Here’s the Intercept article in a nutshell:

• Despite claims to the contrary, ShotSpotter, which uses a network of microphones to pinpoint gunshots in covered areas, also records conversations going on in the vicinity. This is established fact, inasmuch as the recordings have been admitted as evidence in criminal trials.
• ShotSpotter’s wide deployment in over 90 US cities is powered by an aggressive lobbying campaign.
  • DC lobbyist Ferguson Group, by targeting congressional delegations, has secured $7 million in federal funds to purchase ShotSpotter through Department of Justice.
  • ShotSpotter also has hired lobbying firms Squire Patton Boggs, Raben Group, Greenberg Traurig, and Mercury Group Public Affairs to sell its products at the federal, state, and city levels, including coordination with police unions.
  • Having laid the federal funding groundwork, ShotSpotter guides potential customers through the grant application process.
  • ShotSpotter cultivates revolving-door relationships with law-enforcement heavies. Senior Vice President David Chipman is a former senior official at the ATF and a former fellow to the International Association of Chiefs of Police, and New York Police Commissioner William J. Bratton did a stint as a board member before assuming his present position as one of ShotSpotter’s newest and biggest customers. (Fortunately for the American Way, he recused himself from that purchasing decision.)

The article also spotlights the silly claims by company executives that ShotSpotter is not a listening device. As one helpfully explains, “It’s an acoustic sensor. It’s not a microphone,” which you can file under Distinction Without A Difference. And, as usual, ShotSpotter can’t keep its story straight. Our Oakland friend @marymad contributes this capture from the ShotSpotter Web site:

Just like a cell phone, eh? That explains why the 20-30 foot limit is nonsense, too. Cell phone users know that speaker-phone mode picks up anything loud enough to be picked up, regardless of distance. A conversation 100 feet away on a quiet street? No problem.

The Intercept piece concludes with this alarming assessment of the privacy issues presented by ShotSpotter’s audio surveillance:

ShotSpotter’s privacy policy claims this audio is “erased and overwritten” and “lost permanently” if its system does not sense a gunshot. However, even if this is true, the policy also states that ShotSpotter has detected and recorded “3 million incidents” over the past ten years. This also indicates the sensors report a staggering level of false alarms, and that the company has permanently recorded 18 million seconds — in other words, 5,000 hours or approximately seven months — of audio. According to a promotional document emailed to Miami city officials by ShotSpotter’s sales team, the technology allows end users to retain this audio online for two years and offline for another five.

The lessons here are not new:

• ShotSpotter is a questionable use of money, a technical quick-fix that does little for public safety and nothing for the underlying causers of crime.
• The company is a snake-oil merchant that constantly makes claims that defy scientific logic.
• The ShotSpotter lobbying machine is a public menace.

We support the plan by Seattle City Council to closely review the money provisionally allocated to purchase ShotSpotter.

The post ShotSpotter: There’s no lobbyist like an arms lobbyist appeared first on Seattle Privacy Coalition.

Seattle Privacy Coalition ran across this document while compiling press clippings on ShotSpotter. Beginning in October, glowing press releases and media reports about the success of ShotSpotter began popping up around the country. For example, in Camden, NJ:

[County Commission] Director Louis Cappelli, Mayor Dana Redd and Chief Scott Thomson announced that ShotSpotter Flex[,] the global leader in gunfire detection and analysis, today announced that its National Gunfire Index revealed that gunfire incidents in Camden City for the first half of 2014 are down by 48.5 percent, compared to first half of 2013, where ShotSpotter was deployed during both periods.[1]

And in Kansas City, MO:

Newly released data from the makers of the ShotSpotter gunshot detection system indicates that gunfire has decreased significantly in Kansas City’s urban core over the last year.

 

 

The ShotSpotter system covers 3.55 square miles in Kansas City near the Troost MAX bus line. In comparing the first half of 2013 to the first half of 2014, gunfire incidents in those areas fell by 25.9 percent. That’s 55 fewer incidents. That keeps with the trend in 31 other cities across the United States and Caribbean that ShotSpotter serves: those cities averaged 25.9 percent fewer gunfire incidents, as well.[2]

Wow, those are amazing year-over-year crime reduction numbers! And the clear implication is that SpotShotter made this happen.

Let’s have a look at that data

An examination of ShotSpotter’s data and research methodology dispels any hope that it has a basis in legitimate science. There are several separate and false claims to be debunked.

False Claim 1 — Gunfire declined in SpotShotter cities from 2013 to 2014

Bizarrely, this most basic claim, the one politicians and media picked up on, is proved false (or unintelligible)  by  ShotSpotter’s own figures. These are summarized in a graphic[3]:

The researchers analyze their raw data (which consists of detected gunshots) in two ways, as total rounds fired, and as “incidents.” Gunfire “incidents” are never actually defined, nor are we told why this is a useful measure. As the graphic shows, incidents declined sharply in the 31 communities studied, while absolute rounds fired increased, and this 20.6% decline is what the the report touts on 7 of its 9 pages of content. The rounds-fired figure is mentioned on 3 pages.

