Archive for the 'Seattle Privacy Coalition' Category

Proposal: Overhaul Surveillance Ordinance as Data Collection, Retention and Sharing Ordinance

By Jan Bultmann and Christopher Sheats

 

Our city has committed to protecting immigrants, refugees, and the many thousands of other vulnerable populations. We argue that this is not possible without strong privacy oversight, safeguards, and enforcement. The local privacy community urges Seattle’s leadership to set aside for the moment the discussion of our Surveillance Ordinance and any amendments to it, and instead to develop an ordinance that holistically addresses the government’s role in data collection, retention, and sharing.

Why pause now? The ACLU of Washington has proposed a stronger version of the existing bill, which has been watered down by multiple revisions that remove the many critical elements including independent oversight, auditing, reporting, and enforcement requirements. But even with the ACLU’s original, stronger proposal, the foundation of the bill is inadequate.

We now live in a very different environment than when the Surveillance Ordinance was first crafted, although it has only been 3 years. This legislation was drafted in response to the public outcry that accompanied the Seattle Police Department’s acquisition of drones without public knowledge. Council chambers were repeatedly packed with demonstrators. After having wasted $82,000 dollars, the drones were ultimately decommissioned. The Surveillance Ordinance was successful to meet that immediate challenge.

Now we promise vulnerable people that we are a sanctuary city that will defend their human rights. We are literally in the crosshairs of a hostile federal government, one that has been shown to disregard local regulations and make backroom deals with city agencies. For example, putting cameras on City Light poles in direct violation of our existing surveillance law, putting nothing in writing, and further, evading any form of FOIA or PDR process.

“As a sanctuary city we have a greater obligation to protect private citizens.” — Kshama Sawant

We have autonomous cars coming, including wireless car to car technology, wireless car to infrastructure technology, and the lobbyists that come with them. We have facial recognition technologies coming and the lobbyists that come with them. We will be seeing the largest developments of these technologies within President Trump’s term.

Seattle’s Race and Social Justice Initiative clearly states:

By 2017, the City of Seattle will work with community-based organizations to support the movement to end structural racism.

We can tell you that the City has not asked the Seattle Privacy Coalition for input on how we might accomplish this, and we are well into 2017. Further, CTAB-Privacy has not been asked for input on these amendments by the Council. How can Seattle’s Surveillance Ordinance go on to exempt technologies designed and purchased for surveillance? Do black lives really matter to Seattle when data collection, retention, and sharing technologies are historically and routinely purchased in the name of defense but used offensively?

If we do not hold ourselves accountable, a government for the people, how are we going to ethically govern the use of these technologies when they are funded, deployed, and managed by third parties? How is Seattle going to defend our human rights if we have a “surveillance ordinance” that is not adequate for the complexity of a major municipality? Common sense demands that we broaden the scope to include all forms of data collection, retention, and sharing. This would eliminate splitting hairs on terms that exclude any technology not specifically purchased to support law enforcement.

The Electronic Frontier Foundation is a legal digital rights organization that maintains an umbrella grassroots organization called Electronic Frontier Alliance. Last week we discussed surveillance ordinances under development in more than 11 municipalities across the United States. The Seattle Washington ordinance was cited as being “well-intended but weak” whereas the Oakland California legislation was cited as effective because their draft legislation includes provisions for independent oversight that are fundamental to all controls, auditing and reporting requirements, and enforcement options such as the public’s right to sue for privacy harms. We strongly advise that Council review the Oakland California ordinance.

The Seattle ordinance MUST include oversight, auditing, reporting, and enforcement, and it cannot be limited to a false notion of what is or it not for surveillance. Without these fundamental changes, we are a sanctuary city in name only. With federal access to municipal databases unmonitored, unchecked, and unreported, anyone who makes use of a city service is vulnerable. When privacy is by design and policies are made to support the most vulnerable in our city, we, in effect, defend everyone’s human rights.

