Archive for the 'Seattle Police Department' Category

Proposal: Overhaul Surveillance Ordinance as Data Collection, Retention and Sharing Ordinance

By Jan Bultmann and Christopher Sheats

 

Our city has committed to protecting immigrants, refugees, and the many thousands of other vulnerable populations. We argue that this is not possible without strong privacy oversight, safeguards, and enforcement. The local privacy community urges Seattle’s leadership to set aside for the moment the discussion of our Surveillance Ordinance and any amendments to it, and instead to develop an ordinance that holistically addresses the government’s role in data collection, retention, and sharing.

Why pause now? The ACLU of Washington has proposed a stronger version of the existing bill, which has been watered down by multiple revisions that remove the many critical elements including independent oversight, auditing, reporting, and enforcement requirements. But even with the ACLU’s original, stronger proposal, the foundation of the bill is inadequate.

We now live in a very different environment than when the Surveillance Ordinance was first crafted, although it has only been 3 years. This legislation was drafted in response to the public outcry that accompanied the Seattle Police Department’s acquisition of drones without public knowledge. Council chambers were repeatedly packed with demonstrators. After having wasted $82,000 dollars, the drones were ultimately decommissioned. The Surveillance Ordinance was successful to meet that immediate challenge.

Now we promise vulnerable people that we are a sanctuary city that will defend their human rights. We are literally in the crosshairs of a hostile federal government, one that has been shown to disregard local regulations and make backroom deals with city agencies. For example, putting cameras on City Light poles in direct violation of our existing surveillance law, putting nothing in writing, and further, evading any form of FOIA or PDR process.

“As a sanctuary city we have a greater obligation to protect private citizens.” — Kshama Sawant

We have autonomous cars coming, including wireless car to car technology, wireless car to infrastructure technology, and the lobbyists that come with them. We have facial recognition technologies coming and the lobbyists that come with them. We will be seeing the largest developments of these technologies within President Trump’s term.

Seattle’s Race and Social Justice Initiative clearly states:

By 2017, the City of Seattle will work with community-based organizations to support the movement to end structural racism.

We can tell you that the City has not asked the Seattle Privacy Coalition for input on how we might accomplish this, and we are well into 2017. Further, CTAB-Privacy has not been asked for input on these amendments by the Council. How can Seattle’s Surveillance Ordinance go on to exempt technologies designed and purchased for surveillance? Do black lives really matter to Seattle when data collection, retention, and sharing technologies are historically and routinely purchased in the name of defense but used offensively?

If we do not hold ourselves accountable, a government for the people, how are we going to ethically govern the use of these technologies when they are funded, deployed, and managed by third parties? How is Seattle going to defend our human rights if we have a “surveillance ordinance” that is not adequate for the complexity of a major municipality? Common sense demands that we broaden the scope to include all forms of data collection, retention, and sharing. This would eliminate splitting hairs on terms that exclude any technology not specifically purchased to support law enforcement.

The Electronic Frontier Foundation is a legal digital rights organization that maintains an umbrella grassroots organization called Electronic Frontier Alliance. Last week we discussed surveillance ordinances under development in more than 11 municipalities across the United States. The Seattle Washington ordinance was cited as being “well-intended but weak” whereas the Oakland California legislation was cited as effective because their draft legislation includes provisions for independent oversight that are fundamental to all controls, auditing and reporting requirements, and enforcement options such as the public’s right to sue for privacy harms. We strongly advise that Council review the Oakland California ordinance.

The Seattle ordinance MUST include oversight, auditing, reporting, and enforcement, and it cannot be limited to a false notion of what is or it not for surveillance. Without these fundamental changes, we are a sanctuary city in name only. With federal access to municipal databases unmonitored, unchecked, and unreported, anyone who makes use of a city service is vulnerable. When privacy is by design and policies are made to support the most vulnerable in our city, we, in effect, defend everyone’s human rights.

As defined by Seattle’s Privacy Program, we have a Privacy Review Process (PDF) that we can leverage for all forms of data collection. All forms, because there cannot be a lack of transparency and accountability. This must be baked into a Data Collection, Retention and Sharing Ordinance. Every act by the City that takes in information should have a corresponding unique identifier that must be published so that anyone can learn more about the data being collected, what it is being used for, and who is responsible for it. This will build trust. In line with Councilmember Sawant’s wishes to pull down foreign cameras from City utility poles, people have the right to be informed about what their government is collecting about them and their community. We should have the ability to learn about and to respond to our government in constructive ways. With the City’s drive for increasing open data and community engagement, why haven’t we started doing this yet?