The facts become murkier when we come to this baffling statement:

Rounds (bullets) fired per gunfire incident were up by 36%. On average, 3.2 rounds were fired per incident during the first half of 2014, up 10% from first half 2013 average of 2.9 rounds per incident.[4]

Now there are three different figures for rounds-fired:

• 14%
• 36%
• 10%

The supporting graphic (Web version[5]) both hides the high number and adds to the confusion with a whole new measure called “Total Number of Rounds Fired Per Incident” (emphasis ours). To see this, you have to mouse-over the bullet images, as shown in the following before-and-after versions:

Added confusion stems from the complete meaninglessness of “total rounds per incident” and how this relates to “average rounds.” 

ShotSpotter does provide some actual raw numbers[6] (more on that below) that supposedly back up its generalizations.

At least that clarifies which of the calculated numbers are real, such as the high “total-rounds-per” number that the report tried to hide and fails to explain, and which turns out to be the real figure for rounds-per-incident. The scale of the problem becomes clear in the following graph — created by Seattle Privacy Coalition, not ShotSpotter — which illustrates the public safety significance of ShotSpotter’s two measures (as we understand them):

This makes it pretty clear that the “incidents” measure is here to obscure the fact that gunfire increased by 36% in the 31 ShotSpotter communities during the the period of the study.  People dodging bullets don’t care how many people are firing at them. Yet these are the statistics that embolden SST President and CEO, Ralph A. Clark, to tell the Camden, NJ, newspaper:

“The gunfire index data is extremely encouraging and suggests what cities and their law enforcement agencies can accomplish with a comprehensive gun violence reduction effort focused on enhanced response and community engagement.”[7]

Or, as the Index itself puts it,

Gunfire incidents are down in almost every ShotSpotter Flex city. In the 31 communities that we were able to analyze both for 1H2013 and 1H2014, gunfire incidents were down in 28 of the 31 communities, or 90% of them.[8]

False Claim 2 — SpotShotter is responsible for reducing gun violence

Things look bad for ShotSpotter. Far from reducing gun violence, Its figures suggest it has aggravated gun violence in the communities where it is deployed. The only thing that saves it from that humiliating finding is the iron rule of statistics: correlation is not causation. ShotSpotter cannot actually be blamed for an increase in gun violence without controlled studies that rule out other factors that may be causing the increase. Furthermore, the sloppiness of the arithmetic and reasoning in the 2014 National Gunfire Index make us wary of actually trusting the figures presented. Without more data, there is no way to know how much damage ShotSpotter is or is not causing.

On the other hand, reliable independent crime statistics tell a story that is unhelpful to ShotSpotter’s case regardless of the soundness of the gunfire report data. The FBI’s uniform crime statistics document[9] a steady decline of all violent crime nationwide over the past 20 years:

This trend suggests that a decline of about 3% in the overall violent crime rate probably occurred between 2013 and 2014. Any claim that ShotSpotter reduces crime would have to take into account this background decline. It is troubling but not surprising that the study ignores this, since it is much more enjoyable to claim credit for whatever good is happening on your watch. Of course, that’s not science.

The most plausible inference to make in the face of the FBI’s figures is that ShotSpotter’s figures, showing a 36% increase in gunfire over the last year, are simply too aberrant to be trusted without confirmation by qualified researchers.

False Claim 3 —  ShotSpotter bases its claims on real-world data

ShotSpotter spends a lot of time in this report stressing its careful comparison of “apples-to-apples” data. Unfortunately, it appears that the researchers only got halfway through that research methods course. Even knowing the shoddiness of the National Gunfire Index‘s methodology and analysis, it comes as a surprise that ShotSpotter actually made up data to fill out gaps in its observed gunfire tracking. The note on methodology at the end of the Index explains how this worked in considerable detail (emphasis ours)[10]

So, in other words, up to 45% of any particular community’s data over a six month period was “imputed” by means of this process of “proration.”

That explains a lot.

Notes

[1] “ShotSpotter Index Measures a Large Decrease in Gun Violence.” www.camdencounty.com, October 8, 2014. http://www.camdencounty.com/county-news/shotspotter-index-measures-large-decrease-gun-violence. Accessed 2014/11/-21.

[2] “ShotSpotter Success: Gunfire down by 26 percent in Kansas City areas by ShotSpotter following transit-police partnership.” www.kcata.orgOct 13, 2014. http://www.kcata.org/news/spotshotter_success. Accessed 2014/11/21.

[3] “2014 National Gunfire Index.” [Web version.] http://www.shotspotter.com/1H2014NGI

[4] 2014 National Gunfire Index, p. 7. [PDF, 2014.]http://www.shotspotter.com/download-2014ebook. Also archived at https://www.seattleprivacy.org/wp-content/uploads/2014/11/ShotSpotter_2014NGI-eBook.pdf

[5] “2014 National Gunfire Index.” [Web version.] http://www.shotspotter.com/1H2014NGI

[6] 2014 National Gunfire Index, pp. 5, 7. [PDF, 2014.]http://www.shotspotter.com/download-2014ebook. Also archived at https://www.seattleprivacy.org/wp-content/uploads/2014/11/ShotSpotter_2014NGI-eBook.pdf

[7] “ShotSpotter Index Measures a Large Decrease in Gun Violence.” www.camdencounty.com, October 8, 2014. http://www.camdencounty.com/county-news/shotspotter-index-measures-large-decrease-gun-violence. Accessed 2014/11/-21.

