Introduction

In recent years, as families travel to Disney World, they embrace technology. They use apps and MagicBands – password-protected smart bracelets employing radio frequency identification (RFID) – to check in and out of hotels, enter their rooms and the parks, manage and redeem FastPass reservations, and pay for meals and souvenirs, often without ever speaking to a cast member. As Disney World-type technologies are introduced into the real world, it is vital to investigate the institutionalization and acceptance of pervasive monitoring via complex networks of unnoticed sensors and integrated systems. We discuss the values and functions of these technologies and how they ultimately shape our privacy preferences and expectations.

We frame Disney as a lab for public technology applications and use it to explore information governance challenges associated with pervasive location monitoring, facial recognition, data integration across contexts, and the seamlessness of smart experiences and interactions, facilitated by MagicBands. We employ Disney as an analytical model for potential challenges and governance strategies in other public applications alongside a number of privacy challenges.

We examine Disney’s complex balance between adhering to social privacy and security norms and their various, covert and explicit, violations of privacy and security expectations. For example, Disney’s prioritization of security puts many parents and consumers at ease.Footnote ¹ Yet Disney has long identified a false trade-off between privacy and security, making extreme “invasions of privacy” in pursuit of “absolute security” (Smoodin 1994). Disney World, as an immersive and contained environment, holds more surveillance per square inch than the average American prison and is somewhat singular in that the surveillance is designed to promote consumption and not necessarily to protect visitors or the public (Project on Disney 1995). This is analogous to the relevant conflicts of interest associated with privacy in governing smart cities and public surveillance in other contexts.

We use the contextual integrity (CI) framework to analyze privacy implications and harms (Solove Reference Solove2005) of information aggregation. CI defines privacy as appropriate information flows in a given context (Nissenbaum Reference Nissenbaum2009). We explore normative violations around seamless integration of information flows in public spaces and extending to other Disney media. We also explore how this seamlessness is facilitated over time through processes of techno-social engineering creep (Frischmann and Selinger Reference Disney2018), with the MagicBand – designed for use as a ticket and pass to reserved attractions or experiences and extended as a room key, method of payment, and means of location-tracking – at the center of this process. Beyond studying normative agreement and disagreement, through the language used to frame perceptions and discussions of specific systems and technological innovation objectives, we investigate the perceived differences between the space of Walt Disney World (WDW) and other contexts, so as to understand the governance implications for parallel adoptions of technology.

Methodology

In this empirical case, we combine GKC and CI frameworks to explore institutions and institutionalization around data practices and information flows (Sanfilippo, Frischmann, and Strandburg Reference Sanfilippo, Frischmann and Standburg2018) in the reality of cross-context data integration in practice at Disney world. We examine how data collection and processing are changing, the social perceptions of those practices, and what smart cities can learn from Disney, relative either to practice or governance. We also sought to understand the underlying norms, values, and objectives associated with different stakeholder groups, technologies, and outcomes.

We structured our analysis of the formation of these norms, as well as governance in effect through the Governing Knowledge Commons (GKC) framework (Frischmann, Madison, and Strandburg, Reference Frischmann, Madison and Strandburg2014). We frame our privacy analysis in terms of contextual integrity (CI) to compare information flows within contexts, based on characterization in terms of five attributes: (1) information senders, (2) information subjects, (3) information types, and (4) information recipients, as well as (5) transmission principles, which reflect contextual norms of appropriateness (Nissenbaum Reference Nissenbaum2009). We then empirically documented the prevalence and visibility of data collection within Disney Parks, various identifiable categories of sensors that interact with apps and with MagicBands. Following the Shvartzshnaider et al. (2019) methodology, we annotated statements that describe information-handling practices in terms of relevant CI parameters in prescribed flows analysis of the Walt Disney Company privacy policy and My Disney Experience – Frequently Asked Questions (FAQs) page.

Furthermore, we evaluated stakeholder groups’ perceptions within privacy and surveillance action arenas, at Disney World, via sentiment analysis of text discussing each of these issues from public blog posts. We differentiated between official Disney perspectives, endorsed travel blogs, and perspectives of Disney consumers; note that Disney consumers are a distinct, nonrepresentative subset of the general public. We also analyzed news articles and Disney documentation for additional perspective and context. A total of 12,506 posts, from 112 blogs were considered in total. More details on the methodological approach are published by Sanfilippo and Shvarzshnaider (2021).

Background

Walt Disney World has adopted many technologies and integrated smart systems in a quasi-public space, prior to other applications in public. Before diving into the case study, we articulate the ways in which Disney World is a smart city and the ways in which it compares to other smart cities. Understanding both the conceptualization and the limits of the analogy supports appropriate conclusions and implications from this study.

First, Disney is a quasi-public place, in which a private actor controls a large space open to consumers from the general public. Second, Disney employs numerous digital technologies and multiple networks of sensors to enhance services and experiences, as well as to provide feedback. While nonconventional, the relationships between people, technology, and institutions within Disney spaces constitute a specific type of smart city. Still, there are many contextual differences. In comparison to public spaces and the public–private partnerships that often guide other smart cities, Disney is distinct not only in its extensive private control and decision-making, but also due to normative distinctions, differences in objectives, and the unique history of Disney as a planned space.

Normative differences are rooted in context: Disney exists primarily to provide entertainment, while cities must address social needs of local populations. Further, objectives are distinct between actors pursuing commercial interests in comparison to public safety or services. Intentional and planned spaces are also distinctly different from other public and urban spaces. Though Disney does have numerous parallels to other quasi-public spaces and actual intentional communities, such as Irvine, CA, which was thoroughly planned and engineered in pursuit of normative values in ways that have shaped development over time and human interaction with place (e.g. Kling and Lamb Reference Kling, Lamb and Eveno1997), much as at Disney.

Disney is also distinct in serving as a lab for technologies in public places (Martin Reference Martin2019; Walt Disney 1966). Many key smart city technologies were employed in Disney spaces earlier than in other contexts, yet with many distinct uses and applications. This practice raises caveats to how lessons learned might apply elsewhere.

Results

Goals and Objectives

In order to understand the current state of governance around surveillance and personal data at Disney, it is important to have a sense of how goals and objectives diverge among stakeholders. We analyzed the perceptions of (a) visitors and Disney enthusiasts, (b) bloggers endorsed by Disney, and (c) the Disney organization on key governance action arenas around privacy and surveillance. Figure 7.1 specifically depicts how positively or negatively (as measured through sentiment polarity) each of these groups viewed each action arena.

Figure 7.1. Categorical perceptions of action arenas

While there is divergence among these groups on all action arenas, those individuals whose blogs are endorsed by Disney, not surprisingly, generally represent their views as more similar to the Disney organizational perspective on these issues than to that of the general public. We noted that the greatest consensus among all three groups in their perceptions of personalization in Disney experiences and planning; specifically, all three groups frame personalization through language that is generally and similarly favorable. The greatest divergence in opinions is evident in discussions of tracking, wherein users and visitors view tracking practices as generally negative, and specifically excessive and non-transparent, while Disney represents tracking in a slightly positive way. Discussions of safety provide the second most significant gap, though in that arena the public views safety technologies and information flows as slightly positive – emphasizing outcomes and intent, rather than means – while Disney represents safety technologies and information flows in ways more positive than any other action arenas analyzed. More in-depth discussion of each arena is provided in the next section.

Patterns and Outcomes

There are obvious lessons to be learned by smart cities from the case of privacy and surveillance at Walt Disney World. For example, social perceptions of appropriateness around wearable devices – people don’t like to be tracked outside the purpose or boundaries of the device, for example – and around children’s interactions with voice recognition and smart systems – interactive character features, which respond to children, have many parallels to step-tracking, triangulation between consumer and public surveillance, and to personal assistants like Alexa and Siri.

The majority of this discussion section focuses, however, on practical implications for smart cities and conceptual implications regarding cross-context data integration and aggregation. WDW is an interesting case in which to examine contextual integrity and the formation and change of norms over time because what is deemed to be appropriate is heavily shaped by the company. While it responds to norms and expectations of its customers, there are also spillover effects beyond the domain of Disney as the company’s practices serve as “industry-leading” and model information flows and governance for other public and quasi-public spaces. Much of this discussion will focus on the significant limitations around implications for smart cities, given the contextual differences between Disney World and smart cities, as associated with distinctions: in motivation and values, between consumers versus citizens as stakeholders, and in weight of consequences.

Disney World is carefully orchestrated to convey a sense of magic: a special place, where reality may be deluded. World Disney is a real-world, though privately owned, smart city, in which those who choose to be patrons, rather than a heterogenous public, are relevant community members and information subjects. As guests in Disney spaces, we leave our norms about the public sphere at the gate. This case, and previous research on Disney, documents the distinctions between norms at WDW and norms in other contexts. From the moment we scan our fingerprints on the Ticket Tag, we agree to be tracked, monitored and analyzed at every step we make, through apps, biometrics, facial recognition, MagicBands (as wearable devices), recommendation systems, smart assistants for planning, smart locks, transportation, and voice recognition. All to fulfill the illusion of magic. As our analysis shows, with use of clever fusion of fantasy and false trade-offs, along with misleading dichotomies, Disney has avoided broad scrutiny over many of its practices, yet has worked to coordinate governance of some information flows with the social expectations of their visitors. The use of smart locks, intelligent transportation, and biometric tracking are relevant examples.

Smart locks provide one example from which other contexts may learn from Disney’s early adoption. While Disney hotels are not unique in using a variety of technologies to unlock hotel doors, including both RFID and app-based entry, more hotels use magnetic cards to open doors.Footnote ¹⁵ However, increasingly apartment building are moving to smart locks, which concerns many residents about both privacy and questions of inequality,Footnote ¹⁶ given lower smart phone adoption rates among elderly and low-income populations. Interestingly, the reservations and criticisms that most Disney visitors express pertain to frustrations when their MagicBands or apps won’t work, which do align with some news articles that discuss challenges associated with deploying the technology before it is perfected. Yet the lack of discussion of privacy around this system may illustrate that Disney is more appropriately a model for other hotels, not permanent housing.

Tracking visitors in Disney Parks also has many parallels to tracking of consumers, either in automated storesFootnote ¹⁷ or busy retail spaces, and pedestrians, as with smart sidewalk projects, including the recently abandoned Sidewalk Labs project in Toronto.Footnote ¹⁸ While the specific systems may not translate well, the opportunities for users to provide feedback and actually have a response is a valuable model for cities to consider. The pairing of the Shop Disney Parks app with location tracking was considered by many visitors to be creepy, and Disney acknowledged that obvious normative gap by pulling that app from the market. Responsiveness to the public is important, which is why visitors’ relative comfort with MagicBand tracking, due the convenience and safety, as well as their “trust” in Disney, is unlikely to correspond with expectations and preferences in cities.

A major distinction between Disney and smart cities contexts, with respect to how these systems function and are perceived, relates to perceptions of and trust in decision-makers by other stakeholders. Many people trust Disney, implicitly, yet Disney often takes advantage of our confirmation bias. It promotes itself as a place of trust, kindness, and comfort, away from the reality. When people come to Disney World they see things differently, without fear or (too many) critical questions. Facial recognition keeps your children safe. Voice recognition enables “remarkable” interactions between visitors and their favorite animated characters. Location tracking makes sure we don’t stand in line. Yet some visitors do oppose particular systems or changes; Disney tries to be responsive, though it is important to note that visitors may not be sufficiently aware of how the technologies work to actually question everything they might normatively oppose, particularly in other contexts, namely those outside the border of Disney’s empire.

Seamlessness in design dissipates for renegades. You can refuse to provide fingerprints, in exchange for providing other proof of identity, or use a card for a ticket, rather than a MagicBand. These alternatives, however, diminish the overall experience; as so often happens in techno-socially designed systems, analog alternatives are presented as a less attractive option. For example, many employees are unaware of opt-out procedures and many services are made unavailable to those few who do opt out.

In this sense, Disney follows the worrisome trend in presenting false tradeoffs between information collection and quality of service. Given the relationship Disney maintains with its guests, opt-in would also likely work as well. This should serve as a warning to smart city advocates, who face a much more challenging task relative to “opt-in” options. Further, nudges to encourage opting in, when made by cheerful Disney characters, are likely to be perceived as much less sinister than those from police officers. Based on our analysis of blog posts, people seem to be more comfortable with nudges from Disney than with other commercial nudges. In addition, the information flows to Disney and to law enforcement within smart cities are more similar in effect than individuals realize, given the relationships between law enforcement and Disney. The implications of these information flows are thus similarly problematic, particularly in an age where mistrust of law enforcement is increasingly pervasive.

While Disney’s information flows, overall, often align with consumer expectations – whether organically or due to extensive marketing – many of their practices would not be appropriate for smart cities. The differences noted in social perceptions and acceptance reflect the fact that while Disney functions as a smart city, it is a distinct and private context, in contrast with public sector and public sphere contexts, reflecting very distinct norms. Even as cities partner with private sector firms, they should not assume this makes them more similar to Disney. Instead, they should question if those partnerships are appropriate and consider what types of governance are necessary to engender trust in decision-makers, other actors with access to data, and practices. A set of key overriding differences between these contexts is in the set of values being optimized, how they are selected, and who must accept them. Cities are not being optimized for profit, convenience, or a sense of wonder, while Disney is an escape. Cities must resist the temptation to buy vendors’ hype that it is possible or desirable to engineer the level of convenience or happiness present at WDW. To pursue this agenda would mean significant harms to the public with respect to privacy, transparency, fairness, and inclusion. Disney only works because it is an exception and bounded in time and space for its visitors.

However, a significant lesson to learn from this case, for smart cities and other public contexts, is the need to have a dialogue between the stakeholders even if they’re not all involved in decision-making. There are real similarities between Disney and its customers negotiating information flows, or other action arenas, and examples of privacy localism, just as there are parallels between Disney-specific norms and urban privacy norms. Privacy and surveillance practices and outcomes within Disney might not be normatively good from everyone’s perspective, just as local privacy governance in Seattle and Oakland differ from surveillance efforts in Atlanta and New Orleans, which are perceived to positively promote safety. In this sense, while many cities understand how contextual privacy is, smart cities can learn from this case procedurally. Two keys to Disney’s approach to information governance are the use of detailed social surveys and follow-up protocols with their guests to understand what expectations are not being met, and a commitment to iterative reevaluation.

Conclusions

Significant datasets collected by these, and other, systems feed Disney, as they construct a demi-reality. Walt Disney World provides an immersive environment for parents and children to experience the magical world of animation and imagination. There is no mistake in the name, it is indeed a “world” where our beloved characters come to life. To facilitate this real-life illusion, Disney needs and always has been in step with technological advances. Overall, Disney World attempts to make all visitors feel special and experience “magic.” Disney wants to protect us. Entertain us. Show us a good time. Visitors briefly relinquish the normative expectations of privacy that they have at home and in their cities. What may seem like an infringement of privacy in the middle of a busy public street, as a camera captures everyone and each move they make, may seem necessary or even desirable to guests at Disney World, in order to evoke an idyll and enable an absolute sense of safety. Disney World provides a great illustration of how context matters, but it also can be misleading to transfer the same norms to a real-life situation. When we step into this constructed world, we forget reality, but our concerns remain. Disney has to deal with the same concerns and tradeoffs as the real world. However, it often constructs a new normative reality that we would usually reject but, in case of Disney, accept as a necessary trade-off.

