenues à jour. Les données
devraient être adéquates, pertinentes et non excessives en relation avec les objectifs pour
lesquelles'elles'ont'été'transférées'ou'traitées
3 Transparence
Les individus devraient recevoir de l'information concernant les objectifs visés par le
traitement des données et l'identité du contrôleur des données (…) et toute autre
information'nécessaire'pour'assurer'la'l'équité.
4 Sécurité
Les mesures de sécurité techniques et organisationnelles devraient être prises par le
contrôleur de données, en fonction des risques présentées dans le traitement des données
(…)
5
Accès,'
rectification'et'
opposition
le sujet des données devrait avoir le droit d'obtenir une copie des données en lien avec
lui/elle qui sont traitées et le droit de rectification lorsque les données ne sont pas précises.
Dans'certaines'situations'il'devrait'être'en'mesure'de's'opposer'au'traitement'de'données'en'
lien'avec'lui/elle.
6
Restriction'sur'
les'transferts'
ultérieurs
Il devrait être permis au récepteur des données initialement transférées de faire des
transferts de données ultérieurs seulement dans les cas où le second récepteur (celui
recevant le transfert ultérieur) est également sujet à des règles permettant un niveau
adéquat'de'protection
7Données'
sensibles
Lorsque des catégories sensibles de data sont impliquées (concernant les origines raciaux,
ethniques, les opinions politiques, croyances religieuses, convictions philisophiques et
éthiques (…) ou la santé et la vie sexuelle) des mesures de sécurité additionnelles devraient
être en place, tel que le requis que les sujets des données donnent leur accord explicite pour
le'traitement'des'données.
8
Décision'
individuelle'
automatisée
Lorsque l'objectif du transfert est pour prendre une décision automatisée, l'individu devrait
avoir le droit de connaître la logique impliquée dans la décision et d'autres mesurer
devraient'être'prises'pour'sauvegarder'l'intérêt'légitime'de'l'individu.
1
Supervision'
indépendante
Les entités qui traitent des données personnelles ne sont pas seulement responsables mais
aussi sujettes à une supervision indépendante, ayant l'autorité pour auditer les systèmes de
traitement des données, investiguer les plaintes provenant d'individus et mettre en place
des'sanctions'pour'la'nonXconformité
2
Recours'
individuel
Les individus doivent avoir le droit de poursuivre légalement les contrôleurs de données et
entités impliquées dans le traitement des données qui ne respectent pas la loi. Ils doivent
avoir'decours'à'la'cour'et'aux'investigations'des'agences'gouvernemantales'(...)
Principes)de)la)Directive)européenne)de)1990
Principes)de)mise)en)application)accolés)à)la)Directive
Table4:Principlesofthe1990EuropeanDirective
TheRegulation,ontheotherhand,containsthefollowingnewconceptspertainingtotheIoTsystem:
• Clear,affirmativeconsent.• Righttoerasedata(ifpossible).• Righttodataportability.• PrivacybyDesign.• Notificationofdatabreaches.• Appointmentofadataprotectionofficerbypublicandprivateorganizations.• Mandatorydataprotectionimpactassessmentforallactivitiesthatcouldhavesignificant
privacyimplications.• Encouragementindrawingupcodesofconduct(EuropeanParliament,2016;Wikipedia,2017).
©CIRAIG FinalReport
Page18 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
3.3.6 OpinionoftheCommissiond’ÉthiqueSciencesetTechnologieduQuébecsurlaVilleIntelligente
In June 2017, the Commission d’éthique en sciences et technologie du Québec adopted an opinionentitled “La ville intelligente au service du bien commun : Lignes directrices pour allier l’éthique aunumériquedanslesmunicipalitésduQuébec”(CÉSTQ,2017).Theopinionproposesguidelinestopromotedevelopmentofsmartcitiesworkingtowardthecommongoodandharmoniouslycombiningethicalruleswiththedeploymentofnewtechnologies.Thisdocumentwasselectedtocontributetothatdiscussion,inviewofitscriticalimportancetodeliberationsonQuébec-basedsmartcitiesandtheirtechnologies.
The Commission generally recommends building smart city policies around the following ethicalprinciples:
• Maximizebenefitsforthecommongood.• Eliminateorminimizepossiblepotentialdamagetodignity,privacyanddemocracy.• Ensureequitabledistributionofpotentialbenefitsanddrawbacksamongthoseconcerned.• Ensurethatexpectedbenefitsarealsogreaterthandrawbacks,includingcost(CÉSTQ,2017).
TheCommissionconcluded itsopinionbysettingoutvaluesandprinciples toapply,asappearbelow.However, many of these values and principles relate more to the smart city than to IoT, itself.Furthermore,severaloftheitemslistedaresimilartopreviouslyidentifiedprinciples.Others,though,arenewandquitepertinent,suchasthoseconcerning:
• Democracy(especiallyencouragingpublicparticipationindecisionsanduses).• Thecommongood(especiallypublicsectorautonomy,precedenceofthepublicinterest,social
inclusion,non-socializationofprivateservicefees).• Equity(especiallyequaltreatment,special(territorial)justice,digitalsocialinclusion.
AppendixBpresentsCÉSTQ’srecommendedvaluesandprinciples.
3.3.7 NYC’sGuidelinesforBuildingaSmart+EquitableCity
In2016,NewYorkCityoriginallypublishedthe“NYC’sGuidelinesforBuildingaSmart+EquitableCity,”pertainingtosmartandequitablecities.Theyweresubsequentlyadoptedbymorethan30citiesaroundtheworld, includingParis.TheseguidelinesweredesignedtohelpmunicipalgovernmentsunderstandpotentialrisksofIoT,promoteuniformIoTdeployment,providetransparencytotheprivatesectorandinformthepublicaboutthecity’sIoTstrategy.Theseguidelineshavebeenselectedfortheirinternationalrecognitionandtheirrelevancetothecentraltopicofthisreport.Theyarebasedonbestpracticesandtheexperiencesofover50citiesaroundtheworld(NYC,undated).
TheGuidelinesconsistofablendofprinciples,operatingproceduresandmanagementpractices.Theydealwithethicalissues,aswellassoundinfrastructuregovernance.Whiletheirnamehighlightsthesmartcity’srole,theGuidelinesactuallyfocusonIoTdeployment.TheGuidelinesarebasedonfiveprinciplesdescribedindetailinAppendixC.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page19
3.3.8 AsilomarBeneficialIAPrinciplesAsilomar’s23principleswerepublishedin2017,followingtheBeneficialArtificialIntelligenceConference,organized by the Future of Life Institute. This event brought togethermembers of the academic andindustrialsectors interested inartificial intelligence(Ai).Thefocuswastechnical,aswellaseconomic,legal, ethical and philosophical. 14 They are listed as among the recently developed frameworks ofprinciplestobeconsideredforAI(Crawford,inRosenburg,2017).
Theprinciplesareintendedtoidentify“whatsocietyshoulddotobestmanageAI incomingdecades”(FutureofLife Institute,2017).Basedontheliteratureandespeciallythelatestreportsonthesubjectfromtheacademic,politicalandnon-profitcommunities,15aninitialdraftlistwasdevelopedpriortotheevent by conference organizers. This list was opened to comment and enhancement by conferenceattendeesbeforeandduringtheevent,throughdiscussionworkshopsonthetopic,aswellasageneralsurvey. Only those principles endorsed by at least 90% of the participantswere included in the finalversion,whichisintendedtostimulatediscussiononperfectingthelistandmakingitscalable.
Theseprinciplespertaintosuchtopicsofinterestas:
• Ensuringthatthesecurityofsystemsisverifiable.• Systemtransparencyandfailure.• Non-interferencewithsocialandcivicprocesses.
Theseprinciplesappearbelow(withsomeomittedtofacilitatereading).Thecomplete,originalprinciplesappearinAppendixD).
14ItshouldbenotedthatvariousstakeholdersassociatedwiththisinitiativearehighlycriticalofAIandbelieveithastheinherentpotentialtodestroyhumanity(ascanbesensedinsomeoftheprinciplestheyadvocate).Thatviewcontrastswiththestancesofthosesupporting,forexample,theMontréalDeclaration,whichalsocoversAI,butseesitasatechnologicaldevelopmenttowhichguidelinesshouldbeapplied(personalcommunication,2017).15For example, theStanford 100 Year Report, recentWhiteHouse reports and thePartnership onAIprinciples(Asilomar,2017).
SummaryofNYC’sGuidelinesforBuildingaSmart+EquitableCity1. Privacy+Transparency:Whenweusenewtechnologiesoncitystreetsandinpublicspaces,
wearecommittedtobeingopenandtransparentaboutthe“who,what,where,when,andwhy”foranydataorinformationbeingcollectedandused.
2. DataManagement:DataisthecoreofanyIoTsystem.WewillensurethatIoTandreal-timedataiscaptured,stored,verified,andmadeaccessibleinwaysthatmaximizepublicbenefit.
3. Infrastructure:Tocapitalizeonthevalueandbenefitsderivedfrompublicassets,wewilldeploy,use,maintainanddisposeofIoTdevices,networksandinfrastructureinanefficient,responsible,andsecuremanner.
4. Security:KeepingNewYorkerssafeisourtoppriority.Todoso,wearedesigningandoperatingIoTsystemstoprotectthepublic,ensuretheintegrityofservices,andmaximizeresilience.
5. Operations+Sustainability:Wearecommittedtostreamliningoperationalprocessesandensuringfinancial,operational,andenvironmentalsustainabilitytoensurethatourcitykeepsrunningbetterandfaster.
(NYC,2017)
©CIRAIG FinalReport
Page20 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
Table5:AsilomarBeneficialIAPrinciplesTopic Principles
FromResearchResearchGoal: ThegoalofAIresearchshouldbetocreatenotundirectedintelligence,butbeneficial
intelligence.InvestmentsinAIshouldbeaccompaniedbyfundingforresearchonensuringitsbeneficialuse.
Science-PolicyLink: There should be constructive and healthy exchange between AI researchers and policy-makers.
ResearchCulture: Acultureofcooperation,trust,andtransparencyshouldbefosteredamongresearchersanddevelopersofAI.
RaceAvoidance: Teams developing AI systems should actively cooperate to avoid corner-cutting on safetystandards.
EthicsandValuesSafety: AIsystemsshouldbesafeandsecurethroughouttheiroperationallifetime,andverifiablyso
whereapplicableandfeasible.FailureTransparency:
IfanAIsystemcausesharm,itshouldbepossibletoascertainwhy.
JudicialTransparency:
Anyinvolvementbyanautonomoussysteminjudicialdecision-makingshouldprovideasatisfactoryexplanationauditablebyacompetenthumanauthority.
Responsibility: DesignersandbuildersofadvancedAIsystemsarestakeholdersinthemoralimplicationsoftheiruse,misuse,andactions,witharesponsibilityandopportunitytoshapethoseimplications.
ValueAlignment: HighlyautonomousAIsystemsshouldbedesignedsothattheirgoalsandbehaviorscanbeassuredtoalignwithhumanvaluesthroughouttheiroperation.
HumanValues: AIsystemsshouldbedesignedandoperatedsoastobecompatiblewithidealsofhumandignity,rights,freedoms,andculturaldiversity.
PersonalPrivacy: Peopleshouldhavetherighttoaccess,manageandcontrolthedatatheygenerate,givenAIsystems’powertoanalyzeandutilizethatdata.
LibertyandPrivacy: TheapplicationofAItopersonaldatamustnotunreasonablycurtailpeople’srealorperceivedliberty.
SharedBenefit: AItechnologiesshouldbenefitandempowerasmanypeopleaspossible.SharedProsperity: TheeconomicprosperitycreatedbyAIshouldbesharedbroadly,tobenefitallofhumanity.HumanControl: HumansshouldchoosehowandwhethertodelegatedecisionstoAIsystems,toaccomplish
human-chosenobjectives.Non-subversion: ThepowerconferredbycontrolofhighlyadvancedAIsystemsshouldrespectandimprove,
ratherthansubvert,thesocialandcivicprocessesonwhichthehealthofsocietydepends.AIArmsRace: Anarmsraceinlethalautonomousweaponsshouldbeavoided.
