Proposal: Overhaul Surveillance Ordinance as Data Collection, Retention and Sharing Ordinance

By Jan Bultmann and Christopher Sheats


Our city has committed to protecting immigrants, refugees, and the many thousands of other vulnerable populations. We argue that this is not possible without strong privacy oversight, safeguards, and enforcement. The local privacy community urges Seattle’s leadership to set aside for the moment the discussion of our Surveillance Ordinance and any amendments to it, and instead to develop an ordinance that holistically addresses the government’s role in data collection, retention, and sharing.

Why pause now? The ACLU of Washington has proposed a stronger version of the existing bill, which has been watered down by multiple revisions that remove the many critical elements including independent oversight, auditing, reporting, and enforcement requirements. But even with the ACLU’s original, stronger proposal, the foundation of the bill is inadequate.

We now live in a very different environment than when the Surveillance Ordinance was first crafted, although it has only been 3 years. This legislation was drafted in response to the public outcry that accompanied the Seattle Police Department’s acquisition of drones without public knowledge. Council chambers were repeatedly packed with demonstrators. After having wasted $82,000 dollars, the drones were ultimately decommissioned. The Surveillance Ordinance was successful to meet that immediate challenge.

Now we promise vulnerable people that we are a sanctuary city that will defend their human rights. We are literally in the crosshairs of a hostile federal government, one that has been shown to disregard local regulations and make backroom deals with city agencies. For example, putting cameras on City Light poles in direct violation of our existing surveillance law, putting nothing in writing, and further, evading any form of FOIA or PDR process.

“As a sanctuary city we have a greater obligation to protect private citizens.” — Kshama Sawant

We have autonomous cars coming, including wireless car to car technology, wireless car to infrastructure technology, and the lobbyists that come with them. We have facial recognition technologies coming and the lobbyists that come with them. We will be seeing the largest developments of these technologies within President Trump’s term.

Seattle’s Race and Social Justice Initiative clearly states:

By 2017, the City of Seattle will work with community-based organizations to support the movement to end structural racism.

We can tell you that the City has not asked the Seattle Privacy Coalition for input on how we might accomplish this, and we are well into 2017. Further, CTAB-Privacy has not been asked for input on these amendments by the Council. How can Seattle’s Surveillance Ordinance go on to exempt technologies designed and purchased for surveillance? Do black lives really matter to Seattle when data collection, retention, and sharing technologies are historically and routinely purchased in the name of defense but used offensively?

If we do not hold ourselves accountable, a government for the people, how are we going to ethically govern the use of these technologies when they are funded, deployed, and managed by third parties? How is Seattle going to defend our human rights if we have a “surveillance ordinance” that is not adequate for the complexity of a major municipality? Common sense demands that we broaden the scope to include all forms of data collection, retention, and sharing. This would eliminate splitting hairs on terms that exclude any technology not specifically purchased to support law enforcement.

The Electronic Frontier Foundation is a legal digital rights organization that maintains an umbrella grassroots organization called Electronic Frontier Alliance. Last week we discussed surveillance ordinances under development in more than 11 municipalities across the United States. The Seattle Washington ordinance was cited as being “well-intended but weak” whereas the Oakland California legislation was cited as effective because their draft legislation includes provisions for independent oversight that are fundamental to all controls, auditing and reporting requirements, and enforcement options such as the public’s right to sue for privacy harms. We strongly advise that Council review the Oakland California ordinance.

The Seattle ordinance MUST include oversight, auditing, reporting, and enforcement, and it cannot be limited to a false notion of what is or it not for surveillance. Without these fundamental changes, we are a sanctuary city in name only. With federal access to municipal databases unmonitored, unchecked, and unreported, anyone who makes use of a city service is vulnerable. When privacy is by design and policies are made to support the most vulnerable in our city, we, in effect, defend everyone’s human rights.

As defined by Seattle’s Privacy Program, we have a Privacy Review Process (PDF) that we can leverage for all forms of data collection. All forms, because there cannot be a lack of transparency and accountability. This must be baked into a Data Collection, Retention and Sharing Ordinance. Every act by the City that takes in information should have a corresponding unique identifier that must be published so that anyone can learn more about the data being collected, what it is being used for, and who is responsible for it. This will build trust. In line with Councilmember Sawant’s wishes to pull down foreign cameras from City utility poles, people have the right to be informed about what their government is collecting about them and their community. We should have the ability to learn about and to respond to our government in constructive ways. With the City’s drive for increasing open data and community engagement, why haven’t we started doing this yet?

