TA3M Seattle Monday July 17 2017

Greetings!

Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and activists who are interested in censorship, surveillance, and open technology. Currently, TA3M are held in various cities throughout the world, with many more launching in the near future. In Seattle, thanks to a special donor, there will be free pizza!

When: Monday, July 17, 2017, 6:30 – 9:00 PM
Where: Tor Office, Pioneer, Square https://goo.gl/maps/aun6E4r4s5E2 80 S. Washington st. Suite 203 Seattle
WA, 98194


Pump.io by AJ (7pm)

Pump.io is a promising project to create a federated social network – think email, where you can have multiple providers that all work together, but for social networking. It stagnated for a while, but the project has recently completed the transfer of governance and code maintenance to the community. This presentation will talk about pump.io’s history (right up to its newly-created community governance), its API, and why it’s pretty freakin’ neat. We’ll end with the work that’s gone out the door in recent releases, the work that remains, and how you can (should?) get involved. Attendees will walk out with an understanding of the historical context behind pump.io, an understanding of how the software works on a technical level, and how it fits into wider social web efforts. No prior knowledge necessary, although a basic familiarity with JSON and HTTP will help.

AJ is a core developer of the Pump.io reference implementation.


Lightning Talks (8pm)

Sign up to give a Lightning Talks by emailing the list. Feel free ask questions of the list too!

Talks:

  • Paul English – Why & How to use 2 Factor Authentication

 


Join the email list!

https://lists.ghserv.net/mailman/listinfo/ta3m-seattle


We’re on Twitter!

To best support the global TA3M meetup, please tweet using the #TA3M hashtag.

@TA3Mseattle
@SeattlePrivacy
@TechnoActivism

Introducing Threat Modeling for Seattlites

In May, one of our board members, Adam Shostack, author of Threat Modeling, Designing for Security, issued a challenge to the Seattle Privacy Coalition discussion list:

“I would like to ask Seattle Privacy to think about privacy more holistically: What threats exist? How are we, as residents and citizens, tracked, monitored, or analyzed throughout the day?”

Adam said something I think we all know: there are so many ways that data is gathered on any one of us at any given time, it’s hard for us to wrap our heads around it, much less muster defenses.

He asked us to take the tool well-known to technical experts, threat modeling, and apply it to ourselves and our fellow Seattle residents. Another board member,  Number Six, rose to the challenge, and “Threat modeling for Seattlites” was underway.

Four questions to start with

At our first meeting at Delridge Public Library, Adam got us started by making a chart on a whiteboard with the following columns across the top. Then we proceeded through an imaginary day:

  • What are you doing? (The task you want to accomplish, and what information is involved.)
  • What can go wrong? (How might your personal information be gathered in ways that are bad.)
  • What are your possible defenses? (Are there alternatives you can use to avoid the risk?)
  • What are the costs of your alternatives?

We brainstormed “A Day in the Life of a Seattlite” for three hours. The result was an epic spreadsheet.

 

 

 

 

 

 

 

 

Somewhat absurdly, with our fitbits, phone-based alarm clocks, CPAP machines, instructions to Alexa, Siri, Google Home, or whoever, and our social media time, it took us an hour to list the potentially gathered data before we would even leave our imaginary homes to start the day.

Define “required”

As we worked through the day, encountering various aspects of the internet of things both private and publicly owned, it emerged that we needed another column. Is the task, and the corresponding use of the technology, required or optional?

For example, it’s easy enough to use a cheap old-fashioned non-connected scale to weigh yourself in the morning, instead of an internet-connected device. Or is it? What if your health insurance requires that you transmit this data to keep your policy? Or, what if you can get a lower premium if you opt to transmit the information?

This means that we need to characterize the data collection: is it easy to avoid? Required by law? Easy to avoid if you’re rich?  (In particular, we don’t want to fall into the trap of treating ‘opt-in/opt-out’ as if it’s a
reasonable and nuanced thing.)

It also became clear that who was collecting data needed categorization. We settled with three categories for starters:

  • Government
  • Employer
  • Third-party

A few surprises

I learned a few tidbits during this process that were new to me, although I’ve been tracking privacy issues for a few years now. For example, I learned that some types of car insurance offer usage- or behavior-based policies, in which your driving habits, such as rate of acceleration or speed relative to speed limit, are captured and evaluated to adjust the cost of your policy. Perhaps this is also already happening, I don’t know, but one person had read recently that insurers were considering sending along tips to drivers about how they might improve their driving (and thus lower their premiums).

