PRELIMINARY REPORT #2 FROM BATCH 5 OF THE IOT …ville.montreal.qc.ca/pls/...fr/media/...final_en.pdf · 3333, chemin Queen-Mary, suite 310 Montréal (Québec) Canada H3V 1A2 Ville

PRELIMINARYREPORT#2FROMBATCH5OFTHEIOTSTANDARDSDEVELOPMENTPROJECTCONTRIBUTIONSTOACONCEPTUALFRAMEWORKFORMANAGINGTHESOCIALANDETHICALISSUESOFURBANIOT

FEBRUARY2018

Preparedfor:

VilledeMontréal

For:Mr.Jean-MartinThibault

Director (CTO), IT Architecture, InnovationandSecurity

VilledeMontréal

275,rueNotre-DameEst

Montréal,QC,HCY1C6

Canada

©CIRAIG FinalReport

Pageii CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018

ThisreportwaspreparedbyCIRAIG(Centreinternationaldereferencesurlecycledeviedesproduitsprocédésetservices).

CIRAIGwasestablished in2001toprovidebusinessesandgovernmentwithacademic,state-of-the-artexpertiseonsustainabledevelopmenttools.CIRAIGisoneoftheworld’sleadingcentresoflifecycleexpertise.Theorganizationworkswithmanyresearchcentresthroughout theworld andactivelyparticipates in the life cycle initiativeof theUnitedNations EnvironmentProgramme (UNEP) and the Societyof Environmental ToxicologyandChemistry(SETAC).

CIRAIGhasdevelopedrecognizedexpertiseinlifecyclestools,includingenvironmentallife cycle assessment (ELCA) and social life cycle assessment (SLCA). Its researchcomplements this expertise,with studieson life cycle cost analyses (LCCAs) andothertools,includingcarbonandwaterfootprints.CIRAIG’sactivitiesincludeappliedresearchinmanycriticalsectors,suchasenergy,aerospace,agrifood,wastemanagement,pulpand paper,mines andmetals, chemical products, telecommunications, finance, urbaninfrastructuremanagement,transportationandgreenproductdesign.

DISCLAIMERTheauthorsareresponsiblefortheselectionandpresentationoftheirfindings.Theopinionsexpressedin this document are those of the project team and do not necessarily reflect the views of CIRAIG,PolytechniqueMontréalorESG-UQÀM.WiththeexceptionofdocumentsproducedbyCIRAIG(suchasthisreport),anyuseofthenameofCIRAIG,PolytechniqueMontréal or ESG-UQÀM in public disclosures relating to this reportmust receive priorwrittenconsentfromadulyappointedrepresentativeofCIRAIG,PolytechniqueMontréalorESG-UQÀM.CIRAIGCentreinternationaldereferencesurlecycledeviedesproducts,procédésetservicesPolytechniqueMontréalDépartementdegéniechimique3333,cheminQueen-Mary,suite310Montréal(Québec)CanadaH3V1A2www.ciraig.org

VilledeMontréal FinalReport


Pageiv CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018

ResearchTeam

ResearchTeam

Execution

SaraRussoGarrido

Supervision,Researchandwriting

Marie-LucArpin

Revision

ProjectManagement

Prof.NicolasMerveillePhD

Professor,ESGUQAMandCIRAIG

ProjectParticipantsfromtheVilledeMontréal:

Jean-MartinThibault,Pierre-AntoineFerron,StéphaneGuidoin,MichelCharest,SongNhiNguyen,Martin-GuyRichardandPatrickLozeau.


Summary

ProjectMission

ThisreportseekstolayatoguideMontréalindevelopingfordefiningaconceptualframeworkthatcanguide Montréal in establishing a program for considering and managing issues of ethics and socialacceptability associatedwith the technological and analytical systems of an urban Internet of things.Thesesystemsareresponsibleforcollectingdatafrommanysources(municipalsensors,socialnetworks,externaldatabases), internalprocessing,storageandanalysisofsuchdata,aswellasforreleasingthisdataintheformofdatabases,displaysorappsforthepublic.ThisreportbuildsontheLiteratureReview:EthicalIssuesandSocialAcceptabilityofIoTintheSmartCity1(RussoGarrido,etal.,2017).

ThereportpresentstwoframeworkstoguideMontréalindevelopingoneormoreconceptualframeworksforethicalgovernanceofIoT:

• FrameworktoassistintheidentificationandanalysisofissuesofethicsandsocialacceptabilityinIoT.

• Alistofprinciplestoguidehowtheseissuesarehandled.

Theseelementsdonot,ontheirown,constituteacomprehensiveconceptualframework.However,theyareimportantmilestonesinthedevelopmentofamorecompleteandscalableframework.

FrameworksforIdentifyingEthicalandSocialIssues

Frameworksforidentifyingtheethicalandsocialissuesdiscussedinthisreportaredesignedtoprovidedecision-makerswithtoolsthatwillhelpthemidentifyandstudyissuesassociatedwiththeIoTproject.Theseframeworksarebasedonthefollowingsourcesofinformation,withmosttakenfromtheliteraturereview(RussoGarrido,etal.,2017):

• KeycomponentsoftheIoTsystem,asoperatedbythecity.• EthicalissuesidentifiedintheliteraturerevieworintheopinionoftheCommissiond’éthique

ensciencesettechnologieduQuébecsurlesvillesintelligentes(CÉSTQ,2017).

ThebroadoutlinesoftheIoTaredescribedinthefollowingfigure.

1TheCompleteTitleIs:FinalReport#1ForBatch5oftheIoTStandardsDevelopmentProjectLiteratureReview:EthicalIssuesandSocialAcceptabilityofIoTintheSmartCity.


Pagevi CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018

FigureA:ComponentsofMontréal’sIoTSystem

Asexplainedintheliteraturereview,thesystemcanbebrokendownintofourmainphases:

• IoTprojectplanning.• Datacollectionandstorage.• Dataanalysis(internaloroutsidethecity)• Opendataanddigitalservicesforthepublic.

BasedonthesestepsandtheethicalandsocialissuesidentifiedintheliteraturereviewandtheCÉSTQ(2017)opinion,weproposethefollowingframeworkforhigh-levelidentificationofethicalissues.

.

Version mise à jour

.

Légende'des'grandes'étapes:'!!!!!!!!!!!!!!!! !Planifica)on!du!projet!de!l’IdO!! !Collecte!et!stockage!des!données!

!Analyse!des!données!(interne!ou!externe!à!l’administra)on)!!Ouverture!des!données!et!services!citoyens!numériques!

!

Installa)on!

Données!captées!

Transport!

Stockage!temporaire!

Stockage!ins)tu)onnel!

Analyse!tempsFréel!

Analyse!de!flux!

Analyses!interac)ve!&!en!lot!

Ouverture!des!

données!Analyse!(données!

périodiques!ou!interac)ves)!

Visualisa)on!des!données!

et/ou!Résultats!pour!prises!de!décisions!

Analyse!et!développement!d’applica)ons!

par!les!citoyens/entreprises!!

Applica)ons!offertes!aux!citoyens!

Planifica)on!du!projet!d’IdO!

Archivage!!

Destruc)on!des!données!!

Données!externes!


FigureB:GeneralFrameworkforHigh-LevelIdentificationofIssuesofEthicsandSocialAcceptability

Whiletheframeworkoutlinedbelowmaybeusefulforgeneraldiscussion,morespecificframeworksareneededthatnotonlyidentifygeneralconcerns,butprovideamoredetaileddefinitionofactivitiesandsituationsthatcouldgiveriseethicalorsocialissues.FiguresC,DandEpresentthislevelofdetail,eachillustratingasetofissuescoveredintheliteraturereview(asindicatedbyeachfigure’stitle).

.

Planifica(on*&*gouverne*de*l’IdO*

Collecte,*traitement,*stockage,*archivage*

Analyse*à*l’interne*

Ouverture*des*données*et*services*aux*citoyens*

•  Bien*commun*•  Inclusion*•  Indépendance*des*

pouvoirs*publics*•  Vie$privée$•  Liberté$•  Transparence$•  Propor3onnalité$•  Démocra3e$•  Transforma3on$

gouvernance$•  Transforma3on$de$

la$ville$

•  Vie*privée*•  Liberté*•  Transparence*•  Propor3onnalité$

•  Vie*privée*•  Liberté*•  Inclusion*•  Transparence*

•  Vie*privée*•  Indépendance*

des*pouvoirs*publics*

•  Inclusion*•  Transparence*•  Démocra3e$

•  Vie*privée*•  Liberté*•  Inclusion*

Légende:*En*gras:***Non$gras:$

Enjeux$éthiques$dont$la$présence$à$ceCe$étape$de$l’IdO$a$été$iden3fiée$dans$la$liCérature$Enjeux$éthiques$poten3els,$dont$la$présence$à$ceCe$étape$de$l’IdO$n’a$pas$été$iden3fiée$dans$la$liCérature$

Analyse*(erces*par(es*


Pageviii CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018

FigureC:ThreatsPertainingtoIssuesofthePublicGood,SocialInclusion,SeparationoftheGovernmentandBusinessSpheres,andFreedom

FigureD:ThreatsPertainingtoPrivacyandTransparency

.






•  Tyrannie(transparence((L)(

•  Analyses(prédic4ves(orientent(choix((L)(

•  Analyses(prescrip4ves(décident(de(l’accès((L)(

•  Profilage((IC(&(L)(•  Discrimina4on(

par(analyse(algorithme((IC)(

•  Fracture(numérique(affecte(accès((IC)(

•  Offre(bonifiée(mais(non(publique(


•  Analyses(prescrip4ves(décident(de(l’accès((L)(



•  Inves4ssements(spa4alement(inégaux((IC)(

•  Influence(des(intérêts(privés((ID)(

•  Verrouillage(technologique((ID)(

•  NonMpropor4onnalité(des(moyens((BC)(

•  Manque(de(consensus,(délibéra4on(démocra4que((BC,(D)(

•  Manque(de(bienfaits(pour(la(collec4vité(et(démocra4e((BC,(D)(

Légende:*Les(ini4ales(entre(parenthèses(se(réfèrent(à(l’enjeu(auquel(se(raTache(la(menace:(pour(bien(commun((BC),(inclusion((IC),(indépendance(des(pouvoirs(publics((ID)(et(liberté((L)(






•  Vulnérabilité+des+systèmes+et+données+

•  Manque+d’assen6ment+citoyen+pour+la+collecte+

•  Sen6ment+d’être+surveillé+

•  Généra6on+de+portraits+personnels+(via+combinaison,+ré?iden6fica6on,+inférence)+

•  Suivi+géographique+•  U6lisa6on+des+

données+pour+des+fins+différentes+de+celles+communiquées+

•  Opacité+des+systèmes+

•  Dissémina6on+de+données+personnelles+confiden6elles+

•  Dissémina6on+de+données+personnelles+non?confiden6elles+

•  Mise+à+disposi6on+de+données+qui+peuvent+contribuer+à+générer+des+portraits+personnels+par+autrui+

•  Qualité+des+données+

•  Idem+que+l’analyse+à+l’interne.+

.


FigureE:ThreatsPertainingtoTransformationofGovernanceandtheCity

IssueAnalysisandManagementPrinciples

Thesecondcontributionofthisreportisalistofprinciplestoapplyinexaminingandmanagingissues.Thislistisdesignedtoincorporatethekeyprinciplesforaddressingissuesofethicsandsocialacceptabilityarising out of IoT. It is intended to help determine the appropriate approach in an environmentcharacterizedbychange,innovation,transformationofthesocialbondandalossofethicalreferences.

Wedecidedtobuildonallrelevantexistingguidelinesonthesubject,indevelopingthislist,ratherthanstart from scratch. We have accordingly considered the principles proposed for IoT, the smart city,artificialintelligenceandbigdataresearch.Thefollowingboxoutlinesourprocedure:

ProcedureforDevelopingtheListofPrinciples

1. Createaninventoryofexistingrelevantprinciples.

2. Extractandexamineallprinciples,tounderstandtheircharacteristicsandseehowtheyoverlap.

3. Develop a final list of principles pertaining to IoT and the completenesswith respect to other listsconsulted.

4. Consideroverlapsbetweentheproposedlistofprinciplesandtheliteraturereview’sfindings.

5. Identifyprinciplesthatshouldbeenhancedandsubsequentsteps.

We selected lists of existing principles based on their relevance and importance. The following tableidentifiesthesedocuments,groupedbytheirtechnologicalorthematicfocus.Section3.3presentstheselistsindetail.






•  Décisions(pour(l’op.misa.on(et(non(l’op.mum(social(

•  Percep.on(de(l’impact(de(l’accroissement(des(ondes(électromagné.ques(dans(la(ville(sur(la(santé(

.

•  Transforma.on(en(espace(prévisible(et(individualisé(


•  Dilu.on(de(la(responsabilité(décisionnelle(

•  Réduc.on(du(champ(des(possibles(

•  Impact(sur(l’environnement(


Pagex CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018

TableA:ListsofPrinciplesConsidered

Category ListsofPrinciples

Generalprivacyprinciples • CanadianPIPEDAfairinformationprinciples• FairInformationPracticePrinciples(FIPPs)• OECDGuidelines• PrivacybyDesign• InformationandPrivacyCommissionerof7

FoundationalPrinciplesofPrivacybyDesign• CityofSeattlePrivacyPrinciples• EUgenerallegislationof1990and2018

GeneralIoTandsmartcityprinciples

• RecommendationsonsmartcitiesintheOpinionofQuébec’sCommissionenéthiquesciencesettechnologie

• NYC’sGuidelinesforBuildingaSmart+EquitableCity

Artificialintelligenceprinciples2 • AsilomarAIPrinciples• FairAutomationPracticePrinciples(FAPPs)• TheMontrealDeclarationforaResponsible

DevelopmentofArtificialIntelligence

Bigdataprinciples3 • Tensimplerulesforresponsiblebigdataresearch

Codesofconduct • ACMCodeofEthicsandProfessionalConduct• IEEECodeofConduct4

Wedrewupafinallistofprinciples,drawingonthe13documentsappearinginTableA.Theseprincipleswerethenclassified,summarizedanddistilledtoproduceafinallist,inlinewiththefollowingcriteria:

2TheIEEE’sdeliberations(IEEE,2017)onartificialintelligencecanbeaddedtothislistforsubsequentcontributionstotheinventory.3 The principles presented in the article by Richards and King (2014) could be added here for subsequentcontributionstotheinventory.4ACMandIEEEjointlyproducedacode,butwedidnotcoveritinthisstudy.SinceIEEEisintheprocessofcreatinganewversionof itsowncode,wedecidedtostick to the latestcodes, rather than thoseproducedaspartofacollaborativeprocess.


• Comprehensiveness:maximumcoverageoftopicsidentifiedinthelistsofprinciplesconsulted.• Relevance:alltopicsdirectlypertaintothemanagementofethicalissuesandthevarious

technicalcomponentsoftheIoTsystem.5• Fromthegeneraltothespecific:identificationofalimitednumberofgeneralprinciplesand

dividingthemintomorespecificones.

Obviously,ourproposedframeworkisastartingpoint.Itmustevolveandbecomemorerobustthroughconsultationandverificationofother referencedocuments,deliberationswithin the city andbroaderconsultationswithstakeholders.

Thefollowingtablepresentsthe11keyprinciplesproposed.TheycanthenbebrokenintosubprinciplesorspecificprinciplesaspresentedinAppendixG.6Determiningthefinalprinciplesanddesiredlevelsofspecificityisuptothecity.

5 However, the study did not cover principles on overall good IoT governance (in terms of infrastructuremaintenance,efficiency,etc.).6AppendixGalsotransparentlydescribesthesourcesofthekeyprinciplesproposed(thelist,frameworkorcodefromwhichtheyweretaken),aswelloflistsofprinciplesthatoverlapincertainareas.


Pagexii CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018

TableB:ListofProposedPrinciples

*Therehasbeenmuchdebateoverdefiningprivacy.Inthisreport,thetermreferstopersonalfreedomagainstanyphysicalintrusion,anyinterferenceinpersonallifeandanyimpedimenttoaperson’sabilitytocontroltheaccessanduseoftheirpersonalinformation.

Generally,theissuesandthreatsdocumentedintheliteraturereview(asappearinFiguresC,DandE)arerelativelywellcoveredbythelistofprinciplesproposed.Justtheissuesof“freedom”and“transformationofthecity”receiveonlypartialtreatmentbythisframework,towhichwehaveaddedgeneralorspecificprinciples(tobedefined)toensurecompletecoverage,asexplainedinSection4.1.

Thème& Principe&

Bien&commun& Assurer&que&l’IdO&soit&au&service&du&bien&commun&et&de&la&recherche&d’un&op8mum&social.&

Démocra3e&et&par3cipa3on&citoyenne&

Promouvoir&la&par8cipa8on&citoyenne&pour&définir&une&vision&concertée&du&projet&de&l’IdO&et&s’assurer&que&celui?ci&soit&l’objet&de&délibéra8on&démocra8que&

Vie&privée& Protéger&et&respecter&la&vie&privée*&des&citoyens&

Transparence& Être&transparent&sur&le&«&qui,&quoi,&quand,&où,&&pourquoi&et&comment&»&de&la&collecte,&la&transmission,&le&traitement&et&l’u8lisa8on&

Sécurité& Concevoir&et&opérer&le&système&IdO&en&toute&sécurité&afin&de&protéger&le&public,&assurer&l’intégrité&des&services&et&être&résilient&face&aux&aLaques&

Bonne&ges3on&des&données&

Concevoir&et&opérer&le&système&IdO&en&toute&sécurité&afin&de&protéger&le&public,&assurer&l’intégrité&des&services&et&être&résilient&face&aux&aLaques&

Évalua3ons&et&conséquences&

Réaliser&des&évalua8ons&d’impact&sur&enjeux&éthiques&pour&tous&nouveaux&programmes&de&données&et&veiller&à&l’analyse&des&conséquences&à&long&terme&sur&les&valeurs&sociales&élargies&

Équité&et&inclusion&

MeLre&tous&les&moyens&en&œuvre&pour&que&le&traitement&accordé&tous&soit&juste&et&impar8al.&Éviter&le&profilage,&la&discrimina8on&et&le&renforcement&des&inégalités&pour&développer&un&projet&inclusif&

Autonomie&des&pouvoirs&publics&

Assurer&l’autonomie&de&la&sphère&publique&et&la&primauté&de&l’intérêt&public&par&rapport&aux&intérêts&privés&

Systèmes&explicables&

Concevoir&des&systèmes&auditables&et&dans&des&cas&de&prise&de&décision&automa8sée,&donner&aux&individus&accès&aux&logiques&qui&président&dans&la&décision,&ainsi&qu’une&explica8on&des&données&u8lisées&(quelle&donnée,&quelle&source,&comment&est?elle&mobilisée)&

Liberté& Assurer&que&le&citoyen&puisse&préserver&son&sen8ment&de&liberté&


NextSteps

WhilethelistofproposedprinciplesisthefruitofameticulousefforttoamassexistingbestpracticesfordealingwiththeethicalandsocialissuesofanIoTsystem,asplannedforMontréal,thereareseveralstepsinvolved in perfecting this list and making it fully useful. Section 4.2 presents subsequent stepsrecommended for future enhancement of the list, including: 1) Debating, reformulating as required,selectingandvalidatingthe10proposedprinciplesandtheirspecificrelatedprincipleswithinandwithoutcitygovernment.2)Identifyinganymissingspecificprinciples.3)AsdiscussedinSection4.1.,reinforcingweakspecificprinciples.4)IdentifyinghowtheframeworkdefinesspecificpracticesateachstageoftheIoT system. In other words, we must be able to express the stated principles as specific practicesapplicabletothedailyroutinesofcityofficials.

