We are back

The Seattle Privacy Coalition site has been shut down for slightly over a week following the March 30 raid by local and federal law enforcement on our computer servers.

We are happy to announce that we have built a new server after disposing of the old one that was examined by police and possibly compromised. Unfortunately, the Tor relay that drew police attention is still offline (as is our mail server) but work goes on.

Check back here soon for answers to questions a lot of old and new privacy supporters have been asking us. And God Bless Twitter! We have continued to function there as @seattleprivacy.

 

Seattle Privacy Coalition joins other “state-sponsored” attack targets to demand answers from Twitter

twitter3“Where no conspiracy existed before, the actions of an unknown government have created one.”

 

In December 2015, the Seattle Privacy Coalition Twitter account (@seattleprivacy) received a disturbing notice from Twitter:

As a precaution, we are alerting you that your Twitter account is one of a small group of accounts that may have been targeted by state-sponsored actors. We believe that these actors (possibly associated with a government) may have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers.

Within days, more than 50 such targets identified themselves publicly via social media. Journalists around the world covered the story. (See a partial list.)

Many or most of the attack targets were involved in privacy advocacy or information security research. As a consequence, some targets (including three board members of Seattle Privacy) were present at the Chaos Communication Congress, the great hacker convention in Hamburg, Germany, in late December. We met and discussed how to respond to the mysterious and alarming notification. Our individual efforts to learn more about the who/what/when/why behind the attacks had gone nowhere, so we decided to take collective action.

Today we unveil a collectively created website, https://state-sponsored-actors.net, where we share what we’ve learned and call on Twitter (and anybody else with relevant knowledge or insight) to provide more information about what happened. This open call to Twitter currently has about 25 signers, all of them attack targets.

These are the questions we want answered:

Nature of the attacks

  • When did the attacks happen — directly prior to the first alerts in December 2015, or during a longer period previously?
  • Are the attacks continuing?
  • What were the attackers interested in? The alert email message speaks of phone numbers, IP addresses, and email. Was there anything else?
  • How were the attacks detected?
  • Were these automated brute-force attacks, or customized attacks with a human behind them, or something else?
  • Did the attackers gain administrative or other direct access to Twitter’s servers?
  • Why does Twitter suspect that the attacks came from state-sponsored actors?
  • How does Twitter define a state-sponsored actor?
  • Has Twitter identified any specific state as the source of the attacks?
  • Have the attacks come from actors with ties to the US government?
  • Are all of the attacks coming from the same actor(s)?
  • What else does Twitter know about the attacks?

Reasons for targeting

  • What is the common element, if any, among the targeted accounts?
  • Were accounts attacked because of not using Tor / because of using Tor / despite using Tor?

Twitter’s response

  • Are Twitter’s alerts sent by humans or by machines responding to irregular activity?
  • Why did Twitter start sending the alerts now?
  • Other companies have started sending out similar emails, e.g., Facebook, Google, and Yahoo. Is this a concerted effort? What is the background or the aim of the notifications?
  • Why are there different kinds of notifications (email vs. popup)?
  • What is the purpose of Twitter’s recommendation to use Tor, when many of the targeted accounts already use Tor?

Legalities

  • Why isn’t Twitter telling us more?
  • Is Twitter’s silence the result of a gag order?
  • Has Twitter received warrants, subpoenas, or National Security Letters in connection with the attacks?

The new site is available in English, German, French, and Italian, with more to come, as befits reaction to a government-backed assault against a world-wide communication service and the people using it.

As privacy activists who lawfully petitioned our various governments to protect our essential human rights, we now find ourselves the object of government overreach. Many of us became acquainted for the first time through our collective harm and our search for answers. Where no conspiracy existed before, the actions of an unknown government have created one.

Let the reckoning begin.

Fed Fun with No Expectation of Privacy

After Seattle Privacy member Lee Colleton discovered new surveillance cameras popping up in the CD, investigations by us and the press determined that they belong to the Bureau of Alcohol, Tobacco, and Firearms (ATF). Apparently Seattle City Light now sets city privacy policy, since they allowed the cameras on their poles, and they “support law enforcement and will continue to allow that kind of placement in the future” (The Stranger), and nobody else in city government admits any knowledge of this.

But that’s OK, according to the ATF.

[ATF Special Agent Brian] Bennett said the ATF did not have to obtain federal warrants for the cameras since they were placed in public places where people do not have a reasonable expectation of privacy. (The Seattle Times)

Ah ha! No expectation of privacy, just like the secretive offices of the FBI and ATF in our public Seattle spaces.

So I went for a walk by the Abraham Lincoln Building, home of the FBI in Seattle (1110 3rd Ave) and the Jackson Federal Building, home of the ATF in Seattle (915 2nd Ave.). I carried with me a big ugly camera that doesn’t work very well, some cash, and no ID or cell phone.

Here is the Abraham Lincoln Building:

IMGP1520

Though it nowhere says the FBI is hunkered down inside, the cameras around the perimeter indicate that something is up:

IMGP1523

IMGP1525

IMGP1536

IMGP1537

IMGP1526

Right after I took the picture of the garage door, it opened and a car came out. I got bad bad shots of it, one with the license plate readable:

IMGP1529

The G-man-looking driver was extremely unhappy to see me photographing him. He sped up and I failed to capture the sad look on his face. Since the door was still open, I took some pictures looking inside the garage, catching a bonus license plate:

IMGP1531

IMGP1532

At this point, a uniformed guy came running out of the garage shouting at me. It was was Christopher Jones, a Paragon Security employee with a gun and badge #1336.

IMGP1533

IMGP1534

Mr. Jones asked me what I was doing and who I was and said I couldn’t be there (on the sidewalk) taking pictures. I told him I didn’t care to answer any of his questions, and I was perfectly free to take pictures. Then he told me to stay where I was (which I took to mean, apparently correctly, that I could continue wandering around within a few feet of the garage door taking more pictures).  He asserted that I was not allowed to photograph the interior of the garage and that he could seize my camera if he wished. I said I doubted this. He radioed for a “federal officer,” as he put it, and predicted I would be explaining my actions to a “federal judge.”  Over the radio he described me as being “between suspicious and hostile.” I asked if I was being detained, he said yes, and so we waited. We did a little dance as I tried to photograph his badge and he kept turning away. I finally asked, “Would you please let me get your badge number?” but we kept doing the orbital dance until I got it.

Next, the “federal officer” showed up. It was Inspector Robert Cantu of the Federal Protective Service (DHS), who proved to be calm, polite, and personable. He was also well-informed. He acknowledged that I had the right to photograph the building and the personnel, though he cited a federal statute that he said prohibited photography of certain security equipment such as the metal detector in the lobby. He did not push the issue of whether the statute applied to the garage, and he didn’t try to get me to identify myself. We actually had quite an pleasant conversation. His commanding officer later showed up and was also cordial. I told them I would consult the statute and I thanked Mr. Cantu for being an exemplary representative of the federal government. I also eyed his Taser with particular interest, since it was mounted on his utility vest rather than at his hip.

I then walked two blocks to the federal building:

IMGP1542

I’ve photographed this building a number of times, so I basically just loitered around the east plaza. I noticed a security guard looking at me, so I brought the camera up and tried to take a picture, but the machinery failed me. (I’m about to send the wretched thing off for repairs, but today I wanted something more aggressive than a cell phone.) The guy in uniform — another Paragon Security employee — came trotting over at that point and demanded to see my identification. I refused to provide it. He dropped that tack and asserted that I wasn’t allowed to take his picture, that he was empowered to seize the camera and erase the pictures, and I couldn’t photograph a federal facility. I asserted that I could take his picture any time I like, and the building’s picture, and I asked whether I wasn’t standing that moment on a public sidewalk, which he admitted in some confusion. A passerby walked up then and said that I was absolutely right in everything I’d said, and that he worked nearby in a law office. Encouraged by this, I raised the camera (now working) and took a picture of the guard, who had begun pacing back and forth in consternation. I told him he needed to consult his superior about the legal claims he had made, and probably undergo additional training (which was presumptuous of me, I admit). I asked whether I was being detained or was free to go, and receiving his blessing, I went.

This is the guard, who remains unidentified because the picture is so blurry:

IMGP1541

My encounters today lead me to the following observations and questions:

  • The aggressive behavior of the two Paragon Security employees was apparently meant to be intimidating, and was backed up by specious claims about the law.
  • The demeanor of both DHS officers was professional, polite, and backed up by what struck me as mostly factual statements.
  • This very limited evidence suggests a couple of interesting possibilities. DHS could be engaging in the proverbial good-cop/bad-cop behavior, or the Paragon employees could be poorly trained, or, combining both, DHS could be happy to have its none-too-bright bulldogs keeping the public at bay while they hold in reserve the more elite personnel to deal with citizens who are too well informed to be easily intimidated. This last possibility would be a rather cynical deployment of class against class that serves to mollify well-educated citizens with the chummy camaraderie and deference due the masters (mainly the white middle class) for whom all police agencies actually work.

This last possibility makes me wonder about the real effectiveness of guerrilla police photography. Are we doing nothing more than (as Tom Wolfe wrote) “mau-mauing the flack-catchers”? That might be a useful tactic or it might not, but I can’t believe that the certifiable dummies that we succeed in provoking are the most effective demographic to target.

POSTSCRIPT: As I was proceeded away from the FBI office, I noticed one obvious plainclothes fed after another walking along 3rd Ave. They must have all phoned each other last night and decided to dress their muscular, indeed hypertrophied torsos (tending perilously to fat) in tight pastel dress shirts with sedate ties, to wear sunglasses, to keep their hair crew-cut, and to tend carefully their bushy mustaches. Maybe those guys would be fun to take pictures of, yielding endless sad, sad mug shots. I would need help from someone who knows how to spot the female feds, who must also be out there, expecting privacy as they walk the public streets.

 

 

Why is a Seattle police detective on the Hacking Team mailing list?

The Italian company Hacking Team, a notorious trafficker in computer tools that help governments spy on dissidents and other state enemies, was cracked wide open by an anonymous real hacker on July 5. Reporters Without Borders, a group that defends press freedom world-wide, lists Hacking Team as one of five “Corporate Enemies of the Internet,” five private-sector companies that are “digital era mercenaries.” One million or more of Hacking Team’s internal files are now in the public domain. Among them are email archives which can be conveniently searched on the Wikileaks Web site at https://wikileaks.org/hackingteam/emails/.

These documents reveal a scandal that entangles not just overt dictatorships such as Sudan, Uzbekistan, Ethiopia, Egypt, and Azerbaijan, but also the FBI, DEA, and armed forces in this country. (Presumably it’s easier for the lower-echelon feds to buy computer break-in tools on the open market than to get the NSA to share its in-house goodies.) While publicly billing themselves as “good guys” helping law enforcement, they have no qualms about selling to some of the nastiest regimes on the planet, as long as they can do it in secret.

 

hackingteam_011-100594951-orig

From a Hacking Team client list. (www.csoonline.com)

 

The Seattle connection

The Seattle Privacy Coalition has discovered that Hacking Team’s customer mailing lists include the name and address of a Seattle police detective. Here’s what we know:

  • The detective is a 19-year veteran of the force.
  • Expertise includes Cyber Crimes, Domestic Terrorism, Homeland Security, Surveillance, and Criminal Intelligence.
  • Has participated in emergency-response training at the University of Washington.
  • Received email messages form Hacking Team in 2013-2014.

 

Just wondering…

We already know that Hacking Team engaged in aggressive marketing, even to the point of hawking their spy software to the Vatican. No, really:

The security firm even tried to sell the Vatican on its services with the creation of a booby trapped Bible app that could load up spy software on the devices of people the Vatican may want to keep tabs of. It’s unclear if the Vatican actually bought Hacking Team’s services or who the Vatican would want to spy on. (fortune.com)

So why was the company in touch with a senior detective in the Seattle Police Department?

