November 19th, 2014 by yawnbox
In an attempt to bring together various privacy stakeholders in Seattle, particularly from the Muslim community, I attended my first Muslim, Sikh and Arab Advisory Council meeting looking for specific privacy cases to learn about. I later wrote to the Seattle Police Department with various questions and concerns. In light of the City of Seattle establishing a welcomed Privacy Initiative, it seems prudent to involve privacy stakeholders from various local and underrepresented communities.
Below is an email sent to a Seattle Police Department program manager regarding the the Muslim, Sikh and Arab Advisory Council to the Seattle Police Department on November 19th, 2014. The program manager, Maggie Olsen, promptly replied stating that my email had been forwarded to the Commander of the Community Outreach Section, Captain John Hayes. Jan and I have not yet received a reply.
Hello Maggie,
My name is Christopher Sheats, a concerned citizen of Seattle and a volunteer for the Seattle Privacy Coalition (SPC) (seattleprivacy.org).
My colleague Jan is CC'd, she is the SPC director. I'm writing with regard to the Muslim, Sikh and Arab (MSA) Advisory Council to the Seattle Police Department.
This email may be better directed to Detective Yanal Vwich, or possibly Chief Kathleen O'Toole. I attended my first MSA meeting on October 2nd, 2014. I advertised that the Citizens Technology and Telecommunications Advisory Board (CTTAB) was planning a privacy symposium to focus on the privacy impact to vulnerable populations in Seattle. The privacy symposium is supposed to happen next year, but I am not yet sure about details.
I also want Detective Yanal Vwich and the MSA to be aware that the City of Seattle is establishing a special, and likely permanent, privacy advisory board for the city. For more information about the new privacy
board:
CITY OF SEATTLE LAUNCHES DIGITAL PRIVACY INITIATIVE http://murray.seattle.gov/city-of-seattle-launches-digital-privacy-initiative/
Seattle Takes the Lead in Nationwide Surveillance vs. Privacy Debate /press-release-response-to-seattle-privacy-initiative/
Composition of City’s Privacy Advisory Board (written by Jan) /composition-of-citys-privacy-advisory-board/
I have several questions, please help where possible.
Q1- It appears that MSA and the East African Advisory Council's have been combined and that their meeting schedule has been severely reduced.
Why is that?
Q2- Given the privacy and trust implications of these vulnerable populations, I was surprised to learn that these meetings were being held at a government facility. I know that this has a negative impact on attendance. Why can't it be changed to a community center, with more access to bus routes?
NSA Surveillance Chilling Effects: HRW and ACLU Gather More Evidence https://www.eff.org/deeplinks/2014/07/nsa-surveillance-chilling-effects
Q3- Would't it be prudent to have a member of the Muslim community to be directly involved with the Seattle Privacy Advisory Board?
Latest Snowden Leaks: FBI Targeted Muslim-American Lawyers http://www.wired.com/2014/07/snowden-leaks/
One of the attendees bluntly accused that the FBI was spying on people in his community. The FBI attendee blatantly lied in response--given the Snowden revelations that go into specific proof that says otherwise. The Seattle City Council, the Seattle Police Department, local FBI offices, and the City's IT Dept all share the responsibility in gaining trust though cooperation and privacy enhancements.
Having gone to just one MSA meeting, I was almost overwhelmed with the amount of distrust between attending members of vulnerable populations and the various US Gov attendees. As an empathetic white male, it was uncomfortable.
On behalf of the Seattle Privacy Coalition, I would like to assist wherever possible to help bridge this divide, regarding trust through privacy. Please share the following information to the respective Advisory Councils where appropriate. It would also be great to get members of MSA involved with our citizen group (Seattle Privacy Coalition) for greater diversity:
Send an empty email to the following address to be put on our announce
list:
[email protected]
Seattle Privacy Coalition can be contacted directly:
[email protected]
I can be contacted directly, and I have a public PGP key available:
[email protected]
7DFF 4EE5 1C63 9060 C9C9
A48A BEAF 1420 523A EB46
If any of you would like help setting up your own PGP key-pair so that people can securely contact you, or an alternative secure chat application, please let me know.
Lastly, with your permission, I'd like to publish any or all responses to our blog, SeattlePrivacy.org, so that the public can be further educated about these ongoing issues.