[8] 2014 National Gunfire Index, p. 6. [PDF, 2014.]http://www.shotspotter.com/download-2014ebook. Also archived at https://www.seattleprivacy.org/wp-content/uploads/2014/11/ShotSpotter_2014NGI-eBook.pdf

[9] “FBI Uniform Crime Reports: Crime in the United States 2013: Table 1.” http://www.fbi.gov/about-us/cjis/ucr/crime-in-the-u.s/2013/crime-in-the-u.s.-2013/tables/1tabledatadecoverviewpdf/table_1_crime_in_the_united_states_by_volume_and_rate_per_100000_inhabitants_1994-2013.xls. Downloadable as a spreadsheet at http://www.fbi.gov/about-us/cjis/ucr/crime-in-the-u.s/2013/crime-in-the-u.s.-2013/tables/1tabledatadecoverviewpdf/table_1_crime_in_the_united_states_by_volume_and_rate_per_100000_inhabitants_1994-2013.xls/output.xls.

[10] 2014 National Gunfire Index, p. 10. [PDF, 2014.]http://www.shotspotter.com/download-2014ebook. Also archived at https://www.seattleprivacy.org/wp-content/uploads/2014/11/ShotSpotter_2014NGI-eBook.pdf

The post ShotSpotter makes up its gunfire data, but it STILL doesn’t make any sense appeared first on Seattle Privacy Coalition.

A few days before the Seattle City Council announced its precedent-setting privacy initiative, the year’s most anticipated documentary, Citizenfour, opened at the Uptown SIFF Cinema.  Laura Poitras’s third film about the post-9/11 American security state tells the story of Edward Snowden, the NSA whistle-blower who made “dragnet surveillance” a household term.

Seattle’s step toward privacy and accountability was well-covered in the local press and also made the leap to a couple of governance trade journals. Seattle Privacy made sure that Laura Poitras herself knew what had happened here at the same time that her film was drawing capacity crowds. She sent us congratulations:

It is fitting that Seattle is first to respond – it is the home of NSA
PRISM partners such as Microsoft, as well a strong community of people
building alternatives to dragnet surveillance. These alternatives, as
well as informing and engaging with the people of Seattle, are a step
toward regaining meaningful democratic oversight relating to security
and privacy in our country.

If not for Seattle, this history would be different.

 

When the Seattle Privacy Coalition came together in early 2013, the city’s political establishment issued us the tin-foil hats reserved for people who worry about government surveillance. The disgraced, federally supervised Seattle Police Department was so used to getting its way in technology matters that it shrugged off negative public reaction to the “port security” camera network. In talks with city officials, we provoked eye-rolls and knowing smirks by suggesting that the city should pass up federal grant money that paid for boondoggles such as police drones. [Note: See the update at the end of this post. It ain’t over.]

After Snowden, the complacency was gone. Little has changed at the national or state levels — the security agencies still run Congress and the White House, Boeing still dictates to Olympia. But locally, there is movement. DHS-funded spying and cops in tanks have become issues with names: Oakland, Ferguson. The city establishment’s dread of controversy now works in favor of privacy advocates. The security lobby will have a hard time influencing every petty municipality the way it influences the federal government.

An evolving model for political action emerges from Citizenfour. In a world where democracy and the press have ceased to function at the highest levels, we watch lone individuals making fateful choices grounded in their private experience. These precise moments of integrity contrast with farcically mediated global contexts: archival footage of NSA Director Keith Alexander and National Security Director James Clapper telling extravagant lies to Congress; a frantic scrum of boom-bearing reporters around Glenn Greenwald and his partner (and taking care to edit themselves out of the film they will broadcast); or the recurring apparition of Wolf Blitzer playing Wolf Blitzer. Always there is a strong implicit case for what it real and what is not, and where personal agency lies.

“There’ll be the breaking of the ancient western code / Your private life will suddenly explode.” — Leonard Cohen

Poitras, not Snowden, is the first example of this in Citizenfour. Out of the blue, Snowden sends her an encrypted email message, an event recreated on-screen as white text unspooling in the black void of a Linux computer terminal. Disembodied in this weirdly intimate environment, an as yet anonymous Snowden tells her he is a spy, that he has classified disclosures to make, that there is great danger, and that their joint government adversary can attempt one trillion password cracks per second. Her private decision to accept this mysterious challenge leads to the events of the movie.  When she later asks “Citizenfour” why he had chosen her, He tells her, “You chose yourself.”

