A monitor showing cars and pedestrians on a city street identified by bounding boxes.
NurPhoto / Getty Images

The ‘Capital of Silicon Valley’ Is Ignoring Its Privacy Experts

San José created a privacy taskforce to keep ‘smart city’ technology in check. Then its members started resigning.

As the tenth largest city in the United States and the self-proclaimed “Capital of Silicon Valley,” San José, Calif. has deployed or tested dozens of “smart city” technologies in the past several years—including automatic license plate readers (ALPR), public Wi-Fi with Facebook’s Terragraph, gunshot detection technology, and predictive policing. In response to public concern, the city of San José started what it dubbed its “Digital Privacy Advisory Taskforce” in the fall of 2018.


But according to a series of emails obtained by Motherboard via a public records request, the city has been ignoring and butting heads with the privacy experts it appointed to keep its surveillance technology in check.

According to its charter, the San José privacy taskforce is to meet quarterly to “validate and provide input” for the city’s privacy principles and policy “for specific smart city use cases.” The organization has no legal authority and “is not an approval body,” a spokesperson for the city said, in a statement to Motherboard. 

When Dr. Roxana Marachi, a privacy and education researcher at San José State University and an Executive Committee member at the San José/Silicon Valley NAACP, was asked to join the taskforce, she hoped she could make a difference. But her experience led her to believe that the creation of the taskforce was largely performative, and on May 12, she tendered her resignation. She is the second member of the taskforce to do so in the past two months, and the fifth member to leave since its inception.

“This is a difficult step as I had initially thought service on this committee would allow a rare and valuable opportunity to weigh in on data privacy issues prior to new tech rollouts,” she stated in her resignation email, which she shared with Motherboard. “But…it's become evident to me that city leaders are more deeply invested and interested in strengthening corporate partnerships and rolling out surveillance technologies than they are in protecting the privacy rights of San José's residents.”


Another taskforce member, whose name is redacted from the emails, also submitted their resignation in late March. 

Both the resignations come in the wake of what seems to be a botched attempt to obtain feedback from the taskforce before deploying automatic license plate readers (ALPRs) at a major intersection in the city. As originally reported by Metro Silicon Valley, the taskforce had serious reservations about the technology and its manufacturer, Flock Safety. Marachi and other taskforce members felt that those concerns were not accurately represented to San José’s City Council and were frustrated the pilot test continued under these misrepresentations.

The anonymous resignation stated feedback from the taskforce should be solicited “ahead of the decision on whether or not to implement a technology.” According to Marachi, the taskforce didn’t learn of the decision to acquire Flock’s ALPR technology until after the contract had already been signed. The taskforce did not see the contract, despite their requests for it, until it was published by Metro.

Despite the requirement for a quarterly meeting, five consecutive meetings were canceled by the city, from the second quarter of 2020 to the second quarter of 2021, during which time the city tested gunshot detection technology. The city says the taskforce was suspended during the COVID-19 pandemic and reconvened in August 2021. However, according to taskforce members and confirmed by emails reviewed by Motherboard, there was a meeting in October of 2020. There is no record of that meeting on the taskforce’s webpage.


The anonymous resignation expressed frustration with the infrequency of these meetings. “I think that an advisory task force that meets three to four times a year is not sufficient as a vehicle for such concerns to be first raised in an effective, timely way,” the former taskforce member wrote. 

San José is only one example of Big Tech’s efforts to push through new technology while weakening oversight and privacy protections. A recent investigation by The Markup found that the tech industry lobbyists have succeeded in watering down privacy legislation in states across the US.

Marachi drew similarities between what’s happening in San José and what happened in Toronto, during a rollout of similar technology by Sidewalk Labs, the “smart city” arm of Google parent company Alphabet. In a blog post, Bianca Wylie, a technology policy expert who was invited to advise Toronto during these efforts in 2018, called Toronto's outreach efforts a “master class in gaslighting and arrogance.” Marachi says the same patterns are now unfolding in San José.