Cheers
Christopher Sheats
citizen
November 14th, 2014 by David Robinson
Laura Poitras’s Citizenfour reminds us that courage is local
A few days before the Seattle City Council announced its precedent-setting privacy initiative, the year’s most anticipated documentary, Citizenfour, opened at the Uptown SIFF Cinema. Laura Poitras’s third film about the post-9/11 American security state tells the story of Edward Snowden, the NSA whistle-blower who made “dragnet surveillance” a household term.
Seattle’s step toward privacy and accountability was well-covered in the local press and also made the leap to a couple of governance trade journals. Seattle Privacy made sure that Laura Poitras herself knew what had happened here at the same time that her film was drawing capacity crowds. She sent us congratulations:
It is fitting that Seattle is first to respond – it is the home of NSA
PRISM partners such as Microsoft, as well a strong community of people
building alternatives to dragnet surveillance. These alternatives, as
well as informing and engaging with the people of Seattle, are a step
toward regaining meaningful democratic oversight relating to security
and privacy in our country.
If not for Seattle, this history would be different.
When the Seattle Privacy Coalition came together in early 2013, the city’s political establishment issued us the tin-foil hats reserved for people who worry about government surveillance. The disgraced, federally supervised Seattle Police Department was so used to getting its way in technology matters that it shrugged off negative public reaction to the “port security” camera network. In talks with city officials, we provoked eye-rolls and knowing smirks by suggesting that the city should pass up federal grant money that paid for boondoggles such as police drones. [Note: See the update at the end of this post. It ain’t over.]
After Snowden, the complacency was gone. Little has changed at the national or state levels — the security agencies still run Congress and the White House, Boeing still dictates to Olympia. But locally, there is movement. DHS-funded spying and cops in tanks have become issues with names: Oakland, Ferguson. The city establishment’s dread of controversy now works in favor of privacy advocates. The security lobby will have a hard time influencing every petty municipality the way it influences the federal government.
An evolving model for political action emerges from Citizenfour. In a world where democracy and the press have ceased to function at the highest levels, we watch lone individuals making fateful choices grounded in their private experience. These precise moments of integrity contrast with farcically mediated global contexts: archival footage of NSA Director Keith Alexander and National Security Director James Clapper telling extravagant lies to Congress; a frantic scrum of boom-bearing reporters around Glenn Greenwald and his partner (and taking care to edit themselves out of the film they will broadcast); or the recurring apparition of Wolf Blitzer playing Wolf Blitzer. Always there is a strong implicit case for what it real and what is not, and where personal agency lies.
“There’ll be the breaking of the ancient western code / Your private life will suddenly explode.” — Leonard Cohen
Poitras, not Snowden, is the first example of this in Citizenfour. Out of the blue, Snowden sends her an encrypted email message, an event recreated on-screen as white text unspooling in the black void of a Linux computer terminal. Disembodied in this weirdly intimate environment, an as yet anonymous Snowden tells her he is a spy, that he has classified disclosures to make, that there is great danger, and that their joint government adversary can attempt one trillion password cracks per second. Her private decision to accept this mysterious challenge leads to the events of the movie. When she later asks “Citizenfour” why he had chosen her, He tells her, “You chose yourself.”
Poitras next tells the story of NSA veteran William Binney. After the end of the Cold War, he developed systems to automate the collection and analysis of telecommunications metadata. Originally, the targets were foreign, but shortly after 9/11, NSA turned Binney’s work into the basis of its new program of blanket domestic surveillance. His internal protests against NSA’s lawless, ineffective, and wasteful policies went nowhere, and he soon left the agency. After being raided at gun-point in 2007 during an FBI leak investigation (in which he was later cleared), Binney gained prominence as one of the most outspoken NSA whistle-blowers prior to Snowden.
The misguided raid on Binney was provoked in part by the revelations of Mark Klein, who is not actually in the movie, though we do see a hearing from one the lawsuits that resulted. Klein was a technician for AT&T who discovered that Room 641a at 611 Folsom Street in San Francisco was an NSA diversion site for all of AT&T’s Internet and telephone traffic. Appalled by what amounted to a tap on the entire Internet, Klein took his story to the Los Angeles Times, which refused (under government pressure) to print it. He next took it to the New York Times, which also bowed to government pressure for a year before finally publishing it in 2005.