Behind the veil of false trade-offs, marketing slogans, and grand promises of a better world, there is an industry that is being built on aggregating our information. In the case of Disney, and Disney resorts in particular, tourists and consumers are the products, we supply Disney with our viewing habits (through Disney+), our favorite characters (through purchases in Disney stores), our preferred rides, and our daily routines when wearing MagicBands. All of this information is shared under pretenses associated with personalization, safety, immersiveness, and “magic.”

In making conclusions from this study, it is fair to criticize Disney’s lack of transparency and false trade-offs (e.g., Bowers Reference Bowers2019; Mosco Reference Mosco2019), but should acknowledge that they actively work to meet expectations in some action arenas. Where Disney and its customers are not diametrically opposed, they often meet in the middle or constantly revise to reach a mutually satisfactory outcome. Disney wants to keep its customers, who may not reflect the wider population. There are, however, significant tensions between these processes and actual outcomes. Despite the company’s status as an early adopter, it is difficult to use Disney as a model for smart cities, given the contextually specific preferences of visitors, in comparison to the general public, beyond replicating responsiveness.

In our day-to-day reality we now see a rapid adoption of technologies similar to those used by Disney, such as smart locks in apartments controlled by landlords, datafication of transportation systems,Footnote ¹⁹ and biometric authorization.Footnote ²⁰ The public–private partnerships behind these efforts are often explicitly inspired by Disney (e.g., Mosco Reference Mosco2019; Souther Reference Souther2007). In a now familiar sleight of hand, they promote seamless, frictionless interactions, tailored service, and efficiency in their products, bringing the “magic” of Disney to our day-to-day lives – creating a smarter city. This is not always bad; technological progress is part of life. However, we argue that while some of these technologies can be beneficial, we shouldn’t manipulate the consumer, a Disney resort visitor, or a resident of a “smart” city to abandon their values, norms, and expectations when they immerse themselves in the new world. On the contrary, the new technologies should feed off users’ expectations to provide a safe and trustworthy environment that will nourish the creation of healthy sociotechnical systems that respect societal values and governing information norms.

Introduction

In October 2017, Alphabet and the Government of Canada announced a joint effort: the first smart city powered by Alphabet’s technology. The smart city was proposed to be built in Toronto, Canada, where Alphabet’s subsidiary Sidewalk Labs had partnered with public corporation Waterfront Toronto. The press release envisioned Sidewalk Toronto/QuaysideFootnote ¹ as an exemplary community employing digital technology to tackle the issues of urban growth:

In May 2020, Sidewalk Labs withdrew from the deal, citing financial uncertainty brought on by the Covid-19 pandemic. The project was canceled after the two and a half years of heated public controversy over the company’s plans for data collected in the project and the secret financial commitments of the parties (Goodman and Powles Reference Goodman and Powles2019; Artyushina Reference Artyushina2020a; Valverde and Flynn Reference Valverde and Flynn2020).

In Canada, the failure of the ambitious public–private partnership prompted a series of legal and administrative reforms. Major amendments to Canada’s data protection legislation have been suggested, to account for the privacy challenges associated with the use of personal data in data analytics, and the data collection in public and semi-private spaces (Government of Canada 2020). In July 2020, the Government of Ontario launched its first data trust that provided researchers with access to the medical data related to Covid-19.Footnote ² Unlike the data trusts proposed by Sidewalk Labs that would make possible commercial reuse of personal data (Artyushina 2020b; Scassa 2020), the Ontario Health Data Platform (OHDP) secured the rights of the provincial government to digital information and intellectual property developed in the project; the trust only granted access to the data for research purposes. After a series of public consultations on the procurement of smart cities, Toronto launched the Digital Infrastructure Plan (City of Toronto Reference Cardullo, Di Feliciantonio and Kitchin2021). The DIP requires all city departments commissioning products from smart city vendors to prioritize open-source products and technologies that can be maintained by the city staff.

While Sidewalk Toronto never became an exemplary smart city, its global political relevance is undeniable: some European municipalities consider it a cautionary tale, while others seek to implement the partnership’s innovations: data trusts and automated planning (Artyushina Reference Artyshina2020b; Wolpow 2021; AI4Cities 2021).

It is useful to consider the smart city proposal an innovation testbed in the areas of urban technology and administration. The sole sourcing developer of Sidewalk Toronto had envisioned the automation of many city services and the governance of smart infrastructure as commons where city assets are run collectively though several trusts. While the proposal didn’t provide detailed layouts for the organization and representation mechanisms in these trusts, Sidewalk Labs had identified some possible models of collective action in smart cities.

An emerging city resource, smart infrastructure constitutes a serious governance challenge to policymakers and private vendors (Alizadeh, Helderop, and Grubesic Reference Alizadeh, Helderop, Grubesic, Graham, Kitchin, Mattern and Shaw2020; Barns et al. 2017). Data is a nonrivalrous resource, but smart systems also require algorithms, pipes, and cables, as well as access to public spaces and facilities. Contrary to the popular economic argument that private governance is the most efficient way to run city infrastructure, Brett Frischmann (Reference Frischmann2012) makes the case for the governance of infrastructure as commons. When public or private systems are employed by multiple communities, they produce massive social outcomes. The Internet and telecommunications are the perfect examples.

In this chapter, I draw on the Governing Knowledge Commons (GKC) framework to examine the partnership’s vision for the automatedFootnote ³ and commons governance in the smart city. Balancing public, private, and collective interests in smart cities is a challenging task, which is why Sidewalk Toronto proposed some innovative instruments of governance and management in its city infrastructure. However, as I show in this chapter, failure of the partnership was inevitable as the leaders of the project prioritized maximizing Alphabet/Sidewalk Labs’ profits over other objectives. Moreover, I argue, data-driven planning would likely stifle every possibility of collective action, set to eliminate both the public space and the public in the smart city.

Methodology

This chapter derives from my ongoing dissertation research, which began in 2017 when the partnership between Waterfront Toronto and Sidewalk Labs was announced. Many recent studies point to the post-political nature of the smart city (Gabrys 2014; Cardullo and Kitchin 2019; Carr and Hesse 2020), and some scholars (Kitchin 2021; Cardullo, Di Feliciantonio, and Kitchin 2021) urge an opening up of the decision-making in and around smart cities to democratic deliberations. Yet it is not an easy task to “politicize” smart cities. Complex technological systems, their data streams, controls, and beneficiaries, are often hidden from view and protected from any intervention. This is where the Governing Knowledge Commons framework proves to be immensely useful as it sheds light on the informal organizational and institutional aspects of the smart city governance.

The GKC framework adapts Elinor Ostrom’s Institutional Analysis and Development (IAD) framework for natural resource commons (Ostrom 1990) to study the commons-based knowledge production (Frischmann, Madison, and Strandburg 2014), biomedical research (Strandburg, Frischmann, and Madison 2017), data governance (Madison 2020), privacy (Sanfilippo, Frischmann, and Strandburg 2021), misinformation (Chapter 1 in this volume), and now smart cities. The attributes of shared resources, governance strategies, values of the actors and communities, action arenas, rules-in-use, and legal institutions that affect or uphold the commons – these are the key considerations of the GKC framework. It is the new forms of governance in the smart city that I am exploring in this chapter.

Information about the data collection:

• In March–November 2019, the partnership conducted a series of public engagement events, where different iterations of the proposal were discussed. I conducted participant observation at four events. The notes taken at the meetings have been manually encoded using the methodology of inductive coding (Saldana 2015). The recordings of the meetings released by the partnership are available on YouTube under the titles “Sidewalk Toronto: First Public Roundtable,” “Second Public Roundtable,” “Third Roundtable,” and “Quayside Public Consultation.”

• The second set of participant observation data comes from the meetings of an advisory panel appointed by Waterfront Toronto to help evaluate the project, the Digital Strategy Advisory Panel (DSAP). I attended three meetings that took place during 2019 and were open to the public. Similarly, the notes taken at the meetings were manually encoded. I was also provided access to the draft and public reports of the committee.

