Chapter 25 Exercises: Urban Sensors and Smart City Infrastructure

Exercise 25.1 — Jordan's Audit: Do It Yourself

Type: Individual / Observational Field Exercise Difficulty: Introductory Estimated time: 60–90 minutes (fieldwork) + 30 minutes writing

Instructions:

Replicate Jordan's one-hour observation exercise in your own environment. Choose a commercial district, campus area, or public space and spend 60 minutes documenting every surveillance device you can identify. Bring a notebook; take photographs from public spaces (do not photograph private property or people).

For each device, record: 1. Physical description and approximate location 2. What type of device it appears to be (CCTV, LPR, acoustic sensor, WiFi probe, traffic sensor, etc.) 3. Who operates it (city government, university, private business, unknown) 4. What data you believe it collects 5. Whether any signage indicates its presence or purpose

Written analysis (400 words):

After compiling your list, reflect on the following: - What surprised you? Were there more or fewer devices than you expected? - What couldn't you identify? What is the significance of devices you cannot recognize? - Which devices operate together — which ones, if their data were combined, would create capabilities beyond what each provides individually? - Who is not being monitored in the space you examined? (i.e., what spaces or activities fall outside the sensor coverage?) - Did conducting this audit change your sense of the space? Do you feel you were being watched while you were watching?

Exercise 25.2 — License Plate Reader Policy Analysis

Type: Individual / Research and Policy Analysis Difficulty: Intermediate Estimated time: 60–75 minutes

Instructions:

Research the license plate reader policy of one jurisdiction — either your city/county or a city of your choice. Most police departments have LPR policies publicly available; if yours does not, the ACLU maintains an LPR database with policies from multiple jurisdictions.

Find the answers to the following questions (or note that the policy does not address them):

  1. How long is LPR data retained?
  2. Who within the agency can access LPR data?
  3. Is LPR data shared with other agencies? Which ones? Under what conditions?
  4. Is LPR data shared with commercial aggregators like Vigilant Solutions/Motorola? Under what terms?
  5. Are individuals notified when their plates are captured? When their data is queried?
  6. What is the process for challenging an erroneous hot list hit?
  7. Does the policy address use for non-criminal purposes (immigration enforcement, civil litigation, etc.)?
  8. What oversight mechanisms exist (audits, council reporting, etc.)?

Written analysis (350 words): Rate the LPR policy you reviewed on a 1-10 scale for each of: data minimization, access restrictions, retention limits, sharing restrictions, transparency, and oversight. Justify each rating. What are the policy's most significant privacy gaps, and what specific changes would you recommend?

Exercise 25.3 — The Fusion Center Integration Problem

Type: Small group / Scenario Analysis Difficulty: Intermediate to Advanced Estimated time: 45–60 minutes

Instructions:

Your group represents the city council privacy committee of a medium-sized city (population: 250,000). The police department has proposed integrating the following data sources into a new "public safety fusion center":

  • 847 CCTV cameras (city-operated)
  • 12 LPR readers on major roadways (police-operated, 90-day retention)
  • 340 smart streetlights with cameras (city-operated under vendor contract)
  • ShotSpotter acoustic sensor network (vendor contract, data held by vendor)
  • Social media monitoring platform (commercial subscription, monitors public posts)
  • Partnership with a commercial location data broker providing cell phone movement data

The police department's proposal emphasizes: - Real-time crime response capability - Ability to rapidly investigate serious crimes after the fact - No targeting of protected characteristics - Audit trail for all data accesses

Your committee must vote on the proposal. Before voting, work through the following:

  1. For each data source, identify: (a) what privacy interests are at stake; (b) what law enforcement value is claimed; (c) what the specific governance risks are if the integration proceeds.

  2. Identify the "emergent" surveillance capabilities that arise from integration that don't exist in any individual system.

  3. Draft a list of non-negotiable conditions you would require before approving the fusion center — these must be specific and enforceable, not aspirational.

  4. Vote and write a 300-word committee statement explaining your decision.

Exercise 25.4 — Python Extension: Analyzing Real Pedestrian Data

Type: Individual / Computational (requires Python) Difficulty: Intermediate (computational) Estimated time: 60–90 minutes

Prerequisites: Python with pandas and matplotlib installed

Instructions:

Find a real publicly available pedestrian or traffic sensor dataset from a city open data portal. Good sources include: - Melbourne (Australia): data.melbourne.vic.gov.au (pedestrian counting system) - New York City: data.cityofnewyork.us - Chicago: data.cityofchicago.org - London: data.gov.uk (various datasets) - Your own city's open data portal (search for "pedestrian counts" or "traffic sensors")

Download a dataset and adapt the code from Chapter 25 to analyze it. At minimum, produce: 1. A chart showing average hourly pedestrian/traffic volume for at least two sensor locations 2. A comparison of weekday vs. weekend patterns 3. A time-series plot showing trends over the dataset's full time range

Written reflection (300 words): What does this data tell you about the city? What policy decisions could legitimately be made using this data? Where does the data stop being useful for policy and start being useful for surveillance? At what point — technically, legally, or ethically — would this dataset become a tool for individual tracking rather than aggregate planning?

Exercise 25.5 — Privacy by Design Evaluation

Type: Individual or Pairs / Design Exercise Difficulty: Advanced Estimated time: 75 minutes

Instructions:

You have been asked to design a "pedestrian flow monitoring system" for a city's downtown commercial district. The city wants to understand pedestrian patterns to optimize bus route frequency, allocate street cleaning resources, and evaluate the impact of new bicycle lanes on pedestrian traffic.

Step 1: Design two versions of this system:

Version A (Minimal Data): Achieves the city's stated goals using aggregate counting only — no individual identification. - What sensors would you use? - What data would you collect? - How long would you retain it? - Who would have access?

Version B (Comprehensive Data): Achieves the stated goals plus additional law enforcement capability. - What sensors would you add? - What additional data would be collected? - How would governance differ from Version A? - What benefits does Version B provide over Version A?

Step 2: Apply the seven principles of Privacy by Design to both versions. Which principles does each version satisfy or violate?

Step 3 (400 words): Write a recommendation to the city council explaining which version you recommend and why. Address: (1) what legitimate purposes require Version B's additional capabilities, if any; (2) what governance mechanisms would be required if Version B were adopted; (3) whether the incremental public safety benefit of Version B over Version A justifies the incremental privacy cost.

Exercise 25.6 — The Sidewalk Toronto Autopsy

Type: Written Essay Difficulty: Advanced Estimated time: 60–75 minutes

Instructions:

Write a 600-word essay analyzing the Sidewalk Toronto project's collapse as a case study in smart city governance failure. Your essay should:

  1. Identify the three most significant governance failures in the Sidewalk Toronto project (based on the chapter's account and any additional research you conduct)
  2. Explain which of these failures was most fundamental — the one that, if resolved, would have made the others more manageable
  3. Propose three specific governance mechanisms — for Sidewalk Toronto specifically or for smart city projects generally — that would have addressed the most fundamental failure you identified
  4. Address the counterargument: some urban planners argue that Sidewalk Toronto's failure set back smart city innovation by a decade and that the privacy critiques were exaggerated. How do you evaluate this claim?

Your essay should demonstrate engagement with the specific facts of the Sidewalk Toronto case, not just general principles.