Seattle Privacy’s co-founder Jacob Appelbaum turns up twice in the film, once before and once after his NSA reporting forced him into Berlin exile. In one segment, he presses an Occupy Wall Street audience to consider whether they have been personally under surveillance, and lists ways it could have happened — not just by means of telephones, email, and the Web, but also credit cards, travel passes, etc. He calls them canaries in a coal mine who are experiencing what everybody will experience in the near future. (As Jacob likes to say, “My present is your future,” though he now thinks the future has pretty much arrived for everyone.) The personal experience entails the universal problem, and is the key to fighting it.
We also meet Ladar Levison, the [former] proprietor of the secure email service Lavabit. Its most famous customer: Edward Snowden. Levison built an encrypted mail service that collected no information on its users, and thus had nothing to give law enforcement even when subpoenaed. Unable to identify Snowden’s correspondents in the usual way by seizing metadata, the FBI told Levison to give up Lavabit’s master SSL encryption keys, which would allow them to uncloak the entire Lavabit customer base secretly in real time. Levison instead shut down his business rather than betray his customers’ privacy. Try to imagine that in a corporatized setting where profit is paramount and ethical concerns are actionable in civil court.
In bare outline, Snowden’s own story is that he gave up his prior life and risked life imprisonment (or worse) to expose the actions of NSA and its partners. Most will remember his principled if fatalistic rationale from the original June 2013 interview. In Citizenfour, Snowden’s anxiety and regret become palpable. He masters his fear and steps through the hotel room door into what may be the waiting arms of a hostile government. Though Snowden repeatedly downplays his role in leaking the documents — “I’m not the story” — his choice is the story.
At Seattle Privacy, we hope to change how citizens are treated by their local government and by the police. The recent good news notwithstanding, we will continue to push the City Council to follow through on its stated intentions. We don’t want the promised oversight structure to end up a dead letter like Ordinance 124142, another privacy “first” that was passed 18 months ago and never enforced. At stake is a role for Seattle as a national model of awakened democratic government. It took bold individuals to expose the corrupt surveillance state, and it will take a bold community to prove Laura Poitras right: “If not for Seattle, this history would be different.”
Update:
Even as I wrote and published this, the City Council threatened to reverted business-as-usual by planning a budget hearing for a ShotSpotter-type system. For information about the city’s past flirtation with outdoor audio surveillance (and some sleazy video of Seattle politics at its worst) see our ShotSpotter fact sheet. Rest assured we will communicate to our leaders what we think of their renewed interest in ShotSpotter.
November 3rd, 2014 by David Robinson
People all over Seattle, the United States, and the world continue to be shocked by seemingly endless revelations of warrantless surveillance, frustrated by demands that we give up ever more privacy, and outraged at being disenfranchised by the chilling effects of having our every word, association, and move tracked.
This morning, Mayor Ed Murray and Seattle City Council members Mike O’Brien and Bruce Harrell boldly announced a new initiative[1] to begin to address the erosion of privacy in our society. Seattle is the first city in the nation to take such a proactive and farsighted step. The initiative will begin with a systematic review of the potential effects on personal privacy of all city programs and policies.
“This move will save Seattle taxpayers money by limiting spending on ideas like surveillance cameras or drones that later need to be scrapped.” -Adam Shostack
The Seattle privacy initiative comes two years after disclosures about Seattle Police Department’s acquisition of surveillance drones[2] and installation of a public surveillance camera network[3] drew public concern and protest. This debate merged with concerns about spying on political activists, unchecked use of facial-recognition technology, locational surveillance via automated license plate readers, and data sharing with private entities along with state and federal agencies.
The Seattle Privacy Coalition applauds Seattle’s leaders and legislators for their bold move to grapple with the difficult and vexing issue of protecting privacy while embracing technological innovation, and for their commitment to expanding civic involvement and bringing more voices to the table.[4]
“We hope that this effort will serve as a model for other municipal governments, and give heart to grassroots privacy advocates everywhere,” said Jan Bultmann, co-founder of SPC. “This development shows that even if our federal government is too paralyzed and beholden to corporate interests to act, we don’t have to sit back and watch our right to privacy evaporate. We can work with local governments who can still hear and respond to our voices.”