Poitras next tells the story of NSA veteran William Binney.  After the end of the Cold War, he developed systems to automate the collection and analysis of telecommunications metadata. Originally, the targets were foreign, but shortly after 9/11, NSA turned Binney’s work into the basis of its new program of blanket domestic surveillance. His internal protests against NSA’s lawless, ineffective, and wasteful policies went nowhere, and he soon left the agency. After being raided at gun-point in 2007 during an FBI leak investigation (in which he was later cleared), Binney gained prominence as one of the most outspoken NSA whistle-blowers prior to Snowden.

The misguided raid on Binney was provoked in part by the revelations of Mark Klein, who is not actually in the movie, though we do see a hearing from one the lawsuits that resulted. Klein was a technician for AT&T who discovered that Room 641a at 611 Folsom Street  in San Francisco was an NSA diversion site for all of AT&T’s Internet and telephone traffic. Appalled by what amounted to a tap on the entire Internet, Klein took his story to the Los Angeles Times, which refused (under government pressure) to print it. He next took it to the New York Times, which also bowed to government pressure for a year before finally publishing it in 2005.

Seattle Privacy’s co-founder Jacob Appelbaum turns up twice in the film, once before and once after his NSA reporting forced him into Berlin exile. In one segment, he presses an Occupy Wall Street audience to consider whether they have been personally under surveillance, and lists ways it could have happened — not just by means of telephones, email, and the Web, but also credit cards, travel passes, etc. He calls them canaries in a coal mine who are experiencing what everybody will experience in the near future. (As Jacob likes to say, “My present is your future,” though he now thinks the future has pretty much arrived for everyone.) The personal experience entails the universal problem, and is the key to fighting it.

We also meet Ladar Levison, the [former] proprietor of the secure email service Lavabit. Its most famous customer: Edward Snowden. Levison built an encrypted mail service that collected no information on its users, and thus had nothing to give law enforcement even when subpoenaed. Unable to identify Snowden’s correspondents in the usual way by seizing metadata, the FBI  told Levison to give up Lavabit’s master SSL encryption keys, which would allow them to uncloak the entire Lavabit customer base secretly in real time. Levison instead shut down his business rather than betray his customers’ privacy. Try to imagine that in a corporatized setting where profit is paramount and ethical concerns are actionable in civil court.

In bare outline, Snowden’s own story is that he gave up his prior life and risked life imprisonment  (or worse) to expose the actions of NSA and its partners. Most will remember his principled if fatalistic rationale from the original June 2013 interview. In Citizenfour, Snowden’s anxiety and regret become palpable. He masters his fear and steps through the hotel room door into what may be the waiting arms of a hostile government. Though Snowden repeatedly downplays his role in leaking the documents — “I’m not the story” — his choice is the story.

At Seattle Privacy, we hope to change how citizens are treated by their local government and by the police. The recent good news notwithstanding, we will continue to push the City Council to follow through on its stated intentions. We don’t want the promised oversight structure to end up a dead letter like Ordinance 124142, another privacy “first” that was passed 18 months ago and never enforced. At stake is a role for Seattle as a national model of awakened democratic government. It took bold individuals to expose the corrupt surveillance state, and it will take a bold community to prove Laura Poitras right: “If not for Seattle, this history would be different.”

Update:

Even as I wrote and published this, the City Council threatened to reverted business-as-usual by planning a budget hearing for a ShotSpotter-type system. For information about the city’s past flirtation with outdoor audio surveillance (and some sleazy video of Seattle politics at its worst) see our ShotSpotter fact sheet. Rest assured we will communicate to our leaders what we think of their renewed interest in ShotSpotter.

The post “If not for Seattle, this history would be different” appeared first on Seattle Privacy Coalition.

This morning, Mayor Ed Murray and Seattle City Council members Mike O’Brien and Bruce Harrell boldly announced a new initiative[1] to begin to address the erosion of privacy in our society. Seattle is the first city in the nation to take such a proactive and farsighted step. The initiative will begin with a systematic review of the potential effects on personal privacy of all city programs and policies.

“This move will save Seattle taxpayers money by limiting spending on ideas like surveillance cameras or drones that later need to be scrapped.” -Adam Shostack

The Seattle privacy initiative comes two years after disclosures about Seattle Police Department’s acquisition of surveillance drones[2] and installation of a public surveillance camera network[3] drew public concern and protest. This debate merged with concerns about spying on political activists, unchecked use of facial-recognition technology, locational surveillance via automated license plate readers, and data sharing with private entities along with state and federal agencies.

The Seattle Privacy Coalition applauds Seattle’s leaders and legislators for their bold move to grapple with the difficult and vexing issue of protecting privacy while embracing technological innovation, and for their commitment to expanding civic involvement and bringing more voices to the table.[4]

“We hope that this effort will serve as a model for other municipal governments, and give heart to grassroots privacy advocates everywhere,” said Jan Bultmann, co-founder of SPC. “This development shows that even if our federal government is too paralyzed and beholden to corporate interests to act, we don’t have to sit back and watch our right to privacy evaporate. We can work with local governments who can still hear and respond to our voices.”