I also learned that it is already not-uncommon for insurers to insist upon the use of connected CPAP machines or blood sugar monitors, to ensure that the insured is actually using the care paid for. Doctors can also remotely check the status of these devices.

Building out the model

In our second meeting, in July, we began thinking about what we needed to do next. Our data set was fairly messed up, because we hadn’t made any effort to normalize it while brainstorming, and we knew we’d captured only those tasks and data-gathering technologies that those of us in the room knew about. We knew we needed to run our data by many more people before we could consider it complete.

We also started thinking about ways to communicate the information we were gathering. We thought about ways to graph “effort against hurdles,” such as:

  • x,y, where x is task and y is Legal Requirement | Benefit | Cost to Avoid | Effort
  • Pie charts, where size represents total effort.
  • Stoplight charts that could indicate relative risk, and allow people to drill into details if they want them.

We concluded that we definitely wanted to make our data free for others to use and easily available to incorporate into presentations of all kinds.

(Here is a downloadable version of our first very rough cut at the data. Much more to do, and we’ll set it up for proper use when we’re farther along. Threat Model grid v3.)

Trying a walkthrough

We decided to try to walk through fleshing out one example. We selected “Commute.”

An area that we struggled with was how to define when we had enough information to be useful to share with others. This sort segued into discussion about the right level of modeling versus detail. That’s an open issue. Here are the steps we followed just to get something down that we could respond to:

  1. Choose category: commute.
  2. Identify Methods of commute.
  3. List data-gathering technologies.
  4. List potential defenses.
  5. List cost of defenses.
Method Tech that gathers data Defense Cost of defense
Walk Camera (Mounted)

Camera (Mobile)

Microphone

SmartApp

Meshnet

RF

Threats: cameras, microphones, smart apps,

Cell

Wi-Fi

RFID/NFC/Bluetooth

Do nothing

Clothing

Avoid officers and known cameras

Stay home

Turn off devices

Airplane mode

Farraday pouch

Policy

Join SPC and advocate

Privacy loss

Social stigma (tinfoil hat)

Financial

Time

Backlash unintended consequences

Stress

Loss of convenience of device

Watchdogging

Meetings

Drive own car
Bike
Carshare
Ride corporate bus

Next steps

Obviously, we still have a lot of work to do. Here’s how we plan to do it:

  • We will meet again in August to finish the commute example, so that we have something substantial to share with reviewers. Watch twitter for an announcement; it will be in Delridge again.
  • We’ll present a prototype for feedback to Seattle-TA3M in October and ask for volunteers to help us continue fleshing out the data set.
  • We’ll reach out for help finding under-represented communities who can supplement our data set and help us understand what kinds of building blocks would make it useful for scenarios we might not have thought of.
  • Finally, we’ll identify ways that our information about the total cost of privacy invasions can be used to help educate policy makers, technologists, and individuals.

This project is fun and fascinating. If you are in the Seattle area and are interested in participating, please do join us for our next meeting in August. We also welcome ideas about how our data set might best be used.

Here’s a template for universal video surveillance, but at least it’s GREEN!

Isn’t this a lovely logo with a lovely message? Silicon and chlorophyll, kissed by the sun in a circle of life….

But the solar lighting company Sun-In-One has more to offer than just lighting. It also offers street lamp modules with motion detection, video surveillance, and mesh networking. Now cities can light roadways and record every movement of their citizens — all in one, convenient, extensible package. Image analysis software included!

Attention Seattle Police Department: Get those facial recognition databases ready.

Attention Seattle City Light: The ATF won’t have to work through you anymore to put up illegal cameras.

Read the product brochure for details.

Proposal: Overhaul Surveillance Ordinance as Data Collection, Retention and Sharing Ordinance

By Jan Bultmann and Christopher Sheats

 

Our city has committed to protecting immigrants, refugees, and the many thousands of other vulnerable populations. We argue that this is not possible without strong privacy oversight, safeguards, and enforcement. The local privacy community urges Seattle’s leadership to set aside for the moment the discussion of our Surveillance Ordinance and any amendments to it, and instead to develop an ordinance that holistically addresses the government’s role in data collection, retention, and sharing.