Conclusion

This report presents frameworks designed to guideMontréal in developing one or more conceptualframeworksforethicalgovernanceofIoT.Aspreviouslymentioned,theseelementsdonotontheirownconstitute complete conceptual frameworks.However, theyare importantmilestones indevelopingamorecompleteframework.Todate,theseelementscanmakesignificantcontributionstothedeploymentof optimal analytical and management practices, and taking action on issues of ethics and socialacceptabilitywithrespecttoMontréal’sIoTsystem.Inotherwords,wecanonlydealwiththeuncertaintyand changes due to the deployment in the city of new technologies by adopting tools to support anongoing watch of emerging issues and develop corresponding practices that will contribute to thedialogueonthenextstepstotakeandsociety’schoicesinthematter.


Pagexiv CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018

Contents

RESEARCHTEAM................................................................................................................................................IVSUMMARY..........................................................................................................................................................V

CONTENTS........................................................................................................................................................XIV

TABLES..............................................................................................................................................................XV

FIGURES...........................................................................................................................................................XVI

ABBREVIATIONSANDACRONYMS....................................................................................................................XVI

1 INTRODUCTION............................................................................................................................................1

2 ISSUE-IDENTIFICATIONFRAMEWORK...........................................................................................................22.1 KEYCOMPONENTSOFTHEIOTSYSTEM.................................................................................................................2

2.2 ISSUESIDENTIFIEDINTHELITERATUREREVIEW.......................................................................................................3

2.3 PROPOSEDISSUEIDENTIFICATIONSUPPORTFRAMEWORK.........................................................................................5

3 ISSUEANALYSIS/MANAGEMENTPRINCIPLES...............................................................................................9

3.1 PROCEDURE.....................................................................................................................................................9

3.2 INVENTORYOFEXISTINGPRINCIPLES,ALONGWITHOVERLAPSANDDIFFERENCES........................................................10

3.3 LISTSOFPRINCIPLESCONSIDERED......................................................................................................................12

3.3.1 CanadianPIPEDAFairInformationPrinciples........................................................................................123.3.2 FairInformationPracticePrinciples(FIPPs)andOECDGuidelines........................................................13

3.3.3 PrivacybyDesignandtheInformationandPrivacyCommissionerof7FoundationalPrinciplesofPrivacybyDesign............................................................................................................................................................14

3.3.4 CityofSeattlePrivacyPrinciples............................................................................................................15

3.3.5 DrawingonEuropeanRegulations........................................................................................................16

3.3.6 OpinionoftheCommissiond’ÉthiqueSciencesetTechnologieduQuébecsurlaVilleIntelligente......18

3.3.7 NYC’sGuidelinesforBuildingaSmart+EquitableCity.........................................................................183.3.8 AsilomarBeneficialIAPrinciples............................................................................................................19

3.3.9 FairAutomationPracticePrinciples.......................................................................................................21

3.3.10 TheMontrealDeclarationforaResponsibleDevelopmentofArtificialIntelligence.........................23

3.3.11 TenSimpleRulesforResponsibleBigDataResearch........................................................................24

3.3.12 ACMCodeofEthicsandProfessionalConduct..................................................................................25

3.3.13 IEEECodeofConduct........................................................................................................................27

4 LISTOFPROPOSEDPRINCIPLES..................................................................................................................284.1 ANALYSISOFOVERLAPSBETWEENTHEPROPOSEDFRAMEWORKANDTHELITERATUREREVIEW.....................................31

4.2 NEXTSTEPSINDEVELOPINGTHEFRAMEWORK.....................................................................................................32

4.2.1 EnhancingCertainPrinciples.................................................................................................................32

4.2.2 NextStepsPlanned................................................................................................................................34


5 CONCLUSION..............................................................................................................................................36

6 BIBLIOGRAPHY...........................................................................................................................................37

APPENDIXACOMPLETELISTOFPRINCIPLESCONSIDEREDFORANALYSIS...........................................................39

APPENDIXBVALUESANDPRINCIPLESOFSMARTCITIESSERVINGTHECOMMONGOOD(CÉSTQ,2017).............40

APPENDIXCNYC’SGUIDELINESFORBUILDINGASMART+EQUITABLECITY.......................................................43

APPENDIXDASILOMARAIPRINCIPLES...............................................................................................................48Research Issues.............................................................................................................................................................48Ethics and Values..........................................................................................................................................................48Longer-term Issues........................................................................................................................................................49

APPENDIXEMONTRÉALDECLARATION..............................................................................................................50

APPENDIXFACMCODEOFETHICS(2018)...........................................................................................................54

APPENDIXGLISTOFGENERALANDSPECIFICPRINCIPLES...................................................................................61

Tables

TABLE1:LISTSOFPRINCIPLESCONSIDERED........................................................................................................11

TABLE2:PIPEDAFAIRINFORMATIONPRINCIPLES(DEPARTMENTOFJUSTICECANADA,2017)...........................12

TABLE3:THE INFORMATIONANDPRIVACYCOMMISSIONEROF7FOUNDATIONALPRINCIPLESOFPRIVACYBYDESIGN(INFORMATIONANDPRIVACYCOMMISSIONEROFONTARIO(2015).....................................................15TABLE4:PRINCIPLESOFTHE1990EUROPEANDIRECTIVE...................................................................................17

TABLE5:ASILOMARBENEFICIALIAPRINCIPLES..................................................................................................20

TABLE6:FAIRAUTOMATIONPRACTICEPRINCIPLES(JONES,2015).....................................................................22

TABLE7:EXTRACTFROMTHEMONTRÉALDECLARATION...................................................................................23

TABLE8:LISTOF11PRINCIPLES..........................................................................................................................29

TABLE9:ADDITIONALPRINCIPLESIDENTIFIEDINTHELITERATUREREVIEW........................................................31


Pagexvi CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018

Figures

Figure1:ComponentsofMontréal’sIoTsystem...................................................................................................2

Figure2:EthicalIssuesandRelatedThreatsinthePlanningandDataCollection/StoragePhases.........................3

Figure3:EthicalIssuesandRelatedThreatsattheDataAnalysisandReleasePhases...........................................4

Figure4:OtherIssuesPertainingtoSocialAcceptabilityandtheCÉSTQ’sOpinion................................................5

Figure5:GeneralFrameworkforIdentifyingIssuesofEthicsandSocialAcceptability..........................................6

Figure6:ThreatsPertainingtoIssuesoftheCommonGood,SocialInclusion,SeparationoftheGovernmentandBusinessSpheresandFreedom.......................................................................................................7

Figure7.ThreatsPertainingtoPrivacyandTransparency.....................................................................................7

Figure8:ThreatsPertainingtoTransformationofGovernanceandtheCity.........................................................8

Figure9:OECDGuidelinesIndividualParticipationPrinciples,TakenfromCÉSTQ(2017)....................................13

Figure10:ExtractofExcelSpreadsheetHighlightsMajorandSpecificPrinciples.................................................30

Figure11:ExtractofExcelSpreadsheetHighlightingSpecificPrinciplesandtheirSources..................................30

Figure12:CertainContextualPrivacyFactorsConsidered(Gaughan,2016,17)...................................................34

Figure13:MajorPrinciplesBrokenDownintoSpecificandPracticalPrinciples...................................................35

AbbreviationsandAcronyms

ACM AssociationofComputingandMachinery

CÉSTQ Commissiond’éthiqueensciencesettechnologiesduQuébec

FAPPs FairAutomationPracticePrinciples

FIPPs FairInformationPracticePrinciples

AI Artificialintelligence

IoT InternetofThings

IEEE InstituteofElectricalandElectronicsEngineers

NYC NewYorkCity

OECD OrganisationforEconomicCooperationandDevelopment


February2018 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK Page1

1 Introduction

ThisreportseekstolayatoguideMontréalindevelopingfordefiningaconceptualframeworkthatcanguide Montréal in establishing a program for considering and managing issues of ethics and socialacceptability associatedwith the technological and analytical systems of an urban Internet of things.Thesesystemsareresponsibleforcollectingdatafrommanysources(municipalsensors,socialnetworks,externaldatabases), internalprocessing,storageandanalysisofsuchdata,aswellasforreleasingthisdataintheformofdatabases,displaysorappsforthepublic.

ThereportbuildsontheLiteratureReview:EthicalIssuesandSocialAcceptabilityofIoTintheSmartCity7(RussoGarrido,etal.,2017),whichidentifiedthemostlikelyissuesforthecity,basedonnumerousstudiesandthepriorexperiencesofmunicipalitiesaroundtheworld.ItseekstoguideMontréal’sdeliberationson developing one or more conceptual frameworks for ethical governance of IoT and proposes twoframeworkstodrivethisprocess:

• FrameworktoassistintheidentificationandanalysisofissuesofethicsandsocialacceptabilityinIoT.

• Alistofprinciplestoguidehowtheseissuesarehandled/.

Theseelementsdonot,ontheirown,constituteacompleteconceptualframework.However,theyareimportantmilestonesinthedevelopmentofamorecompleteandscalableframework.

Section2ofthisreportinitiallyfocusesonthefirstissueidentificationframework,largelybasedontheabove-mentionedliteraturereview.Section3describestheprocessusedindevelopingalistofprinciples.Section4presentsthislist.TheConclusionsummarizeswhathasbeendonesofarandthenextstepstotake.

7TheCompleteTitleIs:FinalReport#1ForBatch5oftheIoTStandardsDevelopmentProjectLiteratureReview:EthicalIssuesandSocialAcceptabilityofIoTintheSmartCity.


Page2 CONTRIBUTIONSTOTHECONCEPTUALFRAMEWORK February2018

2 Issue-IdentificationFramework

Ourframeworkforidentifyingethicalandsocialissuesisdesignedtoprovidedecision-makerswithatoolthatcanhelpthemidentifyandstudyissuesassociatedwiththeIoTproject.Thisframeworkisbasedontwocoreelements:

• KeycomponentsoftheIoTsystem,asoperatedbythecity.• EthicalissuesidentifiedintheliteraturereviewandintheopinionoftheCommissiond’éthique

ensciencesettechnologieduQuébecsurlesvillesintelligentes(CÉSTQ,2017).

Inshort,thisframeworkisbasedontheconclusionsoftheliteraturereviewthatconstitutesthefirstpartofthisproject,addingsomenewideastakenfromCÉSTQ’sopinion(2017).Whiletheframeworkcontainsnooriginalresearch,itspresentsanewstructurefortheinformationappearinginthefirstreportunderthisproject.

2.1 KeyComponentsoftheIoTSystem

Asmentioned in the Introduction, IoT systems are responsible for collecting data frommany sources(municipalsensors,socialnetworks,externaldatabases),internalprocessing,storageandanalysisofsuchdata, aswell as for releasing this data in the form of databases, displays or apps for the public. ThefollowingfigurepresentsasimplifiedviewofMontréal’sIoTsystem:

Figure1:ComponentsofMontréal’sIoTsystem

Asexplainedintheliteraturereview,thesystemcanbebrokendownintothefourmainphasesofsystemactivities:

.

Version mise à jour

.

Légende'des'grandes'étapes:'!!!!!!!!!!!!!!!! !Planifica)on!du!projet!de!l’IdO!! !Collecte!et!stockage!des!données!

!Analyse!des!données!(interne!ou!externe!à!l’administra)on)!!Ouverture!des!données!et!services!citoyens!numériques!

!

Installa)on!

Données!captées!

Transport!

Stockage!temporaire!

Stockage!ins)tu)onnel!

Analyse!tempsFréel!

Analyse!de!flux!

Analyses!interac)ve!&!en!lot!

Ouverture!des!

données!Analyse!(données!

périodiques!ou!interac)ves)!

Visualisa)on!des!données!

et/ou!Résultats!pour!prises!de!décisions!

Analyse!et!développement!d’applica)ons!

par!les!citoyens/entreprises!!

Applica)ons!offertes!aux!citoyens!

Planifica)on!du!projet!d’IdO!

Archivage!!

Destruc)on!des!données!!

Données!externes!



• IoTprojectplanning.• Datacollectionandstorage.• Dataanalysis(internaloroutsidethecity)• Opendataanddigitalservicesforthepublic.

2.2 IssuesIdentifiedintheLiteratureReview

Figures2,3and4summarizepotential issuesofethicsorsocialacceptabilitythatare identifiedintheliterature.TheseissuesaregroupedbythemajorIoTsystemphaseinwhichtheyoccur.Phase-specificthreatsthatgiverisetosuchtheseethicalissuesarealsoindicated,asfoundintheliterature.

Figure 4 also highlights IoT-related ethical issues named in the opinion on smart cities issued by theCommissiond’éthiqueensciencesettechnologiesduQuébec(CÉSTQ,2017).Thefiguredoesnotincludeall elements identified by the CÉSTQ, but only those that pertain to IoT and complement the issuesidentifiedintheliteraturereview.

Figure2:EthicalIssuesandRelatedThreatsinthePlanningandDataCollection/StoragePhases

2

.

.

Planifica(on*du*projet*de*l’IdO

Collecte*et*stockage*des*données*

1.  Orienta*on,des,inves*ssements,au,détriment,d’autres,enjeux,urbains,

2.  Inégalité,des,inves*ssements,du,point,de,vue,géographique

1.  Sécurité,des,systèmes,et,données,2.  Manque,d’assen*ment,citoyen,pour,la,

collecte,3.  Sen*ment,d’être,surveillé

1.  Façonnement,du,projet,par,intérêts,privés,

2.  Verrouillage,technologique,et,mennotage,contractuel,

3.  Développement,d’une,dépendance,à,la,généra*on,des,revenus,de,vente,des,données,

1.  Sécurité,des,systèmes,et,données,

1.  Tyrannie,de,la,transparence,con*nue,2.  Bonifica*on,des,données,disponibles,

pour,une,cybersurveillance,ubiquitaire,

Inclusion,

Indépendance,des,pouvoirs,publics,

Vie,privée,

Transparence,et,fiabilité,

Liberté,



Figure3:EthicalIssuesandRelatedThreatsattheDataAnalysisandReleasePhases

3

.

.

1.  Généra(on*de*portraits*personnels*(via*combinaison,*ré8iden(fica(on,*inférence)*

2.  Suivi*géographique*3.  U(lisa(on*des*données*pour*des*fins*

différentes*de*celles*communiquées

Analyse(des(données Ouverture(des(données(et(services(citoyens(numériques(

1.  Dissémina(on*de*données*personnelles*confiden(elles*

2.  Dissémina(on*de*données*personnelles*non8confiden(elles*

3.  Mise*à*disposi(on*de*données*qui*peuvent*contribuer*à*générer*des*portraits*personnels*par*autrui

1.  Discrimina(on*par*analyse*algorithmique*

1.  Accès*inéquitable*aux*services*et*données*(fracture*numérique*et*personnalisa(on)*

2.  Accès*inéquitable*à*l’exploita(on*des*données*ouvertes*

3.  Offre*limitée*pour*les*popula(ons*défavorisées*

1.  Offre*de*services*bonifiée*mais*non*publique*1.  Opacité*des*systèmes*et*analyses*

1.  Qualité*des*données*ouvertes*

1.  Analyses*prédic(ves*orientent*les*choix*des*individus*

2.  Analyses*prédic(ves*décident*de*l’accès*des*individus*à*des*opportunités*

3.  Le*profilage*freine*la*capacité*des*individus*à*se*ré8inventer*

Vie*privée*

Inclusion*

Transparence*et*fiabilité*

Indépendance*des*pouvoirs*publics*

Libe

rté*

Vie*privée*

Inclusion*

Transparence*et*fiabilité*

1.  Décisions*pour*l’op(misa(on*et*non*l’op(mum*social*

2.  Dilu(on*de*la*responsabilité*décisionnelle*

3.  Déterminisme*4.  Réduc(on*du*champ*des*possibles*Tr

ansforma(

ons*

gouvernance*



Figure4:OtherIssuesPertainingtoSocialAcceptabilityandtheCÉSTQ’sOpinion

2.3 ProposedIssueIdentificationSupportFramework

Based on the IoT system’smain components, the ethical and social issues identified in the literaturereview,andtheopinionoftheCommissiond’éthiqueensciencesettechnologieduQuébec,weproposethefollowingframeworkforhigh-level identificationofethical issues.Asappears inthe legend, issuescorrespondingwithaparticularIoTphase(planning,analysis,etc.)andappearinginboldcharactersareethicalonesidentifiedintheliterature.Non-boldeditemsattheIoTphasearepotentialissuesthathavebeennotbeenidentifiedintheliterature,butcouldstillbepresent.

1

.

.

Autres'enjeux'poten-els''pour'l’acceptabilité'sociale

1.  Transforma+on,en,espace,prévisible,et,individualisé,

2.  Impact,sur,l’environnement,

Transforma+on,de,la,ville,

1.  Décisions,pour,l’op+misa+on,et,non,l’op+mum,social,

2.  Dilu+on,de,la,responsabilité,décisionnelle,

3.  Déterminisme,4.  Réduc+on,du,champ,des,

possibles,

Transforma+on,de,la,gouvernance,

Enjeux'complémentaires'iden-fiés'par'la'CÉSTQ'(et'non'couverts'par'la'revue'de'li@érature)'

1.  Les,moyens,peuvent,ne,pas,être,propor+onnels,aux,fins,poursuivies,

Propor+onnalité,

1.  Le,projet,peut,ne,pas,concilier,pas,les,valeurs,et,intérêts,pluriels,des,citoyens,

2.  Le,projet,peut,ne,pas,entraîner,des,bénéfices,pour,la,collec+vité,

Bien,commun,

1.  Les,citoyens,sont,des,acteurs,poli+ques,,pas,des,consommateurs,

2.  Le,projet,peut,ne,pas,soutenir,les,dimensions,par+cipa+ves,,délibéra+ve,,représenta+ve,ou,décisionnelle,de,la,démocra+e,

3.  Le,projet,peut,ne,pas,être,l’objet,d’une,délibéra+on,démocra+que,

Démocra+e,



Figure5:GeneralFrameworkforIdentifyingIssuesofEthicsandSocialAcceptability

Whileaframeworkliketheonepresentedbelowcanserveingeneralconsiderationsofthistopic, it isusefultoemploymorespecificframeworksthatnotonlyidentifybroadissues,butthatlisttheactivitiesand situations that couldgive rise toethicalor social issues. The following figuresprovide thisdetail.Figure6concerns issuesandthreatspertainingtoprivacyandtransparency.Figure7dealswith issuesand threats pertaining to the common good, social inclusion, and separation of the government andbusinessspheres.Figure8focusesonissuesandthreatspertainingtotransformationofgovernanceandthecity.

.





•  Bien*commun*•  Inclusion*•  Indépendance*des*

pouvoirs*publics*•  Vie$privée$•  Liberté$•  Transparence$•  Propor3onnalité$•  Démocra3e$•  Transforma3on$

gouvernance$•  Transforma3on$de$

la$ville$

•  Vie*privée*•  Liberté*•  Transparence*•  Propor3onnalité$

•  Vie*privée*•  Liberté*•  Inclusion*•  Transparence*

•  Vie*privée*•  Indépendance*

des*pouvoirs*publics*

•  Inclusion*•  Transparence*•  Démocra3e$

•  Vie*privée*•  Liberté*•  Inclusion*

Légende:*En*gras:***Non$gras:$

Enjeux$éthiques$dont$la$présence$à$ceCe$étape$de$l’IdO$a$été$iden3fiée$dans$la$liCérature$Enjeux$éthiques$poten3els,$dont$la$présence$à$ceCe$étape$de$l’IdO$n’a$pas$été$iden3fiée$dans$la$liCérature$




Figure6:ThreatsPertainingtoIssuesoftheCommonGood,SocialInclusion,SeparationoftheGovernmentandBusinessSpheresandFreedom

Figure7.ThreatsPertainingtoPrivacyandTransparency

.






•  Tyrannie(transparence((L)(


•  Analyses(prédic4ves(décident(de(l’accès((L)(



•  Fracture(numérique(affecte(accès((IC)(

•  Offre(bonifiée(mais(non(publique(


•  Analyses(prédic4ves(décident(de(l’accès((L)(



•  Inves4ssements(spa4alement(inégaux((IC)(

•  Influence(des(intérêts(privés((ID)(

•  Verrouillage(technologique((ID)(

•  NonMpropor4onnalité(des(moyens((BC)(

•  Manque(de(consensus,(délibéra4on(démocra4que((BC,(D)(

•  Manque(de(bienfaits(pour(la(collec4vité(et(démocra4e((BC,(D)(

Légende:*Les(ini4ales(entre(parenthèses(se(réfèrent(à(l’enjeu(auquel(se(raTache(la(menace:(pour(bien(commun((BC),(inclusion((IC),(indépendance(des(pouvoirs(publics((ID)(et(liberté((L)(






•  Vulnérabilité+des+systèmes+et+données+

•  Manque+d’assen6ment+citoyen+pour+la+collecte+

•  Sen6ment+d’être+surveillé+

•  Généra6on+de+portraits+personnels+(via+combinaison,+ré?iden6fica6on,+inférence)+

•  Suivi+géographique+•  U6lisa6on+des+

données+pour+des+fins+différentes+de+celles+communiquées+

•  Opacité+des+systèmes+

•  Dissémina6on+de+données+personnelles+confiden6elles+

•  Dissémina6on+de+données+personnelles+non?confiden6elles+

•  Mise+à+disposi6on+de+données+qui+peuvent+contribuer+à+générer+des+portraits+personnels+par+autrui+

•  Qualité+des+données+

•  Idem+que+l’analyse+à+l’interne.+

.



Figure8:ThreatsPertainingtoTransformationofGovernanceandtheCity







•  Percep.on(de(l’impact(de(l’accroissement(des(ondes(électromagné.ques(dans(la(ville(sur(la(santé(

.

•  Transforma.on(en(espace(prévisible(et(individualisé(


•  Dilu.on(de(la(responsabilité(décisionnelle(

•  Réduc.on(du(champ(des(possibles(

•  Impact(sur(l’environnement(



3 IssueAnalysis/ManagementPrinciples

The list of principles to apply in reviewing andmanaging issues is intended to incorporate themostrelevantprinciplesfordealingwithissuesofethicsandsocialacceptabilityduetotheIoTproject.Thelistprovidesguidanceandbasicrulesforexamininganddealingwiththemoredifficultcasesarisingoutofthisproject.Theseprinciplesareintendedtoactasaroadmapinanenvironmentcharacterizedbychange,innovation,transformationofthesocialbondandlossofethicalreferences.

3.1 Procedure

WedecidedtobuildonallexistingguidelinespertainingtoeverytechnologicalandanalyticalcomponentoftheIoTsystemindevelopingthislist,ratherthanstartfromscratch.Wehaveaccordinglyconsideredthe principles proposed for IoT, the smart city, artificial intelligence and big data research.We havestudiedtheseprinciplesto identifyoverlapsamongthose identified inthe literature,aswellasothersofferingnewandvaluableperspectives.Weultimatelydevelopedafinallisttailoredtothesystemunderconsideration.Wethencomparedourfinallistwiththeliteraturereviewtopinpointfurtherquestionsforstudy. The following box outlines our procedure,with each step considered in detail in the followingsections.

ProcedureforDevelopingtheListofPrinciples

1. Createaninventoryofexistingrelevantprinciples.

2. Extractandexamineallprinciples,tounderstandtheircharacteristicsandseehowtheyoverlap.

3. Develop a final list of principles pertaining to IoT and the completenesswith respect to other listsconsulted.

4. Consideroverlapsbetweentheproposedlistofprinciplesandtheliteraturereview’sfindings.

5. Identifyprinciplesthatshouldbeenhancedandsubsequentsteps.



3.2 InventoryofExistingPrinciples,AlongwithOverlapsandDifferences

Existinglistsofprincipleswereselectedfor:

• TheirrelevancetooneormoretechnologicaloranalyticalcomponentsoftheIoTsystem.Inparticular,weconsideredprinciplespertainingtobigdata,algorithms,artificialintelligenceandinformationsystems.

• Theirubiquitousmentionintheliterature,basedonthefrequencywithwhichtheywerecitedandreferencestothembyotherwriters.

Weprimarilyspoketoresearchersandstakeholders in the field,butalsoperformedWebsearches8inmaking these selections. The four basic documents that contributedmost to our studywere: 1) RobKitchin’sreport(2016)“Gettingsmarteraboutsmartcities:Improvingdataprivacyanddatasecurity.”2)MegLetaJones’article(2015)“TheIroniesofAutomationLaw:TyingPolicyKnotswithFairAutomationPrinciples.”3)ThereportoftheCommissiondel’éthiqueensciencesettechnologiesduQuébecsurlesvilles intelligentes (2017). 4) An interview with Kate Crawford inWired magazine (Rosenburg, 2017)entitled”WhyAIisstillwaitingforitsethicstransplant.”

The documents we ultimately selected came from a wide range of sources. Some contain generalprinciplesreflectinganinternational,Canadianorprovincialconsensus.Somearestatementsofprinciplesfromthemunicipalsectorandacademicforums.Othersarecodesofconduct.

Theselecteddocumentsarelistedinthefollowingtableandgroupedaccordingtothetechnologicalortopicalcomponentstheyconcern.Section3.3thenpresentsthelistsofprinciples.

8We primarily used Google Scholar, since its does not automatically exclude grey literature, which this reportpresentsasbeingoffundamentalsignificance.



Table1:ListsofPrinciplesConsidered

Category ListsofPrinciples

Generalprivacyprinciples • CanadianPIPEDAfairinformationprinciples• FairInformationPracticePrinciples(FIPPs)• OECDGuidelines• PrivacybyDesign• InformationandPrivacyCommissionerof7

FoundationalPrinciplesofPrivacybyDesign• CityofSeattlePrivacyPrinciples• EUgenerallegislationof1990and2018

General IoT and smart cityprinciples

• RecommendationsonsmartcitiesintheOpinionofQuébec’sCommissionenéthiquesciencesettechnologie

• NYCIoTGuidelines

Artificialintelligenceprinciples9 • AsilomarAIPrinciples• FairAutomationPracticePrinciples(FAPPs)• TheMontrealDeclarationforaResponsible

DevelopmentofArtificialIntelligence

Bigdataprinciples10 • Tensimplerulesforresponsiblebigdataresearch

Codesofconduct • ACMCodeofEthicsandProfessionalConduct• IEEECodeofConduct11

Weexaminedtheseliststofindoverlapsbetweenprinciples,aswellastodistinguishthefeaturesofeach.WebeganbyenteringalloftheprinciplesonanExcelspreadsheet.Thisresultedin80separateprinciplesthatwecouldgrouparoundcommonconcepts.AppendixApresentsthecompletesetofprinciples.Wethenidentifiedoverlapsbetweenanddifferencesamongtheprinciples,toextractalistofcoreprinciplesbackedbyacertainconsensus,whileprovidingcomprehensivecoverageoftheethicalissuesidentifiedintheliterature.Section4presentsthisfinallist.

9TheIEEE’sdeliberations(IEEE,2017)onartificialintelligencecanbeaddedtothislistforsubsequentcontributionstotheinventory.10 The principles presented in the article by Richards and King (2014) could be added here for subsequentcontributionstotheinventory.11ACMandIEEEjointlyproducedacode,butwedidnotcoveritinthisstudy.SinceIEEEisintheprocessofcreatinganewversionof itsowncode,wedecidedtostick to the latestcodes, rather thanthoseproducedaspartofacollaborativeprocess.



3.3 ListsofPrinciplesConsidered

Thissectiondescribeseachofthelistsconsidered,asappearinTable1,above.

3.3.1 CanadianPIPEDAFairInformationPrinciples

ThePersonal InformationProtectionandElectronicDocumentsAct (JusticeCanada,2017)setsoutFairinformationprinciples.

ThislistwasselectedbecauseitappliestoallentitiesbasedinCanadaandbecausetheseprinciplesformtheverycoreofCanadianprivacyprotectionlegislation.

Table2:PIPEDAFairInformationPrinciples(DepartmentofJusticeCanada,2017)

Principles Explanation

Principle1-Accountability An organization is responsible for personal information under its control. It mustappoint someone to be accountable for its compliancewith these fair informationprinciples.

Principle2-IdentifyingPurposes

Thepurposesforwhichthepersonalinformationisbeingcollectedmustbeidentifiedbytheorganizationbeforeoratthetimeofcollection.

Principle3-Consent Theknowledgeandconsentoftheindividualarerequiredforthecollection,use,ordisclosureofpersonalinformation,exceptwhereinappropriate.

Principle4-LimitingCollection

Thecollectionofpersonalinformationmustbelimitedtothatwhichisneededforthepurposes identified by the organization. Informationmust be collected by fair andlawfulmeans.

Principle5-LimitingUse,Disclosure,andRetention

Unlesstheindividualconsentsotherwiseoritisrequiredbylaw,personalinformationcanonlybeusedordisclosed for thepurposes forwhich itwascollected.Personalinformationmustonlybekeptaslongasrequiredtoservethosepurposes

Principle6-Accuracy Personal informationmustbeas accurate, complete, andup-to-dateaspossible inordertoproperlysatisfythepurposesforwhichitistobeused

Principle7-Safeguards Personal information must be protected by appropriate security relative to thesensitivityoftheinformation.

Principle8-Openness An organization must make detailed information about its policies and practicesrelatingtothemanagementofpersonalinformationpubliclyandreadilyavailable.

Principle9-IndividualAccess Uponrequest,anindividualmustbeinformedoftheexistence,use,anddisclosureoftheirpersonalinformationandbegivenaccesstothatinformation.Anindividualshallbeabletochallengetheaccuracyandcompletenessofthe informationandhave itamendedasappropriate.

Principle10-ChallengingCompliance

Anindividualshallbeabletochallengeanorganization’scompliancewiththeaboveprinciples. Their challenge should be addressed to the person accountable for theorganization’scompliancewithPIPEDA,usuallytheirChiefPrivacyOfficer.



3.3.2 FairInformationPracticePrinciples(FIPPs)andOECDGuidelines

The Fair Information Practice Principles (FIPPs) andOECDGuidelines on the Protection of Privacy andTransborderFlowsofPersonalDataarecentraltoCanadianPIPEDAfairinformationprinciples(above),aswellasprinciplesgoverningmostWesternlegislationinthisarea(RichardsandKing,2014;Cate,2006),makingthemfundamentalprinciples.

FIPPs were published in the United States in 1973. 12 These five principles are also summarized asopenness,uselimitation,individualparticipation(righttoobtain/correctdata),dataqualityandsecuritysafeguards.FIPPswereeventuallyupdatedandenhancedintheformoftheOECDGuidelines.

InhisreportpresentingsmartcityprivacygovernancerecommendationsforDublin,RobKitchin(2016)proposedbasingitsgovernanceframeworkonFIPPs,OECDGuidelinesandPrivacybyDesignprinciples(Kitchin, 2016). Kitchin did however note that several critics of the FIPPs and OECD Guidelines haveclaimedthattheserulesdonotadequatelyaddresstheissueofharmcausedbypredictiveanalysis,whichistheresultofinference,datasharing,reuseofdatafornewpurposesand,generally,unpredictabledatause inanageofbigdata. Furthermore,whilenotice andconsent are included in FIPPsand theOECDGuidelines,itisgenerallyacknowledgedthattheyhavenot,todate,beentrulyeffectiveinthesmartcity(Kitchin,2016).WeshallexaminethesepointsfurtherinSection4.

Since the Canadian standards appearing in Section 3.3.1 are largely drawn on the FIPPs and OECDGuidelines,thesedocumentsarequitesimilar.However,thefollowingdifferencesshouldbenoted:

• TheOECDGuidelinesstatethattheuseofpersonaldatashouldnotbeincompatiblewiththepurposesforwhichitwascollected.

• TheOECDGuidelinesstatethatthereshouldbeageneralpolicyofopennessastotheidentityandusualresidenceofthedatacontroller.

• TheOECDGuidelinesstate:“Meansshouldbereadilyavailableofestablishingtheexistenceandnatureofpersonaldata,andthemainpurposesoftheiruse.”

• TheOECDGuidelinesincludeadditionaldetailsontheformofopennesswithrespecttopersonaldatashouldtakethroughtheindividualparticipationprinciple,asshowninthefollowingfigure:

Figure9:OECDGuidelinesIndividualParticipationPrinciples,TakenfromCÉSTQ(2017)

12Inthe1973report“Records,Computers,andtheRightsofCitizens,”bytheUSgovernment’sAdvisoryCommitteeonAutomatedPersonalDataSystems.



3.3.3 PrivacybyDesignandtheInformationandPrivacyCommissionerof7FoundationalPrinciplesofPrivacybyDesign

In2015,theInformationandPrivacyCommissionerofOntariopublishedaguideonprivacyandpersonalinformationformunicipalgovernments.TheCommissionerproposedsevenprinciplesformunicipalitiestoapplyintheseareas.TheprinciplesarequitesimilartoPrivacybyDesignrules,whichenforceprivacyprotectionsbydefault.Thismeansassumingthatalldatacollectedis,bydefault,private,unlesscitizenspropose that it is not. This approach incorporates privacy principles in design specifications, IT uses,business practices, physical environments and system/application infrastructures (Cavoukian, 2012;Kitchin,2016).

WeselectedtheOntariostrategysinceitisaCanadianinitiativecorrespondingwiththeissuesraisedbyurbanIoT.ItisalsobasedonPrivacybyDesign,akeysetofprinciplesamongthevariouseffortsaimedatensuringtheprotectionofprivacyinasmartcity,asmentionedbyKitchin(2016)andmanyothers.TheEuropean Union, the US Federal Trade Commission and several other national privacy protectioncommissioners(Kitchin,2016)haveadoptedthisapproach.



Table3:TheInformationandPrivacyCommissionerof7FoundationalPrinciplesofPrivacybyDesign(InformationandPrivacyCommissionerofOntario(2015)

Principle Explanation

ProactivenotReactive ThePrivacybyDesign(PbD)approachischaracterizedbyproactiveratherthanreactivemeasures.Itanticipatesandpreventsprivacyinvasiveeventsbeforetheyhappen.

PrivacyastheDefaultSetting We can all be certain of one thing— the default rules!PrivacybyDesignseekstodeliverthemaximumdegreeofprivacybyensuringthatpersonaldataareautomaticallyprotectedinanygivenITsystemorbusinesspractice.Ifanindividualdoesnothing,theirprivacystillremainsintact.

PrivacyEmbeddedintoDesign PrivacybyDesignisembeddedintothedesignandarchitectureofITsystemsandbusinesspractices.

FullFunctionality—Positive-Sum,notZero-Sum

Privacy by Design seeks to accommodate all legitimateinterests and objectives in a positive-sum “win-win”manner,notthroughadated,zero-sumapproach,whereunnecessarytrade-offsaremade.

End-to-EndSecurity—FullLifecycleProtection

PrivacybyDesign,havingbeenembeddedintothesystempriortothefirstelementof informationbeingcollected,extends securely throughout the entire lifecycle of thedatainvolved.

VisibilityandTransparency—KeepitOpen

PrivacybyDesignseekstoensurethatitscomponent

partsandoperationsremainvisibleandtransparent,tousersandprovidersalike

RespectforUserPrivacy—KeepitUser-Centric

Above all, Privacy by Design requires architects andoperators to keep the interests of the individualuppermost by offering suchmeasures as strong privacydefaults, appropriate notice, and empowering user-friendlyoptions.

3.3.4 CityofSeattlePrivacyPrinciples

Followingmonthsofconsultationswithstakeholders,SeattleadoptedsixprivacyprinciplesinFebruary2015. We selected this initiative because it constitutes one of the few attempts by a municipalgovernmenttoestablishbasicprinciplesapplicabletosmartcitygovernance.

Of these principles, a few closely correspond with those presented in documents mentioned above,particularlywithrespecttothefollowingconcepts:

• Performprivacyimpactassessmentsonnewdataprograms.• Allowpeopletohavetheirdatadeleted.• Ensurethatsubcontractorswithaccesstopersonaldataaresubjecttothecity’sprivacypolicies.



SeattlePrivacyPrinciples

1. Wevalueyourprivacy:Privacyimpactassessmentswillbeconductedonallnewdataprograms.13

2. Wecollectandkeeponlywhatweneed:Thecityonlycollectstheinformationitneedstodelivercityservices.

3. Howweuseyourinformation:Whenpossible,thecitymakesavailableinformationaboutthewaysitusespersonalinformationandcommitstogivingpeopleachoicewheneverpossibleabouthowitusestheirinformation.

4. Weareaccountable:Thecitycomplieswithallfederalandstateprivacylaws.5. Howweshareyourinformation:Thecityfollowsfederalandstatelawsaboutinformation

disclosure.Businesspartnersandcontractedvendorsthatreceiveorcollectpersonalinformationfromthecitymustagreetoitsprivacyrequirements.

6. Accuracyisimportant:Thecityworkstocorrectinaccuratepersonalinformation,whenpractical.

Thecityconsequentlyadoptedaprivacycommitmentbasedonthesesixprinciples,applyingprivacyanddatamanagementpracticestoallitsdepartments.

(Gaughan,2016,p.33)

3.3.5 DrawingonEuropeanRegulations

In1990,theEuropeanCommissionpublishedtheCouncilDirectiveontheProtectionofIndividualswithRegardtotheProcessingofPersonalDataandontheFreeMovementofSuchData.Thisdocumentservesasaroadmapfortheadoptionbymemberstatesofnationallegislationonthematter.ThisDirective,andthesubsequentGeneralDataProtectionRegulationadopted inApril2016(tobe implemented inMay2018)arecertainlycomplexpiecesoflegislation,resultingfromdeliberationandcompromise.Wehavenointentionofcomprehensivelyanalyzingorexaminingthesetexts,butwillsimplyidentifytheirmainprinciplesandinparticular,thosepertainingtoissuesthathavesofarreceivedlittleornoconsideration.

WeselectedtheDirectiveandRegulationforthisprojectbecausetheyfocusoncertainissuesreceivinglittleornocoverage inother frameworksor listsofprinciples.TheDirective, forexample,pertains to“knowledge of the logic involved in any . . . automated decisions” and proposes an independentsupervisory authority—in the form of an outside agency that audits datamanagement and use–andpersonalrecourseintheeventofdamage.Theseprinciplesaresummarizedinthefollowingtable:

13This commitment also requires an assessment of impact on privacy of the privacy threshold for all newdatacollectionprograms(Gaughan,2016).



1Limite'des'

objectifs

Les données devraient être utilisées pour des fins spécifiques et subséquemment analysées

ou communiquées seulement si ceci n'est pas incompatible avec les fins du transfert initial.

