Archive for the 'Institutional Transparency' Category

If We Care For Survivors, Surveillance Technologies Must Be Heavily Regulated

By Christopher Sheats

 

In Seattle tomorrow, City Council will be discussing Surveillance Ordinance amendments originally proposed by ACLU of Washington and watered down by the council. The Surveillance Ordinance would be incredibly deficient if we passed these amendments. Of primary concern, there are multiple exemptions that are *crazy* if you were to juxtapose a United Nations privacy report.

Surveillance technology does not include:

(a) technology used to collect data from individuals who knowingly and voluntarily consent to provide, or who do not avail themselves of an opportunity to opt out of providing, such data for use by a City department;

(b) social media sites or news monitoring and news alert services;

(c) a body-worn camera;

(d) a camera installed in or on a police vehicle;

(e) a camera installed in or on any vehicle or along a public right-of-way used to record traffic patterns or traffic violations or to otherwise operate the transportation system safely and efficiently, including in any public right-of-way;

(f) a camera installed on City property for security purposes;

(g) a camera installed solely to protect the physical integrity of City infrastructure, such as Seattle Public Utilities reservoirs; and

(h) routine patches, firmware and software updates, and hardware lifecycle replacements.

In February, I spoke along side ACLU of Washington lawyers, University of Washington lawyers, and a domestic violence survivor at a public hearing in our state capitol to support an ACLU bill limiting Automatic Licence Plate Readers. Domestic violence survivors’ privacy, specifically their physical location privacy, is paramount to them and their families. Further, many survivors are victims to police men and women, making this under-served population a critical voice in discussions concerning surveillance technologies. At the hearing, A women with incredible courage showed up to educate the committee about her and the other 5,000+ Address Confidentiality Program participants. With permission, below is her testimony.

As content on our website is licensed using Creative Commons, please feel free to use share her testimony to further privacy rights.

Madame Chair, and members of the committee,

I am here today to discuss a part of my life so terrifying that, at times, I have actually contemplated writing a horror movie script.

Please forgive me, but by the end, it will make sense to today’s hearing.

I am here as a participant in the Washington State Address Confidentiality Program, ACP for short.

You will never understand, nor will I ever be able to convey the fear and torment that one individual can deliver. His words are still etched in my mind: “No woman is going to tell me, a man, what to do.” When trying to end a relationship, what I got in return was physical abuse and psychological terror. I would see him outside my home, my work, at my children’s school or stalking me in my rear-view mirror.

At times, he would convey to me each and every way or place he could have killed me that day.

I discovered that he had made duplicate keys of both my home and my car. Changing door locks didn’t matter. He still got inside. He was letting me know that he was in control.

My oldest son and I would eventually bobby trap our doors when we left, to more easily determine if he might be inside when we returned.

And though time, our much-loved pet cats disappeared one by one.

I lived through death and kidnapping threats to my children’s lives. I feared for my own life.

And in utter, desperate fear one night, I called a helpline, told them of my situation, and was advised to leave the state immediately. I did. On their advice, I gave my house keys to a friend, told nobody where I was going, put my kids and some clothes in my car, and drove to a state where I was offered protection.

I thank you so very much WA for the ACP. I no longer have to be afraid. It took me months but I no longer have to fear looking in my rear-view mirror.

This is hopefully the end of my desperate story.

But now, I want you to clearly understand one implication of unrestricted ALPR technology
I am here representing a vulnerable part of society, those who live in domestic violence situations. My ex-boyfriend kept telling me that he had connections to the police department, that there was no place to hide.

What if that was true? What if someone like me, couldn’t hide ever?

With unrestricted and retained ALPR data that becomes a real possibility.

I want you to consider the lives of spouses of law enforcement who might be in a domestic violence situation. My tale of torture existed because my stalker knew where I lived. Please protect your citizens, all your citizens, from potential location abuse. Please put restrictions on ALPR data.

Tell City Council that Feds Must Follow Seattle Law

Call for action: Demand transparency related to federal government surveillance in Seattle

tl,dr

Email the city and insist that city employees document cooperation with federal requests for surveillance cameras.

Details

What: Meeting of Seattle City Council Committee on Energy and Environment. Agenda:  https://seattle.legistar.com/View.ashx…

When: Tuesday, January 24, at 2 pm

Where: Council Chambers at Seattle City Hall (601 5th Avenue, at Cherry)

Why: Of interest in the agenda is item #2:

Warrantless Surveillance Cameras in Seattle: How to protect
the privacy of Seattleites and reverse the proliferation of
surveillance cameras installed by the Seattle Police
Department and Federal law enforcement agencies on SCL
polls in public space without democratic authorization or
transparency.

As many of you will know, Seattle currently has legislation about surveillance equipment on the books. Currently, however, federal agencies ignore it (because it doesn’t apply to them) and use city resources to put up their own cameras. Seattle Privacy has documented several cases where the ATF or FBI entered into informal, off-the-record, verbal agreements Seattle City Light employees allowing the placement of cameras on utility poles.

We support the committee’s study of this issue call on the committee members to back corrective legislation.

What you can do

Attend the meeting if you can, and speak out during the public comment period.

If you can’t attend, you can submit a public comment by emailing the committee members:

For example, you might feel that…

  • Any agreements between federal and city agencies regarding surveillance equipment should be written down and FOIA-able.
  • The public should know who makes the call to allow ATF cameras.
  • The lack of transparency in the city’s dealings with the federal government is at odds with our status as a sanctuary city.

We’ll be at the meeting, and hope to see you there.

Seattle Privacy Coalition joins other “state-sponsored” attack targets to demand answers from Twitter

twitter3“Where no conspiracy existed before, the actions of an unknown government have created one.”

 

In December 2015, the Seattle Privacy Coalition Twitter account (@seattleprivacy) received a disturbing notice from Twitter:

As a precaution, we are alerting you that your Twitter account is one of a small group of accounts that may have been targeted by state-sponsored actors. We believe that these actors (possibly associated with a government) may have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers.

Within days, more than 50 such targets identified themselves publicly via social media. Journalists around the world covered the story. (See a partial list.)

Many or most of the attack targets were involved in privacy advocacy or information security research. As a consequence, some targets (including three board members of Seattle Privacy) were present at the Chaos Communication Congress, the great hacker convention in Hamburg, Germany, in late December. We met and discussed how to respond to the mysterious and alarming notification. Our individual efforts to learn more about the who/what/when/why behind the attacks had gone nowhere, so we decided to take collective action.

Today we unveil a collectively created website, https://state-sponsored-actors.net, where we share what we’ve learned and call on Twitter (and anybody else with relevant knowledge or insight) to provide more information about what happened. This open call to Twitter currently has about 25 signers, all of them attack targets.

These are the questions we want answered:

Nature of the attacks

  • When did the attacks happen — directly prior to the first alerts in December 2015, or during a longer period previously?
  • Are the attacks continuing?
  • What were the attackers interested in? The alert email message speaks of phone numbers, IP addresses, and email. Was there anything else?
  • How were the attacks detected?
  • Were these automated brute-force attacks, or customized attacks with a human behind them, or something else?
  • Did the attackers gain administrative or other direct access to Twitter’s servers?
  • Why does Twitter suspect that the attacks came from state-sponsored actors?
  • How does Twitter define a state-sponsored actor?
  • Has Twitter identified any specific state as the source of the attacks?
  • Have the attacks come from actors with ties to the US government?
  • Are all of the attacks coming from the same actor(s)?
  • What else does Twitter know about the attacks?

Reasons for targeting

  • What is the common element, if any, among the targeted accounts?
  • Were accounts attacked because of not using Tor / because of using Tor / despite using Tor?

Twitter’s response

  • Are Twitter’s alerts sent by humans or by machines responding to irregular activity?
  • Why did Twitter start sending the alerts now?
  • Other companies have started sending out similar emails, e.g., Facebook, Google, and Yahoo. Is this a concerted effort? What is the background or the aim of the notifications?
  • Why are there different kinds of notifications (email vs. popup)?
  • What is the purpose of Twitter’s recommendation to use Tor, when many of the targeted accounts already use Tor?

Legalities

  • Why isn’t Twitter telling us more?
  • Is Twitter’s silence the result of a gag order?
  • Has Twitter received warrants, subpoenas, or National Security Letters in connection with the attacks?

The new site is available in English, German, French, and Italian, with more to come, as befits reaction to a government-backed assault against a world-wide communication service and the people using it.