Privacy is at risk from always-on microphones, cameras, smartphones, smart meters, automobiles, internet assistants like Alexa, Siri, Echo, and Cortona, Internet connected children’s toys, home appliances, and so many other things that have yet to even be invented. The city of Seattle cannot protect people today from predatory corporate data exploitation. We can, however, model what a human-rights respecting privacy policy looks like. And we must.

Please do not pass the watered-down Surveillance Ordinance rewrite into law because it will cause more harm than good. Instead, we urge the City Council to reach out to local community organizations such as the Seattle Privacy Coalition, Electronic Rights Rainier, and the body that the City Council assembled to advise them on technical issues, the Community Technology Advisory Board, to create a bill we can all be proud of.

If We Care For Survivors, Surveillance Technologies Must Be Heavily Regulated

By Christopher Sheats


In Seattle tomorrow, City Council will be discussing Surveillance Ordinance amendments originally proposed by ACLU of Washington and watered down by the council. The Surveillance Ordinance would be incredibly deficient if we passed these amendments. Of primary concern, there are multiple exemptions that are *crazy* if you were to juxtapose a United Nations privacy report.

Surveillance technology does not include:

(a) technology used to collect data from individuals who knowingly and voluntarily consent to provide, or who do not avail themselves of an opportunity to opt out of providing, such data for use by a City department;

(b) social media sites or news monitoring and news alert services;

(c) a body-worn camera;

(d) a camera installed in or on a police vehicle;

(e) a camera installed in or on any vehicle or along a public right-of-way used to record traffic patterns or traffic violations or to otherwise operate the transportation system safely and efficiently, including in any public right-of-way;

(f) a camera installed on City property for security purposes;

(g) a camera installed solely to protect the physical integrity of City infrastructure, such as Seattle Public Utilities reservoirs; and

(h) routine patches, firmware and software updates, and hardware lifecycle replacements.

In February, I spoke along side ACLU of Washington lawyers, University of Washington lawyers, and a domestic violence survivor at a public hearing in our state capitol to support an ACLU bill limiting Automatic Licence Plate Readers. Domestic violence survivors’ privacy, specifically their physical location privacy, is paramount to them and their families. Further, many survivors are victims to police men and women, making this under-served population a critical voice in discussions concerning surveillance technologies. At the hearing, A women with incredible courage showed up to educate the committee about her and the other 5,000+ Address Confidentiality Program participants. With permission, below is her testimony.

As content on our website is licensed using Creative Commons, please feel free to use share her testimony to further privacy rights.

Madame Chair, and members of the committee,

I am here today to discuss a part of my life so terrifying that, at times, I have actually contemplated writing a horror movie script.

Please forgive me, but by the end, it will make sense to today’s hearing.

I am here as a participant in the Washington State Address Confidentiality Program, ACP for short.

You will never understand, nor will I ever be able to convey the fear and torment that one individual can deliver. His words are still etched in my mind: “No woman is going to tell me, a man, what to do.” When trying to end a relationship, what I got in return was physical abuse and psychological terror. I would see him outside my home, my work, at my children’s school or stalking me in my rear-view mirror.

At times, he would convey to me each and every way or place he could have killed me that day.

I discovered that he had made duplicate keys of both my home and my car. Changing door locks didn’t matter. He still got inside. He was letting me know that he was in control.

My oldest son and I would eventually bobby trap our doors when we left, to more easily determine if he might be inside when we returned.

And though time, our much-loved pet cats disappeared one by one.

I lived through death and kidnapping threats to my children’s lives. I feared for my own life.

And in utter, desperate fear one night, I called a helpline, told them of my situation, and was advised to leave the state immediately. I did. On their advice, I gave my house keys to a friend, told nobody where I was going, put my kids and some clothes in my car, and drove to a state where I was offered protection.

I thank you so very much WA for the ACP. I no longer have to be afraid. It took me months but I no longer have to fear looking in my rear-view mirror.

This is hopefully the end of my desperate story.

But now, I want you to clearly understand one implication of unrestricted ALPR technology
I am here representing a vulnerable part of society, those who live in domestic violence situations. My ex-boyfriend kept telling me that he had connections to the police department, that there was no place to hide.