“This move by our city’s leadership is exciting,” said Christopher Sheats, Seattle resident and political activist. “It demonstrates that they’re listening to those whom they represent, and that community input is valued here in Seattle. The proposal to further implant privacy-strengthening processes in our city’s government is a refreshing reminder that civil liberties can be protected regardless of advancements in technology.”
“I am happy to see Seattle recognizing the importance of privacy to our citizens and residents,” said Adam Shostack, Seattle resident and author of Threat Modeling: Designing for Security. This move will save Seattle taxpayers money by limiting spending on ideas like surveillance cameras or drones that later need to be scrapped.”
“Meaningful transparency and accountability requires regular people’s fully informed civic involvement. I’m glad to see that the city of Seattle has heard the call and is committing itself to democratic action. This moment in Seattle is made possible because of the sacrifice and courage of the whistleblower Edward Snowden. It is exactly these kinds of changes all across America that he worked to create,” said Jacob Appelbaum, privacy journalist and co-founder of of Seattle Privacy Coalition.
THE PLAN IN BRIEF
2014
- Convene team of representatives from city departments to oversee creation and implementation of the privacy program.
- Appoint a Privacy Advisory Committee of academic and community leaders to develop privacy principles and advise the government team.
2015
- Develop privacy guidance documents to insure departmental awareness and compliance.
- Assess the current state of city compliance with the new policies.
- Remediate gaps in compliance.
- Establish an ongoing privacy oversight structure.
Seattle Privacy Coalition is a group of current and former Seattle residents that formed in April 2013 over a shared interest in transparency, accountability, and accuracy about the current state of privacy, security, and related issues. Our first project was to explore, document, and provide oversight relating to the Seattle Police Department’s surveillance camera network. Our mission is to urge and empower the City of Seattle to take advantage of Seattle’s leadership in technology and commitment to civil rights to lead the United States to restore and protect all people’s right to privacy.
[1] http://clerk.seattle.gov/~public/meetingrecords/2014/cbriefing20141103_3a.pdf
[2] http://westseattleblog.com/category/seattle-police-surveillance-cameras/
[3] http://westseattleblog.com/category/seattle-police-surveillance-cameras/
[4] /mission/
August 5th, 2014 by David Robinson
Seattle Privacy Coalition hits it big in the Seattle Times. In the paper edition, we are on Page One above the fold! Click the screen shot to see the original article.
July 9th, 2014 by David Robinson
As Seattle Privacy discusses the need for privacy oversight in City Hall, we are interested in both the big policy and governance questions and in the technical details of privacy-sensitive technology. Here is an example of the latter, drawn from city paperwork involving Cascade Networks, Inc., the contractor that installed the police surveillance cameras and mesh radio network in 2012-2013. The radios that make up the mesh network are basically tricked-out, weather-proofed versions of normal Wi-Fi access points. Before the city “turned off” the radios last year, each of them was broadcasting a network ID that you could have seen on your laptop or cell phone alongside Starbucks or the name of your home wireless router. The specs for the project included requirements about network access and logging:
In bland technical language, we learn that the network has the following capabilities.
- It can limit logins to a list of approved users stored in a database.
- It can identify potential users based on username/password or hardware device IDs.
- It will keep detailed logs (time, duration, identity, etc.) of client connections.
However, these details raise questions that still have not been answered by the Seattle Police Department or any other city office.
- What happens if a random passerby with a laptop or cell phone attempts to “associate” with a city access point? The answer to this could have privacy and security implications for both parties.
- Wi-Fi devices broadcast uniquely identifiable radio beacons; does the city equipment record these beacons, or can it be configured to do so? Authorities in Chicago are planning just such a capability in a potentially intrusive Big Data collection scheme.
- How long will logs be kept, and who will have access to them? Will they be subject to public records requests?
These are questions that should have been asked and publicly debated at early stages of the planning process. They also quickly become issues of general policy: If data is collected, it will be used by any legal or illegal branch of government whose agents can pick up a phone. To protect privacy, don’t collect sensitive information in the first place.
Below is a link to the source documents, courtesy of Tacoma-based Infowars reporter Mikael Thalen, who discovered them on the Seattle.gov Web site:
http://www.scribd.com/doc/183600279/Port-Security-Video-Surveillance-System-with-Wireless-Mesh-Network-Seattle
Or download the document.