As privacy activists who lawfully petitioned our various governments to protect our essential human rights, we now find ourselves the object of government overreach. Many of us became acquainted for the first time through our collective harm and our search for answers. Where no conspiracy existed before, the actions of an unknown government have created one.

Let the reckoning begin.

Audio surveillance coming to a streetlight near you?

The Seattle Police Department is teaming up with the Bureau of Alcohol, Tobacco & Firearms to bring yet another surveillance technology to Seattle. For several years, SPD has been considering an Acoustic Gunshot Location System and is being courted by ShotSpotter, LLC, which has cornered the market on this technology.

Now General Electric is developing a cheaper, integrated acoustic monitor in their next-generation streetlight which can interface with ShotSpotter’s audio surveillance system with the stated purpose of locating gunfire within dense, urban areas.

The Seattle Privacy Coalition has worked with the city in the development of a privacy protecting ordinance and a process for evaluating the impact of new surveillance technologies. We’ll be watching this new technology and offering criticism of its potential privacy impacts, especially when it’s being pushed by a government agency that has already circumvented the public process by installing surveillance cameras in the Central District with the help of Seattle City Light.

We’ll be asking the city’s new Chief Privacy Officer to perform and publish a thorough audit of all programs and purchases under SPD, and all MOUs or informal agreements SPD maintains with Federal agencies in accordance with the City’s privacy program.

Contact Seattle’s CTOthe Mayor and City Council members to share your concerns with them.

Previously:

ShotSpotter makes up its gunfire data, but it STILL doesn’t make any sense

ShotSpotter: There’s no lobbyist like an arms lobbyist

ShotSpotter (SST, Inc.) Fact Sheet prepared for City of Seattle

Reminder from Laura Poitras: “If not for Seattle, this history would be different”

Why is a Seattle police detective on the Hacking Team mailing list?

The Italian company Hacking Team, a notorious trafficker in computer tools that help governments spy on dissidents and other state enemies, was cracked wide open by an anonymous real hacker on July 5. Reporters Without Borders, a group that defends press freedom world-wide, lists Hacking Team as one of five “Corporate Enemies of the Internet,” five private-sector companies that are “digital era mercenaries.” One million or more of Hacking Team’s internal files are now in the public domain. Among them are email archives which can be conveniently searched on the Wikileaks Web site at https://wikileaks.org/hackingteam/emails/.

These documents reveal a scandal that entangles not just overt dictatorships such as Sudan, Uzbekistan, Ethiopia, Egypt, and Azerbaijan, but also the FBI, DEA, and armed forces in this country. (Presumably it’s easier for the lower-echelon feds to buy computer break-in tools on the open market than to get the NSA to share its in-house goodies.) While publicly billing themselves as “good guys” helping law enforcement, they have no qualms about selling to some of the nastiest regimes on the planet, as long as they can do it in secret.

 

hackingteam_011-100594951-orig

From a Hacking Team client list. (www.csoonline.com)

 

The Seattle connection

The Seattle Privacy Coalition has discovered that Hacking Team’s customer mailing lists include the name and address of a Seattle police detective. Here’s what we know:

  • The detective is a 19-year veteran of the force.
  • Expertise includes Cyber Crimes, Domestic Terrorism, Homeland Security, Surveillance, and Criminal Intelligence.
  • Has participated in emergency-response training at the University of Washington.
  • Received email messages form Hacking Team in 2013-2014.

 

Just wondering…

We already know that Hacking Team engaged in aggressive marketing, even to the point of hawking their spy software to the Vatican. No, really:

The security firm even tried to sell the Vatican on its services with the creation of a booby trapped Bible app that could load up spy software on the devices of people the Vatican may want to keep tabs of. It’s unclear if the Vatican actually bought Hacking Team’s services or who the Vatican would want to spy on. (fortune.com)

So why was the company in touch with a senior detective in the Seattle Police Department?

  • How did the detective wind up on Hacking Team’s mailing list?
  • Was this a personal if imprudent interest of the detective’s, or had the detective been assigned to communicate with Hacking Team?
  • Has SPD ever actively communicated with Hacking Team?
  • Has SPD purchased, or entered into discussions about purchasing, software or services from Hacking Team? (We hear that the Bible app is going cheap.)

The Seattle Privacy Coalition calls on Chief Kathleen O’Toole and Mayor Ed Murray to fully explain the city’s relationship with Hacking Team.