Longer-TermIssuesCapabilityCaution: Therebeingnoconsensus,weshouldavoidstrongassumptionsregardingupperlimitson
futureAIcapabilities.Importance: AdvancedAIcouldrepresentaprofoundchangeinthehistoryoflifeonEarth,andshouldbe
plannedforandmanagedwithcommensuratecareandresources.Risks: RisksposedbyAIsystems,especiallycatastrophicorexistentialrisks,mustbesubjectto
planningandmitigationeffortscommensuratewiththeirexpectedimpact.RecursiveSelf-Improvement:
AIsystemsdesignedtorecursivelyself-improveorself-replicateinamannerthatcouldleadtorapidlyincreasingqualityorquantitymustbesubjecttostrictsafetyandcontrolmeasures.
CommonGood: Superintelligenceshouldonlybedevelopedintheserviceofwidelysharedethicalideals,andforthebenefitofallhumanityratherthanonestateororganization.
(FutureofLifeInstitute,2017)
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page21
3.3.9 FairAutomationPracticePrinciples
AssistantProfessorMegLetaJones(2015)proposedFairAutomationPracticePrinciples(FAPPs)togovernthedevelopmentofautonomousobjects,includingautomateddecision-makingsystemsandself-drivingvehicles.TheseprincipleswereinspiredbyFIPPsandseveralothercorestatementsofprinciples,suchasRichardsandKing’s(2014)BigDataEthics(privacyprinciples)andRiekandHoward’s(2014)ACodeofEthicsfortheHuman-RobotInteractionProfession.Thislistwasselectedbecauseofitsfootholdintheliterature,whilebeingbasedonotherexistingframeworksthathavebeenidentifiedasrelevantinthisreportortheprecedingliteraturereview.
Thesesevenprinciplescomplementexistingdesignpractices,whichtakeintoaccounttheactualuseofobjectsandhelpidentifyareaswhereadditionalexpertisemaybeneeded(Jones,2015,p.121).Jonesnotedthatautomationprinciplescannotbedefinedinavacuum.Theymustbecollectivelydiscussedanddevelopedbydesigners,managers,users,investors,politicians,ethicistsandlegalscholars.Theproposedprinciplesserve,accordingly,asaninvitationtoamultipartydialogue,ratherthanasafinallist.Table6,below,summarizestheseprinciples.
Inparticular,theseprinciplesbringthefollowingconceptstothediscussion:
• Assessmentofhumanrisk,inrecognitionofthelimitsofexistingresources.• Systemtransparency.• Assurancethatsystemfailureisnotsurprising,silentorirresolvable.• Testingfordiscriminatoryimpact.• Considerationofimpacttobroadersocialvalues.• Identificationofpredictable/unpredictablebehaviour.
©CIRAIG FinalReport
Page22 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
Table6:FairAutomationPracticePrinciples(Jones,2015)
Principles
Principle1—Risk:Automatedsystemsshouldnotbedeployedwithoutanassessmentofriskstothehumaninthelooporhumansimpactedbytheloop.
Identifyingharmsandunderstandingbenefitsisincrediblychallengingbutmustnotbeleftsolelytotechnologycompanies, innovators, or developers. We should also be mindful of the fact that existing tools for riskassessment,cost-benefitanalysis,andpredictivearelimited.Theyarefocusedontheshort-term,knowablerisks.
Principle2—Transparency:Automatedsystemsshouldbecomprehensibleandsupportsituationalawarenessthrougheffectivetransparency.
Blackboxesarebaddesign.Whenanoperatordoesnotknowwhatasystemisdoingbecauseoftheopaquenessofitsdesign,thenerrorrecognition,intervention,andresolutionaretimelyandcostly,ifnotimpossible.CitronandPasqualehavearguedforaccesstodatasets,sourcecode,programmernotesdescribingthevariables,andcorrelations--anythingrequiredtobeabletomeaningfullyassesssystemswhosepredictionschangepursuanttoAIlogic(Jones,2015,p.125).
Principle3—ErrorsandLimitations:Automatedsystemfailuresshouldnotbesurprising,silent,orirresolvable.
Situational awareness, mental workload, skill degradation, and automation bias must be considered whendesigningerrordetectionand considering limitations.Citron'sworkonpublicbenefit systems reveals a largenumberoferrorsoccurringwithoutanygoodwaytoalertoperatorsorresolveissuesinatimelymanner.
Principle4—DiversityandDiscrimination:Automatedsystemsshouldreflectonbiasesandchoicesduringdesignandtestfordiscriminatoryimpactsanddiverseusers.
Principle5—SensitiveSituations:Automatedsystemsshouldaccount forsensitivesituationsand informationpreferencesofthehumansintheloop.Sensitivesituations,likethosethatdealwithsensitiveinformation,privateplaces,orvulnerablepopulationsshouldbeassessedwithanappropriatelevelofcareandexpertise.
Principle6—Man-MachineComparisonAn automated system's design and implementation should locate the human in the loop and reassess thesystem'simpactonthehumanandlargersocialvalues.
Wemustconsiderhumanstobeimperfect.Adiscussionofwhatcriticaldecisionsaretobemadebyhumans(andwhy)andhowtolimitautomationbiasandmoralbuffersinthoseinstanceswouldbeanincrediblecontributiontotheguidanceofautomation.
Principle7—Predictability:Automatedsystemsshouldbeinitiallyandcontinuallyinventoriedforpredictableandunpredictablebehavior.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page23
3.3.10 TheMontrealDeclarationforaResponsibleDevelopmentofArtificialIntelligence
The Montreal Declaration for a Responsible Development of Artificial Intelligence was published inNovember2017,at theconclusionof theForumon theSociallyResponsibleDevelopmentofArtificialIntelligence. Drafted by a group of the Forum’s organizers, including researchers from various fieldsrelatedtoAI,theDeclarationisdesignedtopromotedialogueamongthepublic,expertsandgovernmentrepresentativesonartificialintelligenceinQuébec(ForumonSociallyResponsibleAI,2017).
TheDeclarationidentifiessevenvalues—well-being,autonomy,justice,privacy,knowledge,democracyand responsibility—accompanied by a set of questions for each, intended to explore that value’srelationshiptoAI’sdevelopment.Foreachvalue,ageneralprincipleisalsoproposed,althoughitdoesnotalwaysdirectlyaddressthequestionsraised.TheDeclarationappearsinfullinAppendixE.
The Declaration was selected because of its geographic origin and Montréal’s importance in theinternationalchessboardofAIdevelopment.
Table7:ExtractfromtheMontréalDeclaration
ValueandProposedPrinciple Questions
Well-being: Proposed principle: ThedevelopmentofAI shouldultimatelypromotethewell-beingofallsentientcreatures.
Questions:• HowcanAIcontributetopersonalwell-being?• Isitacceptableforanautonomousweapontokilla
humanbeing?Whataboutananimal?• IsitacceptableforAItocontroltherunningofan
abattoir?• (etc.)
Autonomy: Proposed principle: Thedevelopment of AI should promotethe autonomy of all human beingsandcontrol,inaresponsibleway,theautonomyofcomputersystems.
• HowcanAIcontributetogreaterautonomyforhumanbeings?
• Mustwefightagainstthephenomenonofattention-seekingwhichhasaccompaniedadvancesinAI?
• ShouldwebeworriedthathumanspreferthecompanyofAItothatofotherhumansoranimals?
• (etc.)
Justice: Proposed principle: Thedevelopment of AI should promotejusticeandseektoeliminatealltypesof discrimination, notably thoselinked to gender, age, mental /physical abilities, sexual orientation,ethnic / social origins and religiousbeliefs.
• HowdoweensurethatthebenefitsofAIareavailabletoeveryone?
• MustwefightagainsttheconcentrationofpowerandwealthinthehandsofasmallnumberofAIcompanies?
• WhattypesofdiscriminationcouldAIcreateorexacerbate?
• ShouldthedevelopmentofAIbeneutralorshoulditseektoreducesocialandeconomicinequalities?
• WhattypesoflegaldecisionscanwedelegatetoAI?
Privacy: Privacy: Proposed principle:The development of AI should offerguarantees respecting personalprivacyandallowingpeoplewhouseittoaccesstheirpersonaldataaswell
• HowcanAIguaranteerespectforpersonalprivacy?• Doourpersonaldatabelongtousandshouldwehave
therighttodeletethem?• Shouldweknowwithwhomourpersonaldataare
sharedand,moregenerally,whoisusingthesedata?
©CIRAIG FinalReport
Page24 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
as the kinds of information that anyalgorithmmightuse
• DoesitcontraveneethicalguidelinesorsocialetiquetteforAItoansweroure-mailsforus?
• WhatelsecouldAIdoinourname?
Knowledge: Proposed principle: Thedevelopment of AI should promotecritical thinking and protect us frompropagandaandmanipulation.
• DoesthedevelopmentofAIputcriticalthinkingatrisk?• Howdoweminimizethedisseminationoffakenewsor
misleadinginformation?• ShouldresearchresultsonAI,whetherpositiveor
negative,bemadeavailableandaccessible• (etc.)
Democracy: Proposed principle: Thedevelopment of AI should promoteinformed participation in public life,cooperationanddemocraticdebate.
• HowshouldAIresearchanditsapplications,attheinstitutionallevel,becontrolled?
• Inwhatareaswouldthisbemostpertinent?• Whoshoulddecide,andaccordingtowhichmodalities,
thenormsandmoralvaluesdeterminingthiscontrol?• (etc.)
Responsibility: Proposed Principle:The various players in thedevelopment of AI should assumetheirresponsibilitybyworkingagainstthe risks arising from theirtechnologicalinnovations.
(The Forum on the SociallyResponsibleDevelopmentofArtificialIntelligence,2017)
• WhoisresponsiblefortheconsequencesofthedevelopmentofAI?
• HowshouldwedefineprogressiveorconservativedevelopmentofAI?
• HowshouldwereactwhenfacedwithAI’spredictableconsequencesonthelabourmarket?
• (etc.)
3.3.11 TenSimpleRulesforResponsibleBigDataResearch
TheCouncilforBigData,Ethics,andSociety,agroupof20internationallyrenownedresearchersinthesocial,naturalandcomputersciencesproposedthese10rules.TheyarepartlydrawnontheTenSimpleRulesofPLOSComputationalBiology.Thefirstfiveweredevelopedtoreducethepossibilityofharmduetobigdataresearchpractices.TheCouncilforBigData,Ethics,andSociety’sexemplaryreputationinthefieldofcriticalanalysisofbigdataandthenumberofleadingresearcherswhohaveendorsedtheTenRulesmakesthisafundamentaldocument.
Intermsofadvancedconcepts,theTenSimpleRulesbringseveralnewideastothetable,suchas:
• Thenotionthatprivacyisnotbinary.Privacyiscontextual,situationalandnotreducibletoapublicvs.privatescenario.Privacycanpertaintogroups,aswellasindividuals.
• Preventingdatare-identificationiscrucial.• Difficultethicalchoicesmustbedebatedandperceivedasbeinganintegralpartoftheeffort.• Organizing/developingdataandsystemstoauditit.• Engaging,tounderstandandparticipateinthebroaderimplicationsofdataandanalytical
practices.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page25
TenSimpleRulesforResponsibleBigDataResearch(Summary)
1. Acknowledgethatdataarepeopleandcandoharm.2. Recognizethatprivacyismorethanabinaryvalue:privacyiscontextualandsituational,not
reducibletoasimplepublic/privatebinary.Privacyalsogoesbeyondsingleindividualsandextendstogroups.Thisisparticularlyresonantforcommunitieswhohavebeenonthereceivingendofdiscriminatorydata-drivenpolicieshistorically,suchasthepracticeofredlining.
3. Guardagainstthere-identificationofyourdata...Identifypossiblevectorsofre-identificationinyourdata...
4. Practiceethicaldatasharing.5. Considerthestrengthsandlimitationsofyourdata;bigdoesnotautomaticallymeanbetter.6. Ratherthanabug,thelackofclear-cutsolutionsandgovernanceprotocolsshouldbemore
appropriatelyunderstoodasafeaturethatresearchersshouldembracewithintheirownwork.
7. Developacodeofconductforyourorganization,researchcommunity,orindustry...asawayofcementingthisindailypractice.
8. Designyourdataandsystemsforauditability.9. Engagewiththebroaderconsequencesofdataandanalysispractices.10. Knowwhentobreaktheserules
(Zook,etal.,2017)
3.3.12 ACMCodeofEthicsandProfessionalConduct
In1992,theACM(AssociationforComputingMachinery)publisheditsfirstCodeofEthicsandProfessionalConduct,whichitisnowupdating(scheduledfor2018).TheCodewasdesignedtosupportITprofessionalsandisdividedintofoursections.Section1dealswithbasicethicalissues.Section2concernsprofessionalresponsibility.Section3dealswiththerolesofindividualswithleadershippositionsintheworkplaceorinaprofessionalcapacity.Section4concludeswithprinciplesforensuringcompliancewiththeCode.
The Code’s 2018 version is summarized in the following table and presented in full in Appendix F. Itcontributesseveralusefulideasforconsideration.Foronething,thedetailgiventoeachprincipleandthewayprinciplesarebrokendownintodailypracticesintheinformationsector,providespotentiallyusefulclarifications.TheCodealsohighlightsthefollowingfactors:
• EnsuringthatIThardwareandstrategiesareappliedbythirdpartiesinasociallyresponsiblemanner.
• Emphasizinghonestyandconfidence,particularlyintermsofdatamanipulation/creation.• Takingactionnottodiscriminatethroughdataanalysis.
TheACMCodewasselectedbecauseithasbeenrepeatedlycitedasareferenceforconcreteinitiativestoaddressethicalissuesintheengineeringandthecomputersciences.
©CIRAIG FinalReport
Page26 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
GeneralMoralPrinciples
Acomputingprofessionalshould…
1.1 Contribute to society and to human well-being, acknowledging that all people are stakeholders incomputing.
Anessentialaimofcomputingprofessionalsistominimizenegativeconsequencesofcomputing,includingthreatstohealth,safety,personalsecurity,andprivacy.Computingprofessionalsshouldgiveconsiderationtowhethertheproductsoftheireffortswillbeusedinsociallyresponsibleways,willmeetsocialneeds,andwillbebroadlyaccessible.
1.2Avoidharm.
Inthisdocument,“harm”meansnegativeconsequencestoanystakeholder,especiallywhenthoseconsequencesare significant and unjust. Examples of harm include unjustified death, unjustified loss of information, andunjustifieddamagetoproperty,reputation,ortheenvironment.Thislistisnotexhaustive.
1.3Behonestandtrustworthy.
Honestyisanessentialcomponentoftrust.Acomputingprofessionalshouldbefairandnotmakedeliberatelyfalse ormisleading claimsand should provide full disclosure of all pertinent system limitations andpotentialproblems.Fabricationofdata,falsificationofdata,andscientificmisconductaresimilarlyviolationsoftheCode.
1.4Befairandtakeactionnottodiscriminate.
The values of equality, tolerance, respect for others, and equal justice govern this principle. Prejudicialdiscrimination on the basis of age, color, disability, ethnicity, family status, gender identity, military status,nationalorigin, race, religionorbelief, sex, sexualorientation,oranyother inappropriate factor isanexplicitviolationofACMpolicy.
1.5Respecttheworkrequiredtoproducenewideas,inventions,andothercreativeandcomputingartifacts.
1.6Respectprivacy.
“Privacy” is a multi-faceted concept and a computing professional should become conversant in its variousdefinitionsandforms.
Thisrequirestakingprecautionstoensuretheaccuracyofdata,aswellasprotectingitfromunauthorizedaccessor accidental disclosure to inappropriate individuals or groups. Computing professionals should establishproceduresthatallowindividualstoreviewtheirpersonaldata,correctinaccuracies,andoptoutofautomaticdatacollection.
Onlytheminimumamountofpersonalinformationnecessaryshouldbecollectedinasystem.Theretentionanddisposalperiodsforthatinformationshouldbeclearlydefinedandenforced,andpersonalinformationgatheredfora specificpurpose shouldnotbeused forotherpurposeswithout consentof the individual(s).Whendatacollectionsaremerged,computingprofessionalsshouldtakespecialcareforprivacy.Individualsmaybereadilyidentifiablewhenseveraldatacollectionsaremerged,eventhoughthoseindividualsarenotidentifiableinanyoneofthosecollectionsinisolation.
1.7Honorconfidentiality.
Computing professionals should protect confidentiality unless required to do otherwise by a bona fiderequirementoflaworbyanotherprincipleoftheCode.
(ACM,currentversionfor2018)
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page27
3.3.13 IEEECodeofConduct
TheIEEE(InstituteofElectricalandElectronicsEngineers),firstestablishedintheUS,istheworld’sleadingprofessional technologicalassociation (IEEE,2017b). It is the“voice”ofengineering,computerscienceand information technologies around theworld.However, its American origins are still prominent, intermsofitsmembershipandpoliticalpositions.
The IEEECodeofConducthas10principles. Theyare important,because theyweredeveloped tobeappliedbyITspecialists.Theyalsocoverothertopicsnotrelevanthereandnotcoveredbyotherlistsofprinciples:
• Theresponsibilitytodisclosepromptlyfactorsthatmightendangerthepublicortheenvironment.
• Tobehonestandrealisticinstatingclaimsorestimatesbasedonavailabledata.
The IEEECodewas selectedbecause ithas repeatedlybeencitedasa reference in termsof concretemeasuresforaddressingethicalissuesinengineeringandthecomputersciences.
IEEECodeofConduct(summary)
1. toacceptresponsibilityinmakingdecisionsconsistentwiththesafety,healthandwelfareofthepublic,andtodisclosepromptlyfactorsthatmightendangerthepublicortheenvironment;
2. toavoidrealorperceivedconflictsofinterestwheneverpossible,andtodisclosethemtoaffectedpartieswhenthey
doexist;
3. tobehonestandrealisticinstatingclaimsorestimatesbasedonavailabledata;
4. torejectbriberyinallitsforms;
5. toimprovetheunderstandingoftechnology,itsappropriateapplication,andpotentialconsequences;
6. tomaintainandimproveourtechnicalcompetenceandtoundertaketechnologicaltasksforothersonlyifqualified
bytrainingorexperience,orafterfulldisclosureofpertinentlimitations;
7. toseek,accept,andofferhonestcriticismoftechnicalwork,toacknowledgeandcorrecterrors,andtocredit
properlythecontributionsofothers;
8. totreatfairlyallpersonsregardlessofsuchfactorsasrace,religion,gender,disability,age,ornationalorigin;
9. toavoidinjuringothers,theirproperty,reputation,oremploymentbyfalseormaliciousaction;
10. toassistcolleaguesandco-workersintheirprofessionaldevelopmentandtosupporttheminfollowingthiscodeof
ethics;
(IEEE,2017)
©CIRAIG FinalReport
Page28 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
4 ListofProposedPrinciples
ThefinallistofprinciplesproposedinthisreportwasdevelopedinconsiderationofallprinciplesdiscussedinSection3.3.Theseprincipleswerethenclassified,summarizedanddistilledtoproduceafinallist,basedonthefollowingcriteria:
• Comprehensiveness:coveramaximumofissuesidentifiedinthelistofprinciplesconsulted.• Relevance:allissuespertainingdirectlytothemanagementofethicalissuesandtheIoT
system’svarioustechnologicalcomponents.16• Generaltospecific:Identifyalimitednumberofgeneralprinciplesandbreakthemdownto
morespecificones.
Obviously, thisproposed framework is intendedasa startingpoint. Itmustevolveandbecomemorerobust through consultation/verificationof other referencedocuments, deliberationswithinMontréalandbroaderconsultationswithstakeholders.
Thefollowingtablepresentsthegeneralprinciplesproposed.Theycanthenbebrokendownintospecificprinciples (subprinciples), as appears in Appendix G. Most of the proposed principles are based onCanadianPIPEDAfairinformationprinciples,CÉSTQ’sopiniononsmartcities(withrespecttothecommongood,democracyandpublicparticipation,governmentautonomy)andtheNYC’sGuidelinesforBuildingaSmart+EquitableCity.
ThislistshouldcomprisethekeyprinciplesforguidingthestudyandmanagementofethicalandsocialissuesinvolvedinthetechnologicalandanalyticalsystemsofurbanIoT.Theseprinciplesincorporatethetopics that pertain to the system in question, selected from the 13 existing lists, other than the lastprincipleconcerningfreedom.AsdescribedinSection4.1,freedomwasaddedsincethisissue,whichwasidentifiedintheliteraturereview(RussoGarrido,etal.,2017),isnotcomprehensivelycoveredbythelistsweconsulted.
16 However, principles pertaining to general good IoT governance (in terms of infrastructure maintenance,effectiveness,etc.),havebeenexcluded.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page29
Table8:Listof11Principles
*Therehasbeenmuchdebateoverdefiningprivacy.Inthisreport,thetermreferstopersonalfreedomagainstanyphysicalintrusion,anyinterferenceinpersonallifeandanyimpedimenttoaperson’sabilitytocontroltheaccessanduseoftheirpersonalinformation.
Specific principles, derived from each of the major principles appearing above, are presented inAppendixG. This appendix also identifies the sources of these proposed major principles (the list,framework or code fromwhich they were taken), along with the lists of principles consulted, whichoverlapindifferentareas.
We have adopted a comprehensive, well-documented approach to selecting specific principles. OurchoiceswereaccordinglydesignedtodefineamaximumnumberofspecificprinciplespertainingtourbanIoT,whileeliminatingpossibleduplicationsamongoverlysimilarrules.Determiningthefinalprinciplesanddesiredlevelsofspecificityisuptothecity.
AportionofAppendixGisreproducedinFigure12,listingthegeneralandspecificprinciplesidentified.ThisextractappearsagaininFigure13,thistimehighlightingthesourcesforeachidentifiedprinciple.
Thème& Principe&
Bien&commun& Assurer&que&l’IdO&soit&au&service&du&bien&commun&et&de&la&recherche&d’un&op8mum&social.&
Démocra3e&et&par3cipa3on&citoyenne&
Promouvoir&la&par8cipa8on&citoyenne&pour&définir&une&vision&concertée&du&projet&de&l’IdO&et&s’assurer&que&celui?ci&soit&l’objet&de&délibéra8on&démocra8que&
Vie&privée& Protéger&et&respecter&la&vie&privée*&des&citoyens&
Transparence& Être&transparent&sur&le&«&qui,&quoi,&quand,&où,&&pourquoi&et&comment&»&de&la&collecte,&la&transmission,&le&traitement&et&l’u8lisa8on&
Sécurité& Concevoir&et&opérer&le&système&IdO&en&toute&sécurité&afin&de&protéger&le&public,&assurer&l’intégrité&des&services&et&être&résilient&face&aux&aLaques&
Bonne&ges3on&des&données&
Concevoir&et&opérer&le&système&IdO&en&toute&sécurité&afin&de&protéger&le&public,&assurer&l’intégrité&des&services&et&être&résilient&face&aux&aLaques&
Évalua3ons&et&conséquences&
Réaliser&des&évalua8ons&d’impact&sur&enjeux&éthiques&pour&tous&nouveaux&programmes&de&données&et&veiller&à&l’analyse&des&conséquences&à&long&terme&sur&les&valeurs&sociales&élargies&
Équité&et&inclusion&
MeLre&tous&les&moyens&en&œuvre&pour&que&le&traitement&accordé&tous&soit&juste&et&impar8al.&Éviter&le&profilage,&la&discrimina8on&et&le&renforcement&des&inégalités&pour&développer&un&projet&inclusif&
Autonomie&des&pouvoirs&publics&
Assurer&l’autonomie&de&la&sphère&publique&et&la&primauté&de&l’intérêt&public&par&rapport&aux&intérêts&privés&
Systèmes&explicables&
Concevoir&des&systèmes&auditables&et&dans&des&cas&de&prise&de&décision&automa8sée,&donner&aux&individus&accès&aux&logiques&qui&président&dans&la&décision,&ainsi&qu’une&explica8on&des&données&u8lisées&(quelle&donnée,&quelle&source,&comment&est?elle&mobilisée)&
Liberté& Assurer&que&le&citoyen&puisse&préserver&son&sen8ment&de&liberté&
©CIRAIG FinalReport
Page30 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
Figure10:ExtractofExcelSpreadsheetHighlightsMajorandSpecificPrinciples(SeecompletespreadsheetinAppendixG)
Figure11:ExtractofExcelSpreadsheetHighlightingSpecificPrinciplesandtheirSources(SeecompletespreadsheetinAppendixG)
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page31
4.1 AnalysisofOverlapsBetweentheProposedFrameworkandtheLiteratureReview
Westudiedoverlapsbetweenour frameworkand reviewof the literature toenhanceour final listofprinciples(RussoGarrido,etal.,2017).Consequently,issuesandthreatsidentifiedintheliteraturereviewandnot(oronlypartially)coveredinthelists/frameworksconsultedhavebeenlisted.
Aspreviouslymentioned,thekeyethicalandsocialissuesidentifiedintheliteraturereviewareprivacy,reliability/transparency,social inclusion,separationofthegovernmentandbusinessspheres,freedom,changeingovernanceandtransformationofthecity.