“This move by our city’s leadership is exciting,” said Christopher Sheats, Seattle resident and political activist. “It demonstrates that they’re listening to those whom they represent, and that community input is valued here in Seattle. The proposal to further implant privacy-strengthening processes in our city’s government is a refreshing reminder that civil liberties can be protected regardless of advancements in technology.”

“I am happy to see Seattle recognizing the importance of privacy to our citizens and residents,” said Adam Shostack, Seattle resident and author of Threat Modeling: Designing for Security. This move will save Seattle taxpayers money by limiting spending on ideas like surveillance cameras or drones that later need to be scrapped.”

“Meaningful transparency and accountability requires regular people’s fully informed civic involvement. I’m glad to see that the city of Seattle has heard the call and is committing itself to democratic action. This moment in Seattle is made possible because of the sacrifice and courage of the whistleblower Edward Snowden. It is exactly these kinds of changes all across America that he worked to create,” said Jacob Appelbaum, privacy journalist and co-founder of of Seattle Privacy Coalition.

THE PLAN IN BRIEF

2014

• Convene team of representatives from city departments to oversee creation and implementation of the privacy program.
• Appoint a Privacy Advisory Committee of academic and community leaders to develop privacy principles and advise the government team.

2015

• Develop privacy guidance documents to insure departmental awareness and compliance.
• Assess the current state of city compliance with the new policies.
• Remediate gaps in compliance.
• Establish an ongoing privacy oversight structure.

Seattle Privacy Coalition is a group of current and former Seattle residents that formed in April 2013 over a shared interest in transparency, accountability, and accuracy about the current state of privacy, security, and related issues. Our first project was to explore, document, and provide oversight relating to the Seattle Police Department’s surveillance camera network. Our mission is to urge and empower the City of Seattle to take advantage of Seattle’s leadership in technology and commitment to civil rights to lead the United States to restore and protect all people’s right to privacy.

[1] http://clerk.seattle.gov/~public/meetingrecords/2014/cbriefing20141103_3a.pdf

[2] http://westseattleblog.com/category/seattle-police-surveillance-cameras/

[3] http://westseattleblog.com/category/seattle-police-surveillance-cameras/

[4] https://www.seattleprivacy.org/mission/

The post Seattle Takes the Lead in Nationwide Surveillance vs. Privacy Debate appeared first on Seattle Privacy Coalition.

I recently noted that one of the wireless mesh nodes was transmitting, in contradiction of the City’s repeated assurances that the network was “turned off,” while I was attending a protest outside the King County courthouse in City Hall Park near 3rd Ave and Yesler Way. My post to Twitter caught the attention of the Seattle Police Department, who promptly shut off the node and posted a blog entry and tweeted about it. The following tweets appeared on Twitter that day, with much more commentary on the original post (which you can see if you click on the date stamp below.)

#SEAspy #MeshNet node is transmitting on “3rd&Yesler” and “TEST-WAP” SSIDs. @SeattlePrivacy @SeattlePD #rootsup2014 pic.twitter.com/Z0gHtp8Rrp

— lee⭐c (@sleepylemur) July 11, 2014

What we know about our node. http://t.co/PgeQFRqpkS #nodecomment

— Seattle Police Dept. (@SeattlePD) July 12, 2014

Seattle Police officer Sean Whitcomb’s reply on the SPD blotter makes a misleading claim, that “The rogue node, while producing a visible signal, was not being operated.” This isn’t only misleading because radio waves are invisible. They’re also not visible because the Service Set IDentifier (SSID or “network name”) of these mesh nodes gives no indication that they’re operated by the police department. It’s not the sort of thing that a nontechnical person would notice, even if they saw it listed on a computer or mobile device when they were trying to find a wireless network. It’s also misleading to claim that the node was “not being operated”.

The device may not have been switched on intentionally, it may not have seen any active traffic from SPD vehicles or those of other city departments while it was powered on and transmitting, but a claim that it wasn’t operating is the same category of the “non-operational” SPD cameras installed throughout the city. The glowing blue light indicates that power is applied to the cameras, just as the blinking orange and green lights indicate that mesh network nodes have power and some sort of activity. According to the Seattle Police’s definition of “operating”, these networked surveillance cameras aren’t “in use” because the digital video recording system to which they’re attached isn’t capturing any of their video feeds.

@sleepylemur @SeattleCouncil @SeattlePrivacy Lee, consider this “confirmed”. The cameras are not in use. sw — Seattle Police Dept. (@SeattlePD) September 11, 2013

However, as Mayor Murray opined in an interview on the matter, the cameras and their mesh network could be switched on if the City decided they were needed for some sort of emergency (the Boston Marathon bombing was mentioned, but any emergency could do). Now, this mayor may have no intention of using these cameras and Seattle’s current police force might not intend to use their mesh network to monitor the movements of every active WiFi and Bluetooth device in the city (see The Stranger’s article You Are A Rogue Device), but we’re a country of laws, not of men.

Seattle should revise its ordinance regarding the installation and use of surveillance equipment. We made recommendations to the city council regarding Ordinance 124142 in March and this matter still needs to be addressed.

