One of the new LinkNYC kiosks. Photo: Richard Levine/Corbis

Last month, the city began the rollout of its LinkNYC program, which replaces phone booths with interactive kiosks that also serve as high-speed Wi-Fi hotspots. Inevitably, we’re now finding out that we are giving away more data than we think we are: In a letter sent to the mayor’s office this week, the New York Civil Liberties Union raised concerns about “the vast amount of private information retained by the LinkNYC system and the lack of robust language in the privacy policy protecting users against unwarranted government surveillance.”

The NYCLU is mostly concerned with the amount of data that CityBridge, the consortium of companies behind the kiosks, can collect. CityBridge requires users to submit their email addresses and agree to allow the company to collect information on what websites they visit, as well as details about how long they view pages and what links they click. In a statement to Daily Intelligencer, LinkNYC general manageer Jen Hensley said that “LinkNYC does not collect or store any data on users’ personal web browsing on their own devices.” According to DNAinfo, such information is collected only from the kiosks’ built-in tablet screens.

The NYCLU also highlighted the LinkNYC privacy policy, which states that CityBridge will make “reasonable efforts to retain Personally Identifiable Information that you provide to us during registration no longer than 12 months after your last login.” In their letter, the civil-liberties group said that the promise to make “reasonable efforts” to delete information is inadequate, and also noted that for regular users who don’t have a yearlong gap between log-ins, it amounts to an indefinite retention of data.

The group also raised concerns about surveillance and sought a clarification about CityBridge’s policies regarding the sensors and cameras on the kiosks. From the letter:

“The policy states that “[CityBridge] will not give any data collected by environmental sensors or cameras to anyone other than the City or governmental law enforcement ,” with a few exceptions. One of those exceptions is with “advanced, written permission from the City.” We would like to know whether the environmental sensors and cameras will be routinely feeding into any City or NYPD systems, including the Domain Awareness System; if so, that should be made explicit in the privacy policy.”

After receiving the letter, LinkNYC responded with a statement:

“New York City and CityBridge have created customer-first privacy protections to ensure our users’ personal information stays that way – personal. We believe our privacy policy is the best way to protect New Yorkers and LinkNYC users while they safely and securely enjoy free superfast Wi-Fi across the five boroughs. We will continue to work to ensure legitimate concerns are addressed.”

In her statement to Daily Intelligencer, Hensley told us the city and CityBridge will never sell users’ personal information. “CityBridge would require a subpoena or similar lawful request before sharing any data with the NYPD or law enforcement, and we will make every effort to communicate government requests to impacted users,” she said. Hensley adds that the kiosks’ cameras are currently inactive and not designed to feed into any NYPD systems. The mayor’s office also emphasized that the kiosks use encryption to protect against hackers, and that any data shared with advertisers and the city will be anonymized.