Generally,theproposedsetofprinciplesprovidesgoodcoverageofdocumentedissues,aswellasrelatedthreats identified in the literature review (asappear in Figures2,3and4).Overlapsandgaps canbesummarizedas:
• Transparency,socialinclusionandseparationofthegovernmentandbusinessspheres,asdescribedintheliteraturereview,arecoveredbytheproposedframework.
• Privacyandchangeingovernance,asdescribedintheliteraturereview,arecoveredbytheproposedframework(undertheheadingsofprivacy,security,commongood),butcertainprinciplesshouldbeincluded(minoradditions)toachievecompletecoverage.
• Freedomisnotcoveredbytheproposedframework,outsidetheprotectionofprivacy.Someadditionsshouldbemadetothegeneralandcompleteprinciplestoachievecompletecoverage.
• Theframeworkonlypartlycoverstransformationofthecity(throughthe“commongood”principle).Somespecificprinciplesshouldbeaddedtoachievecompletecoverage.
Thefollowingtablelistsdraftprinciplestobeaddedtothefinallist.TheseadditionsappearinAppendixGandinTable8,17above.
Table9:AdditionalPrinciplesIdentifiedintheLiteratureReview
17Table8onlyconsidersmajor(notspecific)principles.Theonlychangeneededwasaddingaprinciplepertainingtofreedom.
Enjeux'de'la'liberté'dans'la'revue'de'littératureAssurer&que&le&citoyen&ne&fasse&pas&constamment&l'objet&de&suivi&dans&sa&vie"idienne&et&l'informer&du&suivi&effectué&
Assurer&que&le&citoyen&ait&pleinement&le&choix&de&ne&pas&dépendre&d'analyses&prédictives&qui&orientent&ses&choix&
Assurer&que&les&situations&dans&lesquelles&l'accès&des&citoyens&soit&décidé&par&le&biais&d'analyses&perscriptives&soient&
limités,&documentés&de&façon&accessible&au&citoyen&et&puissent&faire&l'objet&de&recours&de&la&part&du&citoyen,&dans&des&
délais&raisonnables
Enjeux'de'la'transformation'de'la'ville'dans'la'revue'de'littérature'5'classés'sous'bien'commun'dans'la'liste'de'principesComprendre&les&perceptions&et&craintes&de&la&population&montréalaise&par&rapport&au&projet&de&l'IdO
Veiller&à&l’analyse&des&conséquences&à&long&terme&du&projet&de&l'IdO&sur&les&valeurs&sociales&élargies&(FAPPs)&et&sur&
l'environnement,&en&particulier&l'émission&des&GES&occasionnées&par&le&projet,&à&travers&le&monde
Toute&décision&émanant&du&projet&de&l'IdO&doit&être&rattachée&à&responsabilité&décisionnelle&humaine
Le&projet&de&l'IdO&doit&viser&l'optimum&social&O&pas&seulement&l'optimisation&des&services/processus
Les&preneurs&de&décisions&municipaux&doivent&être&conscients&des&angles&morts&existant&dans&les&données&et&projets&(ex:&
amélioration&des&services)&liés&à&l'IdO,&en&particulier&par&rapport&aux&populations&vulnérables
Le&projet&de&l'IdO&doit&contribuer&à&la&cohésion&sociale,&plutôt&que&l'individualisation&de&la&ville
©CIRAIG FinalReport
Page32 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
4.2 NextStepsinDevelopingtheFramework
Althoughour proposed list of principles is the result of ameticulous effort to bring together existingprinciplesforaddressingethicalandsocialissuesoftheIoTsystem,asplannedforMontréal,furtherworkisrequiredtocompletethislistandmakeitfullyuseful.Sections4.2.1and4.2.2describerecommendedfuturemeasuresforcontinuouslyimprovingthelist.
4.2.1 EnhancingCertainPrinciples
Althoughtheproposedlistofprinciplesincorporatesrelevantprinciplesfoundinexistinglists,someofthemarenowviewedasbeing ineffectiveorwarrantingenhancement.Theseprinciplesallpertain toprivacy,including:
• Statingwhythedataisbeingcollected.• Consentbeforeorduringcollection.• Limitingdatacollectiontopre-establishedpurposes.• Consideringpotentialthreatstoprivacybycross-referencingdata.
Asdiscussedindetailintheliteraturereview(RussoGarrido,etal.,2017),thefirstthreeprinciplesareconsistentwithdataprivacymanagementprinciplesthathavebeeninforceforthepastfewdecades.However,alloftheseprinciplesdirectlyconflictwithmanyIoTsystemgoalsandarenothighlyviableinanurbanenvironmentinwhichdataisconstantlybeingcaptured.
Limiting data collection and pre-establishing the reasons for it constitutemajor stakes for a big dataproject inwhichdataquantitiesare synonymouswith theproject’spotentialandwheredata reuse isintended, to stimulate innovation. IoT, inotherwords, challengesourunderstandingofdatabybeing“infinitelyconnectable,indefinitelyrepurposable,continuouslyupdatableandeasilyremovedfromthecontextofcollection.”(MetcalfandCrawford,2016).18
Itisalsodifficulttodefineconsentinpracticalterms,inanenvironmentwheredataisconstantlybeingcapturedanditisdifficulttoobtainthepersonalconsentofallpersonsaffectedbysuchcollection.Finally,although potential threats to privacy from cross-referencing data are recognized as posing a hugechallenge, it is not clear how this principle can be effectively applied, in practice. Furthermore,deliberationandresearch isneededtodeterminehowtomaketheseprinciplespracticalandrelevantagaininmunicipalgovernance.
Resolving all of these questions would require, it seems, rethinking the very boundaries of what iscommonlyunderstoodtobeprivacyinapublicspacelikethecity.Privacyisoftenassociatedwiththeconceptsofintimacy,homelifeandpersonalinformation.However,thepossibilityofgatherinformationaboutindividualsinpublicareasraisesthequestionofifsuchinformationisprivateornotandunderwhatcircumstancesitmightbe.
18Thisquoteoriginallyappliedtobigdata.However,itequallyappliestotheIoTsystem,whichemploysbigdata.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page33
HelenNissenbaumadvancedthe ideathatprivacy isprimarilybasedon informationexchanges,whichgiverisetostandardsspecific tosuchexchanges (Nissenbaum,2004;BarocasandNissenbaum,2014).Informationmayormaynotbesharedwithoutviolatingprivacy,dependingontheinteractionbetweenvarious factors,suchasrelationsbetweenthepartiesconcerned, the information’ssensitivityandthedirectionofexchange(two-orone-way),19asillustratedinthefollowingfigure.Privacyisnot“either-or.”Itdependsmoreonthecontextthatthetypeofinformationcommunicated.Consequently,Nissenbaum(2014)arguedthatindividualsmightbeentitledtoprivacyinapublicspace.
19Thisisknownasthecontextualintegrityprinciple(BarocasandNissenbaum,2014).Forexample,datarulesforahealthcare unit, establishing the kinds of information that can be shared by stakeholders (patient, doctor,administrativestaff,family).Underthesecircumstances,patientswhoprovideaccesstotheirpersonalinformationcan do so in confidence if this data is handled according to the rules and social expectations on disclosure,communicationandconfidentiality.
©CIRAIG FinalReport
Page34 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
Figure12:CertainContextualPrivacyFactorsConsidered(Gaughan,2016,17).
Theresearchersbelievethatputtingprivacyinthecontextofanexchange,ratherthanasan“either-or,”couldhelpsolvethedifficultproblemof“whattodo”withcertainfrequentlycitedprivacyprinciplesthatareclearlyoutmodedandinadequateincurrentcircumstances.
4.2.2 NextStepsPlanned
The following steps are proposed for expanding the list are generally aimed at discussing, selecting,validatingandenhancingthesuggestedprinciples.Theyinclude:
• Discussingandvalidatingthe10proposedprinciples.
• Discussing,reformulating,selectingandvalidatingtheidentifiedspecificprinciples.Inparticular,itwillbenecessarytodeterminethelevelofspecificitydesiredanditispreferabletogivesomespecific principlesmoreweight than others. The finalwording should be planned to produceoptimalguidelines.
• Identifyinganymissingspecificprinciples,throughsuchmeansasdetectingoverlapsamongthedifferentreferencedocumentsandtheirapplicabilitytothevariousphasesoftheIoTsystem.Thiseffortwouldinvolveanin-depthstudyofpossiblymissingprinciples.Aspreviouslypresented,ourlistofprinciplesisbasedonexistinglists,frameworksandcodes.Consequently,itscoverageandblindspotsreflectexistinglists.Thelistofprinciplesshould,accordingly,begivencritical,detailedexaminationtoidentifyanygaps.
• Enhancingweakspecificprinciples—asdiscussedinSection4.2.1
• Takingthediscussiononthelistofprinciplesbeyondcityhall—aswasthecaseofSeattle,whichbroughttogethermembersofcivilsociety indeveloping itsprivacyprinciples.Montréalwouldbenefitbyincludingstakeholderstodiscussandsharetheir ideasontheproposedframework.TheseactscouldplayaroleindebatingandcontributingtoplacingtheIoTprojectinthehandsofthecommunity.
• Identifying how the framework breaks downs into specific practices at each phase of the IoTsystem,as shown inFigure13. It isessential that thestatedprinciplescanbesubdivided intospecificpracticesapplicabletothedailyroutinesofcityofficials.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page35
Figure13:MajorPrinciplesBrokenDownintoSpecificandPracticalPrinciples
15
Grands'principes'
Principes'spécifiques'
Pra1ques'au'niveau'de'la'planifica1on'de'l’IdO'
Pra1ques'au'niveau'de'la'collecte,'
traitement,'archivage'
Pra1ques'au'niveau'de'l’analyse'
Pra1ques'au'niveau'de'l’ouverture'des'données'
©CIRAIG FinalReport
Page36 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
5 Conclusion
TheframeworksproposedinthisreportareintendedtocontributetoMontréal’seffortstodeveloponeormoreconceptualframeworksforethicalgovernanceofanIoTsystem.Thefirstobjectiveisdesignedtosupportdecision-makersinidentifyingexistingandemergingissuesofethicsandsocialacceptability.ThesecondisintendedtodelineategeneralandspecificprinciplesthatcouldserveasgoodtoguideMontréalindevelopingasetofmunicipalprinciplestoapplyinconsideringandmanagingethicalissues.
As previously mentioned, these principles are not, on their own, complete conceptual frameworks.However,theyareimportantmilestonesindevelopingamorecomprehensive,scalableframework.Theseprinciplescouldultimatelymakeanimportantcontributioninimplementingbestpracticesforexamining,managingandrespondingtoissuesofethicsandsocialacceptabilitypertainingtoMontréal’sIoTsystem.This isbecausewemustacquireresourcestoassist in theongoingmonitoringofemerging issuesanddevelopappropriateprinciplesandpracticestosupportdeliberationsonapproachestotakeandsocialchoicestobemade,incontendingwiththeuncertaintyandsocialchangearisingoutofthedeploymentofnewtechnologiesinthecity.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page37
6 Bibliography
ACM(2017),The2018ACMCodeofEthicsandProfessionalConduct:Draft2.UpdateoftheACMCouncil10/16/92.Viewedat:https://ethics.acm.org/2018-code-draft-2/.ConsultedDecember20,2017.
Future of Life Institute (2017),AsilomarAI Principles. Viewed at: https://futureoflife.org/ai-principles/ConsultedDecember20,2017.
Cate,Fred.H.(2006),“TheFailureofFairInformationPracticePrinciples,”InConsumerProtectionintheAgeoftheInformationEconomy.pp.343-379.
Cavoukian,Ann(2012),“PrivacybyDesign,”IEEETechnologyandSocietyMagazine,31:4,pp.18-19.
CÉSTQ(2017),LaVielleintelligenteauservicedubiencommun:Lignesdirectricespourallierl’éthiqueaunumériquedanslesmunicipalitésduQuébec,GouvernementduQuébec,112pp.
Information and Privacy Commissioner of Ontario (2015), Transparency, Privacy and the Internet:MunicipalBalancingActs,Ontariogovernment,24pp.
EuropeanParliament(2016),Regulation(EU)2016/679oftheEuropeanParliamentandoftheCouncilof27April2016ontheProtectionofNaturalPersonswithRegardtotheProcessingofPersonalDataandtheFreeMovementofSuchData,EuropeanUnion.