• Beginning November 2017, I conducted qualitative analysis of the documentation released by Sidewalk Labs, Waterfront Toronto, Government of Ontario, City of Toronto, as well as the media coverage of the project in and outside of Canada. Specifically, the analysis covers such items as the “Project Vision,” “Master Innovation and Development Plan” Vols. 2, 3, 5, “Plan Development Agreement,” “Framework Agreement,” the “Ontario Auditor General Report,” investigations published by The Globe and Mail, Toronto Star, The New York Times, etc.

• Between January 2021 and July 2021, I conducted seventeen interviews with the employees of Sidewalk Labs, government officials who were appointed to evaluate the project, privacy lawyers, and the citizens who had organized against the smart city. The interviews have been transcribed and encoded, using computational linguistic software, Descript and NVivo.

The Background

In the Sidewalk Toronto partnership, Waterfront Toronto outsourced many functions to Sidewalk Labs (e.g., public engagement, drafting of the smart city and data governance policies for the project, communication with the provincial and city governance, etc.). Therefore, it is not always possible to separate the two parties in this project. Over the project’s short life span, Waterfront Toronto changed its attitude toward Sidewalk Toronto from widely publicized support to conditional approval, and then to public criticism of the company’s attempts to monopolize governance in the project. In this section, I briefly tell the story of the smart city project and address the factors that ultimately led to its collapse.

Waterfront Toronto is a nonprofit corporation established in 2001 by the municipal, provincial, and federal government to oversee the development of Toronto’s waterfront. Waterfront Toronto has an unusual legal structure. Despite being a corporation, it has no shareholders; decisions are made by the board of directors. According to some of the corporation’s employees, this might have led to Sidewalk Labs effectively dominating the partnership:

In 2024, Waterfront Toronto reaches the end of its funding cycle, and it has been actively looking for a private funding partner. Several of my respondents noted that Waterfront Toronto was deeply committed to the partnership with Alphabet/Sidewalk Labs:

The negotiations over the plot of land along Toronto’s eastern waterfront unofficially began in 2016, when an employee of Waterfront Toronto had reached out to Sidewalk Labs. A year later, Waterfront Toronto released the request for proposals to develop a smart city on the twelve-acre site along Lake Ontario. To make sure that Sidewalk Labs would be awarded the project, several employees of Waterfront Toronto aided Sidewalk Labs in the preparation of its proposal (Government of Ontario Reference Birch and Muniesa2018).

Sidewalk Toronto received backing on the federal level. Prime Minister of Canada Justin Trudeau publicly endorsed Sidewalk Toronto and mentioned that he and Eric Schmidt, then CEO of Alphabet, had been discussing this project for several years (Hook Reference Hook2017). The support of the federal government was instrumental in the way Sidewalk Labs has been positioned in the project. In October 2017, the board of directors of Waterfront Toronto had planned to vote on the proposal. At the request from the Office of the Prime Minister Justin Trudeau, the trustees were given only three days to review and accept the proposal. The board members who voiced their concerns over the lack of the due diligence were asked to resign from their positions (O’Kane Reference O’Kane2018).

Backed by the highest office in the country, the Sidewalk Toronto partnership showed surprising disregard for the local government (Valverde and Flynn Reference Valverde and Flynn2020). For the first eight months of the project, Sidewalk Toronto did not share any project documentation with the Government of Ontario, nor with the City of Toronto (Goodman and Powles Reference Goodman and Powles2019). Investigation conducted by the General Auditor of Ontario, Bonny Lysyk (2018), revealed that Sidewalk Labs’ parent company “has purportedly told other candidate communities that they want to control all data in this demonstration project area”; her investigation also revealed that employees of Waterfront Toronto who had assisted in the preparation of Sidewalk Labs’ proposal acted in direct violation of the rules of open competition for the public assets. Once the investigation was released, Premier of Ontario Doug Ford fired the CEO and Chair of Waterfront Toronto over the deal with Alphabet/Sidewalk Labs.

Members of City Council Joe Cressy and Paula Fletcher repeatedly raised issues regarding the lack of transparency in the procurement of the project and the use of surveillance technologies in the proposed smart city. The conflict between the partnership and the local officials reached its peak in 2020, when the City of Toronto began looking for a legal loophole to shut down Sidewalk Toronto.

Over the two and a half years of the project’s existence, the partnership had produced several hundred lengthy documents discussing its vision of urban planning, such as affordable housing, the commons governance of smart infrastructure, and timber-wood buildings. However, these documents rarely mentioned any specific technologies the partnership had planned to implement, data governance strategies, or the financial aspects of the deal.

The secrecy around the project had prompted a heated public controversy in Canada, where activists, journalists, and academics would piece together available information about the proposed technologies and resources at stake. Canadian open government advocate and activist Bianca Wylie was the leader of the pan-Canadian anti-Sidewalk Labs movement called #BlockSidewalk (Zarum 2019). Critics of the project expressed concern about the privatization of public spaces and services, as well as ubiquitous digital surveillance in the proposed smart city (Wylie Reference Wylie2017, Reference Wylie2018, Reference Wylie2020; Balsillie Reference Balsillie2018; O’Kane Reference O’Kane2018).

It was not easy, however, to publicly oppose the project. The company heavily invested in the positive media coverage and hired several internationally renowned academics as paid consultants. Several local experts were promised research funding and lucrative positions once the smart city had been developed. As one of my respondents remembered, when the Canadian Civil Liberties Association (CCLA) sued the three levels of government over the deal with Alphabet/Sidewalk Labs, they had to engage several international experts as witnesses. All but one of the Canadian experts they contacted refused to testify against the partnership.

Reportedly, Sidewalk Labs committed US$50 million for preparation of the proposal and the citizen engagement campaign (Bozikovic Reference Bozikovic2017). As a funding partner in the future smart city, the company planned to attract $3.9 billion in financing and a line of credit, including $900 million required to build the proposed real estate and smart infrastructure, and an additional $400 million to expand the subway to the eastern waterfront (Sidewalk Toronto 2019, Vol. 3, 31). In exchange, Sidewalk Labs requested the intellectual property and licensing rights in the data collected in the smart city, the 190-acre plot of land to extend the smart city into the Port Lands (with the land being sold at a discounted price), performance payments for advisory and engineering services, and the compensation for infrastructure at a market price (Muzaffar Reference Muzaffar2018; Sidewalk Labs 2018; Vincent 2019). Additionally, the contracts between Sidewalk Labs and Waterfront Toronto precluded Waterfront Toronto from considering other partners for the project before the Master Development Innovation Plan was submitted.

In October 2019, the board of directors of Waterfront Toronto moved to accept the deal with Sidewalk Labs, although with major cuts (O’Kane Reference O’Kane2019). Specifically, the newly appointed leadership of Waterfront Toronto rejected the company’s proposal for the new governing entities in the project and requested that all data collected in the smart city be subject to Canada’s privacy and data protection legislation. In May 2020, Sidewalk Labs withdrew from the deal.

The Outcome-Based Planning

The data-driven planning tool that would allow the developers to remake the smart city on the go was called the “outcome-based code.”Footnote ⁴ The software was expected to replace within the confines of the smart city “outdated” zoning and building codes of Ontario (Bowden Reference Bowden2018; Sidewalk Labs Reference Kitchin2017; Sidewalk Toronto 2019, Vol. 2, 21). In a city planned by data, both the city infrastructure and the community should be versatile by design and receptive to the market signals. The developer should be able to swiftly repurpose the lands, city spaces, and buildings to maximize the profits. For instance, a park may be redeveloped into a mall or a parking lot if data suggests the land will soon see an increase in value. The new simplified building codes would blur the line between the residential and nonresidential spaces, so that any building could be put to different uses.