  • How did the detective wind up on Hacking Team’s mailing list?
  • Was this a personal if imprudent interest of the detective’s, or had the detective been assigned to communicate with Hacking Team?
  • Has SPD ever actively communicated with Hacking Team?
  • Has SPD purchased, or entered into discussions about purchasing, software or services from Hacking Team? (We hear that the Bible app is going cheap.)

The Seattle Privacy Coalition calls on Chief Kathleen O’Toole and Mayor Ed Murray to fully explain the city’s relationship with Hacking Team.

ShotSpotter: There’s no lobbyist like an arms lobbyist

Seattle Privacy Coalition has blogged before about the aggressive marketing practices of ShotSpotterTM, the controversial gun-fire detection system that Seattle City Council wants to purchase. Now our friendly competitor news outlet The Intercept has blasted the story sky-high. When a sales pitch in Council Chambers is really a lobbying campaign by an international arms dealer, hold onto your wallet and your freedoms.

Here’s the Intercept article in a nutshell:

  • Despite claims to the contrary, ShotSpotter, which uses a network of microphones to pinpoint gunshots in covered areas, also records conversations going on in the vicinity. This is established fact, inasmuch as the recordings have been admitted as evidence in criminal trials.
  • ShotSpotter’s wide deployment in over 90 US cities is powered by an aggressive lobbying campaign.
    • DC lobbyist Ferguson Group, by targeting congressional delegations, has secured $7 million in federal funds to purchase ShotSpotter through Department of Justice.
    • ShotSpotter also has hired lobbying firms Squire Patton Boggs, Raben Group, Greenberg Traurig, and Mercury Group Public Affairs to sell its products at the federal, state, and city levels, including coordination with police unions.
    • Having laid the federal funding groundwork, ShotSpotter guides potential customers through the grant application process.
    • ShotSpotter cultivates revolving-door relationships with law-enforcement heavies. Senior Vice President David Chipman is a former senior official at the ATF and a former fellow to the International Association of Chiefs of Police, and New York Police Commissioner William J. Bratton did a stint as a board member before assuming his present position as one of ShotSpotter’s newest and biggest customers. (Fortunately for the American Way, he recused himself from that purchasing decision.)

The article also spotlights the silly claims by company executives that ShotSpotter is not a listening device. As one helpfully explains, “It’s an acoustic sensor. It’s not a microphone,” which you can file under Distinction Without A Difference. And, as usual, ShotSpotter can’t keep its story straight. Our Oakland friend @marymad contributes this capture from the ShotSpotter Web site:

Embedded image permalink

Just like a cell phone, eh? That explains why the 20-30 foot limit is nonsense, too. Cell phone users know that speaker-phone mode picks up anything loud enough to be picked up, regardless of distance. A conversation 100 feet away on a quiet street? No problem.

The Intercept piece concludes with this alarming assessment of the privacy issues presented by ShotSpotter’s audio surveillance:

ShotSpotter’s privacy policy claims this audio is “erased and overwritten” and “lost permanently” if its system does not sense a gunshot. However, even if this is true, the policy also states that ShotSpotter has detected and recorded “3 million incidents” over the past ten years. This also indicates the sensors report a staggering level of false alarms, and that the company has permanently recorded 18 million seconds — in other words, 5,000 hours or approximately seven months — of audio. According to a promotional document emailed to Miami city officials by ShotSpotter’s sales team, the technology allows end users to retain this audio online for two years and offline for another five.

The lessons here are not new:

  • ShotSpotter is a questionable use of money, a technical quick-fix that does little for public safety and nothing for the underlying causers of crime.
  • The company is a snake-oil merchant that constantly makes claims that defy scientific logic.
  • The ShotSpotter lobbying machine is a public menace.

 

We support the plan by Seattle City Council to closely review the money provisionally allocated to purchase ShotSpotter.