The Forum on the Socially Responsible Development of Artificial Intelligence (2017), The MontrealDeclaration for a Responsible Development of Artificial Intelligence, Viewed at:https://www.declarationmontreal-iaresponsable.com/la-declaration,ConsultedDecember20,2017.
Gaughan, M (2016), Privacy in the Smart City: Implications of Sensor Network Design, Law, and Policy ForLocationalPrivacy,Master’sthesis,UrbanStudies,UniversityofWashington.
IEEE(2017),CodeofEthicsandProfessionalConduct,Viewedat:https://www.ieee.org/about/corporate/governance/p7-8.html,consultedDecember20,2017.
IEEE (2017b), IEEE Mission and Vision, Viewed at: https://www.ieee.org/about/vision_mission.htmlConsultedDecember20,2017.
Jones,M.L. (2015),“The IroniesofAutomationLaw:TyingPolicyKnotswithFairAutomationPracticesPrinciples,”Vand.J.Ent.&Tech.L.,Vol.18,pp.77-193.
Kitchin, R (2016),Getting smarter about smart cities: Improving data privacy and data security, DataProtectionUnit,DepartmentoftheTaoiseach,Dublin,Ireland.
Metcalf,J.andCrawford,K.(2016),“Wherearehumansubjectsinbigdataresearch?Theemergingethicsdivide,”BigData&Society,January-June,pp.1-14.
JusticeCanada(2017),“PrinciplesSetOutintheNationalStandardofCanadaEntitledModelCodefortheProtectionofPersonalInformation,CAN/CSA-Q830-96,”inCANADA,PersonalInformationProtectionandElectronic Documents Act: S.C. 2000, c. 5, current as of July 3, 2017 [Ottawa], Justice Canada, 2017,Appendix1,article5.
New York City (2017), NYC’s Guidelines for Building a Smart + Equitable City, Viewed at:https://iot.cityofnewyork.usConsultedDecember20,2017.
NewYorkCityInnovation&TechnologiesWorkgroup(undated),NYC’sGuidelinesforBuildingaSmart+EquitableCity,TheNYSForum.
©CIRAIG FinalReport
Page38 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
OECD(2013),GuidelinesontheProtectionofPrivacyandTransborderFlowsofPersonalData.Viewedat:http://www.oecd.org/fr/sti/ieconomie/lignesdirectricesregissantlaprotectiondelaviepriveeetlesfluxtransfrontieresdedonneesdecaracterepersonnel.htmConsultedDecember20,2017.
Richards,N.M.andKing,J.H.(2014),“BigDataEthics,”WakeForestLawReview49:393-432.
RiekL.andHartzog,W.andHowardD.,etal.(2014),“TheEmergingPolicyandEthicsofHumanRobotInteraction,” Proceedings of the Tenth Annual ACM/IEEE International Conference on Human-RobotInteractionExtendedAbstracts,March2,2015,pp.247-248
Rosenberg,Scott(2017),“WhyAIIsStillWaitingForItsEthicsTransplant,”Wired,November2017.Viewedat:https://www.wired.com/story/why-ai-is-still-waiting-for-its-ethics-transplant/?mbid=email_onsiteshareConsultedDecember20,2017.
RussoGarrido,S.,Allard,M.C.,Merveille,N.,etal.(2017),FinalReport#1forBatch5oftheIoTStandardsDevelopmentProjectLiteratureReview:Ethical IssuesAndSocialAcceptabilityof IoT in theSmartCity,ReportdeliveredtoJean-MartinThibaultinNovember2017.
Zook,M.,Barocas,S.,Boyd,D.,Crawford,K.,Keller,E.,Gangadharan,S.P.,etal.,e1005399(2017),“Tensimplerulesforresponsiblebigdataresearch,”Editorial,PLOSComputationalBiology13(3).
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page39
AppendixACompleteListofPrinciplesConsideredforAnalysis
ThisAppendixappearsbelowunderthesecondtaboftheExcelfileCompilationfinaleprinciples10122017
©CIRAIG FinalReport
Page40 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
AppendixBValuesandPrinciplesofSmartCitiesServingtheCommonGood
(CÉSTQ,2017)
B.ValuesandPrinciplesoftheCommissiond’ÉthiqueSciencesetTechnologieduQuébec,inItsOpiniononSmartCities(2017)
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page41
©CIRAIG FinalReport
Page42 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page43
AppendixCNYC’sGuidelinesforBuildingaSmart+EquitableCity
C.NYC’sGuidelinesforBuildingaSmart+EquitableCity
NYC’sGuidelinesforBuildingaSmart+EquitableCitywerepublishedin2016and30cities,includingParis,havesubsequentlysignedthem.
Principle1:PrivacyandTransparency
City IoT deployments must protect and respect the privacy of residents and visitors. The City iscommittedtobeingopenandtransparentaboutthe“who,what,where,when,whyandhow”ofdatacollection,transmission,processinganduse.
1.1:TheCityshouldmakeprocessesandpoliciesrelatedtoIoTandIoT-relateddatapubliclyavailableinan up-to-date, clear and comprehensive manner. IoT principles, guidelines, operational policies andresponsibilitiesshouldbetransparentandmadepublicviaaCitygovernmentwebsite.
1.2:IoT data should only be collected, transmitted, processed and usedfor specified, explicit andlegitimatepurposes.Thepurposeofdatacollection(e.g.,ausecasesuchasmonitoringairquality),whatdataiscollected(e.g.,particulatesintheair)andhowdataisbeingcollected(e.g.,pollutionsensoronalightpole)shouldbetransparentandmadepublicviaaCitygovernmentwebsiteorotherpublicnotice.
1.3:DataandinformationcollectedbyIoTdevicesshouldbeclassifiedandtreatedaccordingly,pertheCityofNewYork’sDataClassificationPolicy,asPublic,Sensitive,PrivateorConfidential.Allpersonallyidentifiable information (PII) shouldbeclassifiedataminimumasprivate.Alldatathat isclassifiedasbeingconfidential,orpersonallyidentifiable,shouldbeprotectedfromunauthorizeduseanddisclosure(linktoNewYorkCityDataClassificationPolicy).
1.4:PIIshouldbydefaultbeanonymizedbeforebeingsharedinanywaythatcouldmaketheinformationpubliclysearchableordiscoverable.Anycopiesandreproductionsmusthavethesameorhigherlevelofclassificationastheoriginal.AnycombinationsofdatashouldbereclassifiedaccordingtotheCity’sDataClassificationPolicy.(LinktoNewYorkCityDataEncryptionPolicy).
1.5:PII data types shouldhave a clearly associated retentionpolicyanddisposal procedure. Sensitive,privateorconfidentialdatashouldbekeptfornolongerthanisoperationallynecessaryorrequiredforthespecified,explicitandlegitimatepurposes.(LinktoNewYorkCityDigitalMediaRe-useandDisposalPolicy).
1.6:Beforeanysensitive,private,orconfidentialdataissharedoutsidetheoriginatingCityagency,theagencyshouldensurethattheneedcannotbemetbyusinganonymizedoraggregateddataandthattheappropriateprotectionsareinplacetopreservetheconfidentialityofthedata.
1.7:AllpublicdatasetsaresubjecttotheNYCOpenDataLawandassuchshouldbefreelyaccessibleviatheCity’sOpen-dataportal.
©CIRAIG FinalReport
Page44 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
Principle2:DataManagement
CityIoTdeploymentsmustprotectandrespecttheprivacyofresidentsandvisitors.TheCityiscommittedtobeingopenandtransparentaboutthe“who,what,where,when,whyandhow”ofdatacollection,transmission,processinganduse.
2.1:IoTsystems(e.g.howdataiscollected,analyzedandused)shouldbedesignedwiththeusecaseinmind(e.g.predictingdemandfortrashpick-upbasedondataontrashvolume,weatherandevents)tomaximizethebenefitsthatcanbederiveddatacollection(e.g.routinggarbagetrucksmoreefficiently).Whereuseful,relevantbusinessandhistoricaldatafromtheCityoritspartnersshouldbemadeavailableandutilizedbyapplications.
2.2:The desiredmeasurement from any IoT system(e.g. pedestrian counts) should be collected andcategorizedasefficientlyaspossible,usingasfewstepsand/ormanipulationsasnecessary.
2.3:IoTdata shouldbecollectedand storedaccording toopen standards, contain relevant contextualmetadata, be exposed through open, standards-based application program interfaces (APIs), and beprovidedwithsoftwaredevelopmentkits(SDKs)whereapplicablesoitcanbeeasilysharedorcombinedwithotherdatasets.
2.4:IoTdatashouldbearchivedinafederatedwayandmadeaccessiblethroughouttheCitythroughacentralportal(e.g.theCity’sopen-dataportal)oracatalogueofdocumentedopenAPIsunlessrestrictedbyexisting lawsorregulationsand/ordoingsowouldcompromiseprivacyorpublicsafety.Data fromothersystemsnotoperatedbytheCity,suchasfromaprivatesectorpartnerorfromcrowdsourcing,thatcouldprovidepublicbenefitcanalsobeprovidedinthisformwiththesourcedocumentedaccordingly.
2.5:The City recognizes the use of distinctand sometimes conflicting non-proprietary international,national,orindustrystandardsfordataandtechnologyinterfaces.Incaseswherestandardsconflict,theonethatmostcloselyalignstotheusecasewillbeselected.
2.6:EachIoTdevicedataset(e.g.temperature)shouldbevalidatedandverified(e.g.throughredundancyindatacollectionand/orhistoricaldata)andtheresultingmastercopyclearlylabeledbeforeitisused,aggregatedand/orreleased.Datashouldbeversionedsothatanyupdateddatacanbedistinguishedfromthe original and/or master copy. The retention and disposal policies for the master copy should beexplicitlydefined.
2.7:IoTdatashouldbebothauditedandcontinuouslymonitoredforaccuracyandvalidity.Thisprocessshouldbeautomatedwherepossible.
2.8:Alldatasets(e.g.311servicerequests)shouldbecheckedforgeographic,socialorsystem-drivenbias(e.g.geographicdifferencesincivicengagement)andotherqualityproblems.Anybiasingfactorsshouldberecordedandprovidedwiththedatasetandcorrectedwherepossible.
Principle3:Infrastructure
IoTdevices,networksand infrastructure shallbedeployed,used,maintainedanddisposedof inanefficient,responsibleandsecuremannertomaximizepublicbenefit.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page45
3.1:TosupportcitywidecoordinationofIoTdeployments,CityagenciesshouldmaintainaninventoryofIoTdevicesthattheydeployusingastandardizedformat.CityagenciesshouldalsomaintainaninventoryofthepublicorprivateassetsonwhichdevicesareinstalledandthenetworksusedbytheseIoTdevicesincluding details on the network type (e.g. LTE), security protocol (e.g. WPA), location, service levelagreements,andcontactinformationforthenetworkandsystemoperator.
3.2:TheCityshouldaccumulateandpublish,viaaCitygovernmentwebsite,public informationonIoTsystemsincludingbutnotlimitedtoexamplesofdeployedIoTdevices(e.g.airqualitysensors)andthedifferenttypesofpublicassets(e.g.lightpoles)onwhichtheyaredeployed.
3.3:TheCityshouldmakepublic,viaaCitygovernmentwebsite,astandardizedprotocol,includingpointsof contact, for requesting access to, and approving use of, City assets for IoT deployments. Whereappropriate,theCitywilldetailrestrictionsonparticulartypesofpublicassetsand/orsitingrestrictions(e.g.rulesforlandmarkorhistoricdistricts).
3.4:IoT deployments shall, where possible, leverage or repurposeexisting conduit and public assets,maximizeenergyefficiency,andadheretosustainabledevicedisposalprocedures.
3.5:The City should leverage existing wireless and fixed networkswhere possible and appropriate.NetworksforIoTdeploymentsshouldbeselectedtobestsupportthespecificusecase.Thisshouldincludebutisnotlimitedtoensuringappropriatesecurityprotocols,bandwidth,pricingmodels,andservicelevelagreements(SLAs).
3.6:AllIoTdevicesandnetworkequipmentinstalledbytheCity,ontheCity’sbehalf,oronCitypropertyshouldhaveclearsitelicenseagreementsandestablishedtermsofservicegoverningwhoisresponsibleforongoingoperations,maintenance,and thesecuredisposalofequipment. IoTdevicesandnetworkequipmentshouldbelabeledclearlywiththenameandcontactinformationfortheresponsibleparty.