Lorsque les données sont transférées pour des fins de marketing, les sujets des données

devraient'être'en'mesure'de'soustraire'ses'données'si'souhaité

2

Qualité'des'

données'et'

proportionalit

é

Les données devraient être précises et lorsque nécessaire maintenues à jour. Les données

devraient être adéquates, pertinentes et non excessives en relation avec les objectifs pour

lesquelles'elles'ont'été'transférées'ou'traitées

3 Transparence

Les individus devraient recevoir de l'information concernant les objectifs visés par le

traitement des données et l'identité du contrôleur des données (…) et toute autre

information'nécessaire'pour'assurer'la'l'équité.

4 Sécurité

Les mesures de sécurité techniques et organisationnelles devraient être prises par le

contrôleur de données, en fonction des risques présentées dans le traitement des données

(…)

5

Accès,'

rectification'et'

opposition

le sujet des données devrait avoir le droit d'obtenir une copie des données en lien avec

lui/elle qui sont traitées et le droit de rectification lorsque les données ne sont pas précises.

Dans'certaines'situations'il'devrait'être'en'mesure'de's'opposer'au'traitement'de'données'en'

lien'avec'lui/elle.

6

Restriction'sur'

les'transferts'

ultérieurs

Il devrait être permis au récepteur des données initialement transférées de faire des

transferts de données ultérieurs seulement dans les cas où le second récepteur (celui

recevant le transfert ultérieur) est également sujet à des règles permettant un niveau

adéquat'de'protection

7Données'

sensibles

Lorsque des catégories sensibles de data sont impliquées (concernant les origines raciaux,

ethniques, les opinions politiques, croyances religieuses, convictions philisophiques et

éthiques (…) ou la santé et la vie sexuelle) des mesures de sécurité additionnelles devraient

être en place, tel que le requis que les sujets des données donnent leur accord explicite pour

le'traitement'des'données.

8

Décision'

individuelle'

automatisée

Lorsque l'objectif du transfert est pour prendre une décision automatisée, l'individu devrait

avoir le droit de connaître la logique impliquée dans la décision et d'autres mesurer

devraient'être'prises'pour'sauvegarder'l'intérêt'légitime'de'l'individu.

1

Supervision'

indépendante

Les entités qui traitent des données personnelles ne sont pas seulement responsables mais

aussi sujettes à une supervision indépendante, ayant l'autorité pour auditer les systèmes de

traitement des données, investiguer les plaintes provenant d'individus et mettre en place

des'sanctions'pour'la'nonXconformité

2

Recours'

individuel

Les individus doivent avoir le droit de poursuivre légalement les contrôleurs de données et

entités impliquées dans le traitement des données qui ne respectent pas la loi. Ils doivent

avoir'decours'à'la'cour'et'aux'investigations'des'agences'gouvernemantales'(...)

Principes)de)la)Directive)européenne)de)1990

Principes)de)mise)en)application)accolés)à)la)Directive

Table4:Principlesofthe1990EuropeanDirective

TheRegulation,ontheotherhand,containsthefollowingnewconceptspertainingtotheIoTsystem:

• Clear,affirmativeconsent.• Righttoerasedata(ifpossible).• Righttodataportability.• PrivacybyDesign.• Notificationofdatabreaches.• Appointmentofadataprotectionofficerbypublicandprivateorganizations.• Mandatorydataprotectionimpactassessmentforallactivitiesthatcouldhavesignificant

privacyimplications.• Encouragementindrawingupcodesofconduct(EuropeanParliament,2016;Wikipedia,2017).



3.3.6 OpinionoftheCommissiond’ÉthiqueSciencesetTechnologieduQuébecsurlaVilleIntelligente

In June 2017, the Commission d’éthique en sciences et technologie du Québec adopted an opinionentitled “La ville intelligente au service du bien commun : Lignes directrices pour allier l’éthique aunumériquedanslesmunicipalitésduQuébec”(CÉSTQ,2017).Theopinionproposesguidelinestopromotedevelopmentofsmartcitiesworkingtowardthecommongoodandharmoniouslycombiningethicalruleswiththedeploymentofnewtechnologies.Thisdocumentwasselectedtocontributetothatdiscussion,inviewofitscriticalimportancetodeliberationsonQuébec-basedsmartcitiesandtheirtechnologies.

The Commission generally recommends building smart city policies around the following ethicalprinciples:

• Maximizebenefitsforthecommongood.• Eliminateorminimizepossiblepotentialdamagetodignity,privacyanddemocracy.• Ensureequitabledistributionofpotentialbenefitsanddrawbacksamongthoseconcerned.• Ensurethatexpectedbenefitsarealsogreaterthandrawbacks,includingcost(CÉSTQ,2017).

TheCommissionconcluded itsopinionbysettingoutvaluesandprinciples toapply,asappearbelow.However, many of these values and principles relate more to the smart city than to IoT, itself.Furthermore,severaloftheitemslistedaresimilartopreviouslyidentifiedprinciples.Others,though,arenewandquitepertinent,suchasthoseconcerning:

• Democracy(especiallyencouragingpublicparticipationindecisionsanduses).• Thecommongood(especiallypublicsectorautonomy,precedenceofthepublicinterest,social

inclusion,non-socializationofprivateservicefees).• Equity(especiallyequaltreatment,special(territorial)justice,digitalsocialinclusion.

AppendixBpresentsCÉSTQ’srecommendedvaluesandprinciples.

3.3.7 NYC’sGuidelinesforBuildingaSmart+EquitableCity

In2016,NewYorkCityoriginallypublishedthe“NYC’sGuidelinesforBuildingaSmart+EquitableCity,”pertainingtosmartandequitablecities.Theyweresubsequentlyadoptedbymorethan30citiesaroundtheworld, includingParis.TheseguidelinesweredesignedtohelpmunicipalgovernmentsunderstandpotentialrisksofIoT,promoteuniformIoTdeployment,providetransparencytotheprivatesectorandinformthepublicaboutthecity’sIoTstrategy.Theseguidelineshavebeenselectedfortheirinternationalrecognitionandtheirrelevancetothecentraltopicofthisreport.Theyarebasedonbestpracticesandtheexperiencesofover50citiesaroundtheworld(NYC,undated).

TheGuidelinesconsistofablendofprinciples,operatingproceduresandmanagementpractices.Theydealwithethicalissues,aswellassoundinfrastructuregovernance.Whiletheirnamehighlightsthesmartcity’srole,theGuidelinesactuallyfocusonIoTdeployment.TheGuidelinesarebasedonfiveprinciplesdescribedindetailinAppendixC.



3.3.8 AsilomarBeneficialIAPrinciplesAsilomar’s23principleswerepublishedin2017,followingtheBeneficialArtificialIntelligenceConference,organized by the Future of Life Institute. This event brought togethermembers of the academic andindustrialsectors interested inartificial intelligence(Ai).Thefocuswastechnical,aswellaseconomic,legal, ethical and philosophical. 14 They are listed as among the recently developed frameworks ofprinciplestobeconsideredforAI(Crawford,inRosenburg,2017).

Theprinciplesareintendedtoidentify“whatsocietyshoulddotobestmanageAI incomingdecades”(FutureofLife Institute,2017).Basedontheliteratureandespeciallythelatestreportsonthesubjectfromtheacademic,politicalandnon-profitcommunities,15aninitialdraftlistwasdevelopedpriortotheevent by conference organizers. This list was opened to comment and enhancement by conferenceattendeesbeforeandduringtheevent,throughdiscussionworkshopsonthetopic,aswellasageneralsurvey. Only those principles endorsed by at least 90% of the participantswere included in the finalversion,whichisintendedtostimulatediscussiononperfectingthelistandmakingitscalable.

Theseprinciplespertaintosuchtopicsofinterestas:

• Ensuringthatthesecurityofsystemsisverifiable.• Systemtransparencyandfailure.• Non-interferencewithsocialandcivicprocesses.

Theseprinciplesappearbelow(withsomeomittedtofacilitatereading).Thecomplete,originalprinciplesappearinAppendixD).

14ItshouldbenotedthatvariousstakeholdersassociatedwiththisinitiativearehighlycriticalofAIandbelieveithastheinherentpotentialtodestroyhumanity(ascanbesensedinsomeoftheprinciplestheyadvocate).Thatviewcontrastswiththestancesofthosesupporting,forexample,theMontréalDeclaration,whichalsocoversAI,butseesitasatechnologicaldevelopmenttowhichguidelinesshouldbeapplied(personalcommunication,2017).15For example, theStanford 100 Year Report, recentWhiteHouse reports and thePartnership onAIprinciples(Asilomar,2017).

SummaryofNYC’sGuidelinesforBuildingaSmart+EquitableCity1. Privacy+Transparency:Whenweusenewtechnologiesoncitystreetsandinpublicspaces,

wearecommittedtobeingopenandtransparentaboutthe“who,what,where,when,andwhy”foranydataorinformationbeingcollectedandused.

2. DataManagement:DataisthecoreofanyIoTsystem.WewillensurethatIoTandreal-timedataiscaptured,stored,verified,andmadeaccessibleinwaysthatmaximizepublicbenefit.

3. Infrastructure:Tocapitalizeonthevalueandbenefitsderivedfrompublicassets,wewilldeploy,use,maintainanddisposeofIoTdevices,networksandinfrastructureinanefficient,responsible,andsecuremanner.

4. Security:KeepingNewYorkerssafeisourtoppriority.Todoso,wearedesigningandoperatingIoTsystemstoprotectthepublic,ensuretheintegrityofservices,andmaximizeresilience.

5. Operations+Sustainability:Wearecommittedtostreamliningoperationalprocessesandensuringfinancial,operational,andenvironmentalsustainabilitytoensurethatourcitykeepsrunningbetterandfaster.

(NYC,2017)



Table5:AsilomarBeneficialIAPrinciplesTopic Principles

FromResearchResearchGoal: ThegoalofAIresearchshouldbetocreatenotundirectedintelligence,butbeneficial

intelligence.InvestmentsinAIshouldbeaccompaniedbyfundingforresearchonensuringitsbeneficialuse.

Science-PolicyLink: There should be constructive and healthy exchange between AI researchers and policy-makers.

ResearchCulture: Acultureofcooperation,trust,andtransparencyshouldbefosteredamongresearchersanddevelopersofAI.

RaceAvoidance: Teams developing AI systems should actively cooperate to avoid corner-cutting on safetystandards.

EthicsandValuesSafety: AIsystemsshouldbesafeandsecurethroughouttheiroperationallifetime,andverifiablyso

whereapplicableandfeasible.FailureTransparency:

IfanAIsystemcausesharm,itshouldbepossibletoascertainwhy.

JudicialTransparency:

Anyinvolvementbyanautonomoussysteminjudicialdecision-makingshouldprovideasatisfactoryexplanationauditablebyacompetenthumanauthority.

Responsibility: DesignersandbuildersofadvancedAIsystemsarestakeholdersinthemoralimplicationsoftheiruse,misuse,andactions,witharesponsibilityandopportunitytoshapethoseimplications.

ValueAlignment: HighlyautonomousAIsystemsshouldbedesignedsothattheirgoalsandbehaviorscanbeassuredtoalignwithhumanvaluesthroughouttheiroperation.

HumanValues: AIsystemsshouldbedesignedandoperatedsoastobecompatiblewithidealsofhumandignity,rights,freedoms,andculturaldiversity.

PersonalPrivacy: Peopleshouldhavetherighttoaccess,manageandcontrolthedatatheygenerate,givenAIsystems’powertoanalyzeandutilizethatdata.

LibertyandPrivacy: TheapplicationofAItopersonaldatamustnotunreasonablycurtailpeople’srealorperceivedliberty.

SharedBenefit: AItechnologiesshouldbenefitandempowerasmanypeopleaspossible.SharedProsperity: TheeconomicprosperitycreatedbyAIshouldbesharedbroadly,tobenefitallofhumanity.HumanControl: HumansshouldchoosehowandwhethertodelegatedecisionstoAIsystems,toaccomplish

human-chosenobjectives.Non-subversion: ThepowerconferredbycontrolofhighlyadvancedAIsystemsshouldrespectandimprove,

ratherthansubvert,thesocialandcivicprocessesonwhichthehealthofsocietydepends.AIArmsRace: Anarmsraceinlethalautonomousweaponsshouldbeavoided.

Longer-TermIssuesCapabilityCaution: Therebeingnoconsensus,weshouldavoidstrongassumptionsregardingupperlimitson

futureAIcapabilities.Importance: AdvancedAIcouldrepresentaprofoundchangeinthehistoryoflifeonEarth,andshouldbe

plannedforandmanagedwithcommensuratecareandresources.Risks: RisksposedbyAIsystems,especiallycatastrophicorexistentialrisks,mustbesubjectto

planningandmitigationeffortscommensuratewiththeirexpectedimpact.RecursiveSelf-Improvement:

AIsystemsdesignedtorecursivelyself-improveorself-replicateinamannerthatcouldleadtorapidlyincreasingqualityorquantitymustbesubjecttostrictsafetyandcontrolmeasures.

CommonGood: Superintelligenceshouldonlybedevelopedintheserviceofwidelysharedethicalideals,andforthebenefitofallhumanityratherthanonestateororganization.

(FutureofLifeInstitute,2017)



3.3.9 FairAutomationPracticePrinciples

AssistantProfessorMegLetaJones(2015)proposedFairAutomationPracticePrinciples(FAPPs)togovernthedevelopmentofautonomousobjects,includingautomateddecision-makingsystemsandself-drivingvehicles.TheseprincipleswereinspiredbyFIPPsandseveralothercorestatementsofprinciples,suchasRichardsandKing’s(2014)BigDataEthics(privacyprinciples)andRiekandHoward’s(2014)ACodeofEthicsfortheHuman-RobotInteractionProfession.Thislistwasselectedbecauseofitsfootholdintheliterature,whilebeingbasedonotherexistingframeworksthathavebeenidentifiedasrelevantinthisreportortheprecedingliteraturereview.

Thesesevenprinciplescomplementexistingdesignpractices,whichtakeintoaccounttheactualuseofobjectsandhelpidentifyareaswhereadditionalexpertisemaybeneeded(Jones,2015,p.121).Jonesnotedthatautomationprinciplescannotbedefinedinavacuum.Theymustbecollectivelydiscussedanddevelopedbydesigners,managers,users,investors,politicians,ethicistsandlegalscholars.Theproposedprinciplesserve,accordingly,asaninvitationtoamultipartydialogue,ratherthanasafinallist.Table6,below,summarizestheseprinciples.

Inparticular,theseprinciplesbringthefollowingconceptstothediscussion:

• Assessmentofhumanrisk,inrecognitionofthelimitsofexistingresources.• Systemtransparency.• Assurancethatsystemfailureisnotsurprising,silentorirresolvable.• Testingfordiscriminatoryimpact.• Considerationofimpacttobroadersocialvalues.• Identificationofpredictable/unpredictablebehaviour.



Table6:FairAutomationPracticePrinciples(Jones,2015)

Principles

Principle1—Risk:Automatedsystemsshouldnotbedeployedwithoutanassessmentofriskstothehumaninthelooporhumansimpactedbytheloop.

Identifyingharmsandunderstandingbenefitsisincrediblychallengingbutmustnotbeleftsolelytotechnologycompanies, innovators, or developers. We should also be mindful of the fact that existing tools for riskassessment,cost-benefitanalysis,andpredictivearelimited.Theyarefocusedontheshort-term,knowablerisks.

Principle2—Transparency:Automatedsystemsshouldbecomprehensibleandsupportsituationalawarenessthrougheffectivetransparency.

Blackboxesarebaddesign.Whenanoperatordoesnotknowwhatasystemisdoingbecauseoftheopaquenessofitsdesign,thenerrorrecognition,intervention,andresolutionaretimelyandcostly,ifnotimpossible.CitronandPasqualehavearguedforaccesstodatasets,sourcecode,programmernotesdescribingthevariables,andcorrelations--anythingrequiredtobeabletomeaningfullyassesssystemswhosepredictionschangepursuanttoAIlogic(Jones,2015,p.125).

Principle3—ErrorsandLimitations:Automatedsystemfailuresshouldnotbesurprising,silent,orirresolvable.

Situational awareness, mental workload, skill degradation, and automation bias must be considered whendesigningerrordetectionand considering limitations.Citron'sworkonpublicbenefit systems reveals a largenumberoferrorsoccurringwithoutanygoodwaytoalertoperatorsorresolveissuesinatimelymanner.

Principle4—DiversityandDiscrimination:Automatedsystemsshouldreflectonbiasesandchoicesduringdesignandtestfordiscriminatoryimpactsanddiverseusers.

Principle5—SensitiveSituations:Automatedsystemsshouldaccount forsensitivesituationsand informationpreferencesofthehumansintheloop.Sensitivesituations,likethosethatdealwithsensitiveinformation,privateplaces,orvulnerablepopulationsshouldbeassessedwithanappropriatelevelofcareandexpertise.

Principle6—Man-MachineComparisonAn automated system's design and implementation should locate the human in the loop and reassess thesystem'simpactonthehumanandlargersocialvalues.

Wemustconsiderhumanstobeimperfect.Adiscussionofwhatcriticaldecisionsaretobemadebyhumans(andwhy)andhowtolimitautomationbiasandmoralbuffersinthoseinstanceswouldbeanincrediblecontributiontotheguidanceofautomation.

Principle7—Predictability:Automatedsystemsshouldbeinitiallyandcontinuallyinventoriedforpredictableandunpredictablebehavior.



3.3.10 TheMontrealDeclarationforaResponsibleDevelopmentofArtificialIntelligence

The Montreal Declaration for a Responsible Development of Artificial Intelligence was published inNovember2017,at theconclusionof theForumon theSociallyResponsibleDevelopmentofArtificialIntelligence. Drafted by a group of the Forum’s organizers, including researchers from various fieldsrelatedtoAI,theDeclarationisdesignedtopromotedialogueamongthepublic,expertsandgovernmentrepresentativesonartificialintelligenceinQuébec(ForumonSociallyResponsibleAI,2017).

TheDeclarationidentifiessevenvalues—well-being,autonomy,justice,privacy,knowledge,democracyand responsibility—accompanied by a set of questions for each, intended to explore that value’srelationshiptoAI’sdevelopment.Foreachvalue,ageneralprincipleisalsoproposed,althoughitdoesnotalwaysdirectlyaddressthequestionsraised.TheDeclarationappearsinfullinAppendixE.

The Declaration was selected because of its geographic origin and Montréal’s importance in theinternationalchessboardofAIdevelopment.

Table7:ExtractfromtheMontréalDeclaration

ValueandProposedPrinciple Questions

Well-being: Proposed principle: ThedevelopmentofAI shouldultimatelypromotethewell-beingofallsentientcreatures.

Questions:• HowcanAIcontributetopersonalwell-being?• Isitacceptableforanautonomousweapontokilla

humanbeing?Whataboutananimal?• IsitacceptableforAItocontroltherunningofan

abattoir?• (etc.)

Autonomy: Proposed principle: Thedevelopment of AI should promotethe autonomy of all human beingsandcontrol,inaresponsibleway,theautonomyofcomputersystems.

• HowcanAIcontributetogreaterautonomyforhumanbeings?

• Mustwefightagainstthephenomenonofattention-seekingwhichhasaccompaniedadvancesinAI?

• ShouldwebeworriedthathumanspreferthecompanyofAItothatofotherhumansoranimals?

• (etc.)

Justice: Proposed principle: Thedevelopment of AI should promotejusticeandseektoeliminatealltypesof discrimination, notably thoselinked to gender, age, mental /physical abilities, sexual orientation,ethnic / social origins and religiousbeliefs.

• HowdoweensurethatthebenefitsofAIareavailabletoeveryone?

• MustwefightagainsttheconcentrationofpowerandwealthinthehandsofasmallnumberofAIcompanies?