Why pause now? The ACLU of Washington has proposed a stronger version of the existing bill, which has been watered down by multiple revisions that remove the many critical elements including independent oversight, auditing, reporting, and enforcement requirements. But even with the ACLU’s original, stronger proposal, the foundation of the bill is inadequate.

We now live in a very different environment than when the Surveillance Ordinance was first crafted, although it has only been 3 years. This legislation was drafted in response to the public outcry that accompanied the Seattle Police Department’s acquisition of drones without public knowledge. Council chambers were repeatedly packed with demonstrators. After having wasted $82,000 dollars, the drones were ultimately decommissioned. The Surveillance Ordinance was successful to meet that immediate challenge.

Now we promise vulnerable people that we are a sanctuary city that will defend their human rights. We are literally in the crosshairs of a hostile federal government, one that has been shown to disregard local regulations and make backroom deals with city agencies. For example, putting cameras on City Light poles in direct violation of our existing surveillance law, putting nothing in writing, and further, evading any form of FOIA or PDR process.

“As a sanctuary city we have a greater obligation to protect private citizens.” — Kshama Sawant

We have autonomous cars coming, including wireless car to car technology, wireless car to infrastructure technology, and the lobbyists that come with them. We have facial recognition technologies coming and the lobbyists that come with them. We will be seeing the largest developments of these technologies within President Trump’s term.

Seattle’s Race and Social Justice Initiative clearly states:

By 2017, the City of Seattle will work with community-based organizations to support the movement to end structural racism.

We can tell you that the City has not asked the Seattle Privacy Coalition for input on how we might accomplish this, and we are well into 2017. Further, CTAB-Privacy has not been asked for input on these amendments by the Council. How can Seattle’s Surveillance Ordinance go on to exempt technologies designed and purchased for surveillance? Do black lives really matter to Seattle when data collection, retention, and sharing technologies are historically and routinely purchased in the name of defense but used offensively?

If we do not hold ourselves accountable, a government for the people, how are we going to ethically govern the use of these technologies when they are funded, deployed, and managed by third parties? How is Seattle going to defend our human rights if we have a “surveillance ordinance” that is not adequate for the complexity of a major municipality? Common sense demands that we broaden the scope to include all forms of data collection, retention, and sharing. This would eliminate splitting hairs on terms that exclude any technology not specifically purchased to support law enforcement.

The Electronic Frontier Foundation is a legal digital rights organization that maintains an umbrella grassroots organization called Electronic Frontier Alliance. Last week we discussed surveillance ordinances under development in more than 11 municipalities across the United States. The Seattle Washington ordinance was cited as being “well-intended but weak” whereas the Oakland California legislation was cited as effective because their draft legislation includes provisions for independent oversight that are fundamental to all controls, auditing and reporting requirements, and enforcement options such as the public’s right to sue for privacy harms. We strongly advise that Council review the Oakland California ordinance.

The Seattle ordinance MUST include oversight, auditing, reporting, and enforcement, and it cannot be limited to a false notion of what is or it not for surveillance. Without these fundamental changes, we are a sanctuary city in name only. With federal access to municipal databases unmonitored, unchecked, and unreported, anyone who makes use of a city service is vulnerable. When privacy is by design and policies are made to support the most vulnerable in our city, we, in effect, defend everyone’s human rights.

As defined by Seattle’s Privacy Program, we have a Privacy Review Process (PDF) that we can leverage for all forms of data collection. All forms, because there cannot be a lack of transparency and accountability. This must be baked into a Data Collection, Retention and Sharing Ordinance. Every act by the City that takes in information should have a corresponding unique identifier that must be published so that anyone can learn more about the data being collected, what it is being used for, and who is responsible for it. This will build trust. In line with Councilmember Sawant’s wishes to pull down foreign cameras from City utility poles, people have the right to be informed about what their government is collecting about them and their community. We should have the ability to learn about and to respond to our government in constructive ways. With the City’s drive for increasing open data and community engagement, why haven’t we started doing this yet?

Privacy is at risk from always-on microphones, cameras, smartphones, smart meters, automobiles, internet assistants like Alexa, Siri, Echo, and Cortona, Internet connected children’s toys, home appliances, and so many other things that have yet to even be invented. The city of Seattle cannot protect people today from predatory corporate data exploitation. We can, however, model what a human-rights respecting privacy policy looks like. And we must.