The post Seattle’s operating surveillance ordinance still needs fixing appeared first on Seattle Privacy Coalition.

In bland technical language, we learn that the network has the following capabilities.

• It can limit logins to a list of approved users stored in a database.
• It can identify potential users based on username/password or hardware device IDs.
• It will keep detailed logs (time, duration, identity, etc.) of client connections.

However, these details raise questions that still have not been answered by the Seattle Police Department or any other city office.

• What happens if a random passerby with a laptop or cell phone attempts to “associate” with a city access point? The answer to this could have privacy and security implications for both parties.
• Wi-Fi devices broadcast uniquely identifiable radio beacons; does the city equipment record these beacons, or can it be configured to do so? Authorities in Chicago are planning just such a capability in a potentially intrusive Big Data collection scheme.
• How long will logs be kept, and who will have access to them? Will they be subject to public records requests?

These are questions that should have been asked and publicly debated at early stages of the planning process. They also quickly become issues of general policy: If data is collected, it will be used by any legal or illegal branch of government whose agents can pick up a phone. To protect privacy, don’t collect sensitive information in the first place.

Below is a link to the source documents, courtesy of Tacoma-based Infowars reporter Mikael Thalen, who discovered them on the Seattle.gov Web site:

http://www.scribd.com/doc/183600279/Port-Security-Video-Surveillance-System-with-Wireless-Mesh-Network-Seattle

Or download the document.

The post The sort of thing we are curious about… appeared first on Seattle Privacy Coalition.

ShotSpotter (SST, Inc.) Fact Sheet

But also: A SpotShotter Gallery

The company doesn’t like to reveal what their expensive and dubiously effective equipment looks like, so here’s a remedy for that!

(Source: http://www.milwaukeecriminallawyerblog.com/2014/01/bill-would-increase-funding-for-milwaukee-pds-shotspotter-program.shtml)

Watch out, bird. We are listening. And looking. And probably irradiating you. 

(Source: http://cedarposts.blogspot.com/2012/08/cmpds-shot-spotter-goes-live-in-uptown.html)

Whoa! This is a nice shot.

In the last three years, gunshot detection sensors in Newark went off 3,632 times, and 17 shooters were arrested on scene. But for more than half of the sensors in Newark, there is no accompanying camera for several blocks. That leaves officers with insufficient information to act. “So you might get a vehicle taking off, you might pick up somebody discharging a weapon,” Carpenter said. But catching the person who fired the weapon? “Very rare, because you would have to have cameras in every corner of the city in order for that to actually work.” It costs Newark taxpayers about $80,000 a year to maintain the current system. But critics argue the total cost is much more than that, given the way police respond when a detector goes off. Since 2010, 75 percent of the gunshot alerts have been false alarms. But police are often deployed to the location anyway, just in case there is a shooter.

(Source: http://cedarposts.blogspot.com/2012/08/cmpds-shot-spotter-goes-live-in-uptown.html)

The post ShotSpotter (SST, Inc.) Fact Sheet prepared for City of Seattle appeared first on Seattle Privacy Coalition.

At the 2:00 p.m. March 10, 2014, Seattle City Council meeting of the full council (agenda), public comment was received from five people regarding Council Bill 118043, which authorized federal funding for facial recognition software and the Washington State fusion center. Each person spoke in opposition to passage of the bill. Because public comment was, as is typical at City Council meetings, limited to 20 minutes, some people who wished to speak were not allowed to do so. After public comment, council members discussed the bill, then voted 7-1 to pass the bill, with Kshama Sawant casting the lone vote in opposition.

A complete video archive of the meeting is available from Seattle Channel for streaming and download. In attendance at the meeting were (in order from left to right as visible in the video) council members Sally Bagshaw, Bruce Harrell, Sally Clark, Tom Rasmussen, Tim Burgess, Jean Godden, Mike O’Brien, and Kshama Sawant.

Council Bill 118043 authorizes acceptance of a financial grant from U.S. Department of Homeland Security under the Urban Areas Security Initiative program, including about $1.2 million for Seattle Police Department, and ratifies and confirms any act made pursuant to the authority of the ordinance taken prior to the effective date of the ordinance. Intended uses of the DHS funding that have been disclosed to the public include purchase of facial recognition software for use by Seattle Police Department staff and further funding of the regional fusion center.

We are unaware of any way to link directly to a point in time in a video hosted by Seattle Channel, so we cached a portion of the video archive of yesterday’s meeting elsewhere.

Following is an index to relevant portions of that video:

• 06:42 Public comment: Scott Shock
• 08:41 Public comment: Lee Colleton
• 14:27 Public comment: Christopher Sheats
• 17:11 Public comment: David Robinson
• 19:19 Public comment: Phil Mocek
• 23:19 Introduction of item #1: Council Bill 118043
• 24:06 Councilmember Harrell
• 29:47 Councilmember Bagshaw
• 31:15 Councilmember Sawant
• 34:28 Councilmember Harrell
• 36:40 Councilmember Clark
• 40:55 Councilmember O’Brien
• 42:12 Councilmember Burgess
• 42:23 Rollcall vote

The post Video: City Council authorize federal funding for facial recognition and fusion center appeared first on Seattle Privacy Coalition.