The first mention of the outcome-based code can be found Sidewalk Labs’ winning bid, the Project Vision (Sidewalk Labs Reference Kitchin2017). In the 200-page document, Sidewalk Labs correctly identified the high cost of living in the city and traffic management as Toronto’s key problems. To address these issues, the company’s software would replace traditional zoning and building requirements and provide Sidewalk Toronto with some flexibility to achieve the market value of property and land in the city:

In the Province of Ontario, cities are divided into single-use zones to avoid negative externalities associated with the mixed use of space. For instance, it is illegal in Ontario to build a chemical plant in a residential neighborhood, or a safe-injection clinic in the vicinity of a public school. Ontario’s building code is a piece of legislation that governs the construction, renovation, and change-of-use of a building in the province (Government of Ontario 2019). The code stipulates specific safety and convenience requirements deemed necessary for the residential buildings. For example, developers must protect residents’ rights to daylight, privacy, security, and silence. Since the 1990s, the walls and ceilings of the residential buildings cannot contain the toxic material asbestos.

In the Vision, Sidewalk Labs (Reference Kitchin2017) offered to replace the “restrictive” state regulation with data-driven planning. Rather than limiting multi-use spaces, the company offered to set minimum standards for comfort and environmental harms. In Sidewalk Toronto, industrial uses could be placed in residential areas but would be fined if the data showed lack of compliance on the part of the developer or business owner. The sensors embedded in the fabric of the city would monitor energy use, light conditions, and pollution, as well as collect real-time information about the users of city spaces. To take an example provided by the company, instead of respecting the residents’ rights to light, developers would be allowed to come up with “creative solutions” such as automated canopies. Sidewalk Labs promised that the buildings in the smart city would be monitored throughout their lifecycle, and the use of certain solutions could be restricted based on the user reports and algorithmic assessments.

In his damning critique of the outcome-based code, digital media theorist Evgeniy Morozov argues that the long-term goal of Sidewalk Labs was to extinguish any forms of social organization in the city:

As a form of governance, commons can operate in the commercialized, private and semi-private environments (Frischmann Reference Frischmann2012, 67). In Sidewalk Toronto’s Master Innovation and Development Plan (MIDP) (Sidewalk Toronto 2019, Vol. 3), the private, automated city governance and the commons are not mutually exclusive. Communities are encouraged to provide inputs for the outcome-based code and take advantage of the data analytics, to generate monetary and nonmonetary value from the city spaces. Many use cases in the MIDP describe an array of business opportunities for the residents – as a form of community-building in the smart city (Sidewalk Toronto 2019, Vol. 2). Through the new governance entity, called the Open Spaces Alliance (OSA), citizens would offer their own visions for the common areas, and gauge their business potential. As a new governing agency, the OSA was expected to have an operating budget to procure the necessary services from Sidewalk Labs (Sidewalk Toronto 2019, Vol. 2, 179). Stoa, another planning innovation by Sidewalk Labs, was an open-concept market that encouraged community engagement around local businesses (Sidewalk Toronto 2019, Vol. 2, 155). Marketed by Sidewalk Labs as a commons, Stoa promised to reinvent the ground floors of the buildings to become business opportunities and recreation spaces for the residents.

Sidewalk Labs envisioned the data-driven planning would require “four strategies for meaningful reform” (Sidewalk Labs Reference Kitchin2017, 121): simplification (residential and nonresidential buildings are subject to the same building requirements); flexibility (municipal codes will be updated based on market performance); interoperability (data-driven rules apply to both public and private spaces); and automated permitting review.

Yet the data-driven planning does something more than simply clear the planning process of the state bureaucracy; its true objective is to put the data controller in the position of a regulator. In a community planned and run by data, the outcome-based code becomes a form of social ordering (Katzenbach and Ulbricht Reference Katzenbach and Ulbricht2019).Footnote ⁵ In Sidewalk Toronto, the algorithms would be sensitive to misbehavior and noncompliance. Throughout the project’s voluminous documentation, the partnership suggests multiple ways the software would reward compliant users and punish misbehavior:

Sidewalk Labs envisioned technology companies partnering with behavioral scientists to create a “feedback loop,” where human behavior is understood, predicted, and proactively shaped by the data controller, (Sidewalk Labs Reference Kitchin2017, 31). In the MIDP (Sidewalk Toronto 2019, Vol. 2, 351), Sidewalk Labs introduced a use case: the “Pay-as-you-throw” smart disposal systems, where the data about a household is used to set differential pricing.

It is important to remember that Sidewalk Labs entertained the idea of a social credit system in the smart city. The leaked internal document, Yellow Book, was prepared by Sidewalk Labs for Alphabet to probe the ways to commercialize Sidewalk Toronto. Published by the Globe and Mail (Cardoso and O’Kane Reference Cardoso and O’Kane2019), the Yellow Book details that the ubiquitous sensors embedded into the fabric of the city would collect both real-time and historical data about the residents. Residents would be rewarded for voluntarily sharing data with the company, where one’s digital reputation would be “new currency for community co-operation.” Residents who chose to opt out of data collection would be cut off from certain services. Moreover, Sidewalk Toronto wanted to have private police forces, and to use data to prevent crimes and misdemeanors. In general, the document suggests that Sidewalk Labs saw private control of city infrastructure as having “enormous potential for value generation in multiple ways” (Cardoso and O’Kane Reference Cardoso and O’Kane2019).

The smart city technologies show enormous potential in shaping and molding human behavior (Vanolo Reference Vanolo2014; Hollands Reference Hollands2015; Sanfilippo and Shvartzshnaider Reference Sanfilippo and Shvartzshnaider2021). Reflecting the concept of techno-social engineering (Frischmann and Selinger Reference Gabrys2018), automated governance seeks to create a compliant, easily controlled subject. It is safe to assume that, in a few years, Sidewalk Toronto residents would be comfortable sharing their banking information with the company in exchange for a reduced electricity bill. Even if a person decided to stand up against the data-driven decisions, in a city that is constantly reshuffled by algorithms there may not be a community to act with. Moreover, in a closely monitored physical environment where a resident’s credit score is their currency, any collective activity will likely be stifled.

A Commons Approach to the Smart City

In this section, I analyze the partnership’s proposal for the new governance bodies in the smart city. The smart city as digital commons can certainly exist and, when designed properly, the instruments of collective governance may help balance the interests of citizens, government, and businesses. Yet the instruments of collective governance offered by Sidewalk Toronto effectively disenfranchised the public from any rights to the smart city.

Sidewalk Labs CEO Dan Doctoroff’s testimony before the Ethics Commission of the House of Commons of Canada discussed at length the issue with Canada’s data protection legislation being inadequate in meeting the challenges brought on by the smart city partnership (House of Commons of Canada 2019). In this meeting, Mr. Doctoroff called for some new legal instruments that “would not stifle innovation.” In the MIDP, the partnership suggested establishing new governance entities that would mediate between the technology vendor and Canadian authorities and help members of the community collectively govern and manage the smart city infrastructure. These five new bodies of collective governance were the Urban Data Trust, the Waterfront Housing Trust (WHT), the Open Space Alliance (OSA), the Waterfront Transportation Management Association (WTMA), and the Public Administrator (PA).

Although the Sidewalk Toronto partnership never specified the ways residents could get representation through the trusts, the company did set out the goals of the proposed entities. My analysis shows that the trusts benefitted some members of the community more than others. Specifically, Sidewalk Labs openly declared its goal to support developers in the project, as well as the businesses coming to operate in the smart city.