Please do not pass the watered-down Surveillance Ordinance rewrite into law because it will cause more harm than good. Instead, we urge the City Council to reach out to local community organizations such as the Seattle Privacy Coalition, Electronic Rights Rainier, and the body that the City Council assembled to advise them on technical issues, the Community Technology Advisory Board, to create a bill we can all be proud of.

If We Care For Survivors, Surveillance Technologies Must Be Heavily Regulated

By Christopher Sheats

 

In Seattle tomorrow, City Council will be discussing Surveillance Ordinance amendments originally proposed by ACLU of Washington and watered down by the council. The Surveillance Ordinance would be incredibly deficient if we passed these amendments. Of primary concern, there are multiple exemptions that are *crazy* if you were to juxtapose a United Nations privacy report.

Surveillance technology does not include:

(a) technology used to collect data from individuals who knowingly and voluntarily consent to provide, or who do not avail themselves of an opportunity to opt out of providing, such data for use by a City department;

(b) social media sites or news monitoring and news alert services;

(c) a body-worn camera;

(d) a camera installed in or on a police vehicle;

(e) a camera installed in or on any vehicle or along a public right-of-way used to record traffic patterns or traffic violations or to otherwise operate the transportation system safely and efficiently, including in any public right-of-way;

(f) a camera installed on City property for security purposes;

(g) a camera installed solely to protect the physical integrity of City infrastructure, such as Seattle Public Utilities reservoirs; and

(h) routine patches, firmware and software updates, and hardware lifecycle replacements.

In February, I spoke along side ACLU of Washington lawyers, University of Washington lawyers, and a domestic violence survivor at a public hearing in our state capitol to support an ACLU bill limiting Automatic Licence Plate Readers. Domestic violence survivors’ privacy, specifically their physical location privacy, is paramount to them and their families. Further, many survivors are victims to police men and women, making this under-served population a critical voice in discussions concerning surveillance technologies. At the hearing, A women with incredible courage showed up to educate the committee about her and the other 5,000+ Address Confidentiality Program participants. With permission, below is her testimony.

As content on our website is licensed using Creative Commons, please feel free to use share her testimony to further privacy rights.

Madame Chair, and members of the committee,

I am here today to discuss a part of my life so terrifying that, at times, I have actually contemplated writing a horror movie script.

Please forgive me, but by the end, it will make sense to today’s hearing.

I am here as a participant in the Washington State Address Confidentiality Program, ACP for short.

You will never understand, nor will I ever be able to convey the fear and torment that one individual can deliver. His words are still etched in my mind: “No woman is going to tell me, a man, what to do.” When trying to end a relationship, what I got in return was physical abuse and psychological terror. I would see him outside my home, my work, at my children’s school or stalking me in my rear-view mirror.

At times, he would convey to me each and every way or place he could have killed me that day.

I discovered that he had made duplicate keys of both my home and my car. Changing door locks didn’t matter. He still got inside. He was letting me know that he was in control.

My oldest son and I would eventually bobby trap our doors when we left, to more easily determine if he might be inside when we returned.

And though time, our much-loved pet cats disappeared one by one.

I lived through death and kidnapping threats to my children’s lives. I feared for my own life.

And in utter, desperate fear one night, I called a helpline, told them of my situation, and was advised to leave the state immediately. I did. On their advice, I gave my house keys to a friend, told nobody where I was going, put my kids and some clothes in my car, and drove to a state where I was offered protection.

I thank you so very much WA for the ACP. I no longer have to be afraid. It took me months but I no longer have to fear looking in my rear-view mirror.

This is hopefully the end of my desperate story.

But now, I want you to clearly understand one implication of unrestricted ALPR technology
I am here representing a vulnerable part of society, those who live in domestic violence situations. My ex-boyfriend kept telling me that he had connections to the police department, that there was no place to hide.

What if that was true? What if someone like me, couldn’t hide ever?

With unrestricted and retained ALPR data that becomes a real possibility.

I want you to consider the lives of spouses of law enforcement who might be in a domestic violence situation. My tale of torture existed because my stalker knew where I lived. Please protect your citizens, all your citizens, from potential location abuse. Please put restrictions on ALPR data.