As defined by Seattle’s Privacy Program, we have a Privacy Review Process (PDF) that we can leverage for all forms of data collection. All forms, because there cannot be a lack of transparency and accountability. This must be baked into a Data Collection, Retention and Sharing Ordinance. Every act by the City that takes in information should have a corresponding unique identifier that must be published so that anyone can learn more about the data being collected, what it is being used for, and who is responsible for it. This will build trust. In line with Councilmember Sawant’s wishes to pull down foreign cameras from City utility poles, people have the right to be informed about what their government is collecting about them and their community. We should have the ability to learn about and to respond to our government in constructive ways. With the City’s drive for increasing open data and community engagement, why haven’t we started doing this yet?

Privacy is at risk from always-on microphones, cameras, smartphones, smart meters, automobiles, internet assistants like Alexa, Siri, Echo, and Cortona, Internet connected children’s toys, home appliances, and so many other things that have yet to even be invented. The city of Seattle cannot protect people today from predatory corporate data exploitation. We can, however, model what a human-rights respecting privacy policy looks like. And we must.

Please do not pass the watered-down Surveillance Ordinance rewrite into law because it will cause more harm than good. Instead, we urge the City Council to reach out to local community organizations such as the Seattle Privacy Coalition, Electronic Rights Rainier, and the body that the City Council assembled to advise them on technical issues, the Community Technology Advisory Board, to create a bill we can all be proud of.

Letter to Council re Surveillance Ordinance CB 118930

Today I sent the following email to the Gender Equity, Safe Communities, and New Americans Committee of Seattle City Council, speaking only for myself as an individual, not for the Seattle Privacy Coalition or board.

(The board is currently discussing possibilities for a unified position on this legislation that we could endorse as a group.)

I strongly encourage anyone interested in privacy to contact the committee with your own thoughts on this issue.

Dear Councilmembers Gonzales, Burgess, and Bagshaw,

I’m a 30-year resident of Seattle; I live in Councilmember Bagshaw’s district, and I work for Google in the cloud computing division. Previously I have worked for both Microsoft and Amazon on documenting online privacy and security issues.

I am the Chair of the Board of the Seattle Privacy Coalition, and I am a former LA to Councilmember Bagshaw and former Councilmember Sally J. Clark.

I’m writing to call on your committee to discuss and vote for the strongest possible version of the ACLU’s amendments to CB 118930, the Seattle Surveillance Ordinance, and to follow that by tackling the issue of strengthening protections from data-gathering software or hardware that is purchased for reasons other than surveillance.

I am absolutely opposed to council passing any version of this bill that fails to mandate oversight, reporting, auditing, and enforcement (enforcement through such mechanisms as the right to sue for privacy harms).

Finally, please be aware that even the strongest version of the amendments to the ordinance submitted by the ACLU address only a small subset of data-gathering technologies. The world of data-gathering is moving so quickly that technologies not purchased for the use of surveillance can easily become surveillance technology, particularly when information from multiple technologies is combined and shared.

This is an issue that urgently needs to be addressed, since we are now literally being pressured by the federal government to provide information on people for use in deporting them, while at the same time promising those same people that we will protect them as a sanctuary city.

The city must vigorously enforce its privacy program and hire an effective and committed Chief Privacy Officer as soon as possible.

I participated in an Electronic Frontier Foundation call last week in which grassroots activists from around the country discussed surveillance ordinances they are working to enact on municipal, county, and state levels. Seattle’s was cited as “well-intended, but weak.”

Please, help change how people talk about the hard work you do to protect Seattlites, so that they call this legislation “a brilliant model for other municipalities to follow,” instead.

Sawant is a privacy badass; some hope for Dems

With a few very notable exceptions (Mike O’Brien), it has been a huge uphill battle to get Dems at any level of government to acknowledge need for privacy protections or oversight of big data use and sharing, or protection from federal overreach. (Indeed, we had some city council staff openly laughing at us before the Snowden revelations.)

(Councilmember Kshama Sawant deserves special mention for having been on top of this problematic issue since her first day in office, but of course she is not a Dem.)

I have high hopes of the new party leadership in Washington state however, Tina Podlodowski and Joe Pakootas, and now that Mayor Ed Murray is taking a very unambiguous stand on our sanctuary status, hopes that we might get some enforcement teeth in our municipal surveillance ordinance and start setting some precedents. (Such as the right to sue over privacy harms.)

Surveillance most harms vulnerable populations such as immigrants, survivors of domestic violence, and people of color — the people we offer sanctuary.