Privacy is at risk from always-on microphones, cameras, smartphones, smart meters, automobiles, internet assistants like Alexa, Siri, Echo, and Cortona, Internet connected children’s toys, home appliances, and so many other things that have yet to even be invented. The city of Seattle cannot protect people today from predatory corporate data exploitation. We can, however, model what a human-rights respecting privacy policy looks like. And we must.

Please do not pass the watered-down Surveillance Ordinance rewrite into law because it will cause more harm than good. Instead, we urge the City Council to reach out to local community organizations such as the Seattle Privacy Coalition, Electronic Rights Rainier, and the body that the City Council assembled to advise them on technical issues, the Community Technology Advisory Board, to create a bill we can all be proud of.

Audio surveillance coming to a streetlight near you?

The Seattle Police Department is teaming up with the Bureau of Alcohol, Tobacco & Firearms to bring yet another surveillance technology to Seattle. For several years, SPD has been considering an Acoustic Gunshot Location System and is being courted by ShotSpotter, LLC, which has cornered the market on this technology.

Now General Electric is developing a cheaper, integrated acoustic monitor in their next-generation streetlight which can interface with ShotSpotter’s audio surveillance system with the stated purpose of locating gunfire within dense, urban areas.

The Seattle Privacy Coalition has worked with the city in the development of a privacy protecting ordinance and a process for evaluating the impact of new surveillance technologies. We’ll be watching this new technology and offering criticism of its potential privacy impacts, especially when it’s being pushed by a government agency that has already circumvented the public process by installing surveillance cameras in the Central District with the help of Seattle City Light.

We’ll be asking the city’s new Chief Privacy Officer to perform and publish a thorough audit of all programs and purchases under SPD, and all MOUs or informal agreements SPD maintains with Federal agencies in accordance with the City’s privacy program.

Contact Seattle’s CTOthe Mayor and City Council members to share your concerns with them.

Previously:

ShotSpotter makes up its gunfire data, but it STILL doesn’t make any sense

ShotSpotter: There’s no lobbyist like an arms lobbyist

ShotSpotter (SST, Inc.) Fact Sheet prepared for City of Seattle

Reminder from Laura Poitras: “If not for Seattle, this history would be different”

Why is a Seattle police detective on the Hacking Team mailing list?

The Italian company Hacking Team, a notorious trafficker in computer tools that help governments spy on dissidents and other state enemies, was cracked wide open by an anonymous real hacker on July 5. Reporters Without Borders, a group that defends press freedom world-wide, lists Hacking Team as one of five “Corporate Enemies of the Internet,” five private-sector companies that are “digital era mercenaries.” One million or more of Hacking Team’s internal files are now in the public domain. Among them are email archives which can be conveniently searched on the Wikileaks Web site at https://wikileaks.org/hackingteam/emails/.

These documents reveal a scandal that entangles not just overt dictatorships such as Sudan, Uzbekistan, Ethiopia, Egypt, and Azerbaijan, but also the FBI, DEA, and armed forces in this country. (Presumably it’s easier for the lower-echelon feds to buy computer break-in tools on the open market than to get the NSA to share its in-house goodies.) While publicly billing themselves as “good guys” helping law enforcement, they have no qualms about selling to some of the nastiest regimes on the planet, as long as they can do it in secret.

 

hackingteam_011-100594951-orig

From a Hacking Team client list. (www.csoonline.com)

 

The Seattle connection

The Seattle Privacy Coalition has discovered that Hacking Team’s customer mailing lists include the name and address of a Seattle police detective. Here’s what we know:

  • The detective is a 19-year veteran of the force.
  • Expertise includes Cyber Crimes, Domestic Terrorism, Homeland Security, Surveillance, and Criminal Intelligence.
  • Has participated in emergency-response training at the University of Washington.
  • Received email messages form Hacking Team in 2013-2014.

 

Just wondering…

We already know that Hacking Team engaged in aggressive marketing, even to the point of hawking their spy software to the Vatican. No, really:

The security firm even tried to sell the Vatican on its services with the creation of a booby trapped Bible app that could load up spy software on the devices of people the Vatican may want to keep tabs of. It’s unclear if the Vatican actually bought Hacking Team’s services or who the Vatican would want to spy on. (fortune.com)

So why was the company in touch with a senior detective in the Seattle Police Department?

  • How did the detective wind up on Hacking Team’s mailing list?
  • Was this a personal if imprudent interest of the detective’s, or had the detective been assigned to communicate with Hacking Team?
  • Has SPD ever actively communicated with Hacking Team?
  • Has SPD purchased, or entered into discussions about purchasing, software or services from Hacking Team? (We hear that the Bible app is going cheap.)

The Seattle Privacy Coalition calls on Chief Kathleen O’Toole and Mayor Ed Murray to fully explain the city’s relationship with Hacking Team.