3.7:Publicassetsshouldbeinstrumentedinanorderlymannerthatminimizesclutterandallowsforeaseof access for replacement, repair and addition of new equipment or devices. If new conduit is beinginstalledusingpublicassets(e.g.toaccessrooftopofpublicbuildings)orusingpublicright-of-way(e.g.inCitystreets),locationdetailsmustbefiledwiththeresponsibleagencyanduseoftheconduitshouldnotberestrictedtooneparty.
3.8:IoTsystemsshouldbedesignedtomaximizeresiliencyintheeventofanaturaldisaster(e.g.severeflooding) or other emergencies (e.g. electrical outages). Critical systems should have establishedemergencyresponseplanstoensuretheappropriatecontinuityofservice.
Principle4:Security
IoTsystemsshouldbedesignedandoperatedwithsecurityinmindtoprotectofthepublic,ensuretheintegrityofservices,andberesilienttoattacks.
4.1:IoTsystemsshouldbedesignedwithanexplicitfocusonminimizingsecurityrisks(e.g.unauthorizedoperationorhacking,systemfaults,tampering,andenvironmentalrisks), limitingthepotential impactfroma securitybreach (e.g. the releaseofpersonally identifiable information), andensuring that anycompromisescanbequicklydetectedandmanaged.
©CIRAIG FinalReport
Page46 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
4.2:IoT systems should utilize established security frameworks, where possible, and ensurecommunicationbetweencomponentsistightlyconstrained.
4.3:Identityandaccessmanagementcontrols shouldbe inplacetoensure that the rightpeoplehaveaccess to systems, networks, and data at the right time. Userswith access to IoT systems should beidentifiedandauthenticated.Identificationshouldbetotheindividualandnottotherole.
4.4:All data should be protected in transit and at rest, and systems should be secured againstunauthorizedaccessoroperation.Datastoragemechanismsmustnotbeeasilyremovedfromdevicesandsystemsmustnothavevulnerableexternalinterfaces(e.g.unsecuredUSBports).
4.5:All partners utilizing public assets and/or networksfor IoT deployments should adhere to theprinciples and guidelines set by theCity. TheCity has the right to restrict or revoke access to assets,devices,andpublicnetworkstoprotectthepublicinterestandpublicsafety.
4.6:TheCityand itspartners shouldengageinbothaudit-basedandcontinuousmonitoring toensurethatsystemsareworkingandthatdeviceshavenotbeencompromised.
4.7:Responsibilities relatedtosecuritymonitoringandtheprotectionof IoTsystemsshouldbeclearlydefined.Intheeventofabreach,publicandprivatesectorentitieswillberequiredtocomplywiththeCity’sbreachdisclosureandnotificationrequirements.
Principle5:OperationsandSustainability
AllIoTdeploymentsshouldbestructuredtomaximizepublicbenefitandensurefinancial,operational,andenvironmentalsustainability.
5.1:Demonstrated need, business case, and public benefit(e.g. economic, social, and environmentaloutcomes)shouldberequiredpriortodeploymentofanynewIoTdevicesorsolutions.Inaddition,proofofconceptshouldberequiredpriortocitywidedeployments.
5.2:Prior to deployment, the City and its partners shall identifyall stakeholder and user groups (e.g.communityresidentsandcityemployees)thatwillbeimpactedbyIoTsolutionandestablishfeedbackmechanismsandmethodsofengagementforthesegroups.Beforeandduringdeployment,theCityanditspartnersshouldalsocheckforandaddressbiasesinIoTsolution(e.g.informationasymmetries)thatmayresultinunintendedconsequences(e.g.inequitableservicedelivery).
5.3:TheCityshallprioritizeaccesstoitsassetsandpublicnetworksforIoTdevicedeploymentsthataredistributedinanequitablemannerandhavethegreatestpublicbenefit.Public-privatepartnershipsandbusinessmodelsthatoffsetcostsorgeneraterevenueinwaysalignedwithgreatestpublicbenefitareencouragedbutmustbecloselyevaluatedforrisk.
5.4:Allprojectsandassociatedcontractsoragreementsshouldoutline the“who,what,where,when,why and how” of the implementation, operations, risk management, knowledge transfer, andmaintenanceofIoTsystems.Thisshouldincludecleardefinitionsrelatedtosystemanddataownershipandresponsibilities.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page47
5.5:Solutions shall be designed to be flexible and responsiveto evolving needs. Agreements shouldenabletheadditionofnewfunctionsandupdateofcomponentsoverthelifeoftheagreementatafairandtransparentcost.
5.6:Performance metrics should be maintained for solutions.Agreements should specify intendedoutcomesofasolutionandlevelsofserviceandprovideforpenalties,modifications,orterminationsoftheagreementintheeventthatthesolutiondoesnotperform.
5.7:The City and its partners should reuse infrastructures and componentswhere possible, leveragecitywide contracts or agreements, and develop solutions collaboratively among agencies to avoidduplicatingexistingsolutionsorfunctionsandextractthegreatestvaluefrominvestments.
5.8:All components of a solution should be implementedin a modular manner, prioritizing openstandardswherepossible,toensureinteroperabilityandpreventdependencyonasinglevendor.
©CIRAIG FinalReport
Page48 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
AppendixDAsilomarAIPRINCIPLES
D.AsilomarAIPrinciples
Research Issues 1) Research Goal: The goal of AI research should be to create not undirected intelligence, but beneficial
intelligence.
2) Research Funding: Investments in AI should be accompanied by funding for research on ensuring its
beneficial use, including thorny questions in computer science, economics, law, ethics, and social studies,
such as:
• How can we make future AI systems highly robust, so that they do what we want without
malfunctioning or getting hacked?
• How can we grow our prosperity through automation while maintaining people’s resources and
purpose?
• How can we update our legal systems to be more fair and efficient, to keep pace with AI, and to
manage the risks associated with AI?
• What set of values should AI be aligned with, and what legal and ethical status should it have?
3) Science-Policy Link: There should be constructive and healthy exchange between AI researchers and
policy-makers.
4) Research Culture: A culture of cooperation, trust, and transparency should be fostered among
researchers and developers of AI.
5) Race Avoidance: Teams developing AI systems should actively cooperate to avoid corner-cutting on
safety standards. Ethics and Values 6) Safety: AI systems should be safe and secure throughout their operational lifetime, and verifiably so
where applicable and feasible.
7) Failure Transparency: If an AI system causes harm, it should be possible to ascertain why.
8) Judicial Transparency: Any involvement by an autonomous system in judicial decision-making should
provide a satisfactory explanation auditable by a competent human authority.
9) Responsibility: Designers and builders of advanced AI systems are stakeholders in the moral
implications of their use, misuse, and actions, with a responsibility and opportunity to shape those
implications.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page49
10) Value Alignment: Highly autonomous AI systems should be designed so that their goals and behaviors
can be assured to align with human values throughout their operation.
11) Human Values: AI systems should be designed and operated so as to be compatible with ideals of
human dignity, rights, freedoms, and cultural diversity.
12) Personal Privacy: People should have the right to access, manage and control the data they generate,
given AI systems’ power to analyze and utilize that data.
13) Liberty and Privacy: The application of AI to personal data must not unreasonably curtail people’s
real or perceived liberty.
14) Shared Benefit: AI technologies should benefit and empower as many people as possible.
15) Shared Prosperity: The economic prosperity created by AI should be shared broadly, to benefit all of
humanity.
16) Human Control: Humans should choose how and whether to delegate decisions to AI systems, to
accomplish human-chosen objectives.
17) Non-subversion: The power conferred by control of highly advanced AI systems should respect and
improve, rather than subvert, the social and civic processes on which the health of society depends.
18) AI Arms Race: An arms race in lethal autonomous weapons should be avoided. Longer-term Issues 19) Capability Caution: There being no consensus, we should avoid strong assumptions regarding upper
limits on future AI capabilities.
20) Importance: Advanced AI could represent a profound change in the history of life on Earth, and should
be planned for and managed with commensurate care and resources.
21) Risks: Risks posed by AI systems, especially catastrophic or existential risks, must be subject to
planning and mitigation efforts commensurate with their expected impact.
22) Recursive Self-Improvement: AI systems designed to recursively self-improve or self-replicate in a
manner that could lead to rapidly increasing quality or quantity must be subject to strict safety and control
measures.
23) Common Good: Superintelligence should only be developed in the service of widely shared ethical
ideals, and for the benefit of all humanity rather than one state or organization.
©CIRAIG FinalReport
Page50 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
AppendixEMontréalDeclaration
E.MontréalDeclarationPREAMBLEIntelligence,whetheritbenaturalorartificial,hasnovalueinandof itself.Anindividual’sintelligencedoesnottellusanythingabouthisorhermorality;thisisalsothecaseforanyotherintelligententity.Intelligencecan,however,haveaninstrumentalvalue:itisatoolthatcanleadusawayfromortowardsa goal we wish to attain. Thus, artificial intelligence can create new risks and exacerbate social andeconomicinequalities.Butitcanalsocontributetowell-being,freedomandjustice.
Fromanethicalpointofview,thedevelopmentofAIposespreviouslyunknownchallenges.Forthefirsttimeinhistory,wehavetheopportunitytocreatenon-human,autonomousandintelligentagentsthatdonotneedtheircreatorstoaccomplishtasksthatwerepreviouslyreservedforthehumanmind.Theseintelligentmachinesdonotmerelycalculatebetterthanhumanbeings,theyalsolookfor,processanddisseminateinformation.Theyinteractwithsentientbeings,humanornon-human.Soon,theywillevenbeabletokeepthemcompany,aswouldaparentorafriend.
Theseartificialagentswillcometodirectlyinfluenceourlives.Inthelongterm,wecouldcreate“moralmachines,”machinesable tomakedecisionsaccording toethicalprinciples.Wemustaskourselves ifthesedevelopmentsareresponsibleanddesired.AndwecanhopethatAIwillmakeoursocietiesbetter,inthebestinterestof,andwithrespectfor,everyone.
Theprinciplesandrecommendationsthatweareaskingyoutodevelopcollectivelyareethicalguidelinesforthedevelopmentofartificialintelligence.Inthisfirstphaseofthedeclaration,wehaveidentifiedsevenvalues:well-being, autonomy, justice, personal privacy, knowledge, democracy and responsibility. Foreachvalue,youwillfindaseriesofquestionsthatseektoexploreitsrelationshipwiththedevelopmentofAI.Wethenputforthanormativeprinciple,onethatdoesnotdirectlyanswerthequestionsasked.VALUES,QUESTIONS,PRINCIPLESWell-being• HowcanAIcontributetopersonalwell-being?• Isitacceptableforanautonomousweapontokillahumanbeing?Whataboutananimal?• IsitacceptableforAItocontroltherunningofanabattoir?• ShouldweentrustAIwiththemanagementofalake,aforestortheEarth’satmosphere?• ShouldwedevelopAItechnologywhichisabletosenseaperson'swell-being?
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page51
Proposedprinciple:ThedevelopmentofAIshouldultimatelypromotethewell-beingofallsentientcreatures.Autonomy• HowcanAIcontributetogreaterautonomyforhumanbeings?• Mustwefightagainstthephenomenonofattention-seekingwhichhasaccompaniedadvancesin
AI?• ShouldwebeworriedthathumanspreferthecompanyofAItothatofotherhumansoranimals?• Cansomeonegiveinformedconsentwhenfacedwithincreasinglycomplexautonomous
technologies?• Mustwelimittheautonomyofintelligentcomputersystems?Shouldahumanalwaysmakethe
finaldecision?
Proposedprinciple:ThedevelopmentofAIshouldpromotetheautonomyofallhumanbeingsandcontrol,inaresponsibleway,theautonomyofcomputersystems.Justice• HowdoweensurethatthebenefitsofAIareavailabletoeveryone?• MustwefightagainsttheconcentrationofpowerandwealthinthehandsofasmallnumberofAI
companies?• WhattypesofdiscriminationcouldAIcreateorexacerbate?• ShouldthedevelopmentofAIbeneutralorshoulditseektoreducesocialandeconomic
inequalities?• WhattypesoflegaldecisionscanwedelegatetoAI?
Proposedprinciple:ThedevelopmentofAIshouldpromotejusticeandseektoeliminatealltypesofdiscrimination,notablythose linked to gender, age,mental / physical abilities, sexual orientation, ethnic / social origins andreligiousbeliefs.Privacy• HowcanAIguaranteerespectforpersonalprivacy?• Doourpersonaldatabelongtousandshouldwehavetherighttodeletethem?• Shouldweknowwithwhomourpersonaldataaresharedand,moregenerally,whoisusingthese
data?• DoesitcontraveneethicalguidelinesorsocialetiquetteforAItoansweroure-mailsforus?• WhatelsecouldAIdoinourname?Proposedprinciple:ThedevelopmentofAIshouldofferguaranteesrespectingpersonalprivacyandallowingpeoplewhouseittoaccesstheirpersonaldataaswellasthekindsofinformationthatanyalgorithmmightuse.