My previous research on the Urban Data Trust (Artyushina Reference Artyushina2020a) draws on the rentiership theory (Birch and Muniesa 2020; Birch et al. 2020) to explore the data governance policies in Sidewalk Toronto. My analysis demonstrates that, as an instrument of collective governance, the Urban Data Trust was imbued with conflicting goals of making profit from data collected in the smart city and protecting citizens’ privacy. As part of its proposed digital innovation plan, Sidewalk Labs was seeking ways to reconceptualize personal data collected in the smart city as a private asset. Canadian privacy lawyer Teresa Scassa (Reference Scassa2020) raised an issue with the concept of “urban data” as devised by the partnership. By introducing new, quasilegal concepts, the proposal would make the data collected in the smart city exempt from Canada’s privacy legislation. Neither Sidewalk Labs nor Waterfront Toronto specified the legal framework for the trust. Earlier versions of the proposal (Waterfront Toronto Reference Carr and Hesse2018) mentioned that the trust would have fiduciary obligations toward the residents; however, subsequent documentation had clarified that the Urban Data Trust was never meant to be a trust “in a legal sense” (Sidewalk Toronto 2019, Vol. 2, Ch. 5, 423).

The real estate in Sidewalk Toronto would be governed by the Waterfront Housing Trust (Sidewalk Toronto 2019, Vol. 2, 284). Sidewalk Labs released an ambitious affordable housing plan in which 40 percentFootnote ⁶ of the residential units in the smart city would be sold or rented below market price. The trust would assemble funding from a variety of private and public sources and direct this funding toward the below-market housing in Sidewalk Toronto. According to the partnership, this would increase the returns and predictability for developers.

The proposed affordability plan received mixed reactions. Toronto Mayor John Tory called the company’s affordability plan “encouraging,” stating: “I am determined to build more housing in Toronto to help address affordability issues” (Vincent Reference Coulter2018). Local developers and urban planners were less optimistic. Toronto developer Julie Di Lorenzo, who resigned from the board of directors of Waterfront Toronto over the deal with Sidewalk Labs, said in an interview with the Toronto Star that the proposal was not in the interest of the citizens: “How will that be subsidized? Are there subsidies by our government, or are they using the land value of Quayside to subsidize the housing? If the land value of Quayside is being used to subsidize the land value, it is the choice and contribution of our governments – not Sidewalk” (Vincent Reference Coulter2018). Former Toronto Chief Planner Jennifer Keesmaat criticized the company for overpromising:

The Open Space Alliance was another instrument of collective governance proposed by Sidewalk Toronto (Sidewalk Toronto 2019, Vol. 2). The OSA was set to help Sidewalk Labs and the community govern and manage the streets, parks, and recreation zones. In this blueprint for a future smart city, data would help the developers identify new “open space assets” and the OSA would create opportunities for more retail and recreation (Sidewalk Toronto 2019, Vol. 2, 184). The partnership challenged the concept of public space by envisioning “flexible outdoor spaces,” which would be governed and co-financed by a range of sources through the OSA (Sidewalk Toronto 2019, Vol. 2, 123). In this model, local businesses would help maintain the outdoor spaces in Sidewalk Toronto in exchange for potential opportunities.

Redefining public spaces as “flexible outdoor spaces” would also help reduce the need for municipal services in the smart city (Sidewalk Toronto 2019, Vol. 2, 186). The OSA would oversee the gardens and maintenance in Sidewalk Toronto through an interactive digital map, algorithms, and the help of volunteers. Sidewalk Labs partnered with two Canadian nonprofit organizations to develop a prototype of the CommonSpace app, through which residents could report problems and submit maintenance requests to the company (Sidewalk Toronto 2019, Vol. 2, 184).

The partnership argued that the OSA would fix the problem of intersecting responsibilities, which results in public spaces not being properly cared for. Some municipal services, such as the parks and recreation departments, could be eliminated altogether. Data modeling and residents reporting problems through the app would help Sidewalk Labs plan for when additional help is needed and hire temporary workers. Another app would contain the information needed to tend to the trees and plants in the city’s green zones, which could be done by people without specialized knowledge:

Traffic management was another important part of the partnership’s plan to modernize the city (Sidewalk Toronto 2019, Vol. 2, Ch. 1, 5). As a general principle, Sidewalk Toronto aimed to limit the use of private cars in the smart city. Each residential area would offer the necessary infrastructure at a walkable distance; for all other purposes, residents would be encouraged to use self-driving shuttles set to replace public transit. Just like ride-hailing services, the shuttles would be available on demand and transport residents directly to where they need to be. The partnership envisioned the digital mobility system as a core component of the smart city, on top of which all other services and products could be developed. Additionally, the company requested $1.2 billion in public funding to build a light rail transit line in Sidewalk Toronto.

In the proposal, the City of Toronto’s approach to transportation management was called “piecemeal,” pointing to the fact that different departments oversee parking, traffic lights, and transit fees. The proposed Waterfront Transportation Management Association (WTMA) would coordinate all transportation systems in the smart city and employ data about residents’ movements to use the roads and highways more efficiently: “a new public entity tasked with coordinating the entire mobility network – can manage traffic congestion at the curb by using real-time space allocation and pricing to encourage people to choose alternative modes at busy times” (Sidewalk Toronto 2019, Vol. 2, 367).

Reacting to the idea of a new transportation authority, City Councilor Gord Perks pointed to the fact that the new governance entity would erode citizens’ rights by relieving elected officials of decisions regarding the transportation needs of the city. He stated: “Over my dead body. Accountability to the public is greatly harmed […] This would further cement that distance between people that elect governments and the decisions that they make” (Spurr 2019). The proposed governance entity faced a lukewarm reception in the local press for the lack of public oversight:

The Public Administrator (PA) was the fifth governance entity proposed by Sidewalk Toronto. The PA was expected to become key intermediary between the company and state regulators. When announcing the deal, Alphabet chairman Eric Schmidt mentioned that that a project of the scale of Sidewalk Toronto may need “substantial forbearances from existing laws and regulations” (Hook Reference Hook2017). For instance, the legislation may need to be revised to allow private companies access to the public facilities required to build the physical infrastructure of the smart city; with the outcome-based code in place, Sidewalk Labs would need to communicate regularly with Canadian environmental agencies. The PA was designed to help update Canada’s legislation in response to the demands of the project (Sidewalk Toronto 2019, Vol. 3, 70).

The PA idea was met with skepticism from local public officials. In his open letter to the trustees of Waterfront Toronto, Brian Beamish, the Information and Privacy Commissioner of Ontario, expressed concerns about the PA delivering key public services that fall within the mandate of the City of Toronto while not being subject to the same access to information and privacy legislation (Information and Privacy Commissioner of Ontario 2019).

Members of the public were highly expressive in their criticism of the Public Administrator concept. Bianca Wylie said in an interview with Toronto Star that there were no reasons to make Sidewalk Labs a broker between the citizens and elected officials: “At what cost and for what reason is a corporation becoming a broker between people and their governments in terms of designing how we live?” (Rider Reference Rider2019). Similarly, Pamela Robinson, Canadian urban planning scholar and advisor to Waterfront Toronto, argued that, in Sidewalk Toronto, more robust government oversight was needed to make sure that companies’ financial interests did not override the public interest (Robinson Reference Robinson2019).

It would be fair to say that the Sidewalk Toronto partnership failed to engage meaningfully with the citizens and local authorities in Canada. Many critics of the project pointed to the lack of clarity about the mandate of the new governing entities and argued that the company aimed to privatize the entire city governance. Several of my respondents argued that the three levels of government simply did not have in-house experts to properly evaluate the project. In 2019, the Canadian Civil Liberties Association (CCLA) sued the three levels of government over the deal with Sidewalk Labs.

Conclusion

In this chapter, I have drawn on the GKC framework to analyze Sidewalk Labs’ proposal for the automated planning and collective governance of the smart city assets. My key argument in this chapter is that, without both the public space and the public, no collective action is possible in the smart city. Attractive as a concept, in practice the outcome-based code would erode the city fabric and destroy horizontal ties between the citizens. The partnership’s vision of the commons was similarly deficient. As the Sidewalk Toronto case demonstrates vividly, the trusts become useless when imbued with the mutually exclusive goals of profiting from the city’s resources and protecting the public interest.