• WhattypesofdiscriminationcouldAIcreateorexacerbate?

• ShouldthedevelopmentofAIbeneutralorshoulditseektoreducesocialandeconomicinequalities?

• WhattypesoflegaldecisionscanwedelegatetoAI?

Privacy: Privacy: Proposed principle:The development of AI should offerguarantees respecting personalprivacyandallowingpeoplewhouseittoaccesstheirpersonaldataaswell

• HowcanAIguaranteerespectforpersonalprivacy?• Doourpersonaldatabelongtousandshouldwehave

therighttodeletethem?• Shouldweknowwithwhomourpersonaldataare

sharedand,moregenerally,whoisusingthesedata?



as the kinds of information that anyalgorithmmightuse

• DoesitcontraveneethicalguidelinesorsocialetiquetteforAItoansweroure-mailsforus?

• WhatelsecouldAIdoinourname?

Knowledge: Proposed principle: Thedevelopment of AI should promotecritical thinking and protect us frompropagandaandmanipulation.

• DoesthedevelopmentofAIputcriticalthinkingatrisk?• Howdoweminimizethedisseminationoffakenewsor

misleadinginformation?• ShouldresearchresultsonAI,whetherpositiveor

negative,bemadeavailableandaccessible• (etc.)

Democracy: Proposed principle: Thedevelopment of AI should promoteinformed participation in public life,cooperationanddemocraticdebate.

• HowshouldAIresearchanditsapplications,attheinstitutionallevel,becontrolled?

• Inwhatareaswouldthisbemostpertinent?• Whoshoulddecide,andaccordingtowhichmodalities,

thenormsandmoralvaluesdeterminingthiscontrol?• (etc.)

Responsibility: Proposed Principle:The various players in thedevelopment of AI should assumetheirresponsibilitybyworkingagainstthe risks arising from theirtechnologicalinnovations.

(The Forum on the SociallyResponsibleDevelopmentofArtificialIntelligence,2017)

• WhoisresponsiblefortheconsequencesofthedevelopmentofAI?

• HowshouldwedefineprogressiveorconservativedevelopmentofAI?

• HowshouldwereactwhenfacedwithAI’spredictableconsequencesonthelabourmarket?

• (etc.)

3.3.11 TenSimpleRulesforResponsibleBigDataResearch

TheCouncilforBigData,Ethics,andSociety,agroupof20internationallyrenownedresearchersinthesocial,naturalandcomputersciencesproposedthese10rules.TheyarepartlydrawnontheTenSimpleRulesofPLOSComputationalBiology.Thefirstfiveweredevelopedtoreducethepossibilityofharmduetobigdataresearchpractices.TheCouncilforBigData,Ethics,andSociety’sexemplaryreputationinthefieldofcriticalanalysisofbigdataandthenumberofleadingresearcherswhohaveendorsedtheTenRulesmakesthisafundamentaldocument.

Intermsofadvancedconcepts,theTenSimpleRulesbringseveralnewideastothetable,suchas:

• Thenotionthatprivacyisnotbinary.Privacyiscontextual,situationalandnotreducibletoapublicvs.privatescenario.Privacycanpertaintogroups,aswellasindividuals.

• Preventingdatare-identificationiscrucial.• Difficultethicalchoicesmustbedebatedandperceivedasbeinganintegralpartoftheeffort.• Organizing/developingdataandsystemstoauditit.• Engaging,tounderstandandparticipateinthebroaderimplicationsofdataandanalytical

practices.



TenSimpleRulesforResponsibleBigDataResearch(Summary)

1. Acknowledgethatdataarepeopleandcandoharm.2. Recognizethatprivacyismorethanabinaryvalue:privacyiscontextualandsituational,not

reducibletoasimplepublic/privatebinary.Privacyalsogoesbeyondsingleindividualsandextendstogroups.Thisisparticularlyresonantforcommunitieswhohavebeenonthereceivingendofdiscriminatorydata-drivenpolicieshistorically,suchasthepracticeofredlining.

3. Guardagainstthere-identificationofyourdata...Identifypossiblevectorsofre-identificationinyourdata...

4. Practiceethicaldatasharing.5. Considerthestrengthsandlimitationsofyourdata;bigdoesnotautomaticallymeanbetter.6. Ratherthanabug,thelackofclear-cutsolutionsandgovernanceprotocolsshouldbemore

appropriatelyunderstoodasafeaturethatresearchersshouldembracewithintheirownwork.

7. Developacodeofconductforyourorganization,researchcommunity,orindustry...asawayofcementingthisindailypractice.

8. Designyourdataandsystemsforauditability.9. Engagewiththebroaderconsequencesofdataandanalysispractices.10. Knowwhentobreaktheserules

(Zook,etal.,2017)

3.3.12 ACMCodeofEthicsandProfessionalConduct

In1992,theACM(AssociationforComputingMachinery)publisheditsfirstCodeofEthicsandProfessionalConduct,whichitisnowupdating(scheduledfor2018).TheCodewasdesignedtosupportITprofessionalsandisdividedintofoursections.Section1dealswithbasicethicalissues.Section2concernsprofessionalresponsibility.Section3dealswiththerolesofindividualswithleadershippositionsintheworkplaceorinaprofessionalcapacity.Section4concludeswithprinciplesforensuringcompliancewiththeCode.

The Code’s 2018 version is summarized in the following table and presented in full in Appendix F. Itcontributesseveralusefulideasforconsideration.Foronething,thedetailgiventoeachprincipleandthewayprinciplesarebrokendownintodailypracticesintheinformationsector,providespotentiallyusefulclarifications.TheCodealsohighlightsthefollowingfactors:

• EnsuringthatIThardwareandstrategiesareappliedbythirdpartiesinasociallyresponsiblemanner.

• Emphasizinghonestyandconfidence,particularlyintermsofdatamanipulation/creation.• Takingactionnottodiscriminatethroughdataanalysis.

TheACMCodewasselectedbecauseithasbeenrepeatedlycitedasareferenceforconcreteinitiativestoaddressethicalissuesintheengineeringandthecomputersciences.



GeneralMoralPrinciples

Acomputingprofessionalshould…

1.1 Contribute to society and to human well-being, acknowledging that all people are stakeholders incomputing.

Anessentialaimofcomputingprofessionalsistominimizenegativeconsequencesofcomputing,includingthreatstohealth,safety,personalsecurity,andprivacy.Computingprofessionalsshouldgiveconsiderationtowhethertheproductsoftheireffortswillbeusedinsociallyresponsibleways,willmeetsocialneeds,andwillbebroadlyaccessible.

1.2Avoidharm.

Inthisdocument,“harm”meansnegativeconsequencestoanystakeholder,especiallywhenthoseconsequencesare significant and unjust. Examples of harm include unjustified death, unjustified loss of information, andunjustifieddamagetoproperty,reputation,ortheenvironment.Thislistisnotexhaustive.

1.3Behonestandtrustworthy.

Honestyisanessentialcomponentoftrust.Acomputingprofessionalshouldbefairandnotmakedeliberatelyfalse ormisleading claimsand should provide full disclosure of all pertinent system limitations andpotentialproblems.Fabricationofdata,falsificationofdata,andscientificmisconductaresimilarlyviolationsoftheCode.

1.4Befairandtakeactionnottodiscriminate.

The values of equality, tolerance, respect for others, and equal justice govern this principle. Prejudicialdiscrimination on the basis of age, color, disability, ethnicity, family status, gender identity, military status,nationalorigin, race, religionorbelief, sex, sexualorientation,oranyother inappropriate factor isanexplicitviolationofACMpolicy.

1.5Respecttheworkrequiredtoproducenewideas,inventions,andothercreativeandcomputingartifacts.

1.6Respectprivacy.

“Privacy” is a multi-faceted concept and a computing professional should become conversant in its variousdefinitionsandforms.

Thisrequirestakingprecautionstoensuretheaccuracyofdata,aswellasprotectingitfromunauthorizedaccessor accidental disclosure to inappropriate individuals or groups. Computing professionals should establishproceduresthatallowindividualstoreviewtheirpersonaldata,correctinaccuracies,andoptoutofautomaticdatacollection.

Onlytheminimumamountofpersonalinformationnecessaryshouldbecollectedinasystem.Theretentionanddisposalperiodsforthatinformationshouldbeclearlydefinedandenforced,andpersonalinformationgatheredfora specificpurpose shouldnotbeused forotherpurposeswithout consentof the individual(s).Whendatacollectionsaremerged,computingprofessionalsshouldtakespecialcareforprivacy.Individualsmaybereadilyidentifiablewhenseveraldatacollectionsaremerged,eventhoughthoseindividualsarenotidentifiableinanyoneofthosecollectionsinisolation.

1.7Honorconfidentiality.

Computing professionals should protect confidentiality unless required to do otherwise by a bona fiderequirementoflaworbyanotherprincipleoftheCode.

(ACM,currentversionfor2018)



3.3.13 IEEECodeofConduct

TheIEEE(InstituteofElectricalandElectronicsEngineers),firstestablishedintheUS,istheworld’sleadingprofessional technologicalassociation (IEEE,2017b). It is the“voice”ofengineering,computerscienceand information technologies around theworld.However, its American origins are still prominent, intermsofitsmembershipandpoliticalpositions.

The IEEECodeofConducthas10principles. Theyare important,because theyweredeveloped tobeappliedbyITspecialists.Theyalsocoverothertopicsnotrelevanthereandnotcoveredbyotherlistsofprinciples:

• Theresponsibilitytodisclosepromptlyfactorsthatmightendangerthepublicortheenvironment.

• Tobehonestandrealisticinstatingclaimsorestimatesbasedonavailabledata.

The IEEECodewas selectedbecause ithas repeatedlybeencitedasa reference in termsof concretemeasuresforaddressingethicalissuesinengineeringandthecomputersciences.

IEEECodeofConduct(summary)

1. toacceptresponsibilityinmakingdecisionsconsistentwiththesafety,healthandwelfareofthepublic,andtodisclosepromptlyfactorsthatmightendangerthepublicortheenvironment;

2. toavoidrealorperceivedconflictsofinterestwheneverpossible,andtodisclosethemtoaffectedpartieswhenthey

doexist;

3. tobehonestandrealisticinstatingclaimsorestimatesbasedonavailabledata;

4. torejectbriberyinallitsforms;

5. toimprovetheunderstandingoftechnology,itsappropriateapplication,andpotentialconsequences;

6. tomaintainandimproveourtechnicalcompetenceandtoundertaketechnologicaltasksforothersonlyifqualified

bytrainingorexperience,orafterfulldisclosureofpertinentlimitations;

7. toseek,accept,andofferhonestcriticismoftechnicalwork,toacknowledgeandcorrecterrors,andtocredit

properlythecontributionsofothers;

8. totreatfairlyallpersonsregardlessofsuchfactorsasrace,religion,gender,disability,age,ornationalorigin;

9. toavoidinjuringothers,theirproperty,reputation,oremploymentbyfalseormaliciousaction;

10. toassistcolleaguesandco-workersintheirprofessionaldevelopmentandtosupporttheminfollowingthiscodeof

ethics;

(IEEE,2017)



4 ListofProposedPrinciples

ThefinallistofprinciplesproposedinthisreportwasdevelopedinconsiderationofallprinciplesdiscussedinSection3.3.Theseprincipleswerethenclassified,summarizedanddistilledtoproduceafinallist,basedonthefollowingcriteria:

• Comprehensiveness:coveramaximumofissuesidentifiedinthelistofprinciplesconsulted.• Relevance:allissuespertainingdirectlytothemanagementofethicalissuesandtheIoT

system’svarioustechnologicalcomponents.16• Generaltospecific:Identifyalimitednumberofgeneralprinciplesandbreakthemdownto

morespecificones.

Obviously, thisproposed framework is intendedasa startingpoint. Itmustevolveandbecomemorerobust through consultation/verificationof other referencedocuments, deliberationswithinMontréalandbroaderconsultationswithstakeholders.

Thefollowingtablepresentsthegeneralprinciplesproposed.Theycanthenbebrokendownintospecificprinciples (subprinciples), as appears in Appendix G. Most of the proposed principles are based onCanadianPIPEDAfairinformationprinciples,CÉSTQ’sopiniononsmartcities(withrespecttothecommongood,democracyandpublicparticipation,governmentautonomy)andtheNYC’sGuidelinesforBuildingaSmart+EquitableCity.

ThislistshouldcomprisethekeyprinciplesforguidingthestudyandmanagementofethicalandsocialissuesinvolvedinthetechnologicalandanalyticalsystemsofurbanIoT.Theseprinciplesincorporatethetopics that pertain to the system in question, selected from the 13 existing lists, other than the lastprincipleconcerningfreedom.AsdescribedinSection4.1,freedomwasaddedsincethisissue,whichwasidentifiedintheliteraturereview(RussoGarrido,etal.,2017),isnotcomprehensivelycoveredbythelistsweconsulted.

16 However, principles pertaining to general good IoT governance (in terms of infrastructure maintenance,effectiveness,etc.),havebeenexcluded.



Table8:Listof11Principles

*Therehasbeenmuchdebateoverdefiningprivacy.Inthisreport,thetermreferstopersonalfreedomagainstanyphysicalintrusion,anyinterferenceinpersonallifeandanyimpedimenttoaperson’sabilitytocontroltheaccessanduseoftheirpersonalinformation.

Specific principles, derived from each of the major principles appearing above, are presented inAppendixG. This appendix also identifies the sources of these proposed major principles (the list,framework or code fromwhich they were taken), along with the lists of principles consulted, whichoverlapindifferentareas.

We have adopted a comprehensive, well-documented approach to selecting specific principles. OurchoiceswereaccordinglydesignedtodefineamaximumnumberofspecificprinciplespertainingtourbanIoT,whileeliminatingpossibleduplicationsamongoverlysimilarrules.Determiningthefinalprinciplesanddesiredlevelsofspecificityisuptothecity.

AportionofAppendixGisreproducedinFigure12,listingthegeneralandspecificprinciplesidentified.ThisextractappearsagaininFigure13,thistimehighlightingthesourcesforeachidentifiedprinciple.

Thème& Principe&

Bien&commun& Assurer&que&l’IdO&soit&au&service&du&bien&commun&et&de&la&recherche&d’un&op8mum&social.&

Démocra3e&et&par3cipa3on&citoyenne&

Promouvoir&la&par8cipa8on&citoyenne&pour&définir&une&vision&concertée&du&projet&de&l’IdO&et&s’assurer&que&celui?ci&soit&l’objet&de&délibéra8on&démocra8que&

Vie&privée& Protéger&et&respecter&la&vie&privée*&des&citoyens&

Transparence& Être&transparent&sur&le&«&qui,&quoi,&quand,&où,&&pourquoi&et&comment&»&de&la&collecte,&la&transmission,&le&traitement&et&l’u8lisa8on&

Sécurité& Concevoir&et&opérer&le&système&IdO&en&toute&sécurité&afin&de&protéger&le&public,&assurer&l’intégrité&des&services&et&être&résilient&face&aux&aLaques&

Bonne&ges3on&des&données&

Concevoir&et&opérer&le&système&IdO&en&toute&sécurité&afin&de&protéger&le&public,&assurer&l’intégrité&des&services&et&être&résilient&face&aux&aLaques&

Évalua3ons&et&conséquences&

Réaliser&des&évalua8ons&d’impact&sur&enjeux&éthiques&pour&tous&nouveaux&programmes&de&données&et&veiller&à&l’analyse&des&conséquences&à&long&terme&sur&les&valeurs&sociales&élargies&

Équité&et&inclusion&

MeLre&tous&les&moyens&en&œuvre&pour&que&le&traitement&accordé&tous&soit&juste&et&impar8al.&Éviter&le&profilage,&la&discrimina8on&et&le&renforcement&des&inégalités&pour&développer&un&projet&inclusif&

Autonomie&des&pouvoirs&publics&

Assurer&l’autonomie&de&la&sphère&publique&et&la&primauté&de&l’intérêt&public&par&rapport&aux&intérêts&privés&

Systèmes&explicables&

Concevoir&des&systèmes&auditables&et&dans&des&cas&de&prise&de&décision&automa8sée,&donner&aux&individus&accès&aux&logiques&qui&président&dans&la&décision,&ainsi&qu’une&explica8on&des&données&u8lisées&(quelle&donnée,&quelle&source,&comment&est?elle&mobilisée)&

Liberté& Assurer&que&le&citoyen&puisse&préserver&son&sen8ment&de&liberté&



Figure10:ExtractofExcelSpreadsheetHighlightsMajorandSpecificPrinciples(SeecompletespreadsheetinAppendixG)

Figure11:ExtractofExcelSpreadsheetHighlightingSpecificPrinciplesandtheirSources(SeecompletespreadsheetinAppendixG)



4.1 AnalysisofOverlapsBetweentheProposedFrameworkandtheLiteratureReview

Westudiedoverlapsbetweenour frameworkand reviewof the literature toenhanceour final listofprinciples(RussoGarrido,etal.,2017).Consequently,issuesandthreatsidentifiedintheliteraturereviewandnot(oronlypartially)coveredinthelists/frameworksconsultedhavebeenlisted.

Aspreviouslymentioned,thekeyethicalandsocialissuesidentifiedintheliteraturereviewareprivacy,reliability/transparency,social inclusion,separationofthegovernmentandbusinessspheres,freedom,changeingovernanceandtransformationofthecity.

Generally,theproposedsetofprinciplesprovidesgoodcoverageofdocumentedissues,aswellasrelatedthreats identified in the literature review (asappear in Figures2,3and4).Overlapsandgaps canbesummarizedas:

• Transparency,socialinclusionandseparationofthegovernmentandbusinessspheres,asdescribedintheliteraturereview,arecoveredbytheproposedframework.

• Privacyandchangeingovernance,asdescribedintheliteraturereview,arecoveredbytheproposedframework(undertheheadingsofprivacy,security,commongood),butcertainprinciplesshouldbeincluded(minoradditions)toachievecompletecoverage.

• Freedomisnotcoveredbytheproposedframework,outsidetheprotectionofprivacy.Someadditionsshouldbemadetothegeneralandcompleteprinciplestoachievecompletecoverage.

• Theframeworkonlypartlycoverstransformationofthecity(throughthe“commongood”principle).Somespecificprinciplesshouldbeaddedtoachievecompletecoverage.

Thefollowingtablelistsdraftprinciplestobeaddedtothefinallist.TheseadditionsappearinAppendixGandinTable8,17above.

Table9:AdditionalPrinciplesIdentifiedintheLiteratureReview

17Table8onlyconsidersmajor(notspecific)principles.Theonlychangeneededwasaddingaprinciplepertainingtofreedom.

