Computers, Privacy & the Constitution

LinkNYC: Leveling the Playing Field, or Business as Usual?

-- By BrandonNguyen - 11 Apr 2016


On February 18, New York City Mayor Bill deBlasio announced the launch of LinkNYC, the most ambitious municipal wifi project in United States history. Partnering with CityBridge? , a private sector consortium including QualComm? , CIVIQ Smartscapes, and Google-funded venture Intersection, New York would replace its outdated public phone booths with kiosks offering free encrypted wifi at (purportedly) gigabit speeds. Five hundred kiosks are to be rolled out by mid-2016, with plans for 4,500 total by 2019. The policy rationale behind such an expansive project is clear: making the net more accessible to low income New Yorkers who cannot afford traditional ISP services would improve access to information, services, and facilitate communication free of charge, all while shifting the cost burden from individuals to the larger community. From the city's perspective, a better-connected, better-educated populace would enhance economic productivity, eventually boosting tax revenue. Yet, while the intentions behind LinkNYC may indeed contemplate a more egalitarian public good, the program is not without privacy risks. Upon careful review of LinkNYC's fine print, it becomes clear that users should still take precautions to protect their data in the near-term.

LinkNYC and Privacy

At its core, the debate surrounding municipal wifi programs like LinkNYC revolves around the issue of control. Telecom giants with monopolies on regional markets routinely lobby against such proposals, ironically accusing municipalities of creating their own monopolies (e.g. Verizon's opposition to Philadelphia's city wifi plan). In making net access a public good without the need for ISP hardware, municipal wifi gives citizens at least the opportunity to connect to a network free from a business model predicated on the commodification of communication. This obviously runs counter to an ISP's for-profit purpose, and that disconnect with municipalities' objectives have scuttled similar public-private partnerships in the past.

Unfortunately, LinkNYC's privacy policy includes several alarmingly vague provisions concerning what kind of information CityBridge? would be able to collect, and how that collection process works. Users would first sign into kiosks with a username, email address, and password to access the network--information LinkNYC can collect. LinkNYC offers two network types: an open network, and a private network encrypting all traffic between devices and the Link kiosk. Ironically, "Private Network access is only available on Apple devices enabled with Hotspot 2.0 technology", meaning private service would be restricted to iPhones with inbuilt surveillance features. Subsequently, LinkNYC would be able to track browsing histories, including "pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction..." And although information will be encrypted in storage and cannot be sold or shared with third parties, LinkNYC would be allowed to collect information to tailor advertisements to individual user profiles. On geolocation information, LinkNYC makes clear that even though it cannot track precise locations, "we know where we provide wifi services, so when you use the Services we can determine your general location." Such information, in combination with a kiosk's environmental sensors and video footage, could be forwarded to "the City or governmental law enforcement" who would then have access to private information about devices at any given location. Given these expansive provisions, it is clear that LinkNYC's privacy policy allows for government exploitation. Another alarming aspect of LinkNYC is the fact that a large volume of citizens' private data will be aggregated and stored indefinitely, ripe for third party abuse. In fact, the privacy policy specifically provides for functionally indefinite storage: LinkNYC "will make reasonable efforts to retain Personally Identifiable Information that you provide to us during registration no longer than 12 months after your last login." For low income citizens using LinkNYC in their daily lives, this effectively allows for indefinite data retention, as the 12 month period could be reset every time they use the service. Ultimately, rather than being an equalizing, liberating force for change, LinkNYC's vague oversight structure could become a boon for monitoring low income populations already the most susceptible to surveillance. While it is too early to determine whether LinkNYC constitutes a step closer to citizen-controlled access in spirit, in practice its underlying privacy policy has not yet been fully developed to afford current users adequate protection.


Citizens are right to remain wary of centralized control of net access, and LinkNYC is no less centralized than the status quo. But if New Yorkers are to take advantage of LinkNYC, what specific measures can be undertaken to protect communications from third party eavesdropping? First, the public needs a deeper understanding of LinkNYC's privacy risks; it starts with government transparency, but education and information dissemination also nurture a more cautious public. In addition, LinkNYC's infrastructure is targeted predominantly at mobile phone users, whose devices inherently afford less privacy protection than traditional computers for a variety of reasons. Ditching smartphones for computers would reduce convenience, but would provide greater opportunity for users to control the output of information LinkNYC could potentially process. In order to reduce unnecessary barriers to entry, it is therefore extremely crucial that computers become more affordable and usable vis-a-vis mobile phones for heavily-surveilled low income populations. Finally, the means of achieving communication privacy is within the capability of existing technology: simple VPNs, hardware like FreedomBox? , or similar devices equipped with free software could tap into public wifi to form a relatively low cost, open mesh of Internet coverage in major urban areas. As such devices gain traction in the market, lower prices will accompany their greater ubiquity. Perhaps one day, privacy-centered devices will run fully integrated with municipal wifi. Critics point to the technical difficulties of powering and maintaining municipal wifi, let alone a dense cluster of privacy-centered devices. Yet, if taxpayers sufficiently value privacy and an open Internet, they will demand cities provide supplementary infrastructure to revamp how people live and communicate in public life. This is perhaps the most critical step in the process, as it necessitates greater awareness, vocal activism, and a societal reprioritization of privacy rights.


1. Ian Urbina, "Hopes for Wireless Cities Fade as Internet Providers Pull Out", N.Y. Times, Mar. 22, 2008,

2. James Vasile, "Freedom, Out of the Box!", Transforming Freedom Open Archive for Digital Culture, Oct. 24, 2011,

3. Kaveh Waddell, "Will NYC's Free Wifi Help Police Watch You?", The Atlantic, April 11, 2016,

4. "!LinkNYC", New York City Department of Information Technology and Telecommunications, 2016, found at

5. "Lobbyists Try to Kill Philly Wireless Plan", Associated Press, Nov. 23, 2004, found at

6. Mariko Hirose, "Letter to Maya Wiley, Counsel to Mayor, RE LinkNYC Privacy Policy", New York Civil Liberties Union, Mar. 15, 2016, found at

7. "Mayor de Blasio Announces Public Launch of LinkNYC Program, Largest and Fastest Free Municipal Wi-Fi Network in the World", City of New York, Feb. 18, 2016,

8. "Public Communications Structure Franchise Agreement, Exhibit 2: CityBridge? Privacy Policy", CityBridge? , LLC, Jan. 25, 2016,

A good summary of the situation. LinkNYC should offer an anonymous connection option, which---combined with MAC spoofing---would be a relatively privacy-supportive outcome. I don't think that's going to turn out to be commercially or politically infeasible, particularly if it turns out that using "nobody@nowhere" email addresses and userids is silently permitted by the system. But the conversation needs to be had explicitly, because the present plan is for a fully-monitorable network masquerading as something else. A little less generalized concern and more explicit focus on precise issues would be a good improvement here.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r4 - 12 May 2016 - 14:59:47 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM