Array of Things Operating Policies

Array of Things Governance and Privacy Policy and Process

Array of Things Governance Policy and Process

1.Purpose and Scope

This document provides a framework within which the University of Chicago and Argonne National Labs (program operators) and the City of Chicago will implement and manage the Array of Things (AoT) in Chicago by 1) defining the initial scope of the program, 2) establishing the roles and responsibilities of program partners; and, 3) describing the process by which decisions about the program will be made.

This document is complimented by the AoT Privacy Policy, which sets forth requirements regarding Personally Identifiable Information (PII).

1.1.Guiding Principle

We value privacy, transparency, and openness.

1.2.Program Overview

The AoT program operators aim to build an urban-scale research instrument comprising a network of at least 500 Internet-connected “nodes,” each supporting multiple environmental and air quality sensors. As a first of its kind public sensor utility, AoT will produce an open and freely available source of urban sensor measurements to support research, development, education, prototyping, and demonstration. The program operators have designed AoT to enable the instrument to evolve at a pace commensurate with consumer electronics, maintaining state-of-the- art capabilities over many years.

The initial prototype, funded by Argonne National Laboratory, involved 12 nodes equipped with a collection of environmental sensors (e.g., temperature, light, sound, humidity, air quality). Each node was mounted on private facilities at the University of Chicago, Argonne National Laboratory, and DePaul University for testing purposes, with installation occurring between July 2014 and June 2015.

Beginning in summer 2016 a second set of prototypes will be mounted in Chicago on street signal light poles and external building walls. The network will be expanded to roughly 500 nodes from 2016 to 2018. The program operators will develop functionality to enable research, application development, education, prototyping, or demonstration projects. The location of each of the 500 nodes will be determined via the process identified later in this document (§4.3). The program will be evaluated nine months after the second set of prototype nodes are mounted in the City and every 12 months from that time on. The evaluation criteria and the results of each review will be made available to the public.

Sensor readings will be processed and sent to a database managed by the program operators. A period of evaluation and calibration will be required for each sensor; this


August 2016

Array of Things Governance and Privacy Policy and Process

period will vary based on the sensor or data that is collection. As one function of AoT is to evaluate new sensor technologies, the evaluation process will also involve a determination as to whether a particular sensor is producing accurate data reliably. Once evaluation determines that the sensor is producing accurate and reliable data, and once calibration is complete, data in compliance with the AoT privacy policy will be made publicly available via the City’s Data Portal to support application development and data analysis. All of this sensor data will be publicly available as open data, under the stewardship of the University of Chicago. The program operators have designed the AoT system to protect privacy. This document describes the processes, procedures, and technologies that will be used to ensure sensor data is both correct and where necessary, anonymized before publication. Any images collected by AoT nodes for calibration will be protected, and available only to authorized individuals and only for research purposes.

2.Technical Objectives

The AoT will operate as an instrument, involving an infrastructure and related services for research, development, education, prototyping, and demonstration of both open and proprietary technologies and services aimed at improving the sustainability, resilience, efficient operation, and livability of cities. In short, AoT will support “Smart City” research, development, and education. AoT is designed to support three general types of instrument use: the collection and open publication of sensor data about public urban spaces, research in areas such as sensing and information/communications technologies, and support for research in software and services.

Each node will report sensor values at regular intervals. To comply with security and privacy requirements (See Array of Things Privacy Policy), data will be encrypted and transmitted to a database managed by the program operators. Only data meeting the AoT privacy policy standards will be published to the City’s Data Portal and may also be published to other data analytics services as needed. All data published from the platform will be open and free of charge. In order to support economic development, data from approved experimental sensors, installed for specific research and development purposes, may be withheld from (or aggregated for) publication for a period of time in order to protect intellectual property, ensure privacy or data accuracy, and enable the proper calibration of the sensor.

2.1.Support for Evolving Technologies Over Time

The AoT involves engineering and placing a network of physically secure enclosures with power, Internet access, and standard specifications that will allow for efficient installation/replacement of those devices by City technicians. These devices must operate for period of months without physical intervention, and must be provided with adequate environmental protection, particularly with respect to temperature and moisture. The program operators and the City of Chicago will cooperate to enable nodes to be repaired and replaced in case of damage or loss.


August 2016

Array of Things Governance and Privacy Policy and Process

2.2.Support for Software and Services Projects

Though the pace at which information and communication technologies evolves is rapid, there is a much larger potential research and education community focused on new software and services, harnessing existing hardware technologies. To support such projects will require that the AoT allow controlled access to shared programmable devices within the nodes. Once this functionality is available, changes may be required to AoT polices and processes to prevent misuse and ensure reliable and usable functions for provisioning and scheduling resources, validating and loading custom software, and restoring the devices to a known state between experiments.

3.Governance Bodies

3.1.Program Operators

The University of Chicago and Argonne National Laboratory will manage and operate the AoT program, in partnership with the City. The program operators are responsible for the design, development, repair, replacement, and support of the nodes and the technical infrastructure needed to enable data collection, processing, and storage.