We call on City Council to make the following improvements to Ordinance 124142, also known as “the operating surveillance equipment” ordinance, before the end of calendar year 2014.

• All protocols for use of surveillance equipment must be public.
• Any and all aspects–even secret ones–of surveillance performed by or commissioned by government agencies in Seattle must include automatic sunset provisions.
• All property used for communications interception wire rooms or other surveillance (e.g., rentals of houses, vans, etc.) must be accounted for in a budget. When properties are no longer used for such purpose, their addresses must be disclosed. Similarly, the surveillance-related purpose of other expenses must be disclosed after the necessarily-secret nature of their use concludes.
• The ongoing budget and expenses for surveillance activity funded by City of Seattle must be public during this entire time so that we, the people, can review these expenses and recognize if such activity has spiraled out of control relative to other city priorities.  The public must have the ability to determine if a general area has been under surveillance.

• All non-SPD contact (eg: FBI, TSA, ICE, SS, any part of DHS, etc) that request assistance, clearance, or notification of surveillance should be logged. Thus, if the FBI is performing a raid of say, your house, the local police don’t accidentally think it is a (different kind of) crime in progress. This already happens, the key is that the log should be audited and not just a matter of coordination.A requirement that any surveillance operations within Seattle must be logged with the Seattle police – thus, the FBI would be required to notify the SPD, even if only for their spying activity.
• All legal statutes must be cited *during* collection as to why the collection was undertaken in the first place.
• All electronic surveillance must be logged, including location, equipment type, legal justification and information on the officer(s) involved.
• All surveillance requests involving any non-SPD agency, company or private individual must be logged. For example, if SPD asks Google for data on Yoga Arts, that request must be logged.
• The ordinance should specify that all surveillance data or metadata is only for use with the SPD and is not for data sharing with WSIN, the State of Washington, any Federal agency or any other agency, company, or person without a specific court order.
• A log of all contact made with those under surveillance – that is – each time a person is under surveillance and the collection ends, the person should be notified and it should be logged. A lack of notification should also be logged. This information should become public record automatically and absolutely handed over during a Privacy Act Request (PAR) by the target of surveillance.
• If there was a sneak-and-peak warrantless search (eg: PATRIOT Act, Section 215) or a search conducted with a sealed warrant, this must be logged specifically as such. It should be logged with a third party that is not the SPD. We’re open to suggestions as to which party is a good one. It seems that the Mayor’s office is probably a reasonable first choice.
• If during the course of a surveillance operation, a person is in harm’s way and disclosure *could* expose the surveillance operation, the surveillance team has a *duty* to put public safety before secrecy of the specific operation. This is already the case with good Samaritan laws in most states – when we see a person in trouble, we are required by law to help. For better or worse, it should apply to law enforcement and intelligence agencies, even if it would otherwise harm the secrecy of the operation.

Enforcement

• Ordinance 124142 must be enforced, and penalties for violation must be specified.

The post How to fix Seattle’s operating surveillance ordinance appeared first on Seattle Privacy Coalition.

As Seattle City Light customers, we ask Seattle City Light (SCL) to create an advanced metering infrastructure policy that mandates that SCL obtain informed consumer consent before installing advanced metering devices (AKA “smart meters”) — that is, an opt-In policy.

The system should carry no financial disincentives for those customers who decide not to opt-in.  

In this blog:

• Threats to Privacy
• Potential Unintended Consequences
• Erosion of Public Trust
• Current Legal Landscape
• Gap Analysis of Federal and State Regulations
• Precedents that Support an Opt-in Model
• Conclusion

Threats to Privacy

Advanced metering technology poses a threat to individual privacy, as federally funded research shows. Government agencies including the Congressional Research Service¹, Department of Energy² and National Institute of Standards and Technology³, have written extensively about the specific threats to privacy generated by residential smart meters. Independent researchers have further documented the level of intimate detail that can be gathered from smart meter data, such as what customers are watching on television.⁴,⁵ 

Potential for Unintended Consequences

We are concerned that smart meters can now, or in the future, be misused to act as data collection devices which make previously private activities inside our dwellings subject to unauthorized official and criminal surveillance. We are concerned about such data being collected and stored in databases that may not be protected against warrantless searches, and may be managed by companies that have a history of profiting off of warrantless electronic surveillance.⁶ We are concerned about a lack of clarity regarding Constitutional protections for information collected by Seattle City Light that could be shared with city, state and federal law enforcement via the Seattle Shield Program⁷ and the Washington State Fusion Center.

Erosion of Public Trust

In the midst of the continuing Snowden revelations about government use of unregulated technology for warrantless electronic surveillance, public trust in the ability of elected officials and public institutions to adequately protect us is at a low point. We need laws and regulations to catch up with technology so that there are clearly defined privacy protections for smart meter data, and data collection and storage protocols that are based on established, relevant law, not just departmental policies. 