Enjeux'de'la'liberté'dans'la'revue'de'littératureAssurer&que&le&citoyen&ne&fasse&pas&constamment&l'objet&de&suivi&dans&sa&vie&quotidienne&et&l'informer&du&suivi&effectué&

Assurer&que&le&citoyen&ait&pleinement&le&choix&de&ne&pas&dépendre&d'analyses&prédictives&qui&orientent&ses&choix&

Assurer&que&les&situations&dans&lesquelles&l'accès&des&citoyens&soit&décidé&par&le&biais&d'analyses&perscriptives&soient&

limités,&documentés&de&façon&accessible&au&citoyen&et&puissent&faire&l'objet&de&recours&de&la&part&du&citoyen,&dans&des&

délais&raisonnables

Enjeux'de'la'transformation'de'la'ville'dans'la'revue'de'littérature'5'classés'sous'bien'commun'dans'la'liste'de'principesComprendre&les&perceptions&et&craintes&de&la&population&montréalaise&par&rapport&au&projet&de&l'IdO

Veiller&à&l’analyse&des&conséquences&à&long&terme&du&projet&de&l'IdO&sur&les&valeurs&sociales&élargies&(FAPPs)&et&sur&

l'environnement,&en&particulier&l'émission&des&GES&occasionnées&par&le&projet,&à&travers&le&monde

Toute&décision&émanant&du&projet&de&l'IdO&doit&être&rattachée&à&responsabilité&décisionnelle&humaine

Le&projet&de&l'IdO&doit&viser&l'optimum&social&O&pas&seulement&l'optimisation&des&services/processus

Les&preneurs&de&décisions&municipaux&doivent&être&conscients&des&angles&morts&existant&dans&les&données&et&projets&(ex:&

amélioration&des&services)&liés&à&l'IdO,&en&particulier&par&rapport&aux&populations&vulnérables

Le&projet&de&l'IdO&doit&contribuer&à&la&cohésion&sociale,&plutôt&que&l'individualisation&de&la&ville



4.2 NextStepsinDevelopingtheFramework

Althoughour proposed list of principles is the result of ameticulous effort to bring together existingprinciplesforaddressingethicalandsocialissuesoftheIoTsystem,asplannedforMontréal,furtherworkisrequiredtocompletethislistandmakeitfullyuseful.Sections4.2.1and4.2.2describerecommendedfuturemeasuresforcontinuouslyimprovingthelist.

4.2.1 EnhancingCertainPrinciples

Althoughtheproposedlistofprinciplesincorporatesrelevantprinciplesfoundinexistinglists,someofthemarenowviewedasbeing ineffectiveorwarrantingenhancement.Theseprinciplesallpertain toprivacy,including:

• Statingwhythedataisbeingcollected.• Consentbeforeorduringcollection.• Limitingdatacollectiontopre-establishedpurposes.• Consideringpotentialthreatstoprivacybycross-referencingdata.

Asdiscussedindetailintheliteraturereview(RussoGarrido,etal.,2017),thefirstthreeprinciplesareconsistentwithdataprivacymanagementprinciplesthathavebeeninforceforthepastfewdecades.However,alloftheseprinciplesdirectlyconflictwithmanyIoTsystemgoalsandarenothighlyviableinanurbanenvironmentinwhichdataisconstantlybeingcaptured.

Limiting data collection and pre-establishing the reasons for it constitutemajor stakes for a big dataproject inwhichdataquantitiesare synonymouswith theproject’spotentialandwheredata reuse isintended, to stimulate innovation. IoT, inotherwords, challengesourunderstandingofdatabybeing“infinitelyconnectable,indefinitelyrepurposable,continuouslyupdatableandeasilyremovedfromthecontextofcollection.”(MetcalfandCrawford,2016).18

Itisalsodifficulttodefineconsentinpracticalterms,inanenvironmentwheredataisconstantlybeingcapturedanditisdifficulttoobtainthepersonalconsentofallpersonsaffectedbysuchcollection.Finally,although potential threats to privacy from cross-referencing data are recognized as posing a hugechallenge, it is not clear how this principle can be effectively applied, in practice. Furthermore,deliberationandresearch isneededtodeterminehowtomaketheseprinciplespracticalandrelevantagaininmunicipalgovernance.

Resolving all of these questions would require, it seems, rethinking the very boundaries of what iscommonlyunderstoodtobeprivacyinapublicspacelikethecity.Privacyisoftenassociatedwiththeconceptsofintimacy,homelifeandpersonalinformation.However,thepossibilityofgatherinformationaboutindividualsinpublicareasraisesthequestionofifsuchinformationisprivateornotandunderwhatcircumstancesitmightbe.

18Thisquoteoriginallyappliedtobigdata.However,itequallyappliestotheIoTsystem,whichemploysbigdata.



HelenNissenbaumadvancedthe ideathatprivacy isprimarilybasedon informationexchanges,whichgiverisetostandardsspecific tosuchexchanges (Nissenbaum,2004;BarocasandNissenbaum,2014).Informationmayormaynotbesharedwithoutviolatingprivacy,dependingontheinteractionbetweenvarious factors,suchasrelationsbetweenthepartiesconcerned, the information’ssensitivityandthedirectionofexchange(two-orone-way),19asillustratedinthefollowingfigure.Privacyisnot“either-or.”Itdependsmoreonthecontextthatthetypeofinformationcommunicated.Consequently,Nissenbaum(2014)arguedthatindividualsmightbeentitledtoprivacyinapublicspace.

19Thisisknownasthecontextualintegrityprinciple(BarocasandNissenbaum,2014).Forexample,datarulesforahealthcare unit, establishing the kinds of information that can be shared by stakeholders (patient, doctor,administrativestaff,family).Underthesecircumstances,patientswhoprovideaccesstotheirpersonalinformationcan do so in confidence if this data is handled according to the rules and social expectations on disclosure,communicationandconfidentiality.



Figure12:CertainContextualPrivacyFactorsConsidered(Gaughan,2016,17).

Theresearchersbelievethatputtingprivacyinthecontextofanexchange,ratherthanasan“either-or,”couldhelpsolvethedifficultproblemof“whattodo”withcertainfrequentlycitedprivacyprinciplesthatareclearlyoutmodedandinadequateincurrentcircumstances.

4.2.2 NextStepsPlanned

The following steps are proposed for expanding the list are generally aimed at discussing, selecting,validatingandenhancingthesuggestedprinciples.Theyinclude:

• Discussingandvalidatingthe10proposedprinciples.

• Discussing,reformulating,selectingandvalidatingtheidentifiedspecificprinciples.Inparticular,itwillbenecessarytodeterminethelevelofspecificitydesiredanditispreferabletogivesomespecific principlesmoreweight than others. The finalwording should be planned to produceoptimalguidelines.

• Identifyinganymissingspecificprinciples,throughsuchmeansasdetectingoverlapsamongthedifferentreferencedocumentsandtheirapplicabilitytothevariousphasesoftheIoTsystem.Thiseffortwouldinvolveanin-depthstudyofpossiblymissingprinciples.Aspreviouslypresented,ourlistofprinciplesisbasedonexistinglists,frameworksandcodes.Consequently,itscoverageandblindspotsreflectexistinglists.Thelistofprinciplesshould,accordingly,begivencritical,detailedexaminationtoidentifyanygaps.

• Enhancingweakspecificprinciples—asdiscussedinSection4.2.1

• Takingthediscussiononthelistofprinciplesbeyondcityhall—aswasthecaseofSeattle,whichbroughttogethermembersofcivilsociety indeveloping itsprivacyprinciples.Montréalwouldbenefitbyincludingstakeholderstodiscussandsharetheir ideasontheproposedframework.TheseactscouldplayaroleindebatingandcontributingtoplacingtheIoTprojectinthehandsofthecommunity.

• Identifying how the framework breaks downs into specific practices at each phase of the IoTsystem,as shown inFigure13. It isessential that thestatedprinciplescanbesubdivided intospecificpracticesapplicabletothedailyroutinesofcityofficials.



Figure13:MajorPrinciplesBrokenDownintoSpecificandPracticalPrinciples

15

Grands'principes'

Principes'spécifiques'

Pra1ques'au'niveau'de'la'planifica1on'de'l’IdO'

Pra1ques'au'niveau'de'la'collecte,'

traitement,'archivage'

Pra1ques'au'niveau'de'l’analyse'

Pra1ques'au'niveau'de'l’ouverture'des'données'



5 Conclusion

TheframeworksproposedinthisreportareintendedtocontributetoMontréal’seffortstodeveloponeormoreconceptualframeworksforethicalgovernanceofanIoTsystem.Thefirstobjectiveisdesignedtosupportdecision-makersinidentifyingexistingandemergingissuesofethicsandsocialacceptability.ThesecondisintendedtodelineategeneralandspecificprinciplesthatcouldserveasgoodtoguideMontréalindevelopingasetofmunicipalprinciplestoapplyinconsideringandmanagingethicalissues.

As previously mentioned, these principles are not, on their own, complete conceptual frameworks.However,theyareimportantmilestonesindevelopingamorecomprehensive,scalableframework.Theseprinciplescouldultimatelymakeanimportantcontributioninimplementingbestpracticesforexamining,managingandrespondingtoissuesofethicsandsocialacceptabilitypertainingtoMontréal’sIoTsystem.This isbecausewemustacquireresourcestoassist in theongoingmonitoringofemerging issuesanddevelopappropriateprinciplesandpracticestosupportdeliberationsonapproachestotakeandsocialchoicestobemade,incontendingwiththeuncertaintyandsocialchangearisingoutofthedeploymentofnewtechnologiesinthecity.



6 Bibliography

ACM(2017),The2018ACMCodeofEthicsandProfessionalConduct:Draft2.UpdateoftheACMCouncil10/16/92.Viewedat:https://ethics.acm.org/2018-code-draft-2/.ConsultedDecember20,2017.

Future of Life Institute (2017),AsilomarAI Principles. Viewed at: https://futureoflife.org/ai-principles/ConsultedDecember20,2017.

Cate,Fred.H.(2006),“TheFailureofFairInformationPracticePrinciples,”InConsumerProtectionintheAgeoftheInformationEconomy.pp.343-379.

Cavoukian,Ann(2012),“PrivacybyDesign,”IEEETechnologyandSocietyMagazine,31:4,pp.18-19.

CÉSTQ(2017),LaVielleintelligenteauservicedubiencommun:Lignesdirectricespourallierl’éthiqueaunumériquedanslesmunicipalitésduQuébec,GouvernementduQuébec,112pp.

Information and Privacy Commissioner of Ontario (2015), Transparency, Privacy and the Internet:MunicipalBalancingActs,Ontariogovernment,24pp.

EuropeanParliament(2016),Regulation(EU)2016/679oftheEuropeanParliamentandoftheCouncilof27April2016ontheProtectionofNaturalPersonswithRegardtotheProcessingofPersonalDataandtheFreeMovementofSuchData,EuropeanUnion.

The Forum on the Socially Responsible Development of Artificial Intelligence (2017), The MontrealDeclaration for a Responsible Development of Artificial Intelligence, Viewed at:https://www.declarationmontreal-iaresponsable.com/la-declaration,ConsultedDecember20,2017.

Gaughan, M (2016), Privacy in the Smart City: Implications of Sensor Network Design, Law, and Policy ForLocationalPrivacy,Master’sthesis,UrbanStudies,UniversityofWashington.

IEEE(2017),CodeofEthicsandProfessionalConduct,Viewedat:https://www.ieee.org/about/corporate/governance/p7-8.html,consultedDecember20,2017.

IEEE (2017b), IEEE Mission and Vision, Viewed at: https://www.ieee.org/about/vision_mission.htmlConsultedDecember20,2017.

Jones,M.L. (2015),“The IroniesofAutomationLaw:TyingPolicyKnotswithFairAutomationPracticesPrinciples,”Vand.J.Ent.&Tech.L.,Vol.18,pp.77-193.

Kitchin, R (2016),Getting smarter about smart cities: Improving data privacy and data security, DataProtectionUnit,DepartmentoftheTaoiseach,Dublin,Ireland.

Metcalf,J.andCrawford,K.(2016),“Wherearehumansubjectsinbigdataresearch?Theemergingethicsdivide,”BigData&Society,January-June,pp.1-14.

JusticeCanada(2017),“PrinciplesSetOutintheNationalStandardofCanadaEntitledModelCodefortheProtectionofPersonalInformation,CAN/CSA-Q830-96,”inCANADA,PersonalInformationProtectionandElectronic Documents Act: S.C. 2000, c. 5, current as of July 3, 2017 [Ottawa], Justice Canada, 2017,Appendix1,article5.

New York City (2017), NYC’s Guidelines for Building a Smart + Equitable City, Viewed at:https://iot.cityofnewyork.usConsultedDecember20,2017.

NewYorkCityInnovation&TechnologiesWorkgroup(undated),NYC’sGuidelinesforBuildingaSmart+EquitableCity,TheNYSForum.



OECD(2013),GuidelinesontheProtectionofPrivacyandTransborderFlowsofPersonalData.Viewedat:http://www.oecd.org/fr/sti/ieconomie/lignesdirectricesregissantlaprotectiondelaviepriveeetlesfluxtransfrontieresdedonneesdecaracterepersonnel.htmConsultedDecember20,2017.

Richards,N.M.andKing,J.H.(2014),“BigDataEthics,”WakeForestLawReview49:393-432.

RiekL.andHartzog,W.andHowardD.,etal.(2014),“TheEmergingPolicyandEthicsofHumanRobotInteraction,” Proceedings of the Tenth Annual ACM/IEEE International Conference on Human-RobotInteractionExtendedAbstracts,March2,2015,pp.247-248

Rosenberg,Scott(2017),“WhyAIIsStillWaitingForItsEthicsTransplant,”Wired,November2017.Viewedat:https://www.wired.com/story/why-ai-is-still-waiting-for-its-ethics-transplant/?mbid=email_onsiteshareConsultedDecember20,2017.

RussoGarrido,S.,Allard,M.C.,Merveille,N.,etal.(2017),FinalReport#1forBatch5oftheIoTStandardsDevelopmentProjectLiteratureReview:Ethical IssuesAndSocialAcceptabilityof IoT in theSmartCity,ReportdeliveredtoJean-MartinThibaultinNovember2017.

Zook,M.,Barocas,S.,Boyd,D.,Crawford,K.,Keller,E.,Gangadharan,S.P.,etal.,e1005399(2017),“Tensimplerulesforresponsiblebigdataresearch,”Editorial,PLOSComputationalBiology13(3).



AppendixACompleteListofPrinciplesConsideredforAnalysis

ThisAppendixappearsbelowunderthesecondtaboftheExcelfileCompilationfinaleprinciples10122017



AppendixBValuesandPrinciplesofSmartCitiesServingtheCommonGood

(CÉSTQ,2017)

B.ValuesandPrinciplesoftheCommissiond’ÉthiqueSciencesetTechnologieduQuébec,inItsOpiniononSmartCities(2017)







AppendixCNYC’sGuidelinesforBuildingaSmart+EquitableCity

C.NYC’sGuidelinesforBuildingaSmart+EquitableCity

NYC’sGuidelinesforBuildingaSmart+EquitableCitywerepublishedin2016and30cities,includingParis,havesubsequentlysignedthem.

Principle1:PrivacyandTransparency

City IoT deployments must protect and respect the privacy of residents and visitors. The City iscommittedtobeingopenandtransparentaboutthe“who,what,where,when,whyandhow”ofdatacollection,transmission,processinganduse.

1.1:TheCityshouldmakeprocessesandpoliciesrelatedtoIoTandIoT-relateddatapubliclyavailableinan up-to-date, clear and comprehensive manner. IoT principles, guidelines, operational policies andresponsibilitiesshouldbetransparentandmadepublicviaaCitygovernmentwebsite.

1.2:IoT data should only be collected, transmitted, processed and usedfor specified, explicit andlegitimatepurposes.Thepurposeofdatacollection(e.g.,ausecasesuchasmonitoringairquality),whatdataiscollected(e.g.,particulatesintheair)andhowdataisbeingcollected(e.g.,pollutionsensoronalightpole)shouldbetransparentandmadepublicviaaCitygovernmentwebsiteorotherpublicnotice.

1.3:DataandinformationcollectedbyIoTdevicesshouldbeclassifiedandtreatedaccordingly,pertheCityofNewYork’sDataClassificationPolicy,asPublic,Sensitive,PrivateorConfidential.Allpersonallyidentifiable information (PII) shouldbeclassifiedataminimumasprivate.Alldatathat isclassifiedasbeingconfidential,orpersonallyidentifiable,shouldbeprotectedfromunauthorizeduseanddisclosure(linktoNewYorkCityDataClassificationPolicy).

1.4:PIIshouldbydefaultbeanonymizedbeforebeingsharedinanywaythatcouldmaketheinformationpubliclysearchableordiscoverable.Anycopiesandreproductionsmusthavethesameorhigherlevelofclassificationastheoriginal.AnycombinationsofdatashouldbereclassifiedaccordingtotheCity’sDataClassificationPolicy.(LinktoNewYorkCityDataEncryptionPolicy).

1.5:PII data types shouldhave a clearly associated retentionpolicyanddisposal procedure. Sensitive,privateorconfidentialdatashouldbekeptfornolongerthanisoperationallynecessaryorrequiredforthespecified,explicitandlegitimatepurposes.(LinktoNewYorkCityDigitalMediaRe-useandDisposalPolicy).

1.6:Beforeanysensitive,private,orconfidentialdataissharedoutsidetheoriginatingCityagency,theagencyshouldensurethattheneedcannotbemetbyusinganonymizedoraggregateddataandthattheappropriateprotectionsareinplacetopreservetheconfidentialityofthedata.

1.7:AllpublicdatasetsaresubjecttotheNYCOpenDataLawandassuchshouldbefreelyaccessibleviatheCity’sOpen-dataportal.



Principle2:DataManagement

CityIoTdeploymentsmustprotectandrespecttheprivacyofresidentsandvisitors.TheCityiscommittedtobeingopenandtransparentaboutthe“who,what,where,when,whyandhow”ofdatacollection,transmission,processinganduse.

2.1:IoTsystems(e.g.howdataiscollected,analyzedandused)shouldbedesignedwiththeusecaseinmind(e.g.predictingdemandfortrashpick-upbasedondataontrashvolume,weatherandevents)tomaximizethebenefitsthatcanbederiveddatacollection(e.g.routinggarbagetrucksmoreefficiently).Whereuseful,relevantbusinessandhistoricaldatafromtheCityoritspartnersshouldbemadeavailableandutilizedbyapplications.

2.2:The desiredmeasurement from any IoT system(e.g. pedestrian counts) should be collected andcategorizedasefficientlyaspossible,usingasfewstepsand/ormanipulationsasnecessary.

2.3:IoTdata shouldbecollectedand storedaccording toopen standards, contain relevant contextualmetadata, be exposed through open, standards-based application program interfaces (APIs), and beprovidedwithsoftwaredevelopmentkits(SDKs)whereapplicablesoitcanbeeasilysharedorcombinedwithotherdatasets.

2.4:IoTdatashouldbearchivedinafederatedwayandmadeaccessiblethroughouttheCitythroughacentralportal(e.g.theCity’sopen-dataportal)oracatalogueofdocumentedopenAPIsunlessrestrictedbyexisting lawsorregulationsand/ordoingsowouldcompromiseprivacyorpublicsafety.Data fromothersystemsnotoperatedbytheCity,suchasfromaprivatesectorpartnerorfromcrowdsourcing,thatcouldprovidepublicbenefitcanalsobeprovidedinthisformwiththesourcedocumentedaccordingly.

2.5:The City recognizes the use of distinctand sometimes conflicting non-proprietary international,national,orindustrystandardsfordataandtechnologyinterfaces.Incaseswherestandardsconflict,theonethatmostcloselyalignstotheusecasewillbeselected.

2.6:EachIoTdevicedataset(e.g.temperature)shouldbevalidatedandverified(e.g.throughredundancyindatacollectionand/orhistoricaldata)andtheresultingmastercopyclearlylabeledbeforeitisused,aggregatedand/orreleased.Datashouldbeversionedsothatanyupdateddatacanbedistinguishedfromthe original and/or master copy. The retention and disposal policies for the master copy should beexplicitlydefined.

2.7:IoTdatashouldbebothauditedandcontinuouslymonitoredforaccuracyandvalidity.Thisprocessshouldbeautomatedwherepossible.

2.8:Alldatasets(e.g.311servicerequests)shouldbecheckedforgeographic,socialorsystem-drivenbias(e.g.geographicdifferencesincivicengagement)andotherqualityproblems.Anybiasingfactorsshouldberecordedandprovidedwiththedatasetandcorrectedwherepossible.