Here’s a round up of coverage on Sawant’s committee meeting that started investigating federal cameras on SCL poles last week:

Video of the committee meeting

Sawant Blasts Secret Federal Surveillance Cameras on Seattle Utility Poles

Fearing Trump administration’s reach, Seattle City Council fights FBIand SPD’s ‘warrantless surveillance cameras’

Sawant wants to strengthen Seattle’s laws against warrantless surveillance

Surveillance on Seattle’s mind in light of Trump presidency

Sawant moves to curb federal surveillance

Seattle City councilmember wants federal surveillance cameras removed

New push to restrict law enforcement surveillance cameras on City Lightpoles

Court Says Location Of FBI’s Utility Pole-Piggybacking Surveillance Cameras Can Remain Secret

Membership meeting 1/30; meet Seattle CTO

Hey Seattle friends of privacy!

It’s all true: The New York Times reports that President Obama admin today permitted NSA to give raw (that is, unminimized to protect privacy) 12333 surveillance to FBI/CIA/DEA/etc., and here’s the buried lede: “…if analysts stumble across evidence that an American has committed any crime, they will send it to the Justice Department…”.

Furthermore, Rudy Guliani is going to be our nation’s CyberCyber!

Only seven days remain until a junta takes over the surveillance state.

This calls for action. Take a first step by meeting the Chief Technical Officer of the city of Seattle: a good person to talk to about how we can make our own city a refuge.

Please join us at our first general membership meeting of 2017!

When: Monday, Jan 30 545pm – 745pm
Where: Greenwood Library ( 8016 Greenwood Ave N, Seattle, WA 98103)

We will be in the main library meeting room, right as you come in the front door on the right. Free parking is available underneath the building until library close at 8pm; the #5 Metro bus stops directly outside the library going northbound.

Our special guest this month is Michael Mattmiller, the CTO for the City of Seattle.

Like all general Seattle Privacy meetings, the public is most welcome.

Meeting agenda:

– Open meeting with welcome (545pm)

– Intro Michael Mattmiller, CTO for the City of Seattle

10-15 min on role of city CTO generally, background of Mr Mattmiller prior to this position

30-45 min on current City activities as regards privacy (incl some limited Q&A):

– status of Seattle Privacy Initiative
– Seattle City Light programs of late,
– status of SPD mesh network downtown (still hopefully off, but?)
– SDOT networks downtown – what do they do, where are they?

Second Hour: – An open discussion on a day in the life of a Seattleite: the privacy perspective
– daily tasks/activities from privacy perspective for ‘avg’ Seattle resident
– areas of risk
– usual tradeoffs (and why choose one or another)
– mitigation strategies

– wrap up, meeting adjourn

Seattle Privacy welcomes three new board members

Seattle Privacy has added three new members to our Board of Directors: Al Richardson, Will Scott, and Giri Sreenivas.

As we look ahead to the challenges facing civil rights activists, we are excited and grateful to add the wide range of expertise of these board members to our team. Al, Will, and Giri bring outreach, technical, and strategic skills to the board that are already energizing us and helping set our direction for 2017.

Al is a community and union organizer who recently relocated to Seattle from Buffalo, NY. He served as an executive member of the Buffalo Chapter of the Coalition of Black Trade Unionists, and as the local lead for the national Fight for 15 campaign lead by SEIU.

Giri is the CEO and co-founder of Privacy Labs. He has worked on security and mobile projects at startups and large companies. Giri has enjoyed working on a wide range of projects, from developing trusted computing systems for the intelligence community to building consumer mobile experiences on Android. Most recently, he was VP/GM of Mobile at Rapid7 after they acquired Mobilisafe where he was founder/CEO. Find him on Twitter @giri_sreenivas and on the web at https://giri.co.

Will is a web hacker. He grew up in Seattle, and holds a Ph.D. from the UW Computer Science Department focused on Networks and Security. Will has helped to organize Open Seattle and TA3M, and researches Internet censorship, privacy preserving web applications, and cloud security. Find him on twitter at @willscott and on the web at wills.co.tt.

Huge welcome to Al, Giri, and Will!

For a complete list of board members, see About Seattle Privacy.