The program operators will leverage strategic partnerships with outside entities, including but not limited to industry, academia, and not-for-profits, as well as the increasing availability of open source tools and frameworks that can be adapted to or applied directly to the instrument, to support program goals.

The City will support the operators by providing program oversight; policy guidance; installation and maintenance support; and technical assistance to ensure that resulting data is publically accessible.

3.2. Executive Oversight Council

An executive oversight council (EOC) will oversee the AoT program, and is responsible for setting policy and establishing processes and procedures related to system operation, configuration, and capabilities, access to data and other resources, and communication and interactions with the City and community.

The council will be co-chaired by the Commissioner of the City’s Department of Innovation and Technology, City of Chicago and the Director of the Urban Center for Computation and Data at University of Chicago and Argonne National Laboratory, with additional members selected from academia, industry, not-for-profits, and the community. These members will be invited based on recommendations from AoT partners and others who work with community groups, or solicited via public meetings and the AoT website. The Commissioner of the City’s Department of Innovation and

Technology will have the final approval regarding decisions of the EOC.

The EOC will meet quarterly or as needed.


August 2016

Array of Things Governance and Privacy Policy and Process

3.3. Technical Security and Privacy Group

A technical security and privacy group (TSPG) will review the AoT technology as it pertains to security and privacy, and will make recommendations to the EOC.

The group will be chaired by the Director of the Center for Applied Cybersecurity Research, Indiana University, with additional members including the City’s Chief Information Security Officer and others with relevant expertise, selected from industry and academia.”

The TSPG will meet quarterly or as needed.

3.4. Scientific Review Group

In some cases external science partners may propose changes or additions to the instrument hardware and/or software. A scientific review group (SRG) will evaluate these proposals from AoT participants as well as other parties (individuals, community groups, companies, universities, etc.). The SRG will provide a regular report on these proposals to the Executive Oversight Council.

The SRG will be co-chaired by the Chief Technology Officer of the Urban Center for Computation and Data at University of Chicago and Argonne National Laboratory and a senior representative from the scientific community.

The SRG will meet quarterly or as needed.

4.Governance Policy and Processes

As a public data utility, a set of policies and processes is required to ensure that the instrument operates according to the program’s guiding principles and within the established scope and budget. These policies and processes must protect the privacy and security of Chicago residents and visitors, ensure accountability and transparency, and consider education and proactive communication.


This policy document, and associated data management and privacy policy documents, will be maintained and updated under the direction of the EOC, with at least an annual review.


The AoT program operators will maintain a public website with current information on the project (, including educational materials regarding the hardware and software technologies and capabilities associated with AoT, a directory with detailed information on all components, experiments, and projects supported by AoT, all policies and procedures for AoT operation, governance body meeting minutes, and reports.


August 2016

Array of Things Governance and Privacy Policy and Process

The program operators will produce an annual report, which will be published to its website and will summarize any legal request or changes made to policies, processes, node locations, or capabilities made throughout the year.

4.3.Node Locations

The locations selected for AoT nodes will maximize the positive impact that city residents, policy practitioners, and scientists can obtain from the project.

Node locations may be proposed by any individual or group, and locations will be selected with the goal of enabling at least two of the following benefits within a geographic area:

(a)Nodes can provide data relevant to a local concern or issue of importance to the residents and businesses

(b)A relevant scientific research question may be better investigated with data from the instrument

(c)A planned or potential policy or investment that could be optimized, measured, or informed based on use of data from the instrument, and/or from scientific analysis of that data

In addition, neighborhood density, the location of partner institutions within a geographic area, and the availability of traffic lights or alternative structures (e.g. a building wall) required to mount the nodes will be considered.

Suggestions that meet selection criteria should be submitted first to the program operators at, and will then be reviewed and pre-approved by the EOC if the program operators agree that the criteria has been met.

Prior to deploying AoT nodes in a given geographical area, the program operators and/ or the Commissioner or designees of the City’s Department of Innovation and Technology will:

1.Meet with alderman and community leaders to discuss the objectives of the project and the policies and processes in place regarding issues such as privacy, coordinated by the University of Chicago

2.Work with the Smart Chicago Collaborative or other partners to hold community meetings with residents, where the goals and details of the project will be discussed, including an emphasis on policies and procedures regarding safety, security, and privacy of the network, and on the benefits to the neighborhood associated with the network. Local media will be invited to cover these workshops

3.Post the privacy policy online prior to community meetings for residents to provide comments and questions.

4.Present the locations to the EOC for final approval.


August 2016

Array of Things Governance and Privacy Policy and Process

4.4.Node Security

The AoT hardware and software design and operation procedures follow security practices developed by and for national laboratories.

The TSPG will oversee the review and test the instrument to ensure security, with the goal of preventing any unauthorized access or communication.

4.5.Node Capabilities

Node capabilities (i.e., the list of sensors and the associated data collected) will be maintained on the AoT website. Changes to the node capabilities (i.e., changes to existing sensors and introduction of new sensors) that require a change in the privacy policy must be first reviewed by the TSPG. The TSPG will advise the EOC regarding approval of such changes.