Current Legal Landscape

Legal experts acknowledge that our current federal laws and regulations don’t provide adequate smart meter data privacy protection. For example, the Federal Wiretap Act could allow a utility to give permission to law enforcement or a third party to intercept smart meter data without a warrant.⁸  The third party doctrine as it relates to utility records containing smart meter data has not yet been tested in the Supreme Court. The Stanford Technology Law review advises that “When confronted with a business record or other information held by a third party, the Court should ask whether the record, or the technology used to create the record, reveals information about activities taking place inside the home that otherwise would not be available absent a trespass into the home. The Court should further inquire as to whether the consumer has been able to exercise any real choice about whether to create such records…Under this test, information about in-home activities generated by advanced meters or sensors in a demand response system would be protected by the Fourth Amendment” and “law enforcement officials should be required to obtain a warrant before being given access to those records”.⁹

At the September 26, 2013 Foreign Intelligence Surveillance Court Review, Senator Mark Udall asked Deputy Attorney General James Cole for clarification on whether section 215 of the Patriot Act (the “business records” provision of the Foreign Intelligence Surveillance Act which allows records to be collected via secret general warrants issued with a diluted standard of probable cause and placing the recipient under gag order) can be used by the National Security Agency to collect business records including “utility bills”; Mr. Cole was unable to rule it out.¹⁰ 

Gap Analysis of Federal and State Privacy Protections

The US Supreme Court has asserted that “at the very core [of the Fourth Amendment] stands the right of a man to retreat into his own home and there be free from unreasonable government intrusion”.¹¹Our Washington State Constitution provides even more rigorous protection of privacy rights than those guaranteed by the Fourth Amendment. Unlike the Fourth Amendment, WA State Const. Article I Section 7 “clearly recognizes an individual’s right to privacy with no express limitations”¹² and states that “No person shall be disturbed in his private affairs, or his home invaded, without authority of law.”  Washington State has historically recognized that an individual has some level of protected privacy interest in power usage, but existing regulations on how law enforcement can access utility records are based on analog meter electrical consumption records collected monthly which are not able to reveal discrete information about a customer’s in-home activities. 

The current Revised Code of Washington (RCW 42.56.335) which regulates law enforcement access to utility records does not require a warrant, or a showing of probable cause, but instead only requires the weak standard of “reasonable belief” that the utility record will help establish that the customer committed a crime.  Advanced meter electrical consumption records can reveal discrete information and intimate details about a customer’s activities occurring within the confines of their home, including use of medical equipment, hours of occupancy, and more. These merit Constitutional protection requiring a warrant for law enforcement to access.

Our laws have not kept pace with changing technology, and we are at risk of violating constitutionally protected privacy rights. In 1994 State v. Young the WA Supreme Court recognized strict privacy protections regarding infrared as a device that discloses information about activities occurring within the confines of a home, and which a person is entitled to keep from disclosure absent a warrant.  An apt quote from the ruling:

“However, in construing Const. art. 1, § 7, we have resisted the uncertain protection which results from tying our right to privacy to the constantly changing state of technology. We recognize as technology races ahead with ever increasing speed, our subjective expectations of privacy may be unconsciously altered. Our right to privacy may be eroded without our awareness, much less our consent. We believe our legal right to privacy should reflect thoughtful and purposeful choices rather than simply mirror the current state of the commercial technology industry.”¹³  

We need the City of Seattle to step in and model privacy policies that reflect thoughtful and purposeful choices.

Precedents that support an opt-in policy

Other jurisdictions have heard customer concerns about smart meters including privacy and data security issues and have responded by creating opt-in policies. The Eugene Water and Electric Board (Oregon’s largest customer owned utility) voted unanimously on Oct. 1, 2013 to move forward with an advanced metering project that takes an opt-in approach that focuses on consumer choice.¹⁴ In 2012 the state of New Hampshire enacted a law which prohibits electric utilities from installing smart meter gateway devices without the property owner’s consent.¹⁵ Vermont now requires written notice before installing a smart meter, and prohibits fees for those customers who choose not to opt-in.¹⁶ Section 1252 of the United States Energy Policy Act of 2005 acknowledges consumer choice and supports an opt-in approach. There is a current bill in the Washington state legislature that will give additional statutory protection to smart meter data by adding it to the public records disclosure exemptions.¹⁷

Conclusion

Given the privacy risks of smart meters, consumers must be allowed to choose whether to accept these risks or avoid them by not opting-in to a smart meter.  In the absence of adequate state and federal legislation, we call upon the City of Seattle and Seattle City Light to enshrine the “Opt-in” model in law. The current plan for an opt-out presumes consent; which we argue is inadequate and potentially even unethical, because the technology of smart meters has gotten ahead of consumers as well as regulators. The opt-in model requires explicit, informed consent and encourages customers to be active participants in their utility decisions by allowing them to make an informed consumer choice after being educated about the benefits and risks of smart meters and the security of their information.  

The post Seattle City Light: Seattlites Need an Opt-In Policy for Smart Meters appeared first on Seattle Privacy Coalition.