“I remember reading that article and thinking this is exactly what is happening in San José,” said Marachi. “The concerns are brought up and then in the public meetings it's as if they haven’t been brought up.”


As an example, Marachi pointed to the current ALPR pilot. The pilot’s original privacy impact assessment, published in November 2021, stated that public reaction had been “overwhelmingly positive” and that 80 percent of respondents were “very comfortable” with the project. When Marachi probed about the amount of respondents and the outreach process, the document was changed to say that only eleven people responded to the request for comment. Of those, eight said they were “very comfortable” with the project and one said they were uncomfortable.

"This section of the document, even in the updated form, still ignores the serious concerns, critiques, and questions raised by several taskforce members and in effect erases our voices as engaged members of the public commenting on the situation," said Marachi.

When asked about this change, a San José spokesperson said that over 100 community organizations were notified of the project via the Mayor’s Gang Prevention Taskforce. The city also sought comment at community outreach meetings and continues to accept public comment online. Additionally, they promised a “more robust outreach plan to roll out in the coming months.”

The anonymous resignation expressed concern around the city’s portrayal of public outreach efforts and that simply asking the taskforce questions is “described to the public as ‘support.’”


Like in San José, this behavior from city officials in Toronto also led to resignations of privacy experts. But the similarities don’t stop there. While Sidewalk Labs may have ditched its efforts to build a twelve acre “city within a city” in Toronto, Alphabet is getting a second shot in San José. An eighty acre Google “megacampus” was approved by San José City Council last year, and has also been described as a “city within a city.” When completed, the complex promises to provide housing, office space, and areas accessible to the public, albeit owned—and likely surveilled—by Google.

Irina Raicu, a former member of the taskforce and the director of the Internet Ethics program at Santa Clara University’s Markkula Center for Applied Ethics, says that advisory groups like San José’s privacy taskforce can be helpful, but they shouldn’t be considered a substitute to well-funded privacy and cybersecurity teams.

“Any city that adds more tools for data collection and analysis, for whatever purposes, needs to scale up its privacy and cybersecurity team correspondingly,” she told Motherboard in an email. “There needs to be enough staff members to assess purchase proposals, develop policies for deployment, track the implementation of those policies, and, if necessary, flag any issues that arise before they lead to harm.”


San José’s principal privacy role has seen a fair bit of recent attrition. Its current Data Privacy Officer, Albert Gehami, assumed the role in October 2021. Before that, the role of Senior Privacy Policy Analyst was filled by someone else from November 2019 to July 2020.

Currently, the million-resident-city’s cybersecurity team consists of six employees and its privacy team of three.

“A voluntary advisory task force that meets three to four times a year is in no position to do this work,” Raicu added.

If that last line sounds familiar, it’s because the same sentiment was expressed in the March resignation. Raicu was present in the taskforce’s March meeting and was listed as a member of the taskforce as recently as April 3, 2022. However, the city did not list her among the current members of the taskforce when asked for comment on this story. 

When asked if she was the author, Raicu would not confirm nor deny and refused the opportunity to talk about her experience on the taskforce.

This is not the first time San José has been accused of implementing a committee for performative reasons. In the fall of 2020, the city formed the Reimagining Public Safety Community Advisory Committee. Nine members publicly resigned in a press conference outside city hall the following spring.

Bob Nunez, President of the San José/Silicon Valley NAACP, the organization whom Marachi was representing, says he’s seen this behavior from the city before. “It’s reflective of other communication we’ve provided to the city,” he told Motherboard. “It’s almost as if there isn’t a true attempt to get feedback. It’s just trying to get people in a meeting so they can take attendance.”

Nunez says there’s no reason why San Jose shouldn’t be “on the cutting edge” in protecting the privacy of its residents and that the community should be a part of it. “But instead, we’re being swept up.”

“If city leaders want to continue to dismiss the harms of mass surveillance on communities that have already been over-policed, disenfranchised, and harmed by AI based technologies…then it appears we are wasting our time and only feeding into tech-hyping false appearances that the city has been engaging with community members on these issues,” said Marachi in her resignation.