Principle3:Infrastructure

IoTdevices,networksand infrastructure shallbedeployed,used,maintainedanddisposedof inanefficient,responsibleandsecuremannertomaximizepublicbenefit.



3.1:TosupportcitywidecoordinationofIoTdeployments,CityagenciesshouldmaintainaninventoryofIoTdevicesthattheydeployusingastandardizedformat.CityagenciesshouldalsomaintainaninventoryofthepublicorprivateassetsonwhichdevicesareinstalledandthenetworksusedbytheseIoTdevicesincluding details on the network type (e.g. LTE), security protocol (e.g. WPA), location, service levelagreements,andcontactinformationforthenetworkandsystemoperator.

3.2:TheCityshouldaccumulateandpublish,viaaCitygovernmentwebsite,public informationonIoTsystemsincludingbutnotlimitedtoexamplesofdeployedIoTdevices(e.g.airqualitysensors)andthedifferenttypesofpublicassets(e.g.lightpoles)onwhichtheyaredeployed.

3.3:TheCityshouldmakepublic,viaaCitygovernmentwebsite,astandardizedprotocol,includingpointsof contact, for requesting access to, and approving use of, City assets for IoT deployments. Whereappropriate,theCitywilldetailrestrictionsonparticulartypesofpublicassetsand/orsitingrestrictions(e.g.rulesforlandmarkorhistoricdistricts).

3.4:IoT deployments shall, where possible, leverage or repurposeexisting conduit and public assets,maximizeenergyefficiency,andadheretosustainabledevicedisposalprocedures.

3.5:The City should leverage existing wireless and fixed networkswhere possible and appropriate.NetworksforIoTdeploymentsshouldbeselectedtobestsupportthespecificusecase.Thisshouldincludebutisnotlimitedtoensuringappropriatesecurityprotocols,bandwidth,pricingmodels,andservicelevelagreements(SLAs).

3.6:AllIoTdevicesandnetworkequipmentinstalledbytheCity,ontheCity’sbehalf,oronCitypropertyshouldhaveclearsitelicenseagreementsandestablishedtermsofservicegoverningwhoisresponsibleforongoingoperations,maintenance,and thesecuredisposalofequipment. IoTdevicesandnetworkequipmentshouldbelabeledclearlywiththenameandcontactinformationfortheresponsibleparty.

3.7:Publicassetsshouldbeinstrumentedinanorderlymannerthatminimizesclutterandallowsforeaseof access for replacement, repair and addition of new equipment or devices. If new conduit is beinginstalledusingpublicassets(e.g.toaccessrooftopofpublicbuildings)orusingpublicright-of-way(e.g.inCitystreets),locationdetailsmustbefiledwiththeresponsibleagencyanduseoftheconduitshouldnotberestrictedtooneparty.

3.8:IoTsystemsshouldbedesignedtomaximizeresiliencyintheeventofanaturaldisaster(e.g.severeflooding) or other emergencies (e.g. electrical outages). Critical systems should have establishedemergencyresponseplanstoensuretheappropriatecontinuityofservice.

Principle4:Security

IoTsystemsshouldbedesignedandoperatedwithsecurityinmindtoprotectofthepublic,ensuretheintegrityofservices,andberesilienttoattacks.

4.1:IoTsystemsshouldbedesignedwithanexplicitfocusonminimizingsecurityrisks(e.g.unauthorizedoperationorhacking,systemfaults,tampering,andenvironmentalrisks), limitingthepotential impactfroma securitybreach (e.g. the releaseofpersonally identifiable information), andensuring that anycompromisescanbequicklydetectedandmanaged.



4.2:IoT systems should utilize established security frameworks, where possible, and ensurecommunicationbetweencomponentsistightlyconstrained.

4.3:Identityandaccessmanagementcontrols shouldbe inplacetoensure that the rightpeoplehaveaccess to systems, networks, and data at the right time. Userswith access to IoT systems should beidentifiedandauthenticated.Identificationshouldbetotheindividualandnottotherole.

4.4:All data should be protected in transit and at rest, and systems should be secured againstunauthorizedaccessoroperation.Datastoragemechanismsmustnotbeeasilyremovedfromdevicesandsystemsmustnothavevulnerableexternalinterfaces(e.g.unsecuredUSBports).

4.5:All partners utilizing public assets and/or networksfor IoT deployments should adhere to theprinciples and guidelines set by theCity. TheCity has the right to restrict or revoke access to assets,devices,andpublicnetworkstoprotectthepublicinterestandpublicsafety.

4.6:TheCityand itspartners shouldengageinbothaudit-basedandcontinuousmonitoring toensurethatsystemsareworkingandthatdeviceshavenotbeencompromised.

4.7:Responsibilities relatedtosecuritymonitoringandtheprotectionof IoTsystemsshouldbeclearlydefined.Intheeventofabreach,publicandprivatesectorentitieswillberequiredtocomplywiththeCity’sbreachdisclosureandnotificationrequirements.

Principle5:OperationsandSustainability

AllIoTdeploymentsshouldbestructuredtomaximizepublicbenefitandensurefinancial,operational,andenvironmentalsustainability.

5.1:Demonstrated need, business case, and public benefit(e.g. economic, social, and environmentaloutcomes)shouldberequiredpriortodeploymentofanynewIoTdevicesorsolutions.Inaddition,proofofconceptshouldberequiredpriortocitywidedeployments.

5.2:Prior to deployment, the City and its partners shall identifyall stakeholder and user groups (e.g.communityresidentsandcityemployees)thatwillbeimpactedbyIoTsolutionandestablishfeedbackmechanismsandmethodsofengagementforthesegroups.Beforeandduringdeployment,theCityanditspartnersshouldalsocheckforandaddressbiasesinIoTsolution(e.g.informationasymmetries)thatmayresultinunintendedconsequences(e.g.inequitableservicedelivery).

5.3:TheCityshallprioritizeaccesstoitsassetsandpublicnetworksforIoTdevicedeploymentsthataredistributedinanequitablemannerandhavethegreatestpublicbenefit.Public-privatepartnershipsandbusinessmodelsthatoffsetcostsorgeneraterevenueinwaysalignedwithgreatestpublicbenefitareencouragedbutmustbecloselyevaluatedforrisk.

5.4:Allprojectsandassociatedcontractsoragreementsshouldoutline the“who,what,where,when,why and how” of the implementation, operations, risk management, knowledge transfer, andmaintenanceofIoTsystems.Thisshouldincludecleardefinitionsrelatedtosystemanddataownershipandresponsibilities.



5.5:Solutions shall be designed to be flexible and responsiveto evolving needs. Agreements shouldenabletheadditionofnewfunctionsandupdateofcomponentsoverthelifeoftheagreementatafairandtransparentcost.

5.6:Performance metrics should be maintained for solutions.Agreements should specify intendedoutcomesofasolutionandlevelsofserviceandprovideforpenalties,modifications,orterminationsoftheagreementintheeventthatthesolutiondoesnotperform.

5.7:The City and its partners should reuse infrastructures and componentswhere possible, leveragecitywide contracts or agreements, and develop solutions collaboratively among agencies to avoidduplicatingexistingsolutionsorfunctionsandextractthegreatestvaluefrominvestments.

5.8:All components of a solution should be implementedin a modular manner, prioritizing openstandardswherepossible,toensureinteroperabilityandpreventdependencyonasinglevendor.



AppendixDAsilomarAIPRINCIPLES

D.AsilomarAIPrinciples

Research Issues 1) Research Goal: The goal of AI research should be to create not undirected intelligence, but beneficial

intelligence.

2) Research Funding: Investments in AI should be accompanied by funding for research on ensuring its

beneficial use, including thorny questions in computer science, economics, law, ethics, and social studies,

such as:

• How can we make future AI systems highly robust, so that they do what we want without

malfunctioning or getting hacked?

• How can we grow our prosperity through automation while maintaining people’s resources and

purpose?

• How can we update our legal systems to be more fair and efficient, to keep pace with AI, and to

manage the risks associated with AI?

• What set of values should AI be aligned with, and what legal and ethical status should it have?

3) Science-Policy Link: There should be constructive and healthy exchange between AI researchers and

policy-makers.

4) Research Culture: A culture of cooperation, trust, and transparency should be fostered among

researchers and developers of AI.

5) Race Avoidance: Teams developing AI systems should actively cooperate to avoid corner-cutting on

safety standards. Ethics and Values 6) Safety: AI systems should be safe and secure throughout their operational lifetime, and verifiably so

where applicable and feasible.

7) Failure Transparency: If an AI system causes harm, it should be possible to ascertain why.

8) Judicial Transparency: Any involvement by an autonomous system in judicial decision-making should

provide a satisfactory explanation auditable by a competent human authority.

9) Responsibility: Designers and builders of advanced AI systems are stakeholders in the moral

implications of their use, misuse, and actions, with a responsibility and opportunity to shape those

implications.



10) Value Alignment: Highly autonomous AI systems should be designed so that their goals and behaviors

can be assured to align with human values throughout their operation.

11) Human Values: AI systems should be designed and operated so as to be compatible with ideals of

human dignity, rights, freedoms, and cultural diversity.

12) Personal Privacy: People should have the right to access, manage and control the data they generate,

given AI systems’ power to analyze and utilize that data.

13) Liberty and Privacy: The application of AI to personal data must not unreasonably curtail people’s

real or perceived liberty.

14) Shared Benefit: AI technologies should benefit and empower as many people as possible.

15) Shared Prosperity: The economic prosperity created by AI should be shared broadly, to benefit all of

humanity.

16) Human Control: Humans should choose how and whether to delegate decisions to AI systems, to

accomplish human-chosen objectives.

17) Non-subversion: The power conferred by control of highly advanced AI systems should respect and

improve, rather than subvert, the social and civic processes on which the health of society depends.

18) AI Arms Race: An arms race in lethal autonomous weapons should be avoided. Longer-term Issues 19) Capability Caution: There being no consensus, we should avoid strong assumptions regarding upper

limits on future AI capabilities.

20) Importance: Advanced AI could represent a profound change in the history of life on Earth, and should

be planned for and managed with commensurate care and resources.

21) Risks: Risks posed by AI systems, especially catastrophic or existential risks, must be subject to

planning and mitigation efforts commensurate with their expected impact.

22) Recursive Self-Improvement: AI systems designed to recursively self-improve or self-replicate in a

manner that could lead to rapidly increasing quality or quantity must be subject to strict safety and control

measures.

23) Common Good: Superintelligence should only be developed in the service of widely shared ethical

ideals, and for the benefit of all humanity rather than one state or organization.



AppendixEMontréalDeclaration

E.MontréalDeclarationPREAMBLEIntelligence,whetheritbenaturalorartificial,hasnovalueinandof itself.Anindividual’sintelligencedoesnottellusanythingabouthisorhermorality;thisisalsothecaseforanyotherintelligententity.Intelligencecan,however,haveaninstrumentalvalue:itisatoolthatcanleadusawayfromortowardsa goal we wish to attain. Thus, artificial intelligence can create new risks and exacerbate social andeconomicinequalities.Butitcanalsocontributetowell-being,freedomandjustice.

Fromanethicalpointofview,thedevelopmentofAIposespreviouslyunknownchallenges.Forthefirsttimeinhistory,wehavetheopportunitytocreatenon-human,autonomousandintelligentagentsthatdonotneedtheircreatorstoaccomplishtasksthatwerepreviouslyreservedforthehumanmind.Theseintelligentmachinesdonotmerelycalculatebetterthanhumanbeings,theyalsolookfor,processanddisseminateinformation.Theyinteractwithsentientbeings,humanornon-human.Soon,theywillevenbeabletokeepthemcompany,aswouldaparentorafriend.

Theseartificialagentswillcometodirectlyinfluenceourlives.Inthelongterm,wecouldcreate“moralmachines,”machinesable tomakedecisionsaccording toethicalprinciples.Wemustaskourselves ifthesedevelopmentsareresponsibleanddesired.AndwecanhopethatAIwillmakeoursocietiesbetter,inthebestinterestof,andwithrespectfor,everyone.

Theprinciplesandrecommendationsthatweareaskingyoutodevelopcollectivelyareethicalguidelinesforthedevelopmentofartificialintelligence.Inthisfirstphaseofthedeclaration,wehaveidentifiedsevenvalues:well-being, autonomy, justice, personal privacy, knowledge, democracy and responsibility. Foreachvalue,youwillfindaseriesofquestionsthatseektoexploreitsrelationshipwiththedevelopmentofAI.Wethenputforthanormativeprinciple,onethatdoesnotdirectlyanswerthequestionsasked.VALUES,QUESTIONS,PRINCIPLESWell-being• HowcanAIcontributetopersonalwell-being?• Isitacceptableforanautonomousweapontokillahumanbeing?Whataboutananimal?• IsitacceptableforAItocontroltherunningofanabattoir?• ShouldweentrustAIwiththemanagementofalake,aforestortheEarth’satmosphere?• ShouldwedevelopAItechnologywhichisabletosenseaperson'swell-being?



Proposedprinciple:ThedevelopmentofAIshouldultimatelypromotethewell-beingofallsentientcreatures.Autonomy• HowcanAIcontributetogreaterautonomyforhumanbeings?• Mustwefightagainstthephenomenonofattention-seekingwhichhasaccompaniedadvancesin

AI?• ShouldwebeworriedthathumanspreferthecompanyofAItothatofotherhumansoranimals?• Cansomeonegiveinformedconsentwhenfacedwithincreasinglycomplexautonomous

technologies?• Mustwelimittheautonomyofintelligentcomputersystems?Shouldahumanalwaysmakethe

finaldecision?

Proposedprinciple:ThedevelopmentofAIshouldpromotetheautonomyofallhumanbeingsandcontrol,inaresponsibleway,theautonomyofcomputersystems.Justice• HowdoweensurethatthebenefitsofAIareavailabletoeveryone?• MustwefightagainsttheconcentrationofpowerandwealthinthehandsofasmallnumberofAI

companies?• WhattypesofdiscriminationcouldAIcreateorexacerbate?• ShouldthedevelopmentofAIbeneutralorshoulditseektoreducesocialandeconomic

inequalities?• WhattypesoflegaldecisionscanwedelegatetoAI?

Proposedprinciple:ThedevelopmentofAIshouldpromotejusticeandseektoeliminatealltypesofdiscrimination,notablythose linked to gender, age,mental / physical abilities, sexual orientation, ethnic / social origins andreligiousbeliefs.Privacy• HowcanAIguaranteerespectforpersonalprivacy?• Doourpersonaldatabelongtousandshouldwehavetherighttodeletethem?• Shouldweknowwithwhomourpersonaldataaresharedand,moregenerally,whoisusingthese

data?• DoesitcontraveneethicalguidelinesorsocialetiquetteforAItoansweroure-mailsforus?• WhatelsecouldAIdoinourname?Proposedprinciple:ThedevelopmentofAIshouldofferguaranteesrespectingpersonalprivacyandallowingpeoplewhouseittoaccesstheirpersonaldataaswellasthekindsofinformationthatanyalgorithmmightuse.



Knowledge• DoesthedevelopmentofAIputcriticalthinkingatrisk?• Howdoweminimizethedisseminationoffakenewsormisleadinginformation?• ShouldresearchresultsonAI,whetherpositiveornegative,bemadeavailableandaccessible?• Isitacceptablenottobeinformedthatmedicalorlegaladvicehasbeengivenbyachatbot?• Howtransparentshouldtheinternaldecision-makingprocessesofalgorithmsbe?

Proposedprinciple:The development of AI should promote critical thinking and protect us from propaganda andmanipulation.Democracy

• HowshouldAIresearchanditsapplications,attheinstitutionallevel,becontrolled?• Inwhatareaswouldthisbemostpertinent?• Whoshoulddecide,andaccordingtowhichmodalities,thenormsandmoralvaluesdetermining

thiscontrol?• Whoshouldestablishethicalguidelinesforself-drivingcars?• ShouldethicallabelingthatrespectscertainstandardsbedevelopedforAI,websitesand

businesses?

Proposedprinciple:ThedevelopmentofAIshouldpromoteinformedparticipationinpubliclife,cooperationanddemocraticdebate.Responsibility• WhoisresponsiblefortheconsequencesofthedevelopmentofAI?• HowshouldwedefineprogressiveorconservativedevelopmentofAI?• HowshouldwereactwhenfacedwithAI’spredictableconsequencesonthelabourmarket?• IsitacceptabletoentrustavulnerablepersontothecareofAI(forexample,a“robotnanny”)?• Cananartificialagent,suchasTay,Microsoft’s“racist”chatbot,bemorallyculpableand

responsible?

Proposedprinciple:ThevariousplayersinthedevelopmentofAIshouldassumetheirresponsibilitybyworkingagainsttherisksarisingfromtheirtechnologicalinnovations.DEFINITIONS

SentientbeingAny being able to feel pleasure, pain, emotions; basically, to feel. At the current state of scientificknowledge, all vertebrates and some invertebrates such as octopi, are considered sentient beings. Inbiology,thedevelopmentofthischaracteristiccanbeexplainedbythetheoryofevolution.



Ethics(orMorals)Thisisthedisciplinethatponderstheproperwaystobehave,individuallyorcollectively,bylookingtoadoptanimpartialpointofview.Itisbasedonmoralnormsandvalues.MoralvaluesMoralvaluesarerelatedtogoodandevil:theyallowus,forexample,toqualifyanactionasjustorunjust,honestordishonest,commendableorblameworthy.EpistemicvalueEpistemicvaluesarerelatedtoknowledge:theyallowus,forexample,toqualifyanargumentasvalidorinvalid,clearorunclear,pertinentortrivial.IntrinsicvalueAvalueisintrinsicwhenitisanultimatejustification,whenonelooksforitinandofitself.Forexample,well-being,autonomyandjusticecanbelookedinandofthemselves;thustheyareintrinsicvalues.InstrumentalvalueAvalueisinstrumentalwhenitisinserviceofsomethingelse,whenithelpspromoteanintrinsicvalue,forexample.Moneyandintelligenceareexamplesofinstrumentalvaluesthatcanbeputtotheserviceofwell-being,autonomyorjustice.UtopiaApossibleworldwhichembodiesacollectionofpositivevalues.Thus,itcanbesaidthatasocietyinwhichAIfreespeoplefromallunpleasantwork,allowingthemtotakecareofeachotherwhilefullydevelopingtheirpersonalpotential,wouldbeautopiansociety.Dystopia

Thisistheoppositeofautopia.Itisapossibleworldthatembodiesacollectionofnegativevalues.Thus,it canbesaid thatasociety inwhichseveralcorporations (orasinglecorporation)becomeextremelypowerfulthankstoAI,allowingthemtocontrolandexploitpeople,wouldbeadystopiansociety.



AppendixFACMCodeofEthics(2018)

F.2018ACMCodeofEthicsandProfessionalConduct:Draft2

Draft2wasdevelopedbyTheCode2018TaskForce.

(Itisbasedonthe2018ACMCodeofEthicsandProfessionalConduct:Draft1)

Preamble

TheACMCodeofEthicsandProfessionalConduct(“theCode”)identifieskeyelementsofethicalconductincomputing.

TheCodeisdesignedtosupportallcomputingprofessionals,whichistakentomeancurrentoraspiringcomputingpractitionersaswellasthosewhoinfluencetheirprofessionaldevelopment,andthosewhouse technology in an impactful way. The Code includes principles formulated as statements ofresponsibility,basedontheunderstandingthatthepublicgoodisalwaysaprimaryconsideration.Section1 outlines fundamental ethical considerations. Section 2 addresses additional, more specificconsiderationsofprofessionalresponsibility.Section3pertainsmorespecificallytoindividualswhohavealeadershiprole,whetherintheworkplaceorinavolunteerprofessionalcapacity.CommitmenttoethicalconductisrequiredofeveryACMmemberandprinciplesinvolvingcompliancewiththeCodearegiveninSection4.

TheCodeasawholeisconcernedwithhowfundamentalethicalprinciplesapplytoone’sconductasacomputing professional. Each principle is supplemented by guidelines, which provide explanations toassistmembersinunderstandingandapplyingit.Theseextraordinaryethicalresponsibilitiesofcomputingprofessionalsarederivedfrombroadlyacceptedethicalprinciples.

TheCode isnotanalgorithmforsolvingethicalproblems, rather it is intendedtoserveasabasis forethicaldecisionmakingintheconductofprofessionalwork.Wordsandphrasesinacodeofethicsaresubjecttovaryinginterpretations,andaparticularprinciplemayseemtoconflictwithotherprinciplesinspecific situations. Questions related to these kinds of conflicts can best be answered by thoughtfulconsideration of the fundamental ethical principles, understanding the public good is the paramountconsideration.Theentireprofessionbenefitswhentheethicaldecisionmakingprocessistransparenttoallstakeholders.Inaddition,itmayserveasabasisforjudgingthemeritofaformalcomplaintpertainingtoaviolationofprofessionalethicalstandards.



1.GENERALMORALPRINCIPLES


1.1Contribute to societyand tohumanwell-being,acknowledging thatallpeopleare stakeholders incomputing.

Thisprinciple concerning thequalityof lifeof all peopleaffirmsanobligation toprotect fundamentalhumanrightsandtorespectdiversity.Anessentialaimofcomputingprofessionalsistominimizenegativeconsequencesofcomputing,includingthreatstohealth,safety,personalsecurity,andprivacy.Computingprofessionalsshouldgiveconsiderationtowhethertheproductsoftheireffortswillbeusedinsociallyresponsibleways,willmeetsocialneeds,andwillbebroadlyaccessible.Theyareencouragedtoactivelycontributetosocietybyengaginginprobonoorvolunteerwork.Whentheinterestsofmultiplegroupsconflicttheneedsoftheleastadvantagedshouldbegivenincreasedattentionandpriority.

In addition to a safe social environment, human well-being requires a safe natural environment.Therefore,computingprofessionalsshouldbealertto,andmakeothersawareof,anypotentialharmtothelocalorglobalenvironment.

1.2Avoidharm.

In this document, “harm” means negative consequences to any stakeholder, especially when thoseconsequencesaresignificantandunjust.Examplesofharmincludeunjustifieddeath,unjustifiedlossofinformation, and unjustified damage to property, reputation, or the environment. This list is notexhaustive.

Well-intendedactions,includingthosethataccomplishassignedduties,mayunexpectedlyleadtoharm.In such an event, those responsible areobligated toundoormitigate theharmasmuch as possible.Avoidingunintentionalharmbeginswithcarefulconsiderationofpotentialimpactsonallthoseaffectedbydecisions.

Tominimizethepossibilityofindirectlyharmingothers,computingprofessionalsshouldfollowgenerallyacceptedbestpracticesforsystemdesign,development,andtesting.Additionally,theconsequencesofemergentsystemsanddataaggregationshouldbecarefullyanalyzed.ThoseinvolvedwithpervasiveorinfrastructuresystemsshouldalsoconsiderPrinciple3.7.

Atwork,acomputingprofessionalhasanadditionalobligationtoreportanysignsofsystemrisksthatmightresultinseriouspersonalorsocialharm.Ifone’ssuperiorsdonotacttocurtailormitigatesuchrisks, it may be necessary to “blow the whistle” to reduce potential harm. However, capricious ormisguided reporting of risks can itself be harmful. Before reporting risks, the computing professionalshouldthoroughlyassessallrelevantaspectsoftheincidentasoutlinedinPrinciple2.5.

1.3Behonestandtrustworthy.

Honesty is an essential component of trust. A computing professional should be fair and not makedeliberatelyfalseormisleadingclaimsandshouldprovidefulldisclosureofallpertinentsystemlimitationsandpotentialproblems.Fabricationofdata,falsificationofdata,andscientificmisconductaresimilarlyviolationsoftheCode.Onewhoisprofessionallydishonestisaccountableforanyresultingharm.

Acomputingprofessionalshouldbehonestabouthisorherownqualifications,andaboutanylimitationsincompetencetocompleteatask.Computingprofessionalsshouldbeforthrightaboutanycircumstancesthat might lead to conflicts of interest or otherwise tend to undermine the independence of theirjudgment.



MembershipinvolunteerorganizationssuchasACMmayattimesplaceindividualsinsituationswheretheir statements or actions could be interpreted as carrying the “weight” of a larger group ofprofessionals.AnACMmembershouldexercisecarenottomisrepresentACM,orpositionsandpoliciesofACMoranyACMunits.

1.4Befairandtakeactionnottodiscriminate.

Thevaluesofequality,tolerance,respectforothers,andequaljusticegovernthisprinciple.Prejudicialdiscriminationonthebasisofage,color,disability,ethnicity,familystatus,genderidentity,militarystatus,nationalorigin, race, religionorbelief, sex, sexualorientation,oranyother inappropriate factor is anexplicitviolationofACMpolicy.Sexualharassmentisaformofdiscriminationthatlimitsfairaccesstothespaceswheretheharassmenttakesplace.

Inequities betweendifferent groupsof peoplemay result from theuseormisuseof information andtechnology. Technologies should be as inclusive and accessible as possible. Failure to design forinclusivenessandaccessibilitymayconstituteunfairdiscrimination.

1.5 Respect the work required to produce new ideas, inventions, and other creative and computingartifacts.

Thedevelopmentofnewideas,inventions,andothercreativeandcomputingartifactscreatesvalueforsociety,andthosewhoexpendtheeffortneededforthisshouldexpecttogainvaluefromtheirwork.Computingprofessionalsshouldthereforeprovideappropriatecredit tothecreatorsof ideasorwork.This may be in the form of respecting authorship, copyrights, patents, trade secrets, non-disclosureagreements,licenseagreements,orothermethodsofattributingcreditwhereitisdue.

Bothcustomandthelawrecognizethatsomeexceptionstoacreator’scontrolofaworkarenecessarytofacilitatethepublicgood.Computingprofessionalsshouldnotundulyopposereasonableusesoftheirintellectualworks.

Effortstohelpothersbycontributingtimeandenergytoprojectsthathelpsocietyillustrateapositiveaspectofthisprinciple.Sucheffortsincludefreeandopensourcesoftwareandotherworkputintothepublicdomain.Computingprofessionalsshouldavoidmisappropriationofacommons.

1.6Respectprivacy.

“Privacy”isamulti-facetedconceptandacomputingprofessionalshouldbecomeconversantinitsvariousdefinitionsandforms.

Technology enables the collection, monitoring, and exchange of personal information quickly,inexpensively,andoftenwithouttheknowledgeofthepeopleaffected.Computingprofessionalsshouldusepersonaldataonlyforlegitimateendsandwithoutviolatingtherightsofindividualsandgroups.Thisrequires takingprecautionstoensuretheaccuracyofdata,aswellasprotecting it fromunauthorizedaccessoraccidentaldisclosure to inappropriate individualsorgroups.Computingprofessionalsshouldestablishproceduresthatallowindividualstoreviewtheirpersonaldata,correct inaccuracies,andoptoutofautomaticdatacollection.

Only the minimum amount of personal information necessary should be collected in a system. Theretentionanddisposalperiodsforthatinformationshouldbeclearlydefinedandenforced,andpersonalinformationgatheredforaspecificpurposeshouldnotbeusedforotherpurposeswithoutconsentoftheindividual(s).Whendata collections aremerged, computingprofessionals should take special care forprivacy. Individualsmaybereadily identifiablewhenseveraldatacollectionsaremerged,eventhoughthoseindividualsarenotidentifiableinanyoneofthosecollectionsinisolation.

1.7Honorconfidentiality.



ComputingprofessionalsshouldprotectconfidentialityunlessrequiredtodootherwisebyabonafiderequirementoflaworbyanotherprincipleoftheCode.

Userdataobservedduringthenormaldutiesofsystemoperationandmaintenanceshouldbetreatedwithstrictconfidentiality,exceptincaseswhereitisevidencefortheviolationoflaw,oforganizationalregulations, or of theCode. In these cases, thenatureor contentsof that information shouldnot bedisclosedexcepttoappropriateauthorities,andthecomputingprofessionalshouldconsiderthoughtfullywhethersuchdisclosuresareconsistentwiththeCode.

2.PROFESSIONALRESPONSIBILITIES

Apracticingcomputingprofessionalshould…

2.1Strivetoachievethehighestqualityinboththeprocessandproductsofprofessionalwork.

Computingprofessionalsshould insistonhighqualityworkfromthemselvesandfromcolleagues.Thisincludesrespectingthedignityofemployers,colleagues,clients,users,andanyoneaffectedeitherdirectlyor indirectly by thework. High quality process includes an obligation to keep the client or employerproperlyinformedaboutprogresstowardcompletingthatproject.Professionalsshouldbecognizantoftheseriousnegativeconsequencesthatmayresultfrompoorqualityandshouldresistanyinducementstoneglectthisresponsibility.

2.2Maintainhighstandardsofprofessionalcompetence,conduct,andethicalpractice.

High quality computing depends on individuals and teams who take personal and organizationalresponsibility for acquiring andmaintaining professional competence. Professional competence startswith technical knowledge and awareness of the social context in which the work may be deployed.Professional competencealso requires skill in reflectiveanalysis for recognizingandnavigatingethicalchallenges. Upgrading necessary skills should be ongoing and should include independent study,conferences, seminars, and other informal or formal education. Professional organizations, includingACM,arecommittedtoencouragingandfacilitatingthoseactivities.

2.3Know,respect,andapplyexistinglawspertainingtoprofessionalwork.

ACMmembersmustobeyexistingregional,national,andinternationallawsunlessthereisacompellingethicaljustificationnottodoso.Policiesandproceduresoftheorganizationsinwhichoneparticipatesmustalsobeobeyed,butcompliancemustbebalancedwiththerecognitionthatsometimesexistinglawsandrulesareimmoralorinappropriateand,therefore,mustbechallenged.Violationofalaworregulationmaybeethicalwhenthatlaworrulehasinadequatemoralbasisorwhenitconflictswithanotherlawjudgedtobemoreimportant. Ifonedecidestoviolatea laworrulebecauseit isunethical,orforanyotherreason,onemustfullyacceptresponsibilityforone’sactionsandfortheconsequences.

2.4Acceptandprovideappropriateprofessionalreview.

Quality professional work in computing depends on professional reviewing and critiquing.Wheneverappropriate,computingprofessionalsshouldseekandutilizepeerandstakeholderreview.Computingprofessionalsshouldalsoprovideconstructive,criticalreviewoftheworkofothers.

2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, includinganalysisofpossiblerisks.

Computing professionals should strive to be perceptive, thorough, and objective when evaluating,recommending,andpresentingsystemdescriptionsandalternatives.Computingprofessionalsare inaposition of special trust, and therefore have a special responsibility to provide objective, credibleevaluationstoemployers,clients,users,andthepublic.Extraordinarycareshouldbetakentoidentifyand



mitigatepotentialrisks inself-changingsystems.Systemswhosefuturerisksareunpredictablerequirefrequent reassessment of risk as the system develops or should not be deployed. When providingevaluationstheprofessionalmustalsoidentifyanyrelevantconflictsofinterest,asstatedinPrinciple1.3.

AsnotedintheguidanceforPrinciple1.2onavoidingharm,anysignsofdangerfromsystemsshouldbereported to thosewhohaveopportunityand/or responsibility to resolve them.See theguidelines forPrinciple1.2formoredetailsconcerningharm,includingthereportingofprofessionalviolations.

2.6Acceptonlythoseresponsibilitiesforwhichyouhaveorcanobtainthenecessaryexpertise,andhonorthosecommitments.

A computing professional has a responsibility to evaluate every potential work assignment. If theprofessional’s evaluation reveals that the project is infeasible, or should not be attempted for otherreasons,thentheprofessionalshoulddisclosethistotheemployerorclient,anddeclinetoattempttheassignmentinitscurrentform.

Onceitisdecidedthataprojectisfeasibleandadvisable,theprofessionalshouldmakeajudgmentaboutwhethertheprojectisappropriatetotheprofessional’sexpertise.Iftheprofessionaldoesnotcurrentlyhavetheexpertisenecessarytocompletetheprojecttheprofessionalshoulddisclosethisshortcomingtotheemployerorclient.Theclientoremployermaydecidetopursuetheprojectwiththeprofessionalaftertimeforadditionaltraining,topursuetheprojectwithsomeoneelsewhohastherequiredexpertise,ortoforegotheproject.

Themajorunderlyingprinciplehereistheobligationtoacceptpersonalaccountabilityforprofessionalwork.Thecomputingprofessional’sethical judgmentshouldbethe finalguide indecidingwhether toproceed.

2.7Improvepublicunderstandingofcomputing,relatedtechnologies,andtheirconsequences.

Computingprofessionalshavearesponsibilitytosharetechnicalknowledgewiththepublicbycreatingawareness andencouragingunderstandingof computing, including the impactsof computer systems,their limitations, their vulnerabilities, and opportunities that they present. This imperative implies anobligationtocounteranyfalseviewsrelatedtocomputing.

2.8Accesscomputingandcommunicationresourcesonlywhenauthorizedtodoso.

ThisprinciplederivesfromPrinciple1.2–”Avoidharmtoothers.”Nooneshouldaccessoruseanother’scomputersystem,software,ordatawithoutpermission.Oneshouldhaveappropriateapprovalbeforeusingsystemresources,unlessthereisanoverridingconcernforthepublicgood.Tosupportthisclause,acomputingprofessionalshouldtakeappropriateactiontosecureresourcesagainstunauthorizeduse.Individualsandorganizationshavetherighttorestrictaccesstotheirsystemsanddataso longastherestrictionsareconsistentwithotherprinciplesintheCode(suchasPrinciple1.4).

3.PROFESSIONALLEADERSHIPPRINCIPLES

Inthissection,“leader”meansanymemberofanorganizationorgroupwhohasinfluence,educationalresponsibilities, or managerial responsibilities. These principles generally apply to organizations andgroups,aswellastheirleaders.

Acomputingprofessionalactingasaleadershould…

3.1Ensurethatthepublicgoodisacentralconcernduringallprofessionalcomputingwork.

The needs of people—including users, other people affected directly and indirectly, customers, andcolleagues—should always be a central concern in professional computing. Tasks associated withrequirements,design,development,testing,validation,deployment,maintenance,end-of-lifeprocesses,



anddisposal should have thepublic good as an explicit criterion for quality. Computingprofessionalsshouldkeepthisfocusnomatterwhichmethodologiesortechniquestheyuseintheirpractice.

3.2Articulate,encourageacceptanceof,andevaluatefulfillmentofthesocialresponsibilitiesofmembersofanorganizationorgroup.

Technical organizations and groups affect the public at large, and their leaders should acceptresponsibilitiestosociety.Organizationalproceduresandattitudesorientedtowardquality,transparency,andthewelfareofsocietywillreduceharmtomembersofthepublicandraiseawarenessoftheinfluenceof technology in our lives. Therefore, leaders should encourage full participation in meeting socialresponsibilitiesanddiscouragetendenciestodootherwise.

3.3Managepersonnelandresourcestodesignandbuildsystemsthatenhancethequalityofworkinglife.

Leadersareresponsibleforensuringthatsystemsenhance,notdegrade,thequalityofworkinglife.Whenimplementingasystem,leadersshouldconsiderthepersonalandprofessionaldevelopment,accessibility,physicalsafety,psychologicalwell-being,andhumandignityofallworkers.Appropriatehuman-computerergonomicstandardsshouldbeconsideredinsystemdesignandintheworkplace.

3.4Establishappropriaterulesforauthorizedusesofanorganization’scomputingandcommunicationresourcesandoftheinformationtheycontain.

Leadersshouldclearlydefineappropriateandinappropriateusesoforganizationalcomputingresources.Theserulesshouldbeclearlyandeffectivelycommunicatedtothoseusingtheircomputingresources.Inaddition,leadersshouldenforcethoserules,andtakeappropriateactionwhentheyareviolated.

3.5 Articulate, apply, and support policies that protect the dignity of users and others affected bycomputingsystemsandrelatedtechnologies.

Dignity is the principle that all humans are due respect. This includes the general public’s right toautonomyinday-to-daydecisions.

Designing or implementing systems that deliberately or inadvertently violate, or tend to enable theviolationof,thedignityorautonomyof individualsorgroups isethicallyunacceptable.Leadersshouldverifythatsystemsaredesignedandimplementedtoprotectdignity.

3.6Createopportunitiesformembersoftheorganizationandgrouptolearn,respect,andbeaccountablefortheprinciples,limitations,andimpactsofsystems.

ThisprinciplecomplementsPrinciple2.7onpublicunderstanding.Educationalopportunitiesareessentialto facilitate optimal participation of all organization or group members. Leaders should ensure thatopportunitiesareavailabletocomputingprofessionalstohelpthemimprovetheirknowledgeandskillsinprofessionalism,inthepracticeofethics,andintheirtechnicalspecialties,includingexperiencesthatfamiliarize them with the consequences and limitations of particular types of systems. Professionalsshould know the dangers of oversimplified models, the improbability of anticipating every possibleoperatingcondition,theinevitabilityofsoftwareerrors,theinteractionsofsystemsandthecontextsinwhichtheyaredeployed,andotherissuesrelatedtothecomplexityoftheirprofession.

3.7Recognizewhencomputersystemsarebecomingintegrated intothe infrastructureofsociety,andadoptanappropriatestandardofcareforthosesystemsandtheirusers.

Organizations and groups occasionally develop systems that become an important part of theinfrastructureofsociety.Theirleadershavearesponsibilitytobegoodstewardsofthatcommons.Partofthatstewardshiprequiresthatcomputingprofessionalsmonitorthelevelofintegrationoftheirsystemsintotheinfrastructureofsociety.Asthelevelofadoptionchanges,therearelikelytobechangesinthe



ethicalresponsibilitiesoftheorganization.Leadersof important infrastructureservicesshouldprovidedueprocesswithregardtoaccesstotheseservices.Continualmonitoringofhowsocietyisusingaproductwillallowtheorganizationtoremainconsistentwiththeirethicalobligationsoutlinedintheprinciplesofthecode.Wheresuchstandardsofcaredonotexist,theremaybeadutytodevelopthem.

4.COMPLIANCEWITHTHECODE


4.1Uphold,promote,andrespecttheprinciplesoftheCode.

The future of computing depends on both technical and ethical excellence. Computing professionalsshouldadheretotheprinciplesexpressedintheCode.EachACMmembershouldencourageandsupportadherencebyallcomputingprofessionals.ComputingprofessionalswhorecognizebreachesoftheCodeshouldtakewhateveractionsarewithintheirpowertoresolvetheethicalissuestheyrecognize.

4.2TreatviolationsoftheCodeasinconsistentwithmembershipinACM.

IfanACMmemberdoesnotfollowtheCode,membershipinACMmaybeterminated.



AppendixGListofGeneralandSpecificPrinciples

ThisappendixpartiallyappearsbelowandisfoundinthefirsttaboftheExcelfileCompilationfinaleprinciples10122017

G.FinalListofPrinciples