Because of the complex socio-material and legal nature of smart cities, their infrastructure is often controlled by multiple stakeholders. The idea to govern these assets collectively has enormous potential, yet the way Sidewalk’s five new governing bodies were designed would have precluded the citizens from having any meaning representation. Both the outcome-based planning and collective governance in this project were intended to serve the commercial interests of Alphabet/Sidewalk Labs.

Canada has a recent history of failed or contested public–private partnerships, where critics pointed to the lack of transparency regarding the financial interests of the parties – e.g., the Superclusters Initiative and several projects that failed to make high-speed internet available in the remote and rural areas (Valverde and Flynn Reference Valverde and Flynn2020). Citizens who had organized against Sidewalk Toronto would continuously invoke Canada’s historic commitment to the welfare state and its strong government oversight in business operations. The #BlockSidewalk citizen group repeatedly questioned the mandate of Waterfront Toronto to represent the Canadian government in the project. Bianca Wyllie argued that the three levels of Canadian government were tragically unprepared to deal with the technology company that had designed smart city policies for its financial gain (Wylie Reference Wylie2020). In 2021, the federal government started appointing Chief Data Officers across its departments. Statistics Canada runs workshops on data stewardship for Canadian public officials.

After the smart city project in Toronto was canceled in 2020, Sidewalk Labs partnered with Kansas City and the City of Portland to trial Replica, the data-driven tool formerly known as the outcome-based code (Bowden Reference Bowden2018). One year later, both municipalities rejected Replica, reportedly over privacy and transparency issues (Coulter 2021). However, startup Replica has raised $41 million in Silicon Valley, and allegedly plans to sell its product in Europe and Asia (Wolpow 2021). The idea of data stewardship through trusts is being implemented as part of the European Union’s AI governance framework (Artyushina Reference Artyshina2021).

Introduction

The modern-day digital community provides an opportunity to follow the unifying threads of governance, physical spaces, and technologies, as played out through the deployment of local software-based sensors and gateways. As we will see, the now-defunct Sidewalk Labs project in Toronto highlights the challenges, and limitations, of developing such a comprehensive system of interfaces, in the absence of sufficiently inclusive and holistic mechanisms to govern their use.

This chapter presents a brief thought piece that frames several of the key governance challenges that cities face when approaching the Internet of Things (IoT) and other “smart” technologies. Those challenges in particular fall within two areas: human governance and technical interfaces. In the first section, we will look briefly at two planned cities – the ancient Greek city of Thurii and the modern cityscape of Quayside in Toronto, Canada – as exemplifying the different layers of inclusivity that can and should work well together in communities of trust. One proposed takeaway raised in the second section is the desirability of planning digital communities that invite active human participation in the blended spaces between the self and the world, the private and the public, and the physical and the virtual. As it turns out, this takeaway is entirely consistent with the notions of participatory community governance at the heart of the Governing Knowledge Commons (GKC) framework (Frischmann, Madison, and Strandburg Reference Marr2014), summarized in Chapter 1, and elsewhere in this book.

For the Quayside cityscape, the third section of this chapter focuses on two particular layers. First, it introduces inclusive governance, which in Quayside spanned proposals from civic data trusts to urban trusts. That exploration includes consideration of the knowledge commons, and by extension the ancient Greek agora, as useful framing references. The digital fiduciary is offered up as another governance model worth exploring. In particular, such entities could employ a virtual trust layer, an encapsulation of fiduciary-based obligations within the entity’s data flows and algorithmic decision points.

It then digs into inclusive interfaces, using as an exemplar the evolving and still-incomplete work of the Sidewalk Labs’ design engineering team, the Digital Transparency in the Public Realm (DTPR) project. More human-agential versions of these interfaces exemplify what are introduced here as edgetech systems, as opposed to the cloudtech systems that dominate the Web today. The chapter establishes edgetech capabilities as incorporating three key elements: (1) the edge-to-any/all (e2a) design principle, (2) multiple end-user-facing modalities of data, computation, and interfaces, and (3) a mix of edge-pushing and edge-pulling functionalities that empower the end user (Whitt Reference Whitt2021a, 191–207).

The fourth section observes how the digital fiduciary, paired with a personal AI, could help the individual successfully navigate the inclusive new blends of physical and virtual spaces in their digital communities (Whitt Reference Whitt2021a, 193–97). Finally, in the fifth section, certain government policies are identified that would enable these more participatory governance and edgetech opportunities (Whitt Reference Whitt2021a, 209–15).

Two Cities, Two Governance Challenges

Virtual Gateways: Lack of Inclusion, Lack of Balance

As natural beings in the world, humans inhabit an environment of mediation. Many modern scientists and philosophers agree that the human mind is not a mere mirror reflecting its surroundings. Instead, our bodily attributes of somatic, sensory, emotional and mental systems interact constantly, helping us to define reality and act accordingly (Whitt Reference Whitt2021a, 160–62).

Technology too mediates between human beings and our experiences, often via software-based interfaces (Whitt Reference Whitt2021a, 162–64). These amount to different kinds of points of presence – physical, virtual, or conceptual – at boundaries where information signals flow between systems. As but one example, Luciano Floridi recently has observed how marketing entities use people as interfaces, to be exploited by commercial and political players for our data, our money, and our votes (Floridi Reference Floridi2019).

In Web-based technologies, an interface is “the way in which one glob of code can interact with another” (Galloway Reference Frischmann, Madison and Strandburg2012, 31). Over time, Web interfaces have been developed to provide a user experience (UX), typically by pushing that experience in the user’s direction. Representative examples of these “cloud-push” gateways include graphical user interfaces (GUIs), voice-controlled interfaces, gesture-based interfaces, and public forms of application programming interfaces (APIs). These choices typically are made on the user’s behalf, without their participation, feedback, or consent. In other words, these interfaces are not particularly inclusive (Whitt Reference Whitt2021a, 195).

Cloudtech Systems in Our Lives: “Screens, Scenes, and Unseens”

Every day we interact with computational systems via three kinds of interface, envisioned here as digital “screens, scenes, and unseens” (Whitt Reference Whitt2021a, 144–45). These cloud-based interfaces can be considered their sensory subsystems – to watch, to listen, and to speak.

• Online screens on our various devices lead us to the search engines and social media platforms, and countless other Web portals in our lives. Institutional AIs render recommendation engines that guide us to places to shop, or videos to watch, or news content to read.

• Environmental scenes (sensors) are the “smart” devices – cameras, speakers, microphones, sensors, beacons, actuators – scattered throughout our homes, offices, streets, and neighborhoods. These computational systems gather from these gateways a mix of personal (human) and environmental (rest of world) data. They are the “eyes and ears” of increasingly complex monitoring and analysis systems. The Ring doorbell placed by your neighbor across the street is but one example.

• Bureaucratic “unseens” are computational systems hidden behind the walls of governments and companies. These systems can render hugely life-altering judgments about our basic necessities, and personal interests – including who gets a job or gets fired, who is granted or denied a loan, and who receives what form of healthcare.

In the digital community context, all three types of systems and their interfaces come into play: our mobile device screens, the environmental scenes all around us, and the unseen actors that actually set the rules of engagement (Whitt Reference Whitt2020b, Reference Whitt2020c). Figure 9.1 shows these three types of systems.

Figure 9.1. Screens, scenes, and unseens, GLIA Foundation

In all three instances, numerous decisions are being made and policies are being carried out by algorithms – but is the decision-making process equitable, and is the handling of the personal data accountable?

Bringing Cloudy SEAMs

To software designers, robust feedback between people is supposed to be “the keystone of the user-friendly world” (Kuang and Fabricant Reference Kuang and Fabricant2019, 32). Problems emerge, however, when one or both sides of the equation lack feedback, so they are “not feeling the stakes” (Kuang and Fabricant Reference Kuang and Fabricant2019, 34). Unfortunately, these issues of imbalanced information flows are pervasive on the Web, and in particular among those who employ so-called cloudtech software applications.