©CIRAIG FinalReport
Page52 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
Knowledge• DoesthedevelopmentofAIputcriticalthinkingatrisk?• Howdoweminimizethedisseminationoffakenewsormisleadinginformation?• ShouldresearchresultsonAI,whetherpositiveornegative,bemadeavailableandaccessible?• Isitacceptablenottobeinformedthatmedicalorlegaladvicehasbeengivenbyachatbot?• Howtransparentshouldtheinternaldecision-makingprocessesofalgorithmsbe?
Proposedprinciple:The development of AI should promote critical thinking and protect us from propaganda andmanipulation.Democracy
• HowshouldAIresearchanditsapplications,attheinstitutionallevel,becontrolled?• Inwhatareaswouldthisbemostpertinent?• Whoshoulddecide,andaccordingtowhichmodalities,thenormsandmoralvaluesdetermining
thiscontrol?• Whoshouldestablishethicalguidelinesforself-drivingcars?• ShouldethicallabelingthatrespectscertainstandardsbedevelopedforAI,websitesand
businesses?
Proposedprinciple:ThedevelopmentofAIshouldpromoteinformedparticipationinpubliclife,cooperationanddemocraticdebate.Responsibility• WhoisresponsiblefortheconsequencesofthedevelopmentofAI?• HowshouldwedefineprogressiveorconservativedevelopmentofAI?• HowshouldwereactwhenfacedwithAI’spredictableconsequencesonthelabourmarket?• IsitacceptabletoentrustavulnerablepersontothecareofAI(forexample,a“robotnanny”)?• Cananartificialagent,suchasTay,Microsoft’s“racist”chatbot,bemorallyculpableand
responsible?
Proposedprinciple:ThevariousplayersinthedevelopmentofAIshouldassumetheirresponsibilitybyworkingagainsttherisksarisingfromtheirtechnologicalinnovations.DEFINITIONS
SentientbeingAny being able to feel pleasure, pain, emotions; basically, to feel. At the current state of scientificknowledge, all vertebrates and some invertebrates such as octopi, are considered sentient beings. Inbiology,thedevelopmentofthischaracteristiccanbeexplainedbythetheoryofevolution.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page53
Ethics(orMorals)Thisisthedisciplinethatponderstheproperwaystobehave,individuallyorcollectively,bylookingtoadoptanimpartialpointofview.Itisbasedonmoralnormsandvalues.MoralvaluesMoralvaluesarerelatedtogoodandevil:theyallowus,forexample,toqualifyanactionasjustorunjust,honestordishonest,commendableorblameworthy.EpistemicvalueEpistemicvaluesarerelatedtoknowledge:theyallowus,forexample,toqualifyanargumentasvalidorinvalid,clearorunclear,pertinentortrivial.IntrinsicvalueAvalueisintrinsicwhenitisanultimatejustification,whenonelooksforitinandofitself.Forexample,well-being,autonomyandjusticecanbelookedinandofthemselves;thustheyareintrinsicvalues.InstrumentalvalueAvalueisinstrumentalwhenitisinserviceofsomethingelse,whenithelpspromoteanintrinsicvalue,forexample.Moneyandintelligenceareexamplesofinstrumentalvaluesthatcanbeputtotheserviceofwell-being,autonomyorjustice.UtopiaApossibleworldwhichembodiesacollectionofpositivevalues.Thus,itcanbesaidthatasocietyinwhichAIfreespeoplefromallunpleasantwork,allowingthemtotakecareofeachotherwhilefullydevelopingtheirpersonalpotential,wouldbeautopiansociety.Dystopia
Thisistheoppositeofautopia.Itisapossibleworldthatembodiesacollectionofnegativevalues.Thus,it canbesaid thatasociety inwhichseveralcorporations (orasinglecorporation)becomeextremelypowerfulthankstoAI,allowingthemtocontrolandexploitpeople,wouldbeadystopiansociety.
©CIRAIG FinalReport
Page54 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
AppendixFACMCodeofEthics(2018)
F.2018ACMCodeofEthicsandProfessionalConduct:Draft2
Draft2wasdevelopedbyTheCode2018TaskForce.
(Itisbasedonthe2018ACMCodeofEthicsandProfessionalConduct:Draft1)
Preamble
TheACMCodeofEthicsandProfessionalConduct(“theCode”)identifieskeyelementsofethicalconductincomputing.
TheCodeisdesignedtosupportallcomputingprofessionals,whichistakentomeancurrentoraspiringcomputingpractitionersaswellasthosewhoinfluencetheirprofessionaldevelopment,andthosewhouse technology in an impactful way. The Code includes principles formulated as statements ofresponsibility,basedontheunderstandingthatthepublicgoodisalwaysaprimaryconsideration.Section1 outlines fundamental ethical considerations. Section 2 addresses additional, more specificconsiderationsofprofessionalresponsibility.Section3pertainsmorespecificallytoindividualswhohavealeadershiprole,whetherintheworkplaceorinavolunteerprofessionalcapacity.CommitmenttoethicalconductisrequiredofeveryACMmemberandprinciplesinvolvingcompliancewiththeCodearegiveninSection4.
TheCodeasawholeisconcernedwithhowfundamentalethicalprinciplesapplytoone’sconductasacomputing professional. Each principle is supplemented by guidelines, which provide explanations toassistmembersinunderstandingandapplyingit.Theseextraordinaryethicalresponsibilitiesofcomputingprofessionalsarederivedfrombroadlyacceptedethicalprinciples.
TheCode isnotanalgorithmforsolvingethicalproblems, rather it is intendedtoserveasabasis forethicaldecisionmakingintheconductofprofessionalwork.Wordsandphrasesinacodeofethicsaresubjecttovaryinginterpretations,andaparticularprinciplemayseemtoconflictwithotherprinciplesinspecific situations. Questions related to these kinds of conflicts can best be answered by thoughtfulconsideration of the fundamental ethical principles, understanding the public good is the paramountconsideration.Theentireprofessionbenefitswhentheethicaldecisionmakingprocessistransparenttoallstakeholders.Inaddition,itmayserveasabasisforjudgingthemeritofaformalcomplaintpertainingtoaviolationofprofessionalethicalstandards.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page55
1.GENERALMORALPRINCIPLES
Acomputingprofessionalshould…
1.1Contribute to societyand tohumanwell-being,acknowledging thatallpeopleare stakeholders incomputing.
Thisprinciple concerning thequalityof lifeof all peopleaffirmsanobligation toprotect fundamentalhumanrightsandtorespectdiversity.Anessentialaimofcomputingprofessionalsistominimizenegativeconsequencesofcomputing,includingthreatstohealth,safety,personalsecurity,andprivacy.Computingprofessionalsshouldgiveconsiderationtowhethertheproductsoftheireffortswillbeusedinsociallyresponsibleways,willmeetsocialneeds,andwillbebroadlyaccessible.Theyareencouragedtoactivelycontributetosocietybyengaginginprobonoorvolunteerwork.Whentheinterestsofmultiplegroupsconflicttheneedsoftheleastadvantagedshouldbegivenincreasedattentionandpriority.
In addition to a safe social environment, human well-being requires a safe natural environment.Therefore,computingprofessionalsshouldbealertto,andmakeothersawareof,anypotentialharmtothelocalorglobalenvironment.
1.2Avoidharm.
In this document, “harm” means negative consequences to any stakeholder, especially when thoseconsequencesaresignificantandunjust.Examplesofharmincludeunjustifieddeath,unjustifiedlossofinformation, and unjustified damage to property, reputation, or the environment. This list is notexhaustive.
Well-intendedactions,includingthosethataccomplishassignedduties,mayunexpectedlyleadtoharm.In such an event, those responsible areobligated toundoormitigate theharmasmuch as possible.Avoidingunintentionalharmbeginswithcarefulconsiderationofpotentialimpactsonallthoseaffectedbydecisions.
Tominimizethepossibilityofindirectlyharmingothers,computingprofessionalsshouldfollowgenerallyacceptedbestpracticesforsystemdesign,development,andtesting.Additionally,theconsequencesofemergentsystemsanddataaggregationshouldbecarefullyanalyzed.ThoseinvolvedwithpervasiveorinfrastructuresystemsshouldalsoconsiderPrinciple3.7.
Atwork,acomputingprofessionalhasanadditionalobligationtoreportanysignsofsystemrisksthatmightresultinseriouspersonalorsocialharm.Ifone’ssuperiorsdonotacttocurtailormitigatesuchrisks, it may be necessary to “blow the whistle” to reduce potential harm. However, capricious ormisguided reporting of risks can itself be harmful. Before reporting risks, the computing professionalshouldthoroughlyassessallrelevantaspectsoftheincidentasoutlinedinPrinciple2.5.
1.3Behonestandtrustworthy.
Honesty is an essential component of trust. A computing professional should be fair and not makedeliberatelyfalseormisleadingclaimsandshouldprovidefulldisclosureofallpertinentsystemlimitationsandpotentialproblems.Fabricationofdata,falsificationofdata,andscientificmisconductaresimilarlyviolationsoftheCode.Onewhoisprofessionallydishonestisaccountableforanyresultingharm.
Acomputingprofessionalshouldbehonestabouthisorherownqualifications,andaboutanylimitationsincompetencetocompleteatask.Computingprofessionalsshouldbeforthrightaboutanycircumstancesthat might lead to conflicts of interest or otherwise tend to undermine the independence of theirjudgment.
©CIRAIG FinalReport
Page56 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
MembershipinvolunteerorganizationssuchasACMmayattimesplaceindividualsinsituationswheretheir statements or actions could be interpreted as carrying the “weight” of a larger group ofprofessionals.AnACMmembershouldexercisecarenottomisrepresentACM,orpositionsandpoliciesofACMoranyACMunits.
1.4Befairandtakeactionnottodiscriminate.
Thevaluesofequality,tolerance,respectforothers,andequaljusticegovernthisprinciple.Prejudicialdiscriminationonthebasisofage,color,disability,ethnicity,familystatus,genderidentity,militarystatus,nationalorigin, race, religionorbelief, sex, sexualorientation,oranyother inappropriate factor is anexplicitviolationofACMpolicy.Sexualharassmentisaformofdiscriminationthatlimitsfairaccesstothespaceswheretheharassmenttakesplace.
Inequities betweendifferent groupsof peoplemay result from theuseormisuseof information andtechnology. Technologies should be as inclusive and accessible as possible. Failure to design forinclusivenessandaccessibilitymayconstituteunfairdiscrimination.
1.5 Respect the work required to produce new ideas, inventions, and other creative and computingartifacts.
Thedevelopmentofnewideas,inventions,andothercreativeandcomputingartifactscreatesvalueforsociety,andthosewhoexpendtheeffortneededforthisshouldexpecttogainvaluefromtheirwork.Computingprofessionalsshouldthereforeprovideappropriatecredit tothecreatorsof ideasorwork.This may be in the form of respecting authorship, copyrights, patents, trade secrets, non-disclosureagreements,licenseagreements,orothermethodsofattributingcreditwhereitisdue.
Bothcustomandthelawrecognizethatsomeexceptionstoacreator’scontrolofaworkarenecessarytofacilitatethepublicgood.Computingprofessionalsshouldnotundulyopposereasonableusesoftheirintellectualworks.
Effortstohelpothersbycontributingtimeandenergytoprojectsthathelpsocietyillustrateapositiveaspectofthisprinciple.Sucheffortsincludefreeandopensourcesoftwareandotherworkputintothepublicdomain.Computingprofessionalsshouldavoidmisappropriationofacommons.
1.6Respectprivacy.
“Privacy”isamulti-facetedconceptandacomputingprofessionalshouldbecomeconversantinitsvariousdefinitionsandforms.
Technology enables the collection, monitoring, and exchange of personal information quickly,inexpensively,andoftenwithouttheknowledgeofthepeopleaffected.Computingprofessionalsshouldusepersonaldataonlyforlegitimateendsandwithoutviolatingtherightsofindividualsandgroups.Thisrequires takingprecautionstoensuretheaccuracyofdata,aswellasprotecting it fromunauthorizedaccessoraccidentaldisclosure to inappropriate individualsorgroups.Computingprofessionalsshouldestablishproceduresthatallowindividualstoreviewtheirpersonaldata,correct inaccuracies,andoptoutofautomaticdatacollection.