Workshops will be designed and led by AoT partners and the University of Chicago. These will build on prior work including pilot workshops for high school students, held in 2014 and 2015, as well as an 8-week curriculum developed with Lane Technical High School and taught to 150 high school students in 2016. These workshops and curricula are intended to introduce concepts, ranging from environmental science to electronics design to data analytics, to neighborhood youth (and other interested parties), and provide training and education about the technologies and related science.

The AoT team continues to work with industry, local government and educational partners to explore additional opportunities to support for education and training programs leveraging the instrument. Educational materials will be made available via the AOT website.


This policy will be reviewed annually at minimum by the program operators and the EOC for possible changes. Others may request a review of this policy or submit a question to the operators Any proposed changes to the policy will be posted online for public review and comment prior to their incorporation.


August 2016

Array of Things Governance and Privacy Policy and Process

Array of Things Privacy Policy

5.Purpose and Scope

The Array of Things is designed to collect and share data about Chicago’s urban environment to support research that seeks will provide insight into city challenges. This includes, but is not limited to, information about temperature, humidity, barometric pressure, vibration, air quality, cloud cover, and pedestrian and vehicle

counts and patterns. Pedestrian and vehicle movement data will come from computer software analyzing images.

The purpose of this policy is to disclose the privacy principles and practices for the Array of Things program. It is complemented by the Array of Things Governance Policy and Process document, which defines how decisions about the program will be made. The privacy policy sets forth how the operators of the Array of Things program will collect and manage data, some of which may include personal information or Personally Identifiable Information (PII). The operators of the Array of Things are defined as the University of Chicago and Argonne National Laboratory.

6.Guiding Principle

We value privacy, transparency, and openness.

7.Personally Identifiable Information

Personally Identifiable Information or PII1 is any information about an individual, including “(1) any information that can be used to distinguish or trace an individual’s identify, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.” As noted in NIST 800-122, this includes the following:


Personal identification numbers

Email or street address information

Personal characteristics, including photographic images of face or other identifying characteristic), fingerprints, handwriting, or other biometric data (e.g., retina scan, voice signature, facial geometry)

Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information)

1 “PII” has been defined in accordance with the National Institute of Standards and Technology’s Special

Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). Updates to the NIST guidelines will be reviewed as part of the regular review of this policy.


August 2016

Array of Things Governance and Privacy Policy and Process

This policy also recognizes the sensitivity regarding location information, electronic device identifiers, or vehicle license plate information and thus considers these in its policies.

4.Information Collection, Use, and Sharing

All policies, hardware and software specifications, design, and open source code will be publicly posted and made freely available online. Public sensor data will be published to the City of Chicago’s Data Portal at An Array of Things annual report will be published each year, beginning in June 2017, outlining the achievements of the program, as well as any updates or unintended deviations from the privacy policy.

The Array of Things technology is designed and operated to protect privacy. The technology has no capability to capture sensitive PII, but may capture non-sensitive PII in the form of details in images from a street-facing camera or sound in the public way. Any such data, such as could be found in images or sounds, will not be made public. Inclusion of cameras in the nodes is intended for detection of specific conditions such as street flooding, car/bicycle traffic, storm conditions, or poor visibility. To support such capabilities, images will be analyzed using an image processing computer within the node, after which the images will be deleted. All image processing operations involving proposed publication of information that would affect the privacy policies will be subject to approval by the Scientific Review Group (Section 3.4).

For the purposes of instrument calibration, testing, and software enhancement, images and audio files that may contain non-sensitive PII will be periodically collected to improve, develop, and enhance algorithms that could detect and report on conditions such as noted above. This raw calibration data will be stored in a secure facility for processing only by authorized researchers during the course of the Array of Things project, including for purposes of improving the technology to protect this non-sensitive PII. Access to this limited volume of data is restricted to operator employees, contractors and approved scientific partners who need to process the data for instrument design and calibration purposes. All individuals with access to this data will be subject to strict contractual confidentiality obligations and will be subject to discipline and/or termination if they fail to meet these obligations.


The policy was developed in cooperation between the operators of the Array of Things (University of Chicago and Argonne National Laboratory) and the City of Chicago, with input provided by an independent review committee convened by the Technical Security and Privacy Group, as described in the Array of Things Governance Policy and Process document.

This policy will be reviewed annually at minimum by the operators, the AoT Technical Security and Privacy Group, and the Executive Oversight Council (also described in the Array of Things Governance Policy and Process document) for possible changes. Others


August 2016

Array of Things Governance and Privacy Policy and Process

may request a review of this policy or submit a question to the operators through the project’s public website ( Any proposed changes to the policy will be posted online for public review and comment prior to their incorporation. Notifications of these and related actions will also be disseminated through the project’s social media account (@arrayofthings in Twitter).


August 2016

PHP PDF ConvertedByBCLTechnologies