A term I have employed to describe these interrelated activities is the “SEAMs cycle” (Whitt Reference Whitt2021a, 148–53). Cloudtech computational systems require fuel – steady streams of data that in turn render compensation to players in the Web platforms ecosystem. At the direction of platform companies and others, the SEAMs cycle has become the “action verb” of these computational systems.

The SEAMs paradigm is instantiated in exploitative feedback cycles, which harness four interlocking control points of the computational action verb. S is for “surveilling,” via devices in the end user’s physical environment. E is for “extracting” the personal and environmental data encased as digital flows. A is for “analyzing,” using advanced algorithmic systems to turn bits of data into inference and information. And M is for “manipulating,” influencing outward physical behaviors by users and others (Whitt Reference Whitt2021a, 148–51).

A core concept is that cloudtech computational systems deploying SEAMs cycles seek to maximize extraction of data and user engagement – but on their terms. Thus, through institutional control over these data gateways, most derived value from data and content typically flows in one direction – the “SEA” of the SEAM cycles. Figure 9.2 shows these flows.

Figure 9.2. “SEA” cycle flows, GLIA Foundation

And in the other direction flows the shaping influences – the “M” of manipulation. The placement of intelligence and control technologies within infrastructure systems allows companies and governments alike to wield significant power (Frischmann and Selinger Reference Frischmann and Selinger2018, 134–42). Figure 9.3 adds that crucial element of manipulation.

Figure 9.3. “SEAMs” cycle flows, GLIA Foundation

This pronounced interfacial one-sidedness makes many of the computational systems that we use every day unbalanced. As individuals interact with the Web over their device interfaces, we stand on many entities’ virtual borders, without even realizing it. One key way to achieve greater balance is to design more inclusive computational systems.

Sidewalk Labs: Untapped Potential

As we consider the potential of modern smart city experiments such as Sidewalk Labs, we can look to ancient precedents for insight. As we have seen in ancient Thurii, observes one scholar, “the act of writing a constitution and tracing a grid … are symmetrical concepts,” because they invite broad participation for citizens (Kirkpatrick Reference Kirkpatrick2015). That same kind of balance from the old world of architecture and city planning can also be achieved in digital connections and the exchange of data.

What useful takeaways can be derived from the Sidewalk Labs project in Toronto? At least two interrelated conversations are worth continuing: first, opening up the back end of the project governance and, second, opening up the front end of the software interfaces. Optimally, providing balanced processes of interactions within these two forms of human-to-system interfaces can be devised and implemented in concert.

Complementary Roles for Digital Fiduciaries and Personal AIs

A digital community could be devised so that a citizen’s digital agent would be able to interact directly, on their behalf, with the community’s computational systems. In the case of Sidewalk Labs Toronto, these interactions could have been facilitated through the very chatbots and personal AIs that were being explored in parallel via the project’s DTPR process. The back-end of trust governance could have benefited from more fruitful connections with the front-end of sensor interface technologies.

In essence, each smart city and other digital community is its own website, or social media platform, or mobile application. As with these better-known digital experiences, the digital community is in a position to adopt and apply its own terms of service, its own privacy policy, its own data protection practices, and its own authorized use policy. As with the World Wide Web, this panoply of overlapping and likely inconsistent policies would overwhelm most typical participants. In essence, the cognitive overload of the Web would become extended and embedded in the physical spaces all around us. At present, there is no obvious recourse to deal with this pervasive problem.

Having one’s own personal agent, such as a digital fiduciary, could help the average person to cope with, and even manage, this brave new world of digital communities (Whitt Reference Whitt2020c). As an individual goes about their daily activities in their local city, a personal digital fiduciary can provide the means of interacting in real time with the digital community – including the civic data trust, and other entities that the individual may encounter in their travels. These interactions would be enabled via the software interfaces embedded all around (Figure 9.4).

Figure 9.4. Digital fiduciary and data trusts, GLIA Foundation

As the DTPR project team recognized, a personal AI or other virtual agent could be an important complementary tool for utilizing one’s edgetech applications (Sidewalk Labs 2020b, 2020c, 2020d). The personal AI could provide forms of “digital pushback” to challenge a digital community’s existing SEAMs cycles, by:

• blocking the automatic “surveillance” and “extraction” modes;

• disrupting consent-less operation of the community’s “analysis” mode; and

• thwarting attempts to “manipulate” the individual’s autonomy in their physical environment.

A Likely Role for Government

A more inclusive and symmetrical interface is only as good as the interoperability behind it – the two-way means of interacting with other underlying networks. Interop constitutes the somewhat unfashionable network plumbing of software standards and protocols. As one example, for a personal AI to “talk” directly with an institutional AI, there must be an accepted means of communication, and an agreement to act upon it.

The basic interop fabric is already there to support robust two-way interfaces. After all, the Internet is a splendid example of an interconnected “network of networks.” Symmetrical interfaces using the e2a design principle can mirror that same peer-to-peer architecture: my system speaking on equal terms with your system, in a reciprocal manner. What would change is the current overlay of unidirectional interfaces leading to tightly controlled platforms.

Voluntary agreement on the operative protocols and standards would be optimal. However, there may well be a role for governments to play in smoothing the path for such agreement. Regulators could introduce a mix of tailored market inputs and incentives that would open up portions of underlying platform resources. These might include system-to-system interconnection, robust interoperability (at the different layers of data, computational, identity, and mixed/augmented reality), and data delegability and mobility (from platforms to selected mediators) (Whitt Reference Whitt2018, 45–65). Many of these “functional openness” concepts – such as network interconnection, services interoperability, and resource portability – are rooted in regulatory policies developed in the 1980s and 1990s by the US Federal Communications Commission (FCC) and other national regulators, as a way to facilitate more competitive communications services markets (Whitt Reference Whitt2018, 45–65).

Some in the US Congress have not overlooked this particular option. As a salient example, the proposed “ACCESS Act” incorporates key functional openness measures aimed at large platform companies (Warner Reference Warner2019). Introduced in the US Senate in October 2019, the bill encompasses two agency-bolstering elements. First, the bill would require the platforms to provide interoperability and data portability, via transparent and accessible interfaces suited for both users and third parties. Second, the bill would allow users to delegate their digital rights to “third party custodians,” operating under a duty of care (Warner Reference Warner2019).

That right of delegation could well prove crucial to enabling individuals and communities to fully exercise whatever statutory rights are granted to them (Whitt 2021b). Indeed, Nobel prize winning economist Paul Romer observed in his statement supporting the original 2019 version of the bill: “By giving consumers the ability to delegate decisions to organizations working on their behalf, the ACCESS Act gives consumers some hope that they can understand what they are giving up and getting in the opaque world that the tech firms have created” (Warner Reference Warner2019). As noted, such asymmetrical opacity is even more pervasive and insidious in the smart cities context.

Conclusion: Adapting Ancient Lessons for Modern Communities

Against a backdrop of widespread governance failures worldwide in our economic, political, and social systems, the near-term opportunity is apparent (Whitt Reference Whitt2020a). As the city of Thurii attempted some 2,500 years ago, today we can craft governance structures and spatial processes that work together to ensure inclusive and supportive physical environments for real people.

Our digital communities should embrace the active participation of citizens and visitors alike in the increasingly blended spaces that constitute the self and world, the private and public, and the physical and virtual. Insights gleaned from the GKC framework, fiduciary-based governance models, and technologies utilizing edge-to-any/all design principles, can form a powerfully inclusive combination. Also, the digital fiduciary and personal AI could be a complementary means to help ensure that ordinary people can readily explore and participate in the brave new world of their digitally equipped communities.