Only the minimum amount of personal information necessary should be collected in a system. Theretentionanddisposalperiodsforthatinformationshouldbeclearlydefinedandenforced,andpersonalinformationgatheredforaspecificpurposeshouldnotbeusedforotherpurposeswithoutconsentoftheindividual(s).Whendata collections aremerged, computingprofessionals should take special care forprivacy. Individualsmaybereadily identifiablewhenseveraldatacollectionsaremerged,eventhoughthoseindividualsarenotidentifiableinanyoneofthosecollectionsinisolation.
1.7Honorconfidentiality.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page57
ComputingprofessionalsshouldprotectconfidentialityunlessrequiredtodootherwisebyabonafiderequirementoflaworbyanotherprincipleoftheCode.
Userdataobservedduringthenormaldutiesofsystemoperationandmaintenanceshouldbetreatedwithstrictconfidentiality,exceptincaseswhereitisevidencefortheviolationoflaw,oforganizationalregulations, or of theCode. In these cases, thenatureor contentsof that information shouldnot bedisclosedexcepttoappropriateauthorities,andthecomputingprofessionalshouldconsiderthoughtfullywhethersuchdisclosuresareconsistentwiththeCode.
2.PROFESSIONALRESPONSIBILITIES
Apracticingcomputingprofessionalshould…
2.1Strivetoachievethehighestqualityinboththeprocessandproductsofprofessionalwork.
Computingprofessionalsshould insistonhighqualityworkfromthemselvesandfromcolleagues.Thisincludesrespectingthedignityofemployers,colleagues,clients,users,andanyoneaffectedeitherdirectlyor indirectly by thework. High quality process includes an obligation to keep the client or employerproperlyinformedaboutprogresstowardcompletingthatproject.Professionalsshouldbecognizantoftheseriousnegativeconsequencesthatmayresultfrompoorqualityandshouldresistanyinducementstoneglectthisresponsibility.
2.2Maintainhighstandardsofprofessionalcompetence,conduct,andethicalpractice.
High quality computing depends on individuals and teams who take personal and organizationalresponsibility for acquiring andmaintaining professional competence. Professional competence startswith technical knowledge and awareness of the social context in which the work may be deployed.Professional competencealso requires skill in reflectiveanalysis for recognizingandnavigatingethicalchallenges. Upgrading necessary skills should be ongoing and should include independent study,conferences, seminars, and other informal or formal education. Professional organizations, includingACM,arecommittedtoencouragingandfacilitatingthoseactivities.
2.3Know,respect,andapplyexistinglawspertainingtoprofessionalwork.
ACMmembersmustobeyexistingregional,national,andinternationallawsunlessthereisacompellingethicaljustificationnottodoso.Policiesandproceduresoftheorganizationsinwhichoneparticipatesmustalsobeobeyed,butcompliancemustbebalancedwiththerecognitionthatsometimesexistinglawsandrulesareimmoralorinappropriateand,therefore,mustbechallenged.Violationofalaworregulationmaybeethicalwhenthatlaworrulehasinadequatemoralbasisorwhenitconflictswithanotherlawjudgedtobemoreimportant. Ifonedecidestoviolatea laworrulebecauseit isunethical,orforanyotherreason,onemustfullyacceptresponsibilityforone’sactionsandfortheconsequences.
2.4Acceptandprovideappropriateprofessionalreview.
Quality professional work in computing depends on professional reviewing and critiquing.Wheneverappropriate,computingprofessionalsshouldseekandutilizepeerandstakeholderreview.Computingprofessionalsshouldalsoprovideconstructive,criticalreviewoftheworkofothers.
2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, includinganalysisofpossiblerisks.
Computing professionals should strive to be perceptive, thorough, and objective when evaluating,recommending,andpresentingsystemdescriptionsandalternatives.Computingprofessionalsare inaposition of special trust, and therefore have a special responsibility to provide objective, credibleevaluationstoemployers,clients,users,andthepublic.Extraordinarycareshouldbetakentoidentifyand
©CIRAIG FinalReport
Page58 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
mitigatepotentialrisks inself-changingsystems.Systemswhosefuturerisksareunpredictablerequirefrequent reassessment of risk as the system develops or should not be deployed. When providingevaluationstheprofessionalmustalsoidentifyanyrelevantconflictsofinterest,asstatedinPrinciple1.3.
AsnotedintheguidanceforPrinciple1.2onavoidingharm,anysignsofdangerfromsystemsshouldbereported to thosewhohaveopportunityand/or responsibility to resolve them.See theguidelines forPrinciple1.2formoredetailsconcerningharm,includingthereportingofprofessionalviolations.
2.6Acceptonlythoseresponsibilitiesforwhichyouhaveorcanobtainthenecessaryexpertise,andhonorthosecommitments.
A computing professional has a responsibility to evaluate every potential work assignment. If theprofessional’s evaluation reveals that the project is infeasible, or should not be attempted for otherreasons,thentheprofessionalshoulddisclosethistotheemployerorclient,anddeclinetoattempttheassignmentinitscurrentform.
Onceitisdecidedthataprojectisfeasibleandadvisable,theprofessionalshouldmakeajudgmentaboutwhethertheprojectisappropriatetotheprofessional’sexpertise.Iftheprofessionaldoesnotcurrentlyhavetheexpertisenecessarytocompletetheprojecttheprofessionalshoulddisclosethisshortcomingtotheemployerorclient.Theclientoremployermaydecidetopursuetheprojectwiththeprofessionalaftertimeforadditionaltraining,topursuetheprojectwithsomeoneelsewhohastherequiredexpertise,ortoforegotheproject.
Themajorunderlyingprinciplehereistheobligationtoacceptpersonalaccountabilityforprofessionalwork.Thecomputingprofessional’sethical judgmentshouldbethe finalguide indecidingwhether toproceed.
2.7Improvepublicunderstandingofcomputing,relatedtechnologies,andtheirconsequences.
Computingprofessionalshavearesponsibilitytosharetechnicalknowledgewiththepublicbycreatingawareness andencouragingunderstandingof computing, including the impactsof computer systems,their limitations, their vulnerabilities, and opportunities that they present. This imperative implies anobligationtocounteranyfalseviewsrelatedtocomputing.
2.8Accesscomputingandcommunicationresourcesonlywhenauthorizedtodoso.
ThisprinciplederivesfromPrinciple1.2–”Avoidharmtoothers.”Nooneshouldaccessoruseanother’scomputersystem,software,ordatawithoutpermission.Oneshouldhaveappropriateapprovalbeforeusingsystemresources,unlessthereisanoverridingconcernforthepublicgood.Tosupportthisclause,acomputingprofessionalshouldtakeappropriateactiontosecureresourcesagainstunauthorizeduse.Individualsandorganizationshavetherighttorestrictaccesstotheirsystemsanddataso longastherestrictionsareconsistentwithotherprinciplesintheCode(suchasPrinciple1.4).
3.PROFESSIONALLEADERSHIPPRINCIPLES
Inthissection,“leader”meansanymemberofanorganizationorgroupwhohasinfluence,educationalresponsibilities, or managerial responsibilities. These principles generally apply to organizations andgroups,aswellastheirleaders.
Acomputingprofessionalactingasaleadershould…
3.1Ensurethatthepublicgoodisacentralconcernduringallprofessionalcomputingwork.
The needs of people—including users, other people affected directly and indirectly, customers, andcolleagues—should always be a central concern in professional computing. Tasks associated withrequirements,design,development,testing,validation,deployment,maintenance,end-of-lifeprocesses,
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page59
anddisposal should have thepublic good as an explicit criterion for quality. Computingprofessionalsshouldkeepthisfocusnomatterwhichmethodologiesortechniquestheyuseintheirpractice.
3.2Articulate,encourageacceptanceof,andevaluatefulfillmentofthesocialresponsibilitiesofmembersofanorganizationorgroup.
Technical organizations and groups affect the public at large, and their leaders should acceptresponsibilitiestosociety.Organizationalproceduresandattitudesorientedtowardquality,transparency,andthewelfareofsocietywillreduceharmtomembersofthepublicandraiseawarenessoftheinfluenceof technology in our lives. Therefore, leaders should encourage full participation in meeting socialresponsibilitiesanddiscouragetendenciestodootherwise.
3.3Managepersonnelandresourcestodesignandbuildsystemsthatenhancethequalityofworkinglife.
Leadersareresponsibleforensuringthatsystemsenhance,notdegrade,thequalityofworkinglife.Whenimplementingasystem,leadersshouldconsiderthepersonalandprofessionaldevelopment,accessibility,physicalsafety,psychologicalwell-being,andhumandignityofallworkers.Appropriatehuman-computerergonomicstandardsshouldbeconsideredinsystemdesignandintheworkplace.
3.4Establishappropriaterulesforauthorizedusesofanorganization’scomputingandcommunicationresourcesandoftheinformationtheycontain.
Leadersshouldclearlydefineappropriateandinappropriateusesoforganizationalcomputingresources.Theserulesshouldbeclearlyandeffectivelycommunicatedtothoseusingtheircomputingresources.Inaddition,leadersshouldenforcethoserules,andtakeappropriateactionwhentheyareviolated.
3.5 Articulate, apply, and support policies that protect the dignity of users and others affected bycomputingsystemsandrelatedtechnologies.
Dignity is the principle that all humans are due respect. This includes the general public’s right toautonomyinday-to-daydecisions.
Designing or implementing systems that deliberately or inadvertently violate, or tend to enable theviolationof,thedignityorautonomyof individualsorgroups isethicallyunacceptable.Leadersshouldverifythatsystemsaredesignedandimplementedtoprotectdignity.
3.6Createopportunitiesformembersoftheorganizationandgrouptolearn,respect,andbeaccountablefortheprinciples,limitations,andimpactsofsystems.
ThisprinciplecomplementsPrinciple2.7onpublicunderstanding.Educationalopportunitiesareessentialto facilitate optimal participation of all organization or group members. Leaders should ensure thatopportunitiesareavailabletocomputingprofessionalstohelpthemimprovetheirknowledgeandskillsinprofessionalism,inthepracticeofethics,andintheirtechnicalspecialties,includingexperiencesthatfamiliarize them with the consequences and limitations of particular types of systems. Professionalsshould know the dangers of oversimplified models, the improbability of anticipating every possibleoperatingcondition,theinevitabilityofsoftwareerrors,theinteractionsofsystemsandthecontextsinwhichtheyaredeployed,andotherissuesrelatedtothecomplexityoftheirprofession.
3.7Recognizewhencomputersystemsarebecomingintegrated intothe infrastructureofsociety,andadoptanappropriatestandardofcareforthosesystemsandtheirusers.
Organizations and groups occasionally develop systems that become an important part of theinfrastructureofsociety.Theirleadershavearesponsibilitytobegoodstewardsofthatcommons.Partofthatstewardshiprequiresthatcomputingprofessionalsmonitorthelevelofintegrationoftheirsystemsintotheinfrastructureofsociety.Asthelevelofadoptionchanges,therearelikelytobechangesinthe
©CIRAIG FinalReport
Page60 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018
ethicalresponsibilitiesoftheorganization.Leadersof important infrastructureservicesshouldprovidedueprocesswithregardtoaccesstotheseservices.Continualmonitoringofhowsocietyisusingaproductwillallowtheorganizationtoremainconsistentwiththeirethicalobligationsoutlinedintheprinciplesofthecode.Wheresuchstandardsofcaredonotexist,theremaybeadutytodevelopthem.
4.COMPLIANCEWITHTHECODE
Acomputingprofessionalshould…
4.1Uphold,promote,andrespecttheprinciplesoftheCode.
The future of computing depends on both technical and ethical excellence. Computing professionalsshouldadheretotheprinciplesexpressedintheCode.EachACMmembershouldencourageandsupportadherencebyallcomputingprofessionals.ComputingprofessionalswhorecognizebreachesoftheCodeshouldtakewhateveractionsarewithintheirpowertoresolvetheethicalissuestheyrecognize.
4.2TreatviolationsoftheCodeasinconsistentwithmembershipinACM.
IfanACMmemberdoesnotfollowtheCode,membershipinACMmaybeterminated.
VilledeMontréal FinalReport
February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page61
AppendixGListofGeneralandSpecificPrinciples
ThisappendixpartiallyappearsbelowandisfoundinthefirsttaboftheExcelfileCompilationfinaleprinciples10122017
G.FinalListofPrinciples
©CIRAIG FinalReport
Page62 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018