What if that was true? What if someone like me, couldn’t hide ever?

With unrestricted and retained ALPR data that becomes a real possibility.

I want you to consider the lives of spouses of law enforcement who might be in a domestic violence situation. My tale of torture existed because my stalker knew where I lived. Please protect your citizens, all your citizens, from potential location abuse. Please put restrictions on ALPR data.

Tell City Council that Feds Must Follow Seattle Law

Call for action: Demand transparency related to federal government surveillance in Seattle


Email the city and insist that city employees document cooperation with federal requests for surveillance cameras.


What: Meeting of Seattle City Council Committee on Energy and Environment. Agenda:…

When: Tuesday, January 24, at 2 pm

Where: Council Chambers at Seattle City Hall (601 5th Avenue, at Cherry)

Why: Of interest in the agenda is item #2:

Warrantless Surveillance Cameras in Seattle: How to protect
the privacy of Seattleites and reverse the proliferation of
surveillance cameras installed by the Seattle Police
Department and Federal law enforcement agencies on SCL
polls in public space without democratic authorization or

As many of you will know, Seattle currently has legislation about surveillance equipment on the books. Currently, however, federal agencies ignore it (because it doesn’t apply to them) and use city resources to put up their own cameras. Seattle Privacy has documented several cases where the ATF or FBI entered into informal, off-the-record, verbal agreements Seattle City Light employees allowing the placement of cameras on utility poles.

We support the committee’s study of this issue call on the committee members to back corrective legislation.

What you can do

Attend the meeting if you can, and speak out during the public comment period.

If you can’t attend, you can submit a public comment by emailing the committee members:

For example, you might feel that…

  • Any agreements between federal and city agencies regarding surveillance equipment should be written down and FOIA-able.
  • The public should know who makes the call to allow ATF cameras.
  • The lack of transparency in the city’s dealings with the federal government is at odds with our status as a sanctuary city.

We’ll be at the meeting, and hope to see you there.

ShotSpotter: There’s no lobbyist like an arms lobbyist

Seattle Privacy Coalition has blogged before about the aggressive marketing practices of ShotSpotterTM, the controversial gun-fire detection system that Seattle City Council wants to purchase. Now our friendly competitor news outlet The Intercept has blasted the story sky-high. When a sales pitch in Council Chambers is really a lobbying campaign by an international arms dealer, hold onto your wallet and your freedoms.

Here’s the Intercept article in a nutshell:

  • Despite claims to the contrary, ShotSpotter, which uses a network of microphones to pinpoint gunshots in covered areas, also records conversations going on in the vicinity. This is established fact, inasmuch as the recordings have been admitted as evidence in criminal trials.
  • ShotSpotter’s wide deployment in over 90 US cities is powered by an aggressive lobbying campaign.
    • DC lobbyist Ferguson Group, by targeting congressional delegations, has secured $7 million in federal funds to purchase ShotSpotter through Department of Justice.
    • ShotSpotter also has hired lobbying firms Squire Patton Boggs, Raben Group, Greenberg Traurig, and Mercury Group Public Affairs to sell its products at the federal, state, and city levels, including coordination with police unions.
    • Having laid the federal funding groundwork, ShotSpotter guides potential customers through the grant application process.
    • ShotSpotter cultivates revolving-door relationships with law-enforcement heavies. Senior Vice President David Chipman is a former senior official at the ATF and a former fellow to the International Association of Chiefs of Police, and New York Police Commissioner William J. Bratton did a stint as a board member before assuming his present position as one of ShotSpotter’s newest and biggest customers. (Fortunately for the American Way, he recused himself from that purchasing decision.)

The article also spotlights the silly claims by company executives that ShotSpotter is not a listening device. As one helpfully explains, “It’s an acoustic sensor. It’s not a microphone,” which you can file under Distinction Without A Difference. And, as usual, ShotSpotter can’t keep its story straight. Our Oakland friend @marymad contributes this capture from the ShotSpotter Web site:

Embedded image permalink

Just like a cell phone, eh? That explains why the 20-30 foot limit is nonsense, too. Cell phone users know that speaker-phone mode picks up anything loud enough to be picked up, regardless of distance. A conversation 100 feet away on a quiet street? No problem.

The Intercept piece concludes with this alarming assessment of the privacy issues presented by ShotSpotter’s audio surveillance:

ShotSpotter’s privacy policy claims this audio is “erased and overwritten” and “lost permanently” if its system does not sense a gunshot. However, even if this is true, the policy also states that ShotSpotter has detected and recorded “3 million incidents” over the past ten years. This also indicates the sensors report a staggering level of false alarms, and that the company has permanently recorded 18 million seconds — in other words, 5,000 hours or approximately seven months — of audio. According to a promotional document emailed to Miami city officials by ShotSpotter’s sales team, the technology allows end users to retain this audio online for two years and offline for another five.

The lessons here are not new:

  • ShotSpotter is a questionable use of money, a technical quick-fix that does little for public safety and nothing for the underlying causers of crime.
  • The company is a snake-oil merchant that constantly makes claims that defy scientific logic.
  • The ShotSpotter lobbying machine is a public menace.


We support the plan by Seattle City Council to closely review the money provisionally allocated to purchase ShotSpotter.

ShotSpotter makes up its gunfire data, but it STILL doesn’t make any sense

SST, Inc.,  the company that sells ShotSpotter gunfire-detection systems to regional governments around the world, recently published a marketing pamphlet called the 2014 National Gunfire Index. The Seattle City Council might avoid purchasing another police boondoggle if it examines the phony data and confused arguments that pad out this piece of fake science.

Seattle Privacy Coalition ran across this document while compiling press clippings on ShotSpotter. Beginning in October, glowing press releases and media reports about the success of ShotSpotter began popping up around the country. For example, in Camden, NJ:

[County Commission] Director Louis Cappelli, Mayor Dana Redd and Chief Scott Thomson announced that ShotSpotter Flex[,] the global leader in gunfire detection and analysis, today announced that its National Gunfire Index revealed that gunfire incidents in Camden City for the first half of 2014 are down by 48.5 percent, compared to first half of 2013, where ShotSpotter was deployed during both periods.[1]

And in Kansas City, MO:

Newly released data from the makers of the ShotSpotter gunshot detection system indicates that gunfire has decreased significantly in Kansas City’s urban core over the last year.



The ShotSpotter system covers 3.55 square miles in Kansas City near the Troost MAX bus line. In comparing the first half of 2013 to the first half of 2014, gunfire incidents in those areas fell by 25.9 percent. That’s 55 fewer incidents. That keeps with the trend in 31 other cities across the United States and Caribbean that ShotSpotter serves: those cities averaged 25.9 percent fewer gunfire incidents, as well.[2]

Wow, those are amazing year-over-year crime reduction numbers! And the clear implication is that SpotShotter made this happen.

Let’s have a look at that data

An examination of ShotSpotter’s data and research methodology dispels any hope that it has a basis in legitimate science. There are several separate and false claims to be debunked.

False Claim 1 — Gunfire declined in SpotShotter cities from 2013 to 2014

Bizarrely, this most basic claim, the one politicians and media picked up on, is proved false (or unintelligible)  by  ShotSpotter’s own figures. These are summarized in a graphic[3]:


The researchers analyze their raw data (which consists of detected gunshots) in two ways, as total rounds fired, and as “incidents.” Gunfire “incidents” are never actually defined, nor are we told why this is a useful measure. As the graphic shows, incidents declined sharply in the 31 communities studied, while absolute rounds fired increased, and this 20.6% decline is what the the report touts on 7 of its 9 pages of content. The rounds-fired figure is mentioned on 3 pages.

The facts become murkier when we come to this baffling statement:

Rounds (bullets) fired per gunfire incident were up by 36%. On average, 3.2 rounds were fired per incident during the first half of 2014, up 10% from first half 2013 average of 2.9 rounds per incident.[4]

Now there are three different figures for rounds-fired:

  • 14%
  • 36%
  • 10%

The supporting graphic (Web version[5]) both hides the high number and adds to the confusion with a whole new measure called “Total Number of Rounds Fired Per Incident” (emphasis ours). To see this, you have to mouse-over the bullet images, as shown in the following before-and-after versions:


Added confusion stems from the complete meaninglessness of “total rounds per incident” and how this relates to “average rounds.” 

ShotSpotter does provide some actual raw numbers[6] (more on that below) that supposedly back up its generalizations.

Total Incidents Total Rounds Fired
2013 14,703 42,830
2014 11,675 58,087
Year-over-year change  -20%  +36%

At least that clarifies which of the calculated numbers are real, such as the high “total-rounds-per” number that the report tried to hide and fails to explain, and which turns out to be the real figure for rounds-per-incident. The scale of the problem becomes clear in the following graph — created by Seattle Privacy Coalition, not ShotSpotter — which illustrates the public safety significance of ShotSpotter’s two measures (as we understand them):


This makes it pretty clear that the “incidents” measure is here to obscure the fact that gunfire increased by 36% in the 31 ShotSpotter communities during the the period of the study.  People dodging bullets don’t care how many people are firing at them. Yet these are the statistics that embolden SST President and CEO, Ralph A. Clark, to tell the Camden, NJ, newspaper:

“The gunfire index data is extremely encouraging and suggests what cities and their law enforcement agencies can accomplish with a comprehensive gun violence reduction effort focused on enhanced response and community engagement.”[7]

Or, as the Index itself puts it,

Gunfire incidents are down in almost every ShotSpotter Flex city. In the 31 communities that we were able to analyze both for 1H2013 and 1H2014, gunfire incidents were down in 28 of the 31 communities, or 90% of them.[8]

False Claim 2 — SpotShotter is responsible for reducing gun violence

Things look bad for ShotSpotter. Far from reducing gun violence, Its figures suggest it has aggravated gun violence in the communities where it is deployed. The only thing that saves it from that humiliating finding is the iron rule of statistics: correlation is not causation. ShotSpotter cannot actually be blamed for an increase in gun violence without controlled studies that rule out other factors that may be causing the increase. Furthermore, the sloppiness of the arithmetic and reasoning in the 2014 National Gunfire Index make us wary of actually trusting the figures presented. Without more data, there is no way to know how much damage ShotSpotter is or is not causing.

On the other hand, reliable independent crime statistics tell a story that is unhelpful to ShotSpotter’s case regardless of the soundness of the gunfire report data. The FBI’s uniform crime statistics document[9] a steady decline of all violent crime nationwide over the past 20 years:


This trend suggests that a decline of about 3% in the overall violent crime rate probably occurred between 2013 and 2014. Any claim that ShotSpotter reduces crime would have to take into account this background decline. It is troubling but not surprising that the study ignores this, since it is much more enjoyable to claim credit for whatever good is happening on your watch. Of course, that’s not science.

The most plausible inference to make in the face of the FBI’s figures is that ShotSpotter’s figures, showing a 36% increase in gunfire over the last year, are simply too aberrant to be trusted without confirmation by qualified researchers.

False Claim 3 —  ShotSpotter bases its claims on real-world data

ShotSpotter spends a lot of time in this report stressing its careful comparison of “apples-to-apples” data. Unfortunately, it appears that the researchers only got halfway through that research methods course. Even knowing the shoddiness of the National Gunfire Index‘s methodology and analysis, it comes as a surprise that ShotSpotter actually made up data to fill out gaps in its observed gunfire tracking. The note on methodology at the end of the Index explains how this worked in considerable detail (emphasis ours)[10]


So, in other words, up to 45% of any particular community’s data over a six month period was “imputed” by means of this process of “proration.”

That explains a lot.



[1] “ShotSpotter Index Measures a Large Decrease in Gun Violence.”, October 8, 2014. Accessed 2014/11/-21.

[2] “ShotSpotter Success: Gunfire down by 26 percent in Kansas City areas by ShotSpotter following transit-police partnership.” www.kcata.orgOct 13, 2014. Accessed 2014/11/21.

[3] “2014 National Gunfire Index.” [Web version.]

[4] 2014 National Gunfire Index, p. 7. [PDF, 2014.] Also archived at

[5] “2014 National Gunfire Index.” [Web version.]

[6] 2014 National Gunfire Index, pp. 5, 7. [PDF, 2014.] Also archived at

[7] “ShotSpotter Index Measures a Large Decrease in Gun Violence.”, October 8, 2014. Accessed 2014/11/-21.

[8] 2014 National Gunfire Index, p. 6. [PDF, 2014.] Also archived at

[9] “FBI Uniform Crime Reports: Crime in the United States 2013: Table 1.” Downloadable as a spreadsheet at

[10] 2014 National Gunfire Index, p. 10. [PDF, 2014.] Also archived at